Edit tour

Windows Analysis Report
UC2DFXQIBiE2kQ.dll

Overview

General Information

Sample Name:	UC2DFXQIBiE2kQ.dll
Analysis ID:	747451
MD5:	e2ec88ae31e147d1976368c6a8988d3c
SHA1:	937a21ced7f2663c923c9c614cbe06d95def511a
SHA256:	ae7e655db35a71a3b2df96051d722d7995ec94feea3cbd59bec501042ab40847
Infos:

Detection

Emotet

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Emotet

System process connects to network (likely due to code injection or exploit)

Snort IDS alert for network traffic

Creates an autostart registry key pointing to binary in C:\Windows

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Deletes files inside the Windows folder

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Tries to load missing DLLs

Drops PE files to the windows directory (C:\Windows)

Checks if the current process is being debugged

Connects to several IPs in different countries

Registers a DLL

Found large amount of non-executed APIs

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

loaddll64.exe (PID: 6100 cmdline: loaddll64.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll" MD5: C676FC0263EDD17D4CE7D644B8F3FCD6)

conhost.exe (PID: 6088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4804 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

rundll32.exe (PID: 4688 cmdline: rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1 MD5: 73C519F050C20580F8A62C849D49215A)

regsvr32.exe (PID: 5220 cmdline: regsvr32.exe /s C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 1392 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IUvcffQnjRFArsrM\JZgYREHBQT.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

rundll32.exe (PID: 4720 cmdline: rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,ACeujVZMknFDjv MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 2608 cmdline: rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,AHuDGMflBfPryOEYjuTfbzJdEM MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 5292 cmdline: rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,ATjQPkInxPUGuUu MD5: 73C519F050C20580F8A62C849D49215A)

regsvr32.exe (PID: 3952 cmdline: C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\IUvcffQnjRFArsrM\JZgYREHBQT.dll MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 2220 cmdline: C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\ZamKJmwegN\JeCOx.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["172.105.115.71:8080", "218.38.121.17:443", "186.250.48.5:443", "103.71.99.57:8080", "85.214.67.203:8080", "85.25.120.45:8080", "139.196.72.155:8080", "103.85.95.4:8080", "198.199.70.22:8080", "209.239.112.82:8080", "78.47.204.80:443", "36.67.23.59:443", "104.244.79.94:443", "62.171.178.147:8080", "195.77.239.39:8080", "103.56.149.105:8080", "80.211.107.116:8080", "93.104.209.107:8080", "174.138.33.49:7080", "202.28.34.99:8080", "178.62.112.199:8080", "114.79.130.68:443", "118.98.72.86:443", "103.41.204.169:8080", "178.238.225.252:8080", "83.229.80.93:8080", "46.101.98.60:8080", "82.98.180.154:7080", "87.106.97.83:7080", "196.44.98.190:8080", "139.59.80.108:8080", "103.224.241.74:8080", "103.254.12.236:7080", "185.148.169.10:8080", "165.22.254.236:8080", "37.44.244.177:8080", "54.37.228.122:443", "51.75.33.122:443", "128.199.217.206:443", "188.165.79.151:443", "210.57.209.142:8080", "160.16.143.191:8080", "175.126.176.79:8080", "202.134.4.210:7080", "103.126.216.86:443", "190.145.8.4:443", "128.199.242.164:8080", "64.227.55.231:8080"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0IzjStTgSAJI=", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW/zgWtVYeAJA="]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000007.00000002.769739205.0000000002E41000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000007.00000002.769387929.0000000001540000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000004.00000002.250855705.000001D676C81000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000005.00000002.251110585.000001FB00141000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000005.00000002.250957440.000001FB00100000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000003.00000002.257855329.0000000000960000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000006.00000002.255048362.000001CC2A6A1000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000010.00000002.407582886.0000000000970000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000004.00000002.250572025.000001D676B30000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000010.00000002.408383126.0000000000B41000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000006.00000002.254840159.000001CC28BE0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author
5.2.rundll32.exe.1fb00100000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
3.2.regsvr32.exe.960000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
5.2.rundll32.exe.1fb00100000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
4.2.rundll32.exe.1d676b30000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
6.2.rundll32.exe.1cc28be0000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
4.2.rundll32.exe.1d676b30000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
16.2.regsvr32.exe.970000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
6.2.rundll32.exe.1cc28be0000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
7.2.regsvr32.exe.1540000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
16.2.regsvr32.exe.970000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
7.2.regsvr32.exe.1540000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
3.2.regsvr32.exe.960000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
Click to see the 7 entries

Snort Signatures

ET CNC Feodo Tracker Reported CnC Server TCP group 3 - Source IP: 192.168.2.6 - Destination IP: 115.178.55.22

Timestamp:	192.168.2.6115.178.55.2249714802404304 11/16/22-11:49:29.070302
SID:	2404304
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: UC2DFXQIBiE2kQ.dll

ReversingLabs: Detection: 80%

Source: 00000007.00000002.768477022.0000000001318000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: Emotet {"C2 list": ["172.105.115.71:8080", "218.38.121.17:443", "186.250.48.5:443", "103.71.99.57:8080", "85.214.67.203:8080", "85.25.120.45:8080", "139.196.72.155:8080", "103.85.95.4:8080", "198.199.70.22:8080", "209.239.112.82:8080", "78.47.204.80:443", "36.67.23.59:443", "104.244.79.94:443", "62.171.178.147:8080", "195.77.239.39:8080", "103.56.149.105:8080", "80.211.107.116:8080", "93.104.209.107:8080", "174.138.33.49:7080", "202.28.34.99:8080", "178.62.112.199:8080", "114.79.130.68:443", "118.98.72.86:443", "103.41.204.169:8080", "178.238.225.252:8080", "83.229.80.93:8080", "46.101.98.60:8080", "82.98.180.154:7080", "87.106.97.83:7080", "196.44.98.190:8080", "139.59.80.108:8080", "103.224.241.74:8080", "103.254.12.236:7080", "185.148.169.10:8080", "165.22.254.236:8080", "37.44.244.177:8080", "54.37.228.122:443", "51.75.33.122:443", "128.199.217.206:443", "188.165.79.151:443", "210.57.209.142:8080", "160.16.143.191:8080", "175.126.176.79:8080", "202.134.4.210:7080", "103.126.216.86:443", "190.145.8.4:443", "128.199.242.164:8080", "64.227.55.231:8080"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0IzjStTgSAJI=", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW/zgWtVYeAJA="]}

Source: C:\Windows\System32\regsvr32.exe

Code function: 3_2_000000018004A020 CryptStringToBinaryA,CryptStringToBinaryA,

3_2_000000018004A020

Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180029290 FindFirstFileExW,	3_2_0000000180029290
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002972C FindFirstFileExW,FindNextFileW,FindClose,	3_2_000000018002972C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028B30 _invalid_parameter_noinfo,_invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,	3_2_0000000180028B30
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028B30 _invalid_parameter_noinfo,_invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,	3_2_0000000180028B30

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 115.178.55.22 80			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 172.105.115.71 8080			Jump to behavior

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2404304 ET CNC Feodo Tracker Reported CnC Server TCP group 3 192.168.2.6:49714 -> 115.178.55.22:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 172.105.115.71:8080
Source: Malware configuration extractor	IPs: 218.38.121.17:443
Source: Malware configuration extractor	IPs: 186.250.48.5:443
Source: Malware configuration extractor	IPs: 103.71.99.57:8080
Source: Malware configuration extractor	IPs: 85.214.67.203:8080
Source: Malware configuration extractor	IPs: 85.25.120.45:8080
Source: Malware configuration extractor	IPs: 139.196.72.155:8080
Source: Malware configuration extractor	IPs: 103.85.95.4:8080
Source: Malware configuration extractor	IPs: 198.199.70.22:8080
Source: Malware configuration extractor	IPs: 209.239.112.82:8080
Source: Malware configuration extractor	IPs: 78.47.204.80:443
Source: Malware configuration extractor	IPs: 36.67.23.59:443
Source: Malware configuration extractor	IPs: 104.244.79.94:443
Source: Malware configuration extractor	IPs: 62.171.178.147:8080
Source: Malware configuration extractor	IPs: 195.77.239.39:8080
Source: Malware configuration extractor	IPs: 103.56.149.105:8080
Source: Malware configuration extractor	IPs: 80.211.107.116:8080
Source: Malware configuration extractor	IPs: 93.104.209.107:8080
Source: Malware configuration extractor	IPs: 174.138.33.49:7080
Source: Malware configuration extractor	IPs: 202.28.34.99:8080
Source: Malware configuration extractor	IPs: 178.62.112.199:8080
Source: Malware configuration extractor	IPs: 114.79.130.68:443
Source: Malware configuration extractor	IPs: 118.98.72.86:443
Source: Malware configuration extractor	IPs: 103.41.204.169:8080
Source: Malware configuration extractor	IPs: 178.238.225.252:8080
Source: Malware configuration extractor	IPs: 83.229.80.93:8080
Source: Malware configuration extractor	IPs: 46.101.98.60:8080
Source: Malware configuration extractor	IPs: 82.98.180.154:7080
Source: Malware configuration extractor	IPs: 87.106.97.83:7080
Source: Malware configuration extractor	IPs: 196.44.98.190:8080
Source: Malware configuration extractor	IPs: 139.59.80.108:8080
Source: Malware configuration extractor	IPs: 103.224.241.74:8080
Source: Malware configuration extractor	IPs: 103.254.12.236:7080
Source: Malware configuration extractor	IPs: 185.148.169.10:8080
Source: Malware configuration extractor	IPs: 165.22.254.236:8080
Source: Malware configuration extractor	IPs: 37.44.244.177:8080
Source: Malware configuration extractor	IPs: 54.37.228.122:443
Source: Malware configuration extractor	IPs: 51.75.33.122:443
Source: Malware configuration extractor	IPs: 128.199.217.206:443
Source: Malware configuration extractor	IPs: 188.165.79.151:443
Source: Malware configuration extractor	IPs: 210.57.209.142:8080
Source: Malware configuration extractor	IPs: 160.16.143.191:8080
Source: Malware configuration extractor	IPs: 175.126.176.79:8080
Source: Malware configuration extractor	IPs: 202.134.4.210:7080
Source: Malware configuration extractor	IPs: 103.126.216.86:443
Source: Malware configuration extractor	IPs: 190.145.8.4:443
Source: Malware configuration extractor	IPs: 128.199.242.164:8080
Source: Malware configuration extractor	IPs: 64.227.55.231:8080

Source: Joe Sandbox View	ASN Name: LINODE-APLinodeLLCUS LINODE-APLinodeLLCUS
Source: Joe Sandbox View	ASN Name: OVHFR OVHFR

Source: Joe Sandbox View	IP Address: 172.105.115.71 172.105.115.71
Source: Joe Sandbox View	IP Address: 188.165.79.151 188.165.79.151

Source: unknown

Network traffic detected: IP country count 20

Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71

Source: regsvr32.exe, 00000007.00000003.493404883.0000000001357000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.768679116.0000000001357000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 00000007.00000002.768740454.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493786263.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493440386.000000000136C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: regsvr32.exe, 00000007.00000002.768979503.00000000013A1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493501113.00000000013A1000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.7.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: regsvr32.exe, 00000007.00000002.768979503.00000000013A1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493501113.00000000013A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabw
Source: regsvr32.exe, 00000007.00000003.493459160.000000000137D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493884642.0000000001383000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.768834712.0000000001383000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493725445.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://112.105.115.71:8080/
Source: regsvr32.exe, 00000007.00000002.768740454.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493786263.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493440386.000000000136C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://172.105.115.71:8080/
Source: regsvr32.exe, 00000007.00000003.493459160.000000000137D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.768740454.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493786263.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493884642.0000000001383000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.768834712.0000000001383000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493440386.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493725445.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://172.105.115.71:8080/lskyxdliqorbrr/wjoazpr/kccttvfhu/
Source: regsvr32.exe, 00000007.00000002.768740454.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493786263.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493440386.000000000136C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://172.105.115.71:8080/lskyxdliqorbrr/wjoazpr/kccttvfhu/dll

E-Banking Fraud

Yara detected Emotet

Source: Yara match	File source: 5.2.rundll32.exe.1fb00100000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.960000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.1fb00100000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1d676b30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.rundll32.exe.1cc28be0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1d676b30000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.regsvr32.exe.970000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.rundll32.exe.1cc28be0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.regsvr32.exe.1540000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.regsvr32.exe.970000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.regsvr32.exe.1540000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.960000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.769739205.0000000002E41000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.769387929.0000000001540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.250855705.000001D676C81000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.251110585.000001FB00141000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.250957440.000001FB00100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.257855329.0000000000960000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.255048362.000001CC2A6A1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.407582886.0000000000970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.250572025.000001D676B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.408383126.0000000000B41000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.254840159.000001CC28BE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\System32\regsvr32.exe

File deleted: C:\Windows\System32\IUvcffQnjRFArsrM\JZgYREHBQT.dll:Zone.Identifier

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Windows\system32\IUvcffQnjRFArsrM\

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180044C30	3_2_0000000180044C30
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180031018	3_2_0000000180031018
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800391F8	3_2_00000001800391F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180020204	3_2_0000000180020204
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001F22C	3_2_000000018001F22C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018003D23C	3_2_000000018003D23C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180029290	3_2_0000000180029290
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180024460	3_2_0000000180024460
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001F4B0	3_2_000000018001F4B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800204D0	3_2_00000001800204D0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018003459C	3_2_000000018003459C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018003B5A0	3_2_000000018003B5A0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800305F8	3_2_00000001800305F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180017604	3_2_0000000180017604
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001F74C	3_2_000000018001F74C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180032824	3_2_0000000180032824
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180037854	3_2_0000000180037854
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002B890	3_2_000000018002B890
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000A93C	3_2_000000018000A93C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018003A9A0	3_2_000000018003A9A0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001F9B4	3_2_000000018001F9B4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180026A0C	3_2_0000000180026A0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028B30	3_2_0000000180028B30
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002B890	3_2_000000018002B890
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001FC30	3_2_000000018001FC30
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180031C3C	3_2_0000000180031C3C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028B30	3_2_0000000180028B30
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018003AE50	3_2_000000018003AE50
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001FF10	3_2_000000018001FF10
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180032F94	3_2_0000000180032F94
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00990000	3_2_00990000
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C648E0	3_2_00C648E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C438A5	3_2_00C438A5
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4B1E0	3_2_00C4B1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C68C94	3_2_00C68C94
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C60454	3_2_00C60454
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C44DDC	3_2_00C44DDC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C45DB4	3_2_00C45DB4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C49E38	3_2_00C49E38
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4B8D0	3_2_00C4B8D0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C438DC	3_2_00C438DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C598DC	3_2_00C598DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C46880	3_2_00C46880
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5308C	3_2_00C5308C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5B898	3_2_00C5B898
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C64098	3_2_00C64098
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C510AC	3_2_00C510AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C478B6	3_2_00C478B6
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C548B0	3_2_00C548B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C6005C	3_2_00C6005C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C41000	3_2_00C41000
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4E828	3_2_00C4E828
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C42834	3_2_00C42834
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C469C0	3_2_00C469C0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4A1D4	3_2_00C4A1D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5C1DC	3_2_00C5C1DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C479D8	3_2_00C479D8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4D1E0	3_2_00C4D1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C499EC	3_2_00C499EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C599E8	3_2_00C599E8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C57198	3_2_00C57198
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C559A0	3_2_00C559A0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4D1AC	3_2_00C4D1AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C49144	3_2_00C49144
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C50954	3_2_00C50954
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4F174	3_2_00C4F174
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5C974	3_2_00C5C974
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C52110	3_2_00C52110
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C69124	3_2_00C69124
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C42128	3_2_00C42128
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C60930	3_2_00C60930
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4EAC4	3_2_00C4EAC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C47AF0	3_2_00C47AF0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5B2F0	3_2_00C5B2F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C62A84	3_2_00C62A84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5629C	3_2_00C5629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C6629C	3_2_00C6629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C49298	3_2_00C49298
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C52244	3_2_00C52244
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5827C	3_2_00C5827C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C68A04	3_2_00C68A04
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5FA08	3_2_00C5FA08
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C41A1C	3_2_00C41A1C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4BA24	3_2_00C4BA24
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C61A2C	3_2_00C61A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C59230	3_2_00C59230
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4F3E0	3_2_00C4F3E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C49BEC	3_2_00C49BEC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C43BE8	3_2_00C43BE8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C573F8	3_2_00C573F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C57BF8	3_2_00C57BF8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4CB8D	3_2_00C4CB8D
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C62B8C	3_2_00C62B8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5FB88	3_2_00C5FB88
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C53B88	3_2_00C53B88
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C44B4C	3_2_00C44B4C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C67348	3_2_00C67348
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C41B5C	3_2_00C41B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C46B5C	3_2_00C46B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C41364	3_2_00C41364
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4C364	3_2_00C4C364
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4E368	3_2_00C4E368
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C50310	3_2_00C50310
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C55B18	3_2_00C55B18
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5D32C	3_2_00C5D32C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C55334	3_2_00C55334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C41CCC	3_2_00C41CCC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C484F8	3_2_00C484F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C664F8	3_2_00C664F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C6748C	3_2_00C6748C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4C498	3_2_00C4C498
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C44CA0	3_2_00C44CA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C54C48	3_2_00C54C48
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C56464	3_2_00C56464
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C45478	3_2_00C45478
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C55400	3_2_00C55400
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4741C	3_2_00C4741C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C65D84	3_2_00C65D84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C45590	3_2_00C45590
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C51DAC	3_2_00C51DAC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C60D54	3_2_00C60D54
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5F550	3_2_00C5F550
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C58560	3_2_00C58560
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4E570	3_2_00C4E570
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4BD00	3_2_00C4BD00
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C58D0C	3_2_00C58D0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C55508	3_2_00C55508
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C49D24	3_2_00C49D24
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C53524	3_2_00C53524
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5B520	3_2_00C5B520
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C63D28	3_2_00C63D28
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C58ECC	3_2_00C58ECC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4AE84	3_2_00C4AE84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C64680	3_2_00C64680
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C47694	3_2_00C47694
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C55694	3_2_00C55694
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C68690	3_2_00C68690
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4569C	3_2_00C4569C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C53698	3_2_00C53698
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C67EA4	3_2_00C67EA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C496B8	3_2_00C496B8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C46650	3_2_00C46650
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C51664	3_2_00C51664
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C41660	3_2_00C41660
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5E614	3_2_00C5E614
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4BE34	3_2_00C4BE34
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C53FE0	3_2_00C53FE0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C52780	3_2_00C52780
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C54FA4	3_2_00C54FA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C48FA0	3_2_00C48FA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C597AC	3_2_00C597AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C657B4	3_2_00C657B4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4FF64	3_2_00C4FF64
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5E76C	3_2_00C5E76C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C58778	3_2_00C58778
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4E708	3_2_00C4E708
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4871C	3_2_00C4871C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C61728	3_2_00C61728
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4A734	3_2_00C4A734
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5CF30	3_2_00C5CF30
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000001D676B60000	4_2_000001D676B60000
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000001FB00130000	5_2_000001FB00130000
Source: C:\Windows\System32\rundll32.exe	Code function: 6_2_000001CC28C10000	6_2_000001CC28C10000
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_01420000	7_2_01420000
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E42A7C	7_2_02E42A7C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E49E38	7_2_02E49E38
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5FA08	7_2_02E5FA08
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E43BE8	7_2_02E43BE8
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E573F8	7_2_02E573F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5E76C	7_2_02E5E76C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5D718	7_2_02E5D718
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E648E0	7_2_02E648E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E438DC	7_2_02E438DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E62CBC	7_2_02E62CBC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4B1E0	7_2_02E4B1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E44DDC	7_2_02E44DDC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E45DB4	7_2_02E45DB4
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E49144	7_2_02E49144
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E47AF0	7_2_02E47AF0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5B2F0	7_2_02E5B2F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4EAC4	7_2_02E4EAC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E58ECC	7_2_02E58ECC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E67EA4	7_2_02E67EA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4C6A2	7_2_02E4C6A2
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E496B8	7_2_02E496B8
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4AE84	7_2_02E4AE84
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E62A84	7_2_02E62A84
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E64680	7_2_02E64680
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E47694	7_2_02E47694
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E55694	7_2_02E55694
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E68690	7_2_02E68690
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4569C	7_2_02E4569C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5629C	7_2_02E5629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E6629C	7_2_02E6629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E49298	7_2_02E49298
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E53698	7_2_02E53698
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E51664	7_2_02E51664
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E41660	7_2_02E41660
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5827C	7_2_02E5827C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E52244	7_2_02E52244
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E46650	7_2_02E46650
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4BA24	7_2_02E4BA24
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E61A2C	7_2_02E61A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4BE34	7_2_02E4BE34
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E59230	7_2_02E59230
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E68A04	7_2_02E68A04
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5E614	7_2_02E5E614
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E41A1C	7_2_02E41A1C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4F3E0	7_2_02E4F3E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E53FE0	7_2_02E53FE0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E49BEC	7_2_02E49BEC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E57BF8	7_2_02E57BF8
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E54FA4	7_2_02E54FA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E48FA0	7_2_02E48FA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E597AC	7_2_02E597AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E657B4	7_2_02E657B4
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E647B0	7_2_02E647B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E52780	7_2_02E52780
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E62B8C	7_2_02E62B8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E53B88	7_2_02E53B88
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5FB88	7_2_02E5FB88
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E41364	7_2_02E41364
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4FF64	7_2_02E4FF64
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4C364	7_2_02E4C364
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4E368	7_2_02E4E368
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E58778	7_2_02E58778
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E44B4C	7_2_02E44B4C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E67348	7_2_02E67348
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E41B5C	7_2_02E41B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E46B5C	7_2_02E46B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5D32C	7_2_02E5D32C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E61728	7_2_02E61728
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E65B28	7_2_02E65B28
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4A734	7_2_02E4A734
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E55334	7_2_02E55334
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5CF30	7_2_02E5CF30
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4E708	7_2_02E4E708
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E50310	7_2_02E50310
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4871C	7_2_02E4871C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E55B18	7_2_02E55B18
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E484F8	7_2_02E484F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E664F8	7_2_02E664F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E41CCC	7_2_02E41CCC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4B8D0	7_2_02E4B8D0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E598DC	7_2_02E598DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E44CA0	7_2_02E44CA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E510AC	7_2_02E510AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E478B6	7_2_02E478B6
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E548B0	7_2_02E548B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E46880	7_2_02E46880
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5308C	7_2_02E5308C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E6748C	7_2_02E6748C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E68C94	7_2_02E68C94
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4C498	7_2_02E4C498
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5B898	7_2_02E5B898
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E64098	7_2_02E64098
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E56464	7_2_02E56464
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E45478	7_2_02E45478
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E54C48	7_2_02E54C48
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E60454	7_2_02E60454
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E6005C	7_2_02E6005C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4E828	7_2_02E4E828
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E42834	7_2_02E42834
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4CC06	7_2_02E4CC06
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E41000	7_2_02E41000
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E55400	7_2_02E55400
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E63C0C	7_2_02E63C0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4741C	7_2_02E4741C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4D1E0	7_2_02E4D1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E499EC	7_2_02E499EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E599E8	7_2_02E599E8
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E469C0	7_2_02E469C0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4A1D4	7_2_02E4A1D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5C1DC	7_2_02E5C1DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E479D8	7_2_02E479D8
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E559A0	7_2_02E559A0
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4D1AC	7_2_02E4D1AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E51DAC	7_2_02E51DAC
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E65D84	7_2_02E65D84
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E45590	7_2_02E45590
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E57198	7_2_02E57198
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E58560	7_2_02E58560
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E69568	7_2_02E69568
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4F174	7_2_02E4F174
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5C974	7_2_02E5C974
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4E570	7_2_02E4E570
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E50954	7_2_02E50954
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E60D54	7_2_02E60D54
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5F550	7_2_02E5F550
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E49D24	7_2_02E49D24
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E53524	7_2_02E53524
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E69124	7_2_02E69124
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E5B520	7_2_02E5B520
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E42128	7_2_02E42128
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E63D28	7_2_02E63D28
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E60930	7_2_02E60930
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4BD00	7_2_02E4BD00
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E58D0C	7_2_02E58D0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E55508	7_2_02E55508
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E52110	7_2_02E52110
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_009A0000	16_2_009A0000
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B438A5	16_2_00B438A5
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B68C94	16_2_00B68C94
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B648E0	16_2_00B648E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B60454	16_2_00B60454
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B45DB4	16_2_00B45DB4
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4B1E0	16_2_00B4B1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B44DDC	16_2_00B44DDC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B49E38	16_2_00B49E38
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B55B18	16_2_00B55B18
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B478B6	16_2_00B478B6
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B548B0	16_2_00B548B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B44CA0	16_2_00B44CA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B510AC	16_2_00B510AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4C498	16_2_00B4C498
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5B898	16_2_00B5B898
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B64098	16_2_00B64098
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B46880	16_2_00B46880
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5308C	16_2_00B5308C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B6748C	16_2_00B6748C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B484F8	16_2_00B484F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B664F8	16_2_00B664F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4B8D0	16_2_00B4B8D0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B438DC	16_2_00B438DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B598DC	16_2_00B598DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B41CCC	16_2_00B41CCC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B42834	16_2_00B42834
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4E828	16_2_00B4E828
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4741C	16_2_00B4741C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B41000	16_2_00B41000
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B55400	16_2_00B55400
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B63C0C	16_2_00B63C0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B45478	16_2_00B45478
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4D864	16_2_00B4D864
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B56464	16_2_00B56464
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B6005C	16_2_00B6005C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B54C48	16_2_00B54C48
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B559A0	16_2_00B559A0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4D1AC	16_2_00B4D1AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B51DAC	16_2_00B51DAC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B45590	16_2_00B45590
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B57198	16_2_00B57198
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B65D84	16_2_00B65D84
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B499EC	16_2_00B499EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B599E8	16_2_00B599E8
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4A1D4	16_2_00B4A1D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5C1DC	16_2_00B5C1DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B479D8	16_2_00B479D8
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B469C0	16_2_00B469C0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4D1CA	16_2_00B4D1CA
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B60930	16_2_00B60930
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B49D24	16_2_00B49D24
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B53524	16_2_00B53524
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B69124	16_2_00B69124
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5B520	16_2_00B5B520
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B42128	16_2_00B42128
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B63D28	16_2_00B63D28
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B52110	16_2_00B52110
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4BD00	16_2_00B4BD00
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B58D0C	16_2_00B58D0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B55508	16_2_00B55508
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4F174	16_2_00B4F174
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5C974	16_2_00B5C974
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4E570	16_2_00B4E570
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B58560	16_2_00B58560
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B69568	16_2_00B69568
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B50954	16_2_00B50954
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B60D54	16_2_00B60D54
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5F550	16_2_00B5F550
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B49144	16_2_00B49144
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B496B8	16_2_00B496B8
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B67EA4	16_2_00B67EA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B47694	16_2_00B47694
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B55694	16_2_00B55694
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B68690	16_2_00B68690
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4569C	16_2_00B4569C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5629C	16_2_00B5629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B6629C	16_2_00B6629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B49298	16_2_00B49298
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B53698	16_2_00B53698
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4AE84	16_2_00B4AE84
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B62A84	16_2_00B62A84
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B64680	16_2_00B64680
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B47AF0	16_2_00B47AF0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5B2F0	16_2_00B5B2F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4EAC4	16_2_00B4EAC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B58ECC	16_2_00B58ECC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4BE34	16_2_00B4BE34
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B59230	16_2_00B59230
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4BA24	16_2_00B4BA24
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B61A2C	16_2_00B61A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5E614	16_2_00B5E614
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B41A1C	16_2_00B41A1C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B68A04	16_2_00B68A04
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5FA08	16_2_00B5FA08
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5827C	16_2_00B5827C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B51664	16_2_00B51664
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B41660	16_2_00B41660
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B46650	16_2_00B46650
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B52244	16_2_00B52244
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B657B4	16_2_00B657B4
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B647B0	16_2_00B647B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B54FA4	16_2_00B54FA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B48FA0	16_2_00B48FA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B597AC	16_2_00B597AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B52780	16_2_00B52780
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4CB8D	16_2_00B4CB8D
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B62B8C	16_2_00B62B8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5FB88	16_2_00B5FB88
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B53B88	16_2_00B53B88
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B573F8	16_2_00B573F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B57BF8	16_2_00B57BF8
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4F3E0	16_2_00B4F3E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B53FE0	16_2_00B53FE0
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B49BEC	16_2_00B49BEC
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B43BE8	16_2_00B43BE8
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4A734	16_2_00B4A734
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B55334	16_2_00B55334
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5CF30	16_2_00B5CF30
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5D32C	16_2_00B5D32C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B61728	16_2_00B61728
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B65B28	16_2_00B65B28
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B50310	16_2_00B50310
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4871C	16_2_00B4871C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4E708	16_2_00B4E708
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B58778	16_2_00B58778
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B41364	16_2_00B41364
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4FF64	16_2_00B4FF64
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4C364	16_2_00B4C364
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5E76C	16_2_00B5E76C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4E368	16_2_00B4E368
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B46B5C	16_2_00B46B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B41B5C	16_2_00B41B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B44B4C	16_2_00B44B4C
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B67348	16_2_00B67348

Source: C:\Windows\System32\regsvr32.exe

Code function: String function: 000000018002CA30 appears 48 times

Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior

Source: UC2DFXQIBiE2kQ.dll

ReversingLabs: Detection: 80%

Source: UC2DFXQIBiE2kQ.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,ACeujVZMknFDjv
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,AHuDGMflBfPryOEYjuTfbzJdEM
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IUvcffQnjRFArsrM\JZgYREHBQT.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,ATjQPkInxPUGuUu
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\IUvcffQnjRFArsrM\JZgYREHBQT.dll
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\ZamKJmwegN\JeCOx.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,ACeujVZMknFDjv	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,AHuDGMflBfPryOEYjuTfbzJdEM	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,ATjQPkInxPUGuUu	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IUvcffQnjRFArsrM\JZgYREHBQT.dll"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\ZamKJmwegN\JeCOx.dll"	Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Users\user\AppData\Local\ZamKJmwegN\

Jump to behavior

Source: classification engine

Classification label: mal84.troj.evad.winDLL@19/2@0/49

Source: C:\Windows\System32\regsvr32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 3_2_00C45DB4 FindCloseChangeNotification,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,

3_2_00C45DB4

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6088:120:WilError_01

Source: C:\Windows\System32\regsvr32.exe

File read: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: UC2DFXQIBiE2kQ.dll

Static PE information: More than 250 > 100 exports found

Source: UC2DFXQIBiE2kQ.dll

Static PE information: Image base 0x180000000 > 0x60000000

Source: UC2DFXQIBiE2kQ.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: UC2DFXQIBiE2kQ.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: UC2DFXQIBiE2kQ.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: UC2DFXQIBiE2kQ.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: UC2DFXQIBiE2kQ.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: UC2DFXQIBiE2kQ.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: UC2DFXQIBiE2kQ.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: UC2DFXQIBiE2kQ.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: UC2DFXQIBiE2kQ.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: UC2DFXQIBiE2kQ.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: UC2DFXQIBiE2kQ.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: UC2DFXQIBiE2kQ.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800131BD push rdi; ret	3_2_00000001800131C4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013749 push rdi; ret	3_2_0000000180013752
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5E0D3 push 09B8E1F7h; retf	3_2_00C5E0DD
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5E0E9 push 8B48E1F7h; retf	3_2_00C5E0F1
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C63127 push ebp; ret	3_2_00C63128
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C63A7E push ebp; ret	3_2_00C63A86
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C4838C push eax; ret	3_2_00C4838E
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C5E5C5 pushad ; ret	3_2_00C5E5C7
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C62E55 push ebp; retf	3_2_00C62E56
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00C62F5E push ebp; ret	3_2_00C62F64
Source: C:\Windows\System32\regsvr32.exe	Code function: 7_2_02E4838C push eax; ret	7_2_02E4838E
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5E0E9 push 8B48E1F7h; retf	16_2_00B5E0F1
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5E0D3 push 09B8E1F7h; retf	16_2_00B5E0DD
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B5E5C5 pushad ; ret	16_2_00B5E5C7
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B63127 push ebp; ret	16_2_00B63128
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B63A7E push ebp; ret	16_2_00B63A86
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B62E55 push ebp; retf	16_2_00B62E56
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B4838C push eax; ret	16_2_00B4838E
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B63BE1 push ebp; ret	16_2_00B63BE4
Source: C:\Windows\System32\regsvr32.exe	Code function: 16_2_00B62F5E push ebp; ret	16_2_00B62F64

Source: UC2DFXQIBiE2kQ.dll

Static PE information: section name: _RDATA

Source: C:\Windows\System32\loaddll64.exe

Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll

Source: C:\Windows\System32\regsvr32.exe

PE file moved: C:\Windows\System32\IUvcffQnjRFArsrM\JZgYREHBQT.dll

Jump to behavior

Boot Survival

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Windows\System32\regsvr32.exe

Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JZgYREHBQT.dll

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JZgYREHBQT.dll			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JZgYREHBQT.dll			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\System32\regsvr32.exe	File opened: C:\Windows\system32\IUvcffQnjRFArsrM\JZgYREHBQT.dll:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File opened: C:\Users\user\AppData\Local\ZamKJmwegN\JeCOx.dll:Zone.Identifier read attributes \| delete			Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\regsvr32.exe TID: 4824

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\regsvr32.exe

API coverage: 7.5 %

Source: C:\Windows\System32\regsvr32.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180029290 FindFirstFileExW,	3_2_0000000180029290
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002972C FindFirstFileExW,FindNextFileW,FindClose,	3_2_000000018002972C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028B30 _invalid_parameter_noinfo,_invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,	3_2_0000000180028B30
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028B30 _invalid_parameter_noinfo,_invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,	3_2_0000000180028B30

Source: C:\Windows\System32\regsvr32.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: regsvr32.exe, 00000007.00000003.493938602.0000000001394000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493459160.000000000137D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.768933726.0000000001398000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493884642.0000000001383000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.768632966.000000000134F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493390937.000000000134F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493725445.0000000001380000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: regsvr32.exe, 00000007.00000003.493938602.0000000001394000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493459160.000000000137D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.768933726.0000000001398000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493884642.0000000001383000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493725445.0000000001380000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Windows\System32\regsvr32.exe

Code function: 3_2_0000000180003460 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

3_2_0000000180003460

Source: C:\Windows\System32\regsvr32.exe

Code function: 3_2_000000018002DE88 GetProcessHeap,

3_2_000000018002DE88

Source: C:\Windows\System32\loaddll64.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180003460 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_0000000180003460
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180003648 SetUnhandledExceptionFilter,	3_2_0000000180003648
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800156F8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00000001800156F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180002E94 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_0000000180002E94

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 115.178.55.22 80			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 172.105.115.71 8080			Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Code function: EnumSystemLocalesW,	3_2_0000000180035058
Source: C:\Windows\System32\regsvr32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	3_2_0000000180035118
Source: C:\Windows\System32\regsvr32.exe	Code function: EnumSystemLocalesW,	3_2_000000018002C360
Source: C:\Windows\System32\regsvr32.exe	Code function: GetLocaleInfoW,	3_2_0000000180035364
Source: C:\Windows\System32\regsvr32.exe	Code function: try_get_function,GetLocaleInfoW,	3_2_000000018002D3CC
Source: C:\Windows\System32\regsvr32.exe	Code function: EnumSystemLocalesW,	3_2_000000018002C40C
Source: C:\Windows\System32\regsvr32.exe	Code function: EnumSystemLocalesW,	3_2_000000018002C488
Source: C:\Windows\System32\regsvr32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_00000001800354BC
Source: C:\Windows\System32\regsvr32.exe	Code function: GetLocaleInfoW,	3_2_0000000180035590
Source: C:\Windows\System32\regsvr32.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_00000001800356BC
Source: C:\Windows\System32\regsvr32.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	3_2_0000000180034BB8
Source: C:\Windows\System32\regsvr32.exe	Code function: EnumSystemLocalesW,	3_2_0000000180034F04
Source: C:\Windows\System32\regsvr32.exe	Code function: EnumSystemLocalesW,	3_2_0000000180034F88

Source: C:\Windows\System32\regsvr32.exe

Code function: 3_2_00000001800243D0 cpuid

3_2_00000001800243D0

Source: C:\Windows\System32\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 3_2_000000018002D450 try_get_function,GetSystemTimeAsFileTime,

3_2_000000018002D450

Stealing of Sensitive Information

Yara detected Emotet

Source: Yara match	File source: 5.2.rundll32.exe.1fb00100000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.960000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.1fb00100000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1d676b30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.rundll32.exe.1cc28be0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1d676b30000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.regsvr32.exe.970000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.rundll32.exe.1cc28be0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.regsvr32.exe.1540000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.regsvr32.exe.970000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.regsvr32.exe.1540000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.960000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.769739205.0000000002E41000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.769387929.0000000001540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.250855705.000001D676C81000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.251110585.000001FB00141000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.250957440.000001FB00100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.257855329.0000000000960000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.255048362.000001CC2A6A1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.407582886.0000000000970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.250572025.000001D676B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.408383126.0000000000B41000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.254840159.000001CC28BE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	11 Registry Run Keys / Startup Folder	111 Process Injection	21 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	11 Registry Run Keys / Startup Folder	2 Virtualization/Sandbox Evasion	LSASS Memory	31 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 DLL Side-Loading	111 Process Injection	Security Account Manager	2 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Deobfuscate/Decode Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	2 Obfuscated Files or Information	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Regsvr32	DCSync	34 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 Rundll32	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 DLL Side-Loading	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	1 File Deletion	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
UC2DFXQIBiE2kQ.dll	81%	ReversingLabs	Win64.Trojan.Emotet

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
6.2.rundll32.exe.1cc28be0000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
7.2.regsvr32.exe.1540000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
5.2.rundll32.exe.1fb00100000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
3.2.regsvr32.exe.960000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
16.2.regsvr32.exe.970000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
4.2.rundll32.exe.1d676b30000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://172.105.115.71:8080/	0%	Avira URL Cloud	safe
https://172.105.115.71:8080/lskyxdliqorbrr/wjoazpr/kccttvfhu/dll	0%	Avira URL Cloud	safe
https://172.105.115.71:8080/lskyxdliqorbrr/wjoazpr/kccttvfhu/	0%	Avira URL Cloud	safe
https://112.105.115.71:8080/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
windowsupdatebg.s.llnwi.net	41.63.96.128	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://172.105.115.71:8080/	regsvr32.exe, 00000007.00000002.768740454.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493786263.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493440386.000000000136C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://112.105.115.71:8080/	regsvr32.exe, 00000007.00000003.493459160.000000000137D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493884642.0000000001383000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.768834712.0000000001383000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493725445.0000000001380000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://172.105.115.71:8080/lskyxdliqorbrr/wjoazpr/kccttvfhu/	regsvr32.exe, 00000007.00000003.493459160.000000000137D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.768740454.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493786263.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493884642.0000000001383000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000002.768834712.0000000001383000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493440386.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493725445.0000000001380000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://172.105.115.71:8080/lskyxdliqorbrr/wjoazpr/kccttvfhu/dll	regsvr32.exe, 00000007.00000002.768740454.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493786263.000000000136C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.493440386.000000000136C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.105.115.71	unknown	United States	63949	LINODE-APLinodeLLCUS	true
188.165.79.151	unknown	France	16276	OVHFR	true
196.44.98.190	unknown	Ghana	327814	EcobandGH	true
174.138.33.49	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
36.67.23.59	unknown	Indonesia	17974	TELKOMNET-AS2-APPTTelekomunikasiIndonesiaID	true
103.41.204.169	unknown	Indonesia	58397	INFINYS-AS-IDPTInfinysSystemIndonesiaID	true
85.214.67.203	unknown	Germany	6724	STRATOSTRATOAGDE	true
83.229.80.93	unknown	United Kingdom	8513	SKYVISIONGB	true
198.199.70.22	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
93.104.209.107	unknown	Germany	8767	MNET-ASGermanyDE	true
186.250.48.5	unknown	Brazil	262807	RedfoxTelecomunicacoesLtdaBR	true
209.239.112.82	unknown	United States	30083	AS-30083-GO-DADDY-COM-LLCUS	true
175.126.176.79	unknown	Korea Republic of	9523	MOKWON-AS-KRMokwonUniversityKR	true
128.199.242.164	unknown	United Kingdom	14061	DIGITALOCEAN-ASNUS	true
178.238.225.252	unknown	Germany	51167	CONTABODE	true
46.101.98.60	unknown	Netherlands	14061	DIGITALOCEAN-ASNUS	true
190.145.8.4	unknown	Colombia	14080	TelmexColombiaSACO	true
82.98.180.154	unknown	Spain	42612	DINAHOSTING-ASES	true
103.71.99.57	unknown	India	135682	AWDHPL-AS-INAdvikaWebDevelopmentsHostingPvtLtdIN	true
87.106.97.83	unknown	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	true
103.254.12.236	unknown	Viet Nam	56151	DIGISTAR-VNDigiStarCompanyLimitedVN	true
103.85.95.4	unknown	Indonesia	136077	IDNIC-UNSRAT-AS-IDUniversitasIslamNegeriMataramID	true
202.134.4.210	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	true
165.22.254.236	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
78.47.204.80	unknown	Germany	24940	HETZNER-ASDE	true
118.98.72.86	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	true
139.59.80.108	unknown	Singapore	14061	DIGITALOCEAN-ASNUS	true
104.244.79.94	unknown	United States	53667	PONYNETUS	true
37.44.244.177	unknown	Germany	47583	AS-HOSTINGERLT	true
51.75.33.122	unknown	France	16276	OVHFR	true
160.16.143.191	unknown	Japan	9370	SAKURA-BSAKURAInternetIncJP	true
103.56.149.105	unknown	Indonesia	55688	BEON-AS-IDPTBeonIntermediaID	true
85.25.120.45	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	true
139.196.72.155	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	true
115.178.55.22	unknown	Indonesia	38783	SIMAYA-AS-IDPTSimayaJejaringMandiriID	true
103.126.216.86	unknown	Bangladesh	138482	SKYVIEW-AS-APSKYVIEWONLINELTDBD	true
128.199.217.206	unknown	United Kingdom	14061	DIGITALOCEAN-ASNUS	true
114.79.130.68	unknown	India	45769	DVOIS-IND-VoisBroadbandPvtLtdIN	true
103.224.241.74	unknown	India	133296	WEBWERKS-AS-INWebWerksIndiaPvtLtdIN	true
210.57.209.142	unknown	Indonesia	38142	UNAIR-AS-IDUniversitasAirlanggaID	true
202.28.34.99	unknown	Thailand	9562	MSU-TH-APMahasarakhamUniversityTH	true
80.211.107.116	unknown	Italy	31034	ARUBA-ASNIT	true
54.37.228.122	unknown	France	16276	OVHFR	true
218.38.121.17	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	true
185.148.169.10	unknown	Germany	44780	EVERSCALE-ASDE	true
195.77.239.39	unknown	Spain	60493	FICOSA-ASES	true
178.62.112.199	unknown	European Union	14061	DIGITALOCEAN-ASNUS	true
62.171.178.147	unknown	United Kingdom	51167	CONTABODE	true
64.227.55.231	unknown	United States	14061	DIGITALOCEAN-ASNUS	true

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	747451
Start date and time:	2022-11-16 11:47:48 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	UC2DFXQIBiE2kQ.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.troj.evad.winDLL@19/2@0/49
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 82% (good quality ratio 74.8%) Quality average: 72.8% Quality standard deviation: 32.3%
HCA Information:	Successful, ratio: 99% Number of executed functions: 37 Number of non-executed functions: 251
Cookbook Comments:	Found application associated with file extension: .dll Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 173.222.108.210, 173.222.108.226
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: UC2DFXQIBiE2kQ.dll

Simulations

Behavior and APIs

Time	Type	Description
11:49:30	API Interceptor	2x Sleep call for process: regsvr32.exe modified
11:49:42	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run JZgYREHBQT.dll C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IUvcffQnjRFArsrM\JZgYREHBQT.dll"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
172.105.115.71	Untitled-09112022.xls	Get hash	malicious	Browse
	DVvzRulsoR.dll	Get hash	malicious	Browse
	jYzNEOocXJ.dll	Get hash	malicious	Browse
	DVvzRulsoR.dll	Get hash	malicious	Browse
	BiiRGnhWx8.dll	Get hash	malicious	Browse
	jYzNEOocXJ.dll	Get hash	malicious	Browse
	BiiRGnhWx8.dll	Get hash	malicious	Browse
	gdazhx1EIP.dll	Get hash	malicious	Browse
	UNUy8dUYWp.dll	Get hash	malicious	Browse
	gdazhx1EIP.dll	Get hash	malicious	Browse
	UNUy8dUYWp.dll	Get hash	malicious	Browse
	3sbn8ZI5nn.dll	Get hash	malicious	Browse
	3sbn8ZI5nn.dll	Get hash	malicious	Browse
	zzkCIdCoDt.dll	Get hash	malicious	Browse
	zzkCIdCoDt.dll	Get hash	malicious	Browse
	U9M1w8FHBW.dll	Get hash	malicious	Browse
	En3ZIyuYdw.dll	Get hash	malicious	Browse
	Kjx74pqege.dll	Get hash	malicious	Browse
	U9M1w8FHBW.dll	Get hash	malicious	Browse
	En3ZIyuYdw.dll	Get hash	malicious	Browse
188.165.79.151	Untitled-09112022.xls	Get hash	malicious	Browse
	4470_02112022.xls	Get hash	malicious	Browse
	4470_02112022.xls	Get hash	malicious	Browse
	DVvzRulsoR.dll	Get hash	malicious	Browse
	jYzNEOocXJ.dll	Get hash	malicious	Browse
	DVvzRulsoR.dll	Get hash	malicious	Browse
	BiiRGnhWx8.dll	Get hash	malicious	Browse
	jYzNEOocXJ.dll	Get hash	malicious	Browse
	BiiRGnhWx8.dll	Get hash	malicious	Browse
	gdazhx1EIP.dll	Get hash	malicious	Browse
	UNUy8dUYWp.dll	Get hash	malicious	Browse
	gdazhx1EIP.dll	Get hash	malicious	Browse
	UNUy8dUYWp.dll	Get hash	malicious	Browse
	3sbn8ZI5nn.dll	Get hash	malicious	Browse
	3sbn8ZI5nn.dll	Get hash	malicious	Browse
	zzkCIdCoDt.dll	Get hash	malicious	Browse
	zzkCIdCoDt.dll	Get hash	malicious	Browse
	U9M1w8FHBW.dll	Get hash	malicious	Browse
	En3ZIyuYdw.dll	Get hash	malicious	Browse
	Kjx74pqege.dll	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
windowsupdatebg.s.llnwi.net	MCLRGN2200299 DRAFT.xls	Get hash	malicious	Browse	95.140.236.0
	file.exe	Get hash	malicious	Browse	95.140.236.128
	file.exe	Get hash	malicious	Browse	178.79.225.0
	ACH Payment Confirmation.htm	Get hash	malicious	Browse	178.79.242.128
	file.exe	Get hash	malicious	Browse	95.140.236.0
	file.exe	Get hash	malicious	Browse	95.140.236.0
	file.exe	Get hash	malicious	Browse	178.79.242.0
	MxkTEqAL3V.exe	Get hash	malicious	Browse	41.63.96.128
	Thunderbird Setup 102.3.0.exe	Get hash	malicious	Browse	178.79.242.128
	SecuriteInfo.com.Variant.Jaik.88531.30149.12290.exe	Get hash	malicious	Browse	41.63.96.128
	R22SI005577.exe	Get hash	malicious	Browse	95.140.230.192
	SecuriteInfo.com.Exploit.CVE-2017-11882.123.5442.12085.doc	Get hash	malicious	Browse	41.63.96.0
	ORDEN_DE_PEDIDO.exe	Get hash	malicious	Browse	95.140.236.0
	SecuriteInfo.com.Exploit.CVE-2017-11882.123.7797.1932.rtf	Get hash	malicious	Browse	95.140.230.128
	bGXe.exe	Get hash	malicious	Browse	178.79.242.0
	SecuriteInfo.com.Trojan.Garf.Gen.10.10314.6984.exe	Get hash	malicious	Browse	95.140.236.128
	file.exe	Get hash	malicious	Browse	95.140.230.192
	file.exe	Get hash	malicious	Browse	41.63.96.0
	5x1flCDvjB.exe	Get hash	malicious	Browse	178.79.242.128
	file.exe	Get hash	malicious	Browse	95.140.236.128

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
LINODE-APLinodeLLCUS	IRQ2207798.xls	Get hash	malicious	Browse	45.33.6.223
	9061630 - JSW ID KAD new order as of 11.015.2022.xls	Get hash	malicious	Browse	45.33.6.223
	Untitled-09112022.xls	Get hash	malicious	Browse	172.105.115.71
	0.General Representative Agreement Sales TO - Project Base.xls	Get hash	malicious	Browse	45.33.6.223
	OA74612.xls	Get hash	malicious	Browse	45.33.6.223
	Order details.xls	Get hash	malicious	Browse	45.33.6.223
	CMR-7592151122.xls	Get hash	malicious	Browse	45.33.6.223
	DHL Shipment DOC_20458298822.exe	Get hash	malicious	Browse	23.239.31.197
	DHL Receipt_1224811173.exe	Get hash	malicious	Browse	23.239.31.197
	SOLICITUD DE PROPUESTA-15.11.2260.xls	Get hash	malicious	Browse	23.239.31.197
	MxkTEqAL3V.exe	Get hash	malicious	Browse	23.239.31.197
	RB8H7STaVB.exe	Get hash	malicious	Browse	23.239.31.197
	FREE REGISTRATION FORM.pdf.exe	Get hash	malicious	Browse	23.239.31.197
	install_setup.exe	Get hash	malicious	Browse	45.79.113.18
	FACTURA DHL.exe	Get hash	malicious	Browse	23.239.31.197
	CTM-FORM.xls	Get hash	malicious	Browse	45.33.6.223
	quackquack.js	Get hash	malicious	Browse	45.33.48.118
	VCLJEABND2008522.xls	Get hash	malicious	Browse	45.33.6.223
	RFQ # 2075873.xls	Get hash	malicious	Browse	45.33.6.223
	DHL Shipment DOC.exe	Get hash	malicious	Browse	23.239.31.197
OVHFR	6dbdgrOpQW.exe	Get hash	malicious	Browse	5.135.247.111
	file.exe	Get hash	malicious	Browse	5.135.247.111
	#U00ab2906134#U00ab.htm	Get hash	malicious	Browse	51.210.32.132
	file.exe	Get hash	malicious	Browse	5.135.247.111
	Untitled-09112022.xls	Get hash	malicious	Browse	54.37.228.122
	file.exe	Get hash	malicious	Browse	5.135.247.111
	34830-ACH-39484.htm	Get hash	malicious	Browse	51.68.36.8
	file.exe	Get hash	malicious	Browse	5.135.247.111
	file.exe	Get hash	malicious	Browse	5.135.247.111
	https://epoch.daily.theepochtimes.com/link.php?AGENCY=Epoch&M=494033&N=381&L=605&F=H&drurl=aHR0cHM6Ly9idWtoYXJpY2hlZi5jb20vI2pvbi5ncmVlbGV5QHlvZ2lwcm9kdWN0cy5jb20=	Get hash	malicious	Browse	144.217.4.107
	file.exe	Get hash	malicious	Browse	5.135.247.111
	Factura.exe	Get hash	malicious	Browse	139.99.130.5
	Remittance Advice.htm	Get hash	malicious	Browse	51.68.36.8
	#U00ae4251675#U00ae.htm	Get hash	malicious	Browse	51.210.32.103
	https://defabco-my.sharepoint.com/:o:/p/seubanks/EkSt_2nUsupLoGXo1QyWh0cBybTWdQw8pdhkhfHi9SzbHg?e=5%3aydgMZR&at=9	Get hash	malicious	Browse	51.210.32.132
	Payment Slip.js	Get hash	malicious	Browse	51.75.209.245
	file.exe	Get hash	malicious	Browse	5.135.247.111
	file.exe	Get hash	malicious	Browse	5.135.247.111
	file.exe	Get hash	malicious	Browse	213.32.44.120
	Fo4lUXISt1.exe	Get hash	malicious	Browse	5.135.247.111

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\regsvr32.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 62919 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	62919
Entropy (8bit):	7.995280921994772
Encrypted:	true
SSDEEP:	1536:d+OfVxHl7Wyf11lYom3xQcRVOtPHwQV4rP6Ji7:d+OxHxJlZcuPt4b6q
MD5:	3DCF580A93972319E82CAFBC047D34D5
SHA1:	8528D2A1363E5DE77DC3B1142850E51EAD0F4B6B
SHA-256:	40810E31F1B69075C727E6D557F9614D5880112895FF6F4DF1767E87AE5640D1
SHA-512:	98384BE7218340F95DAE88D1CB865F23A0B4E12855BEB6E74A3752274C9B4C601E493864DB777BCA677A370D0A9DBFFD68D94898A82014537F3A801CCE839C42
Malicious:	false
Preview:	MSCF............,...................I.......Q.........GU.\ .authroot.stl..O..5..CK..<Tk...c_.d....A.K...+.d.-;%.BJII!.QIR..$t)Kd.-QQ...g......^..~\|N=...y....{. .4{...W....b.i...j.I.......1:..b\.0.....Ait.2t......w.%.&.",tL_...4.8L[G..;.57....AT.k.......V..K......(....mzS...G....r.".=H.?>.........x&...S%....X.M^..j...A..x.9`.9...A../.s..#.4#.....Id.w..B....s.8..(...dj....=L.)..s.d.]NxQX8....stV#.K.'7.tH..9u~.2..!..2./.....!..9C../...mP $..../y.....@p.6.}.`...5. 0r.w...@(.. .Q....)g.........m..z.8rR..).].T9r<.L....0..`.........c.....;-.g..;.wk.)......i..c5.....{v.u...AS..=.....&.:.........+..P.N..9..EAQ.V.$s.......B.`.Mfe..8.......$...y-.q9J........W...2.Q8...O.......i..@\^.=X..dG$.M..#=....m.h..{9.'...-.v..Z...!....z.....N....i..^..,........d...%Xa~q.@D\|0...Y.m...........&d.4..A..{t=...../.t.3._.....?-.....uroP?.d.Z..S..{...$.i....X..$.O..4..N.)....U.Z..P....X,.... ...Lg..35..W..s.!c...Ap.].P..8..M..W.......U..,...m.u..\|=.m1..~..!..b...._.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\regsvr32.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1108374798811247
Encrypted:	false
SSDEEP:	6:kKN9EN1HlNiN+SkQlPlEGYRMY9z+4KlDA3RUeKlTAlWRyf1:Fe/kPlE99SNxAhUexYo1
MD5:	CE7B8F5DF882BFCE74A8B2154265437D
SHA1:	8465FBC36EC5944C577DA4961D305A69B37F3324
SHA-256:	61659BA7C4AAE84B438FD6BC067914FB068194A0133E8D2D7370A95E1E469BFA
SHA-512:	6A409E836EB5797AD83AF5889CA7F7C52284C15F249652FEB6DA0608C2D57A4B3F1E58556A1647F4FFAD93162975E40039C37EC6E9413005031C7317AE5021A9
Malicious:	false
Preview:	p...... .........X.....(....................................................... ..................&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.e.d.e.4.d.3.9.b.e.8.d.8.1.:.0."...

Static File Info

General

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy (8bit):	6.82554843363977
TrID:	Win64 Dynamic Link Library (generic) (102004/3) 86.43% Win64 Executable (generic) (12005/4) 10.17% Generic Win/DOS Executable (2004/3) 1.70% DOS Executable Generic (2002/1) 1.70% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
File name:	UC2DFXQIBiE2kQ.dll
File size:	636416
MD5:	e2ec88ae31e147d1976368c6a8988d3c
SHA1:	937a21ced7f2663c923c9c614cbe06d95def511a
SHA256:	ae7e655db35a71a3b2df96051d722d7995ec94feea3cbd59bec501042ab40847
SHA512:	ce9c95d721ee389dbbe3d7758d51bdde38f608675c7123d61fa6e0fde500e677651c043be3ef1d52d424b4a1d80d7191cb180887a8944059634ca55042bfa278
SSDEEP:	6144:S6/ptuaN+qWUILr1HRf/9Mu1vHLI7U9XWi9gQ30/bP/09Xls9HV6MExbnyDAzlsH:S6/ptu/qerXtU7U9XUZWYobyDAzl+
TLSH:	A7D4BE04B2AC40B5D5BBC17AC8A3592AE2B27C524764D7CB13A107BA1F2B7E11D3FB51
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................\.......\.......\.r.............\.......Rich...

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General

Entrypoint:	0x180002e54
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x180000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
DLL Characteristics:	HIGH_ENTROPY_VA, NX_COMPAT
Time Stamp:	0x636C09DF [Wed Nov 9 20:13:19 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	bf309f28e2e75a572eb2f2244be62b26

Entrypoint Preview

Instruction
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], esi
push edi
dec eax
sub esp, 20h
dec ecx
mov edi, eax
mov ebx, edx
dec eax
mov esi, ecx
cmp edx, 01h
jne 00007FC3E8BA0707h
call 00007FC3E8BA115Ch
dec esp
mov eax, edi
mov edx, ebx
dec eax
mov ecx, esi
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov esi, dword ptr [esp+38h]
dec eax
add esp, 20h
pop edi
jmp 00007FC3E8BA0570h
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [00049283h]
dec eax
mov ecx, ebx
call dword ptr [00049272h]
call dword ptr [0004927Ch]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [00049270h]
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 38h
mov ecx, 00000017h
call dword ptr [00049264h]
test eax, eax
je 00007FC3E8BA0709h
mov ecx, 00000002h
int 29h
dec eax
lea ecx, dword ptr [00095FC2h]
call 00007FC3E8BA09DEh
dec eax
mov eax, dword ptr [esp+38h]
dec eax
mov dword ptr [000960A9h], eax
dec eax
lea eax, dword ptr [esp+38h]
dec eax
add eax, 08h
dec eax
mov dword ptr [00096039h], eax
dec eax
mov eax, dword ptr [00096092h]
dec eax
mov dword ptr [00095F03h], eax

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x94ef0	0x1a30	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x96920	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa0000	0x268	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x9b000	0x3b34	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa1000	0x860	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x916a8	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x916d0	0x138	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x4c000	0x3b0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4a1e5	0x4a200	False	0.48174009274873525	data	6.479787977595784	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x4c000	0x4b592	0x4b600	False	0.611217998548922	data	6.281987992518068	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x98000	0x2a44	0xe00	False	0.18052455357142858	DOS executable (block device driver \322f\324\377\3772)	2.7637122521836313	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x9b000	0x3b34	0x3c00	False	0.46953125	data	5.536843174034769	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x9f000	0xf4	0x200	False	0.30078125	data	1.982153456785509	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xa0000	0x268	0x400	False	0.3173828125	data	3.200437559634333	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa1000	0x860	0xa00	False	0.46796875	data	5.031424688639632	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_STRING	0xa00a0	0x48	data	English	United States
RT_MANIFEST	0xa00e8	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
USER32.dll	MessageBoxA, InvalidateRect, GetMessageW, DefWindowProcW, DestroyWindow, CreateWindowExW, RegisterClassExW, LoadStringW, ShowWindow, DispatchMessageW, SetGestureConfig, GetGestureInfo, TranslateAcceleratorW, TranslateMessage, LoadCursorW, PostQuitMessage, UpdateWindow, BeginPaint, EndPaint, CloseGestureInfoHandle, ScreenToClient
GDI32.dll	Polyline, LineTo, CreatePen, MoveToEx, DeleteObject, SelectObject
ole32.dll	CoLoadLibrary
CRYPT32.dll	CryptStringToBinaryA
KERNEL32.dll	GetConsoleMode, GetConsoleCP, WriteFile, FlushFileBuffers, SetStdHandle, HeapReAlloc, GetFileSizeEx, WriteConsoleW, SetConsoleCtrlHandler, GetFileType, GetStdHandle, GetProcessHeap, EnumSystemLocalesW, SetFilePointerEx, ReadFile, ReadConsoleW, OutputDebugStringW, CreateFileW, HeapSize, CloseHandle, GetUserDefaultLCID, IsValidLocale, GetStringTypeW, DeleteCriticalSection, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, GetCurrentThread, HeapFree, HeapAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW

Exports

Name	Ordinal	Address
ACeujVZMknFDjv	1	0x180043600
AHuDGMflBfPryOEYjuTfbzJdEM	2	0x180043f30
ATjQPkInxPUGuUu	3	0x180043890
AmbryhtjKWGeCnsRXR	4	0x180043690
AukYzjkZpQjlyb	5	0x180043e80
BEHGKvjtYm	6	0x1800438c0
BRUFxz	7	0x180043b50
BUZBRSzPLxRhY	8	0x180043ba0
BZCzGXtURmWdIZoaE	9	0x180043a50
BZqjzJIejob	10	0x1800439a0
BmZYhYQxzCQQ	11	0x180043810
BubGPfVJvMw	12	0x180043420
CBkyPEXjXbRUHKXJo	13	0x180043330
CEsNfdgPgd	14	0x180044070
CVPqxJEtookkvK	15	0x180043e70
CaJBhuFKGDiSQoojdQF	16	0x180044120
CcKlmw	17	0x1800434f0
CfrkXlNpYveSkH	18	0x180043730
CtcUKaNM	19	0x180043d60
CtmIxtaSEWrJoeKFHYsQVRF	20	0x180043f20
DCcTBPjgUmKACiowmtURUFfgN	21	0x180043290
DRpUgpG	22	0x1800432d0
DYDsOtWxMUufQk	23	0x1800434c0
DacmPRKwn	24	0x180043ca0
DdBIgVVvJpDDYojhSveGWyVC	25	0x1800440d0
DllRegisterServer	26	0x180044a60
EDkUTFetsWTlyEplV	27	0x180043bd0
EZveIcVQbxXQvHAc	28	0x180043960
EetKwkljiiO	29	0x1800440e0
EiwSmYwuw	30	0x180043410
EjKZnNkyirwOPcLJfvNShOHV	31	0x180043250
ElumsVBNoiVQFecpcx	32	0x1800438f0
FVCmCSsewcOgpmVCPhNN	33	0x180043e90
FeniiccJDJZQOquCQEDZFbp	34	0x180043490
GhuZhUSaPqDNPQyLmKmMs	35	0x180043530
GidoxoYzkYTZBUKjTczrNz	36	0x180043240
GmOuZYJiGNspxqOxoBCu	37	0x180043af0
GoueteXAa	38	0x180043de0
HZyUwOgdhWiacaSFvYDsgUbdhh	39	0x180043370
HtmqUvH	40	0x1800437f0
HvKfMTiGc	41	0x180043ad0
HwiGZdXrkhPSBdQhcNF	42	0x180043d80
IOKBBQdlpeQCrqGhE	43	0x180043f80
IftUczqAOEEpksLc	44	0x1800440b0
IujIKjACwijLXf	45	0x180043a80
JPOlfklrHwimOYpdWU	46	0x180043980
JldHyQJYHPfgwSota	47	0x180043f70
KHRcAfeWiWXczrzetcsf	48	0x1800435c0
KSBSWsMPLKrvLpLuQEVBQaA	49	0x1800437b0
KXPHHrx	50	0x180043cc0
KqKYPtMNYPZwVVbFgnJskTDgXZ	51	0x180044080
KrLeibTbke	52	0x180043da0
KtNQbfYVcdlRzCxJLbItSH	53	0x180043fc0
KtZFnRWCN	54	0x180043c50
KyUDQzimOqrGaUdqnpHCadI	55	0x180043950
LNVXKJhSBOeqiQPpxZuBrf	56	0x180043770
LbOnTCPkjmOOEdhEeyEy	57	0x180043cf0
LlFIOHcteRaL	58	0x180043990
MAmiSwkyFlQMDaCByXR	59	0x1800438d0
MHyRvOCLFO	60	0x180043c00
MbZnllsXkfnyOmtthLrL	61	0x180043640
MbsuSbHtpeltWArBKaXuf	62	0x180043eb0
MltZiwCXSxF	63	0x180043440
NFzpzSbcGrv	64	0x180043e20
NXasCwwz	65	0x180043310
NfwIIEvnLCKXIrpxWtDCbXx	66	0x180043bf0
NgkonMKeLNPfNxT	67	0x180043b30
NlplQAUkkIZ	68	0x1800437e0
OQruapyPUnukiDhEvANkgElZqh	69	0x180043700
ORBMTIE	70	0x180043e50
OdtvuFxrrpfsY	71	0x180043d00
OoZePWcMAAdh	72	0x1800432a0
PbgMOKpkqAeEgOBtpecKal	73	0x180043a90
PhHcvOzcWKVEzqGUAuH	74	0x180044020
PqcNviu	75	0x1800439b0
PxhniQgzegWvoSCaIPorRhqOEt	76	0x180043200
PzcLCLdBlIdqBxBTbNiI	77	0x180043ab0
RFSoSJnzzPHjPzvZCOvWT	78	0x180043f90
RSrAlLsSbnJmicoYtpKsPYkwFn	79	0x180044040
ReujwDwTrVxLhVwaWvQS	80	0x180044100
RqzpZDiLuFMWsJ	81	0x180043630
SUemGjmeVuPs	82	0x180043a70
ScnrskpiicPdg	83	0x180043840
SeCKWgTgmmtDUvFC	84	0x180043be0
SjnxUxHKGlth	85	0x180043cd0
StNIEkqRHMtB	86	0x180043ae0
StepECvENJONrwlynYAOx	87	0x180043550
SyluAQQc	88	0x180043800
SyvpWCmyZbMrEFnfTmyrBRH	89	0x1800436d0
TLTUEROtrtYd	90	0x1800434d0
TdNJCbJiInjtCOpp	91	0x180043d20
TndRvx	92	0x180043fe0
TpEywJZSeYXzmbHgod	93	0x180043c70
TrziFVlHgMVVONOLNIfRem	94	0x180043d90
TzKueUFolaHBJPFhx	95	0x180043b40
UClTVsmfYtgzIL	96	0x1800437c0
URuQMqrUPMSAGVyWQTqN	97	0x180044010
UbLvGEZfkFcvnnw	98	0x180044170
VXfdoDKAoHiAA	99	0x180043390
VeRxloJdVvetDztDxLQT	100	0x180043dd0
VkIbTCoknzceJuPcnCXzzPj	101	0x180043e30
VqNxpzS	102	0x180043e00
WPumZrRRafooNh	103	0x1800435a0
WQIBBQj	104	0x1800431e0
WUVuwTliAyCBAOHuSOD	105	0x180043e40
WsADtJekvYjSfChaZ	106	0x1800434e0
XBRWcmDQWuUdmmFxx	107	0x180043570
XDLVzSefOKneeAsytcH	108	0x180043b60
XDecZDvu	109	0x180043ec0
XNmJlnrJjgZEjPQQeoOIT	110	0x180043860
XWdPewUOSEaHKCHnynymDhLttF	111	0x180044000
XmEMSisfXGvwdcnUI	112	0x180044130
XxYbsglQgKXTYWUmlX	113	0x1800433d0
YOqqPZdimbNEuvMaM	114	0x1800439d0
YXgNyXKelZfQK	115	0x180043220
YrlEvikMuwUvtjDbAASCV	116	0x180043b70
YrpQLSvKN	117	0x180043320
YtyiKWITImQlOTP	118	0x1800439f0
ZMAtbEQuVEpze	119	0x180043db0
ZOTjVFL	120	0x180043b20
ZXigMFrErZGCgnGQdpTo	121	0x180043790
ZcqfXQvmSIhHXuDEPmA	122	0x180043610
ZmNbZwqyJPRHpqmUZOmpJexK	123	0x1800436c0
aOxloUcrMaTBrKRkXkvrKaAy	124	0x180044050
aXDBQtKlOSCf	125	0x180043340
azZsnWvbQULjBuaCVG	126	0x180043650
bCHMpZKuNDwxXrs	127	0x180043f00
bFyNFHBUflbBAfRZV	128	0x180043560
bGaVPXQawxz	129	0x180043910
bVRtqQ	130	0x180043d40
bWXHfJrBjrdcVRLbuT	131	0x180043780
blakCcJabYayatiII	132	0x180043c40
bsEGIgCVUNZeSRsr	133	0x1800431f0
btMHyPMu	134	0x180043380
bteqpXpGuaIzWJWPXQj	135	0x1800433e0
buvNCuoglefZoipISdUp	136	0x1800433a0
bvumZozkETqFchaDGgv	137	0x180044150
cKgbFcy	138	0x180043260
chPwzpRWTYf	139	0x180043400
cliUpMkAyvnx	140	0x180043460
cpEBzofbApJInexgeY	141	0x180043520
cpNZFVzZSKe	142	0x180043c20
cpmbLfWGBjxaaZNR	143	0x1800437a0
csebqY	144	0x1800433c0
czlJGyv	145	0x180043430
dOrUqBBEUz	146	0x1800440f0
disvxAJjTCcpofcItH	147	0x180043850
djhGwwWdNkNOGnSMVhO	148	0x180043f50
drTNkYg	149	0x1800435d0
elaOoLpqFiyIbnyvaU	150	0x180043500
fAKHjGkpTjHcAAfMvshh	151	0x180043bc0
fBFgQesCsDDEqolwHzSbbSIs	152	0x180043f40
fDZRRfyfwlYoeFo	153	0x180043b00
fLcYUVhVDDHHRUryudAO	154	0x180043720
fWkhxqQSpEMsqhItVIr	155	0x1800432b0
fZQaoqMpByybzlfgG	156	0x180043a20
fadaIHaPgvjpA	157	0x180044160
fodVsUcqiRZtLe	158	0x1800434b0
fwWFiWowsdju	159	0x180043a00
gQiEYElmfk	160	0x180043480
gexCIfMSOkWBVEs	161	0x180044060
gnKyXNiVXhIQQVNkxutn	162	0x180043350
hHoSVYFgUoRXoGwPBdTY	163	0x1800436f0
hKiUTWNKTCBHARIejKtitX	164	0x180043970
hTcXrfT	165	0x180043b10
hdpzQLMeXdHLAXI	166	0x180043ef0
hqmMcxlMowrqdmwCD	167	0x1800432f0
huwZDnzyRrUuSv	168	0x180044110
hwwioGqcSiONSnnoqSgGGlYG	169	0x1800437d0
hwxiWyDPZ	170	0x180043300
iIMUBUcxlPgIoCou	171	0x180043ce0
iXVpeLZjxHYfZy	172	0x180043ed0
ickoyirauzuqSYooWRxIBKP	173	0x1800433b0
ixEhmcgYbORYTvwI	174	0x180043940
jXSCkxhrXSnIiziUsUkSa	175	0x1800438a0
jhMrQlkZnbNzE	176	0x1800435e0
jnmtHhyvcXOtUsFySuhzSRFwZ	177	0x180043c80
jqfPKICr	178	0x180043210
kFVNBreOaZSGgseVYXfZAQSt	179	0x180043e60
kLMzjQJrPZFPf	180	0x180043470
kONtiEAEi	181	0x180043510
kUNUwtZ	182	0x180043cb0
lIEZQCqZKko	183	0x180043ee0
lZiHnzEuXoXZIzRd	184	0x180043df0
larnkUFYFI	185	0x180043620
lfFBdv	186	0x180043e10
mJFTxuzjmKwZE	187	0x1800438e0
mJPUafqK	188	0x1800436b0
mRinbRZ	189	0x1800435b0
miGqUGeEk	190	0x180043f10
muHYTksHDRccMJtbMIVY	191	0x180043bb0
nEWvJUznqPuIORIkmbdcWjKd	192	0x180043fb0
nXCjDafayJLQ	193	0x180043fa0
nfPVFCecEC	194	0x180043fd0
ntSsSyvUegFeD	195	0x180043590
nttFqgw	196	0x180043f60
nuflNZYxVuFptSebTKUXxH	197	0x180043dc0
oFyUMrjmgKtGCEsn	198	0x180043d70
oJhfaaiLZFHiBCXJlPO	199	0x180043d30
oPpitKCbVriCZu	200	0x180043280
oTMlKNA	201	0x180043d10
pOQozXdpf	202	0x180043710
pqXsDgFAKqxqyeZwyCjZ	203	0x180043230
qhBjRUFjPgGnZCYf	204	0x180043a60
qnqswBvEbONoReovLIKnVYuSA	205	0x1800439c0
qpggbjTvfN	206	0x1800432c0
rGJIMlvpqBhxViL	207	0x180043880
rUmobKc	208	0x180043a10
rfqEeKHAx	209	0x180044140
rsgxCEvQpI	210	0x1800436e0
rstbQmhTSxcrhUlcaxRFhGIXK	211	0x180043c10
rxpoWUmUrHlSIHeznkyrivE	212	0x180043d50
rzgTPjoxRh	213	0x180044090
sFmMISJDeOoy	214	0x180043a40
sGzvLqVdsbQ	215	0x180043930
sRyuPhAwDlOgUlGVpIfduYySp	216	0x1800440a0
sTHzpfVYU	217	0x180043820
sUKvQIa	218	0x180043680
sVMFsGCCfvDfoTh	219	0x180043450
sfAGqCcFJlYOMkqZahTjTiAX	220	0x1800439e0
stMogsRXrfH	221	0x180043c30
tBAtJGzOlooKPbZ	222	0x1800438b0
tTdsornziSGMnYRGtlv	223	0x180043870
taVJVqMCMlkFIDWVCcDLV	224	0x180043ea0
twRKUF	225	0x180043a30
uTtYPS	226	0x180043920
ujLBGDEExK	227	0x1800435f0
ujfIFiuxQFuoWpBYlfPja	228	0x1800436a0
unVwakRZhbHEVJWGGZDyCZP	229	0x1800434a0
utlgNYXohozxx	230	0x180043aa0
uvBxDGCDNqLbDaufFb	231	0x180043740
vycQUvI	232	0x180043830
vzdSRyxeERBiXlOkqVUB	233	0x180043ff0
wAHuFSGPWcgVtPzRzoUTnbwo	234	0x180043660
wiIXJqSWsUXvPbq	235	0x180043360
wjeHVSTrDxCzMVNUFEQoz	236	0x180043b90
xPjfyQjUovqeohLapv	237	0x1800440c0
xeyyJZUMQlYiCHikxXoEko	238	0x180043670
xmDlQKqSmhiJfARRXzslVED	239	0x1800433f0
xzJluXH	240	0x180043580
yAYxFjbdwTSooJJzoq	241	0x180043b80
yBpkXiNAKugdWlxIPQKL	242	0x180043540
yIApLlDSJNmmOc	243	0x180043270
yMokeHArDgIyDvmsuwd	244	0x180044030
yVLTygbNjHTxXaOuZBkHmpajxq	245	0x180043ac0
yhCymcBLApUWyPqapsEDJtfjMV	246	0x180043760
yjGXMXnz	247	0x180043c90
yprPVXLUkdnzWv	248	0x1800432e0
yzkENTmBV	249	0x180043750
zQnFkEsglvSmYtKlkFDTme	250	0x180043900
zdMhYw	251	0x180043c60

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.6115.178.55.2249714802404304 11/16/22-11:49:29.070302	TCP	2404304	ET CNC Feodo Tracker Reported CnC Server TCP group 3	49714	80	192.168.2.6	115.178.55.22

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 16, 2022 11:49:29.070302010 CET	49714	80	192.168.2.6	115.178.55.22
Nov 16, 2022 11:49:29.350398064 CET	80	49714	115.178.55.22	192.168.2.6
Nov 16, 2022 11:49:29.855578899 CET	49714	80	192.168.2.6	115.178.55.22
Nov 16, 2022 11:49:30.137402058 CET	80	49714	115.178.55.22	192.168.2.6
Nov 16, 2022 11:49:30.652652025 CET	49714	80	192.168.2.6	115.178.55.22
Nov 16, 2022 11:49:30.935076952 CET	80	49714	115.178.55.22	192.168.2.6
Nov 16, 2022 11:49:36.584249020 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:36.750922918 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:36.751099110 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:36.771295071 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:36.937913895 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:36.953438997 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:36.953493118 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:36.953617096 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:37.113104105 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:37.280112982 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:37.281089067 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:37.324982882 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:38.895751953 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:38.895843029 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:39.062779903 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:39.062812090 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:39.691082001 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:39.747312069 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:42.688333035 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:42.688810110 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:42.688810110 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:42.688911915 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:42.689021111 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 16, 2022 11:49:42.855590105 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:42.855602026 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 16, 2022 11:49:42.855618000 CET	8080	49718	172.105.115.71	192.168.2.6

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 16, 2022 11:49:30.262906075 CET	8.8.8.8	192.168.2.6	0xc912	No error (0)	windowsupdatebg.s.llnwi.net		41.63.96.128	A (IP address)	IN (0x0001)	false
Nov 16, 2022 11:49:30.262906075 CET	8.8.8.8	192.168.2.6	0xc912	No error (0)	windowsupdatebg.s.llnwi.net		41.63.96.0	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll64.exePID: 6100, Parent PID: 3452

General

Target ID:	0
Start time:	11:48:42
Start date:	16/11/2022
Path:	C:\Windows\System32\loaddll64.exe
Wow64 process (32bit):	false
Commandline:	loaddll64.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll"
Imagebase:	0x7ff772b80000
File size:	139776 bytes
MD5 hash:	C676FC0263EDD17D4CE7D644B8F3FCD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6088, Parent PID: 6100

General

Target ID:	1
Start time:	11:48:42
Start date:	16/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 4804, Parent PID: 6100

General

Target ID:	2
Start time:	11:48:42
Start date:	16/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1
Imagebase:	0x7ff7cb270000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 5220, Parent PID: 6100

General

Target ID:	3
Start time:	11:48:43
Start date:	16/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	regsvr32.exe /s C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll
Imagebase:	0x7ff68a690000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.257855329.0000000000960000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 4688, Parent PID: 4804

General

Target ID:	4
Start time:	11:48:43
Start date:	16/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1
Imagebase:	0x7ff6ffa10000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.250855705.000001D676C81000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.250572025.000001D676B30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 4720, Parent PID: 6100

General

Target ID:	5
Start time:	11:48:43
Start date:	16/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,ACeujVZMknFDjv
Imagebase:	0x7ff6ffa10000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.251110585.000001FB00141000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.250957440.000001FB00100000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 2608, Parent PID: 6100

General

Target ID:	6
Start time:	11:48:46
Start date:	16/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,AHuDGMflBfPryOEYjuTfbzJdEM
Imagebase:	0x7ff6ffa10000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.255048362.000001CC2A6A1000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.254840159.000001CC28BE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 1392, Parent PID: 5220

General

Target ID:	7
Start time:	11:48:48
Start date:	16/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IUvcffQnjRFArsrM\JZgYREHBQT.dll"
Imagebase:	0x7ff68a690000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.769739205.0000000002E41000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.769387929.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 5292, Parent PID: 6100

General

Target ID:	8
Start time:	11:48:49
Start date:	16/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,ATjQPkInxPUGuUu
Imagebase:	0x7ff6ffa10000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 3952, Parent PID: 3452

General

Target ID:	16
Start time:	11:49:50
Start date:	16/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\IUvcffQnjRFArsrM\JZgYREHBQT.dll
Imagebase:	0x7ff68a690000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.407582886.0000000000970000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.408383126.0000000000B41000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 2220, Parent PID: 3952

General

Target ID:	17
Start time:	11:49:58
Start date:	16/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\ZamKJmwegN\JeCOx.dll"
Imagebase:	0x7ff68a690000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: regsvr32.exePID: 5220, Parent PID: 6100COMMON

Execution Graph

Execution Coverage:	7.4%
Dynamic/Decrypted Code Coverage:	24.4%
Signature Coverage:	21.1%
Total number of Nodes:	90
Total number of Limit Nodes:	6

Executed Functions

Function 0000000180044C30 Relevance: 2216.5, APIs: 8, Strings: 1257, Instructions: 2730
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 29%

			E00000001180044C30(intOrPtr __edx, long long __rcx, void* __rdx, long long __r8, long long _a8, intOrPtr _a16, long long _a24) {
				signed int _v24;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				char _v133;
				char _v134;
				char _v135;
				char _v136;
				char _v137;
				char _v138;
				char _v139;
				char _v140;
				char _v141;
				char _v142;
				char _v143;
				char _v144;
				char _v145;
				char _v146;
				char _v147;
				char _v148;
				char _v149;
				char _v150;
				char _v151;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v157;
				char _v158;
				char _v159;
				char _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v164;
				char _v165;
				char _v166;
				char _v167;
				char _v168;
				char _v169;
				char _v170;
				char _v171;
				char _v172;
				char _v173;
				char _v174;
				char _v175;
				char _v176;
				char _v177;
				char _v178;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				char _v183;
				char _v184;
				char _v185;
				char _v186;
				char _v187;
				char _v188;
				char _v189;
				char _v190;
				char _v191;
				char _v192;
				char _v193;
				char _v194;
				char _v195;
				char _v196;
				char _v197;
				char _v198;
				char _v199;
				char _v200;
				char _v201;
				char _v202;
				char _v203;
				char _v204;
				char _v205;
				char _v206;
				char _v207;
				char _v208;
				char _v209;
				char _v210;
				char _v211;
				char _v212;
				char _v213;
				char _v214;
				char _v215;
				char _v216;
				char _v217;
				char _v218;
				char _v219;
				char _v220;
				char _v221;
				char _v222;
				char _v223;
				char _v224;
				char _v225;
				char _v226;
				char _v227;
				char _v228;
				char _v229;
				char _v230;
				char _v231;
				char _v232;
				char _v233;
				char _v234;
				char _v235;
				char _v236;
				char _v237;
				char _v238;
				char _v239;
				char _v240;
				char _v241;
				char _v242;
				char _v243;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				char _v254;
				char _v255;
				char _v256;
				char _v257;
				char _v258;
				char _v259;
				char _v260;
				char _v261;
				char _v262;
				char _v263;
				char _v264;
				char _v265;
				char _v266;
				char _v267;
				char _v268;
				char _v269;
				char _v270;
				char _v271;
				char _v272;
				char _v273;
				char _v274;
				char _v275;
				char _v276;
				char _v277;
				char _v278;
				char _v279;
				char _v280;
				char _v281;
				char _v282;
				char _v283;
				char _v284;
				char _v285;
				char _v286;
				char _v287;
				char _v288;
				char _v289;
				char _v290;
				char _v291;
				char _v292;
				char _v293;
				char _v294;
				char _v295;
				char _v296;
				char _v297;
				char _v298;
				char _v299;
				char _v300;
				char _v301;
				char _v302;
				char _v303;
				char _v304;
				char _v305;
				char _v306;
				char _v307;
				char _v308;
				char _v309;
				char _v310;
				char _v311;
				char _v312;
				char _v313;
				char _v314;
				char _v315;
				char _v316;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				char _v329;
				char _v330;
				char _v331;
				char _v332;
				char _v333;
				char _v334;
				char _v335;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				char _v362;
				char _v363;
				char _v364;
				char _v365;
				char _v366;
				char _v367;
				char _v368;
				char _v369;
				char _v370;
				char _v371;
				char _v372;
				char _v373;
				char _v374;
				char _v375;
				char _v376;
				char _v377;
				char _v378;
				char _v379;
				char _v380;
				char _v381;
				char _v382;
				char _v383;
				char _v384;
				char _v385;
				char _v386;
				char _v387;
				char _v388;
				char _v389;
				char _v390;
				char _v391;
				char _v392;
				char _v393;
				char _v394;
				char _v395;
				char _v396;
				char _v397;
				char _v398;
				char _v399;
				char _v400;
				char _v401;
				char _v402;
				char _v403;
				char _v404;
				char _v405;
				char _v406;
				char _v407;
				char _v408;
				char _v409;
				char _v410;
				char _v411;
				char _v412;
				char _v413;
				char _v414;
				char _v415;
				char _v416;
				char _v417;
				char _v418;
				char _v419;
				char _v420;
				char _v421;
				char _v422;
				char _v423;
				char _v424;
				char _v425;
				char _v426;
				char _v427;
				char _v428;
				char _v429;
				char _v430;
				char _v431;
				char _v432;
				char _v433;
				char _v434;
				char _v435;
				char _v436;
				char _v437;
				char _v438;
				char _v439;
				char _v440;
				char _v441;
				char _v442;
				char _v443;
				char _v444;
				char _v445;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v451;
				char _v452;
				char _v453;
				char _v454;
				char _v455;
				char _v456;
				char _v457;
				char _v458;
				char _v459;
				char _v460;
				char _v461;
				char _v462;
				char _v463;
				char _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v473;
				char _v474;
				char _v475;
				char _v476;
				char _v477;
				char _v478;
				char _v479;
				char _v480;
				char _v481;
				char _v482;
				char _v483;
				char _v484;
				char _v485;
				char _v486;
				char _v487;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v492;
				char _v493;
				char _v494;
				char _v495;
				char _v496;
				char _v497;
				char _v498;
				char _v499;
				char _v500;
				char _v501;
				char _v502;
				char _v503;
				char _v504;
				char _v505;
				char _v506;
				char _v507;
				char _v508;
				char _v509;
				char _v510;
				char _v511;
				char _v512;
				char _v513;
				char _v514;
				char _v515;
				char _v516;
				char _v517;
				char _v518;
				char _v519;
				char _v520;
				char _v521;
				char _v522;
				char _v523;
				char _v524;
				char _v525;
				char _v526;
				char _v527;
				char _v528;
				char _v529;
				char _v530;
				char _v531;
				char _v532;
				char _v533;
				char _v534;
				char _v535;
				char _v536;
				char _v537;
				char _v538;
				char _v539;
				char _v540;
				char _v541;
				char _v542;
				char _v543;
				char _v544;
				char _v545;
				char _v546;
				char _v547;
				char _v548;
				char _v549;
				char _v550;
				char _v551;
				char _v552;
				char _v553;
				char _v554;
				char _v555;
				char _v556;
				char _v557;
				char _v558;
				char _v559;
				char _v560;
				char _v561;
				char _v562;
				char _v563;
				char _v564;
				char _v565;
				char _v566;
				char _v567;
				char _v568;
				char _v569;
				char _v570;
				char _v571;
				char _v572;
				char _v573;
				char _v574;
				char _v575;
				char _v576;
				char _v577;
				char _v578;
				char _v579;
				char _v580;
				char _v581;
				char _v582;
				char _v583;
				char _v584;
				char _v585;
				char _v586;
				char _v587;
				char _v588;
				char _v589;
				char _v590;
				char _v591;
				char _v592;
				char _v593;
				char _v594;
				char _v595;
				char _v596;
				char _v597;
				char _v598;
				char _v599;
				char _v600;
				char _v601;
				char _v602;
				char _v603;
				char _v604;
				char _v605;
				char _v606;
				char _v607;
				char _v608;
				char _v609;
				char _v610;
				char _v611;
				char _v612;
				char _v613;
				char _v614;
				char _v615;
				char _v616;
				char _v617;
				char _v618;
				char _v619;
				char _v620;
				char _v621;
				char _v622;
				char _v623;
				char _v624;
				char _v625;
				char _v626;
				char _v627;
				char _v628;
				char _v629;
				char _v630;
				char _v631;
				char _v632;
				char _v633;
				char _v634;
				char _v635;
				char _v636;
				char _v637;
				char _v638;
				char _v639;
				char _v640;
				char _v641;
				char _v642;
				char _v643;
				char _v644;
				char _v645;
				char _v646;
				char _v647;
				char _v648;
				char _v649;
				char _v650;
				char _v651;
				char _v652;
				char _v653;
				char _v654;
				char _v655;
				char _v656;
				char _v657;
				char _v658;
				char _v659;
				char _v660;
				char _v661;
				char _v662;
				char _v663;
				char _v664;
				char _v665;
				char _v666;
				char _v667;
				char _v668;
				char _v669;
				char _v670;
				char _v671;
				char _v672;
				char _v673;
				char _v674;
				char _v675;
				char _v676;
				char _v677;
				char _v678;
				char _v679;
				char _v680;
				char _v681;
				char _v682;
				char _v683;
				char _v684;
				char _v685;
				char _v686;
				char _v687;
				char _v688;
				char _v689;
				char _v690;
				char _v691;
				char _v692;
				char _v693;
				char _v694;
				char _v695;
				char _v696;
				char _v697;
				char _v698;
				char _v699;
				char _v700;
				char _v701;
				char _v702;
				char _v703;
				char _v704;
				char _v705;
				char _v706;
				char _v707;
				char _v708;
				char _v709;
				char _v710;
				char _v711;
				char _v712;
				char _v713;
				char _v714;
				char _v715;
				char _v716;
				char _v717;
				char _v718;
				char _v719;
				char _v720;
				char _v721;
				char _v722;
				char _v723;
				char _v724;
				char _v725;
				char _v726;
				char _v727;
				char _v728;
				char _v729;
				char _v730;
				char _v731;
				char _v732;
				char _v733;
				char _v734;
				char _v735;
				char _v736;
				char _v737;
				char _v738;
				char _v739;
				char _v740;
				char _v741;
				char _v742;
				char _v743;
				char _v744;
				char _v745;
				char _v746;
				char _v747;
				char _v748;
				char _v749;
				char _v750;
				char _v751;
				char _v752;
				char _v753;
				char _v754;
				char _v755;
				char _v756;
				char _v757;
				char _v758;
				char _v759;
				char _v760;
				char _v761;
				char _v762;
				char _v763;
				char _v764;
				char _v765;
				char _v766;
				char _v767;
				char _v768;
				char _v769;
				char _v770;
				char _v771;
				char _v772;
				char _v773;
				char _v774;
				char _v775;
				char _v776;
				char _v777;
				char _v778;
				char _v779;
				char _v780;
				char _v781;
				char _v782;
				char _v783;
				char _v784;
				char _v785;
				char _v786;
				char _v787;
				char _v788;
				char _v789;
				char _v790;
				char _v791;
				char _v792;
				char _v793;
				char _v794;
				char _v795;
				char _v796;
				char _v797;
				char _v798;
				char _v799;
				char _v800;
				char _v801;
				char _v802;
				char _v803;
				char _v804;
				char _v805;
				char _v806;
				char _v807;
				char _v808;
				char _v809;
				char _v810;
				char _v811;
				char _v812;
				char _v813;
				char _v814;
				char _v815;
				char _v816;
				char _v817;
				char _v818;
				char _v819;
				char _v820;
				char _v821;
				char _v822;
				char _v823;
				char _v824;
				char _v825;
				char _v826;
				char _v827;
				char _v828;
				char _v829;
				char _v830;
				char _v831;
				char _v832;
				char _v833;
				char _v834;
				char _v835;
				char _v836;
				char _v837;
				char _v838;
				char _v839;
				char _v840;
				char _v841;
				char _v842;
				char _v843;
				char _v844;
				char _v845;
				char _v846;
				char _v847;
				char _v848;
				char _v849;
				char _v850;
				char _v851;
				char _v852;
				char _v853;
				char _v854;
				char _v855;
				char _v856;
				char _v857;
				char _v858;
				char _v859;
				char _v860;
				char _v861;
				char _v862;
				char _v863;
				char _v864;
				char _v865;
				char _v866;
				char _v867;
				char _v868;
				char _v869;
				char _v870;
				char _v871;
				char _v872;
				char _v873;
				char _v874;
				char _v875;
				char _v876;
				char _v877;
				char _v878;
				char _v879;
				char _v880;
				char _v881;
				char _v882;
				char _v883;
				char _v884;
				char _v885;
				char _v886;
				char _v887;
				char _v888;
				char _v889;
				char _v890;
				char _v891;
				char _v892;
				char _v893;
				char _v894;
				char _v895;
				char _v896;
				char _v897;
				char _v898;
				char _v899;
				char _v900;
				char _v901;
				char _v902;
				char _v903;
				char _v904;
				char _v905;
				char _v906;
				char _v907;
				char _v908;
				char _v909;
				char _v910;
				char _v911;
				char _v912;
				char _v913;
				char _v914;
				char _v915;
				char _v916;
				char _v917;
				char _v918;
				char _v919;
				char _v920;
				char _v921;
				char _v922;
				char _v923;
				char _v924;
				char _v925;
				char _v926;
				char _v927;
				char _v928;
				char _v929;
				char _v930;
				char _v931;
				char _v932;
				char _v933;
				char _v934;
				char _v935;
				char _v936;
				char _v937;
				char _v938;
				char _v939;
				char _v940;
				char _v941;
				char _v942;
				char _v943;
				char _v944;
				char _v945;
				char _v946;
				char _v947;
				char _v948;
				char _v949;
				char _v950;
				char _v951;
				char _v952;
				char _v953;
				char _v954;
				char _v955;
				char _v956;
				char _v957;
				char _v958;
				char _v959;
				char _v960;
				char _v961;
				char _v962;
				char _v963;
				char _v964;
				char _v965;
				char _v966;
				char _v967;
				char _v968;
				char _v969;
				char _v970;
				char _v971;
				char _v972;
				char _v973;
				char _v974;
				char _v975;
				char _v976;
				char _v977;
				char _v978;
				char _v979;
				char _v980;
				char _v981;
				char _v982;
				char _v983;
				char _v984;
				char _v985;
				char _v986;
				char _v987;
				char _v988;
				char _v989;
				char _v990;
				char _v991;
				char _v992;
				char _v993;
				char _v994;
				char _v995;
				char _v996;
				char _v997;
				char _v998;
				char _v999;
				char _v1000;
				char _v1001;
				char _v1002;
				char _v1003;
				char _v1004;
				char _v1005;
				char _v1006;
				char _v1007;
				char _v1008;
				char _v1009;
				char _v1010;
				char _v1011;
				char _v1012;
				char _v1013;
				char _v1014;
				char _v1015;
				char _v1016;
				char _v1017;
				char _v1018;
				char _v1019;
				char _v1020;
				char _v1021;
				char _v1022;
				char _v1023;
				char _v1024;
				char _v1025;
				char _v1026;
				char _v1027;
				char _v1028;
				char _v1029;
				char _v1030;
				char _v1031;
				char _v1032;
				char _v1033;
				char _v1034;
				char _v1035;
				char _v1036;
				char _v1037;
				char _v1038;
				char _v1039;
				char _v1040;
				char _v1041;
				char _v1042;
				char _v1043;
				char _v1044;
				char _v1045;
				char _v1046;
				char _v1047;
				char _v1048;
				char _v1049;
				char _v1050;
				char _v1051;
				char _v1052;
				char _v1053;
				char _v1054;
				char _v1055;
				char _v1056;
				char _v1057;
				char _v1058;
				char _v1059;
				char _v1060;
				char _v1061;
				char _v1062;
				char _v1063;
				char _v1064;
				char _v1065;
				char _v1066;
				char _v1067;
				char _v1068;
				char _v1069;
				char _v1070;
				char _v1071;
				char _v1072;
				char _v1073;
				char _v1074;
				char _v1075;
				char _v1076;
				char _v1077;
				char _v1078;
				char _v1079;
				char _v1080;
				char _v1081;
				char _v1082;
				char _v1083;
				char _v1084;
				char _v1085;
				char _v1086;
				char _v1087;
				char _v1088;
				char _v1089;
				char _v1090;
				char _v1091;
				char _v1092;
				char _v1093;
				char _v1094;
				char _v1095;
				char _v1096;
				char _v1097;
				char _v1098;
				char _v1099;
				char _v1100;
				char _v1101;
				char _v1102;
				char _v1103;
				char _v1104;
				char _v1105;
				char _v1106;
				char _v1107;
				char _v1108;
				char _v1109;
				char _v1110;
				char _v1111;
				char _v1112;
				char _v1113;
				char _v1114;
				char _v1115;
				char _v1116;
				char _v1117;
				char _v1118;
				char _v1119;
				char _v1120;
				char _v1121;
				char _v1122;
				char _v1123;
				char _v1124;
				char _v1125;
				char _v1126;
				char _v1127;
				char _v1128;
				char _v1129;
				char _v1130;
				char _v1131;
				char _v1132;
				char _v1133;
				char _v1134;
				char _v1135;
				char _v1136;
				char _v1137;
				char _v1138;
				char _v1139;
				char _v1140;
				char _v1141;
				char _v1142;
				char _v1143;
				char _v1144;
				char _v1145;
				char _v1146;
				char _v1147;
				char _v1148;
				char _v1149;
				char _v1150;
				char _v1151;
				char _v1152;
				char _v1153;
				char _v1154;
				char _v1155;
				char _v1156;
				char _v1157;
				char _v1158;
				char _v1159;
				char _v1160;
				char _v1161;
				char _v1162;
				char _v1163;
				char _v1164;
				char _v1165;
				char _v1166;
				char _v1167;
				char _v1168;
				char _v1169;
				char _v1170;
				char _v1171;
				char _v1172;
				char _v1173;
				char _v1174;
				char _v1175;
				char _v1176;
				char _v1177;
				char _v1178;
				char _v1179;
				char _v1180;
				char _v1181;
				char _v1182;
				char _v1183;
				char _v1184;
				char _v1185;
				char _v1186;
				char _v1187;
				char _v1188;
				char _v1189;
				char _v1190;
				char _v1191;
				char _v1192;
				char _v1193;
				char _v1194;
				char _v1195;
				char _v1196;
				char _v1197;
				char _v1198;
				char _v1199;
				char _v1200;
				char _v1201;
				char _v1202;
				char _v1203;
				char _v1204;
				char _v1205;
				char _v1206;
				char _v1207;
				char _v1208;
				char _v1209;
				char _v1210;
				char _v1211;
				char _v1212;
				char _v1213;
				char _v1214;
				char _v1215;
				char _v1216;
				char _v1217;
				char _v1218;
				char _v1219;
				char _v1220;
				char _v1221;
				char _v1222;
				char _v1223;
				char _v1224;
				char _v1225;
				char _v1226;
				char _v1227;
				char _v1228;
				char _v1229;
				char _v1230;
				char _v1231;
				char _v1232;
				char _v1233;
				char _v1234;
				char _v1235;
				char _v1236;
				char _v1237;
				char _v1238;
				char _v1239;
				char _v1240;
				char _v1241;
				char _v1242;
				char _v1243;
				char _v1244;
				char _v1245;
				char _v1246;
				char _v1247;
				char _v1248;
				char _v1249;
				char _v1250;
				char _v1251;
				char _v1252;
				char _v1253;
				char _v1254;
				char _v1255;
				char _v1256;
				char _v1257;
				char _v1258;
				char _v1259;
				char _v1260;
				char _v1261;
				char _v1262;
				char _v1263;
				char _v1264;
				char _v1265;
				char _v1266;
				char _v1267;
				char _v1268;
				char _v1269;
				char _v1270;
				char _v1271;
				char _v1272;
				char _v1273;
				char _v1274;
				char _v1275;
				char _v1276;
				char _v1277;
				char _v1278;
				char _v1279;
				char _v1280;
				char _v1281;
				char _v1282;
				char _v1283;
				char _v1284;
				char _v1285;
				char _v1286;
				char _v1287;
				char _v1288;
				char _v1289;
				char _v1290;
				char _v1291;
				char _v1292;
				char _v1293;
				char _v1294;
				char _v1295;
				char _v1296;
				char _v1297;
				char _v1298;
				char _v1299;
				char _v1300;
				char _v1301;
				char _v1302;
				char _v1303;
				char _v1304;
				char _v1305;
				char _v1306;
				char _v1307;
				char _v1308;
				char _v1309;
				char _v1310;
				char _v1311;
				char _v1312;
				char _v1313;
				char _v1314;
				char _v1315;
				char _v1316;
				char _v1317;
				char _v1318;
				char _v1319;
				char _v1320;
				char _v1321;
				char _v1322;
				char _v1323;
				char _v1324;
				char _v1325;
				char _v1326;
				char _v1327;
				char _v1328;
				char _v1329;
				char _v1330;
				char _v1331;
				char _v1332;
				char _v1333;
				char _v1334;
				char _v1335;
				char _v1336;
				char _v1337;
				char _v1338;
				char _v1339;
				char _v1340;
				char _v1341;
				char _v1342;
				char _v1343;
				char _v1344;
				char _v1345;
				char _v1346;
				char _v1347;
				char _v1348;
				char _v1349;
				char _v1350;
				char _v1351;
				char _v1352;
				char _v1353;
				char _v1354;
				char _v1355;
				char _v1356;
				char _v1357;
				char _v1358;
				char _v1359;
				char _v1360;
				char _v1361;
				char _v1362;
				char _v1363;
				char _v1364;
				char _v1365;
				char _v1366;
				char _v1367;
				char _v1368;
				char _v1369;
				char _v1370;
				char _v1371;
				char _v1372;
				char _v1373;
				char _v1374;
				char _v1375;
				char _v1376;
				char _v1377;
				char _v1378;
				char _v1379;
				char _v1380;
				char _v1381;
				char _v1382;
				char _v1383;
				char _v1384;
				char _v1385;
				char _v1386;
				char _v1387;
				char _v1388;
				char _v1389;
				char _v1390;
				char _v1391;
				char _v1392;
				char _v1393;
				char _v1394;
				char _v1395;
				char _v1396;
				char _v1397;
				char _v1398;
				char _v1399;
				char _v1400;
				char _v1401;
				char _v1402;
				char _v1403;
				char _v1404;
				char _v1405;
				char _v1406;
				char _v1407;
				char _v1408;
				char _v1409;
				char _v1410;
				char _v1411;
				char _v1412;
				char _v1413;
				char _v1414;
				char _v1415;
				char _v1416;
				char _v1417;
				char _v1418;
				char _v1419;
				char _v1420;
				char _v1421;
				char _v1422;
				char _v1423;
				char _v1424;
				char _v1425;
				char _v1426;
				char _v1427;
				char _v1428;
				char _v1429;
				char _v1430;
				char _v1431;
				char _v1432;
				char _v1433;
				char _v1434;
				char _v1435;
				char _v1436;
				char _v1437;
				char _v1438;
				char _v1439;
				char _v1440;
				char _v1441;
				char _v1442;
				char _v1443;
				char _v1444;
				char _v1445;
				char _v1446;
				char _v1447;
				char _v1448;
				char _v1449;
				char _v1450;
				char _v1451;
				char _v1452;
				char _v1453;
				char _v1454;
				char _v1455;
				char _v1456;
				char _v1457;
				char _v1458;
				char _v1459;
				char _v1460;
				char _v1461;
				char _v1462;
				char _v1463;
				char _v1464;
				char _v1465;
				char _v1466;
				char _v1467;
				char _v1468;
				char _v1469;
				char _v1470;
				char _v1471;
				char _v1472;
				char _v1473;
				char _v1474;
				char _v1475;
				char _v1476;
				char _v1477;
				char _v1478;
				char _v1479;
				char _v1480;
				char _v1481;
				char _v1482;
				char _v1483;
				char _v1484;
				char _v1485;
				char _v1486;
				char _v1487;
				char _v1488;
				char _v1489;
				char _v1490;
				char _v1491;
				char _v1492;
				char _v1493;
				char _v1494;
				char _v1495;
				char _v1496;
				char _v1497;
				char _v1498;
				char _v1499;
				char _v1500;
				char _v1501;
				char _v1502;
				char _v1503;
				char _v1504;
				char _v1505;
				char _v1506;
				char _v1507;
				char _v1508;
				char _v1509;
				char _v1510;
				char _v1511;
				char _v1512;
				char _v1513;
				char _v1514;
				char _v1515;
				char _v1516;
				char _v1517;
				char _v1518;
				char _v1519;
				char _v1520;
				char _v1521;
				char _v1522;
				char _v1523;
				char _v1524;
				char _v1525;
				char _v1526;
				char _v1527;
				char _v1528;
				char _v1529;
				char _v1530;
				char _v1531;
				char _v1532;
				char _v1533;
				char _v1534;
				char _v1535;
				char _v1536;
				char _v1537;
				char _v1538;
				char _v1539;
				char _v1540;
				char _v1541;
				char _v1542;
				char _v1543;
				char _v1544;
				char _v1545;
				char _v1546;
				char _v1547;
				char _v1548;
				char _v1549;
				char _v1550;
				char _v1551;
				char _v1552;
				char _v1553;
				char _v1554;
				char _v1555;
				char _v1556;
				char _v1557;
				char _v1558;
				char _v1559;
				char _v1560;
				char _v1561;
				char _v1562;
				char _v1563;
				char _v1564;
				char _v1565;
				char _v1566;
				char _v1567;
				char _v1568;
				char _v1569;
				char _v1570;
				char _v1571;
				char _v1572;
				char _v1573;
				char _v1574;
				char _v1575;
				char _v1576;
				char _v1577;
				char _v1578;
				char _v1579;
				char _v1580;
				char _v1581;
				char _v1582;
				char _v1583;
				char _v1584;
				char _v1585;
				char _v1586;
				char _v1587;
				char _v1588;
				char _v1589;
				char _v1590;
				char _v1591;
				char _v1592;
				char _v1593;
				char _v1594;
				char _v1595;
				char _v1596;
				char _v1597;
				char _v1598;
				char _v1599;
				char _v1600;
				char _v1601;
				char _v1602;
				char _v1603;
				char _v1604;
				char _v1605;
				char _v1606;
				char _v1607;
				char _v1608;
				char _v1609;
				char _v1610;
				char _v1611;
				char _v1612;
				char _v1613;
				char _v1614;
				char _v1615;
				char _v1616;
				char _v1617;
				char _v1618;
				char _v1619;
				char _v1620;
				char _v1621;
				char _v1622;
				char _v1623;
				char _v1624;
				char _v1625;
				char _v1626;
				char _v1627;
				char _v1628;
				char _v1629;
				char _v1630;
				char _v1631;
				char _v1632;
				char _v1633;
				char _v1634;
				char _v1635;
				char _v1636;
				char _v1637;
				char _v1638;
				char _v1639;
				char _v1640;
				char _v1641;
				char _v1642;
				char _v1643;
				char _v1644;
				char _v1645;
				char _v1646;
				char _v1647;
				char _v1648;
				char _v1649;
				char _v1650;
				char _v1651;
				char _v1652;
				char _v1653;
				char _v1654;
				char _v1655;
				char _v1656;
				char _v1657;
				char _v1658;
				char _v1659;
				char _v1660;
				char _v1661;
				char _v1662;
				char _v1663;
				char _v1664;
				char _v1665;
				char _v1666;
				char _v1667;
				char _v1668;
				char _v1669;
				char _v1670;
				char _v1671;
				char _v1672;
				char _v1673;
				char _v1674;
				char _v1675;
				char _v1676;
				char _v1677;
				char _v1678;
				char _v1679;
				char _v1680;
				char _v1681;
				char _v1682;
				char _v1683;
				char _v1684;
				char _v1685;
				char _v1686;
				char _v1687;
				char _v1688;
				char _v1689;
				char _v1690;
				char _v1691;
				char _v1692;
				char _v1693;
				char _v1694;
				char _v1695;
				char _v1696;
				char _v1697;
				char _v1698;
				char _v1699;
				char _v1700;
				char _v1701;
				char _v1702;
				char _v1703;
				char _v1704;
				char _v1705;
				char _v1706;
				char _v1707;
				char _v1708;
				char _v1709;
				char _v1710;
				char _v1711;
				char _v1712;
				char _v1713;
				char _v1714;
				char _v1715;
				char _v1716;
				char _v1717;
				char _v1718;
				char _v1719;
				char _v1720;
				char _v1721;
				char _v1722;
				char _v1723;
				char _v1724;
				char _v1725;
				char _v1726;
				char _v1727;
				char _v1728;
				char _v1729;
				char _v1730;
				char _v1731;
				char _v1732;
				char _v1733;
				char _v1734;
				char _v1735;
				char _v1736;
				char _v1737;
				char _v1738;
				char _v1739;
				char _v1740;
				char _v1741;
				char _v1742;
				char _v1743;
				char _v1744;
				char _v1745;
				char _v1746;
				char _v1747;
				char _v1748;
				char _v1749;
				char _v1750;
				char _v1751;
				char _v1752;
				char _v1753;
				char _v1754;
				char _v1755;
				char _v1756;
				char _v1757;
				char _v1758;
				char _v1759;
				char _v1760;
				char _v1761;
				char _v1762;
				char _v1763;
				char _v1764;
				char _v1765;
				char _v1766;
				char _v1767;
				char _v1768;
				char _v1769;
				char _v1770;
				char _v1771;
				char _v1772;
				char _v1773;
				char _v1774;
				char _v1775;
				char _v1776;
				char _v1777;
				char _v1778;
				char _v1779;
				char _v1780;
				char _v1781;
				char _v1782;
				char _v1783;
				char _v1784;
				char _v1785;
				char _v1786;
				char _v1787;
				char _v1788;
				char _v1789;
				char _v1790;
				char _v1791;
				char _v1792;
				char _v1793;
				char _v1794;
				char _v1795;
				char _v1796;
				char _v1797;
				char _v1798;
				char _v1799;
				char _v1800;
				char _v1801;
				char _v1802;
				char _v1803;
				char _v1804;
				char _v1805;
				char _v1806;
				char _v1807;
				char _v1808;
				char _v1809;
				char _v1810;
				char _v1811;
				char _v1812;
				char _v1813;
				char _v1814;
				char _v1815;
				char _v1816;
				char _v1817;
				char _v1818;
				char _v1819;
				char _v1820;
				char _v1821;
				char _v1822;
				char _v1823;
				char _v1824;
				char _v1825;
				char _v1826;
				char _v1827;
				char _v1828;
				char _v1829;
				char _v1830;
				char _v1831;
				char _v1832;
				char _v1833;
				char _v1834;
				char _v1835;
				char _v1836;
				char _v1837;
				char _v1838;
				char _v1839;
				char _v1840;
				char _v1841;
				char _v1842;
				char _v1843;
				char _v1844;
				char _v1845;
				char _v1846;
				char _v1847;
				char _v1848;
				char _v1849;
				char _v1850;
				char _v1851;
				char _v1852;
				char _v1853;
				char _v1854;
				char _v1855;
				char _v1856;
				char _v1857;
				char _v1858;
				char _v1859;
				char _v1860;
				char _v1861;
				char _v1862;
				char _v1863;
				char _v1864;
				char _v1865;
				char _v1866;
				char _v1867;
				char _v1868;
				char _v1869;
				char _v1870;
				char _v1871;
				char _v1872;
				char _v1873;
				char _v1874;
				char _v1875;
				char _v1876;
				char _v1877;
				char _v1878;
				char _v1879;
				char _v1880;
				char _v1881;
				char _v1882;
				char _v1883;
				char _v1884;
				char _v1885;
				char _v1886;
				char _v1887;
				char _v1888;
				char _v1889;
				char _v1890;
				char _v1891;
				char _v1892;
				char _v1893;
				char _v1894;
				char _v1895;
				char _v1896;
				char _v1897;
				char _v1898;
				char _v1899;
				char _v1900;
				char _v1901;
				char _v1902;
				char _v1903;
				char _v1904;
				char _v1905;
				char _v1906;
				char _v1907;
				char _v1908;
				char _v1909;
				char _v1910;
				char _v1911;
				char _v1912;
				char _v1913;
				char _v1914;
				char _v1915;
				char _v1916;
				char _v1917;
				char _v1918;
				char _v1919;
				char _v1920;
				char _v1921;
				char _v1922;
				char _v1923;
				char _v1924;
				char _v1925;
				char _v1926;
				char _v1927;
				char _v1928;
				char _v1929;
				char _v1930;
				char _v1931;
				char _v1932;
				char _v1933;
				char _v1934;
				char _v1935;
				char _v1936;
				char _v1937;
				char _v1938;
				char _v1939;
				char _v1940;
				char _v1941;
				char _v1942;
				char _v1943;
				char _v1944;
				char _v1945;
				char _v1946;
				char _v1947;
				char _v1948;
				char _v1949;
				char _v1950;
				char _v1951;
				char _v1952;
				char _v1953;
				char _v1954;
				char _v1955;
				char _v1956;
				char _v1957;
				char _v1958;
				char _v1959;
				char _v1960;
				char _v1961;
				char _v1962;
				char _v1963;
				char _v1964;
				char _v1965;
				char _v1966;
				char _v1967;
				char _v1968;
				char _v1969;
				char _v1970;
				char _v1971;
				char _v1972;
				char _v1973;
				char _v1974;
				char _v1975;
				char _v1976;
				char _v1977;
				char _v1978;
				char _v1979;
				char _v1980;
				char _v1981;
				char _v1982;
				char _v1983;
				char _v1984;
				char _v1985;
				char _v1986;
				char _v1987;
				char _v1988;
				char _v1989;
				char _v1990;
				char _v1991;
				char _v1992;
				char _v1993;
				char _v1994;
				char _v1995;
				char _v1996;
				char _v1997;
				char _v1998;
				char _v1999;
				char _v2000;
				char _v2001;
				char _v2002;
				char _v2003;
				char _v2004;
				char _v2005;
				char _v2006;
				char _v2007;
				char _v2008;
				char _v2009;
				char _v2010;
				char _v2011;
				char _v2012;
				char _v2013;
				char _v2014;
				char _v2015;
				char _v2016;
				char _v2017;
				char _v2018;
				char _v2019;
				char _v2020;
				char _v2021;
				char _v2022;
				char _v2023;
				char _v2024;
				char _v2025;
				char _v2026;
				char _v2027;
				char _v2028;
				char _v2029;
				char _v2030;
				char _v2031;
				char _v2032;
				char _v2033;
				char _v2034;
				char _v2035;
				char _v2036;
				char _v2037;
				char _v2038;
				char _v2039;
				char _v2040;
				char _v2041;
				char _v2042;
				char _v2043;
				char _v2044;
				char _v2045;
				char _v2046;
				char _v2047;
				char _v2048;
				char _v2049;
				char _v2050;
				char _v2051;
				char _v2052;
				char _v2053;
				char _v2054;
				char _v2055;
				char _v2056;
				char _v2057;
				char _v2058;
				char _v2059;
				char _v2060;
				char _v2061;
				char _v2062;
				char _v2063;
				char _v2064;
				char _v2065;
				char _v2066;
				char _v2067;
				char _v2068;
				char _v2069;
				char _v2070;
				char _v2071;
				char _v2072;
				char _v2073;
				char _v2074;
				char _v2075;
				char _v2076;
				char _v2077;
				char _v2078;
				char _v2079;
				char _v2080;
				char _v2081;
				char _v2082;
				char _v2083;
				char _v2084;
				char _v2085;
				char _v2086;
				char _v2087;
				char _v2088;
				char _v2089;
				char _v2090;
				char _v2091;
				char _v2092;
				char _v2093;
				char _v2094;
				char _v2095;
				char _v2096;
				char _v2097;
				char _v2098;
				char _v2099;
				char _v2100;
				char _v2101;
				char _v2102;
				char _v2103;
				char _v2104;
				char _v2105;
				char _v2106;
				char _v2107;
				char _v2108;
				char _v2109;
				char _v2110;
				char _v2111;
				char _v2112;
				char _v2113;
				char _v2114;
				char _v2115;
				char _v2116;
				char _v2117;
				char _v2118;
				char _v2119;
				char _v2120;
				char _v2121;
				char _v2122;
				char _v2123;
				char _v2124;
				char _v2125;
				char _v2126;
				char _v2127;
				char _v2128;
				char _v2129;
				char _v2130;
				char _v2131;
				char _v2132;
				char _v2133;
				char _v2134;
				char _v2135;
				char _v2136;
				char _v2137;
				char _v2138;
				char _v2139;
				char _v2140;
				char _v2141;
				char _v2142;
				char _v2143;
				char _v2144;
				char _v2145;
				char _v2146;
				char _v2147;
				char _v2148;
				char _v2149;
				char _v2150;
				char _v2151;
				char _v2152;
				char _v2153;
				char _v2154;
				char _v2155;
				char _v2156;
				char _v2157;
				char _v2158;
				char _v2159;
				char _v2160;
				char _v2161;
				char _v2162;
				char _v2163;
				char _v2164;
				char _v2165;
				char _v2166;
				char _v2167;
				char _v2168;
				char _v2169;
				char _v2170;
				char _v2171;
				char _v2172;
				char _v2173;
				char _v2174;
				char _v2175;
				char _v2176;
				char _v2177;
				char _v2178;
				char _v2179;
				char _v2180;
				char _v2181;
				char _v2182;
				char _v2183;
				char _v2184;
				char _v2185;
				char _v2186;
				char _v2187;
				char _v2188;
				char _v2189;
				char _v2190;
				char _v2191;
				char _v2192;
				char _v2193;
				char _v2194;
				char _v2195;
				char _v2196;
				char _v2197;
				char _v2198;
				char _v2199;
				char _v2200;
				char _v2201;
				char _v2202;
				char _v2203;
				char _v2204;
				char _v2205;
				char _v2206;
				char _v2207;
				char _v2208;
				char _v2209;
				char _v2210;
				char _v2211;
				char _v2212;
				char _v2213;
				char _v2214;
				char _v2215;
				char _v2216;
				char _v2217;
				char _v2218;
				char _v2219;
				char _v2220;
				char _v2221;
				char _v2222;
				char _v2223;
				char _v2224;
				char _v2225;
				char _v2226;
				char _v2227;
				char _v2228;
				char _v2229;
				char _v2230;
				char _v2231;
				char _v2232;
				char _v2233;
				char _v2234;
				char _v2235;
				char _v2236;
				char _v2237;
				char _v2238;
				char _v2239;
				char _v2240;
				char _v2241;
				char _v2242;
				char _v2243;
				char _v2244;
				char _v2245;
				char _v2246;
				char _v2247;
				char _v2248;
				char _v2249;
				char _v2250;
				char _v2251;
				char _v2252;
				char _v2253;
				char _v2254;
				char _v2255;
				char _v2256;
				char _v2257;
				char _v2258;
				char _v2259;
				char _v2260;
				char _v2261;
				char _v2262;
				char _v2263;
				char _v2264;
				char _v2265;
				char _v2266;
				char _v2267;
				char _v2268;
				char _v2269;
				char _v2270;
				char _v2271;
				char _v2272;
				char _v2273;
				char _v2274;
				char _v2275;
				char _v2276;
				char _v2277;
				char _v2278;
				char _v2279;
				char _v2280;
				char _v2281;
				char _v2282;
				char _v2283;
				char _v2284;
				char _v2285;
				char _v2286;
				char _v2287;
				char _v2288;
				char _v2289;
				char _v2290;
				char _v2291;
				char _v2292;
				char _v2293;
				char _v2294;
				char _v2295;
				char _v2296;
				char _v2297;
				char _v2298;
				char _v2299;
				char _v2300;
				char _v2301;
				char _v2302;
				char _v2303;
				char _v2304;
				char _v2305;
				char _v2306;
				char _v2307;
				char _v2308;
				char _v2309;
				char _v2310;
				char _v2311;
				char _v2312;
				char _v2313;
				char _v2314;
				char _v2315;
				char _v2316;
				char _v2317;
				char _v2318;
				char _v2319;
				char _v2320;
				char _v2321;
				char _v2322;
				char _v2323;
				char _v2324;
				char _v2325;
				char _v2326;
				char _v2327;
				char _v2328;
				char _v2329;
				char _v2330;
				char _v2331;
				char _v2332;
				char _v2333;
				char _v2334;
				char _v2335;
				char _v2336;
				char _v2337;
				char _v2338;
				char _v2339;
				char _v2340;
				char _v2341;
				char _v2342;
				char _v2343;
				char _v2344;
				char _v2345;
				char _v2346;
				char _v2347;
				char _v2348;
				char _v2349;
				char _v2350;
				char _v2351;
				char _v2352;
				char _v2353;
				char _v2354;
				char _v2355;
				char _v2356;
				char _v2357;
				char _v2358;
				char _v2359;
				char _v2360;
				char _v2361;
				char _v2362;
				char _v2363;
				char _v2364;
				char _v2365;
				char _v2366;
				char _v2367;
				char _v2368;
				char _v2369;
				char _v2370;
				char _v2371;
				char _v2372;
				char _v2373;
				char _v2374;
				char _v2375;
				char _v2376;
				char _v2377;
				char _v2378;
				char _v2379;
				char _v2380;
				char _v2381;
				char _v2382;
				char _v2383;
				char _v2384;
				char _v2385;
				char _v2386;
				char _v2387;
				char _v2388;
				char _v2389;
				char _v2390;
				char _v2391;
				char _v2392;
				char _v2393;
				char _v2394;
				char _v2395;
				char _v2396;
				char _v2397;
				char _v2398;
				char _v2399;
				char _v2400;
				char _v2401;
				char _v2402;
				char _v2403;
				char _v2404;
				char _v2405;
				char _v2406;
				char _v2407;
				char _v2408;
				char _v2409;
				char _v2410;
				char _v2411;
				char _v2412;
				char _v2413;
				char _v2414;
				char _v2415;
				char _v2416;
				char _v2417;
				char _v2418;
				char _v2419;
				char _v2420;
				char _v2421;
				char _v2422;
				char _v2423;
				char _v2424;
				char _v2425;
				char _v2426;
				char _v2427;
				char _v2428;
				char _v2429;
				char _v2430;
				char _v2431;
				char _v2432;
				char _v2433;
				char _v2434;
				char _v2435;
				char _v2436;
				char _v2437;
				char _v2438;
				char _v2439;
				char _v2440;
				char _v2441;
				char _v2442;
				char _v2443;
				char _v2444;
				char _v2445;
				char _v2446;
				char _v2447;
				char _v2448;
				char _v2449;
				char _v2450;
				char _v2451;
				char _v2452;
				char _v2453;
				char _v2454;
				char _v2455;
				char _v2456;
				char _v2457;
				char _v2458;
				char _v2459;
				char _v2460;
				char _v2461;
				char _v2462;
				char _v2463;
				char _v2464;
				char _v2465;
				char _v2466;
				char _v2467;
				char _v2468;
				char _v2469;
				char _v2470;
				char _v2471;
				char _v2472;
				char _v2473;
				char _v2474;
				char _v2475;
				char _v2476;
				char _v2477;
				char _v2478;
				char _v2479;
				char _v2480;
				char _v2481;
				char _v2482;
				char _v2483;
				char _v2484;
				char _v2485;
				char _v2486;
				char _v2487;
				char _v2488;
				char _v2489;
				char _v2490;
				char _v2491;
				char _v2492;
				char _v2493;
				char _v2494;
				char _v2495;
				char _v2496;
				char _v2497;
				char _v2498;
				char _v2499;
				char _v2500;
				char _v2501;
				char _v2502;
				char _v2503;
				char _v2504;
				char _v2505;
				char _v2506;
				char _v2507;
				char _v2508;
				char _v2509;
				char _v2510;
				char _v2511;
				char _v2512;
				char _v2513;
				char _v2514;
				char _v2515;
				char _v2516;
				char _v2517;
				char _v2518;
				char _v2519;
				char _v2520;
				char _v2521;
				char _v2522;
				char _v2523;
				char _v2524;
				char _v2525;
				char _v2526;
				char _v2527;
				char _v2528;
				char _v2529;
				char _v2530;
				char _v2531;
				char _v2532;
				char _v2533;
				char _v2534;
				char _v2535;
				char _v2536;
				char _v2537;
				char _v2538;
				char _v2539;
				char _v2540;
				char _v2541;
				char _v2542;
				char _v2543;
				char _v2544;
				char _v2545;
				char _v2546;
				char _v2547;
				char _v2548;
				char _v2549;
				char _v2550;
				char _v2551;
				char _v2552;
				char _v2553;
				char _v2554;
				char _v2555;
				char _v2556;
				char _v2557;
				char _v2558;
				char _v2559;
				char _v2560;
				char _v2561;
				char _v2562;
				char _v2563;
				char _v2564;
				char _v2565;
				char _v2566;
				char _v2567;
				char _v2568;
				char _v2569;
				char _v2570;
				char _v2571;
				char _v2572;
				char _v2573;
				char _v2574;
				char _v2575;
				char _v2576;
				char _v2577;
				char _v2578;
				char _v2579;
				char _v2580;
				char _v2581;
				char _v2582;
				char _v2583;
				char _v2584;
				char _v2585;
				char _v2586;
				char _v2587;
				char _v2588;
				char _v2589;
				char _v2590;
				char _v2591;
				char _v2592;
				char _v2593;
				char _v2594;
				char _v2595;
				char _v2596;
				char _v2597;
				char _v2598;
				char _v2599;
				char _v2600;
				char _v2601;
				char _v2602;
				char _v2603;
				char _v2604;
				char _v2605;
				char _v2606;
				char _v2607;
				char _v2608;
				char _v2609;
				char _v2610;
				char _v2611;
				char _v2612;
				char _v2613;
				char _v2614;
				char _v2615;
				char _v2616;
				char _v2617;
				char _v2618;
				char _v2619;
				char _v2620;
				char _v2621;
				char _v2622;
				char _v2623;
				char _v2624;
				char _v2625;
				char _v2626;
				char _v2627;
				char _v2628;
				char _v2629;
				char _v2630;
				char _v2631;
				char _v2632;
				char _v2672;
				char _v2704;
				intOrPtr _v2736;
				char _v2752;
				signed long long _v2760;
				long long _v2768;
				char _v2776;
				intOrPtr _v2784;
				signed long long _v2792;
				signed char _v2796;
				signed char _v2800;
				signed char _v2804;
				signed char _v2808;
				void* _t2657;
				void* _t2696;
				void* _t2697;
				signed long long _t2706;
				signed long long _t2707;
				long long _t2708;
				signed long long _t2737;
				void* _t2743;

				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_t2706 =  *0x80098010; // 0x6aeceb4fd839
				_t2707 = _t2706 ^ _t2737;
				_v24 = _t2707;
				_v2784 = _a16;
				if (_v2784 == 1) goto 0x80044c6e;
				goto 0x80049ff5;
				_v2796 = 0;
				_v2800 = 0;
				_v2768 = 0;
				_v2792 = 0;
				0x80015a34(); // executed
				_v2792 = _t2707;
				if (_v2792 == 0) goto 0x80044cb9;
				r8d = 0x5f5e100;
				E00000001180005C10(_a16, 0, _v2792, __rdx, __r8);
				E00000001180015698(_v2792); // executed
				_v2632 = 0x70;
				_v2631 = 0xb6;
				_v2630 = 0x1e;
				_v2629 = 0x60;
				_v2628 = 0x43;
				_v2627 = 0x62;
				_v2626 = 0xb;
				_v2625 = 0x3b;
				_v2624 = 0x3d;
				_v2623 = 0x1e;
				_v2622 = 0x6c;
				_v2621 = 0x70;
				_v2620 = 0xb;
				_v2619 = 0x74;
				_v2618 = 0x21;
				_v2617 = 0x15;
				_v2616 = 0x74;
				_v2615 = 0xd;
				_v2614 = 0xe2;
				_v2613 = 0x27;
				_v2612 = 0x7c;
				_v2611 = 0xc4;
				_v2610 = 0x6b;
				_v2609 = 0xea;
				_v2608 = 0xc4;
				_v2607 = 0x1e;
				_v2606 = 0x33;
				_v2605 = 0x32;
				_v2604 = 0x46;
				_v2603 = 0x45;
				_v2602 = 0xb;
				_v2601 = 0xdb;
				_v2600 = 0x95;
				_v2599 = 1;
				_v2598 = 0xf3;
				_v2597 = 0x5c;
				_v2596 = 0x58;
				_v2595 = 8;
				_v2594 = 0x6a;
				_v2593 = 0x17;
				_v2592 = 0xb3;
				_v2591 = 0xc0;
				_v2590 = 0x12;
				_v2589 = 0xbc;
				_v2588 = 0x12;
				_v2587 = 0xb4;
				_v2586 = 0x9a;
				_v2585 = 0x56;
				_v2584 = 0xf3;
				_v2583 = 0xf4;
				_v2582 = 0xe5;
				_v2581 = 0x20;
				_v2580 = 0xaa;
				_v2579 = 0xe;
				_v2578 = 0x98;
				_v2577 = 0xa;
				_v2576 = 0xbb;
				_v2575 = 0x57;
				_v2574 = 0xb6;
				_v2573 = 0x45;
				_v2572 = 0xb5;
				_v2571 = 0x73;
				_v2570 = 0x76;
				_v2569 = 0x21;
				_v2568 = 7;
				_v2567 = 0xbe;
				_v2566 = 0x3d;
				_v2565 = 0x95;
				_v2564 = 0x2e;
				_v2563 = 0xd7;
				_v2562 = 0x75;
				_v2561 = 0x9d;
				_v2560 = 0x1a;
				_v2559 = 0xbd;
				_v2558 = 0x3a;
				_v2557 = 0xc6;
				_v2556 = 0x6f;
				_v2555 = 0xcc;
				_v2554 = 0xa;
				_v2553 = 0xa3;
				_v2552 = 0x14;
				_v2551 = 0xe5;
				_v2550 = 0x46;
				_v2549 = 0xbb;
				_v2548 = 0x64;
				_v2547 = 0xcf;
				_v2546 = 0x57;
				_v2545 = 0x3a;
				_v2544 = 2;
				_v2543 = 0x89;
				_v2542 = 0x5d;
				_v2541 = 0x2b;
				_v2540 = 0x16;
				_v2539 = 0xcd;
				_v2538 = 0x2f;
				_v2537 = 0x13;
				_v2536 = 0x7c;
				_v2535 = 0xaa;
				_v2534 = 0x2f;
				_v2533 = 0xe3;
				_v2532 = 0x4a;
				_v2531 = 0x31;
				_v2530 = 0x30;
				_v2529 = 0x35;
				_v2528 = 0xb0;
				_v2527 = 0x11;
				_v2526 = 0xe3;
				_v2525 = 0x20;
				_v2524 = 0x6f;
				_v2523 = 0x27;
				_v2522 = 0x58;
				_v2521 = 0xab;
				_v2520 = 0x66;
				_v2519 = 0xaf;
				_v2518 = 0x1b;
				_v2517 = 0x46;
				_v2516 = 0;
				_v2515 = 0x32;
				_v2514 = 0x81;
				_v2513 = 0x45;
				_v2512 = 0xf0;
				_v2511 = 0x11;
				_v2510 = 0x52;
				_v2509 = 0x20;
				_v2508 = 0x4b;
				_v2507 = 0xf0;
				_v2506 = 0x1d;
				_v2505 = 0xa1;
				_v2504 = 6;
				_v2503 = 0x5f;
				_v2502 = 0x54;
				_v2501 = 0x31;
				_v2500 = 0x99;
				_v2499 = 0xb0;
				_v2498 = 0xcf;
				_v2497 = 0x54;
				_v2496 = 0x23;
				_v2495 = 0x45;
				_v2494 = 0x3c;
				_v2493 = 0x27;
				_v2492 = 0x3d;
				_v2491 = 9;
				_v2490 = 0xe5;
				_v2489 = 0xee;
				_v2488 = 0x94;
				_v2487 = 0x46;
				_v2486 = 0x32;
				_v2485 = 0x32;
				_v2484 = 0x36;
				_v2483 = 0xc7;
				_v2482 = 0x7c;
				_v2481 = 0x1b;
				_v2480 = 0x1a;
				_v2479 = 8;
				_v2478 = 0x24;
				_v2477 = 0x56;
				_v2476 = 0x3c;
				_v2475 = 0xaa;
				_v2474 = 0x2e;
				_v2473 = 0x7b;
				_v2472 = 0x74;
				_v2471 = 0x7d;
				_v2470 = 0x37;
				_v2469 = 0x57;
				_v2468 = 5;
				_v2467 = 0x93;
				_v2466 = 0x67;
				_v2465 = 0x61;
				_v2464 = 0x3f;
				_v2463 = 0x2a;
				_v2462 = 0x2a;
				_v2461 = 0x15;
				_v2460 = 0x62;
				_v2459 = 0xac;
				_v2458 = 0x6c;
				_v2457 = 0x62;
				_v2456 = 0xa;
				_v2455 = 0x64;
				_v2454 = 0x2f;
				_v2453 = 0x72;
				_v2452 = 0x4c;
				_v2451 = 0xf8;
				_v2450 = 0x16;
				_v2449 = 0x60;
				_v2448 = 0x77;
				_v2447 = 0x42;
				_v2446 = 0x39;
				_v2445 = 1;
				_v2444 = 0x2b;
				_v2443 = 0x98;
				_v2442 = 0x7c;
				_v2441 = 0x15;
				_v2440 = 0x1e;
				_v2439 = 0x59;
				_v2438 = 0x1b;
				_v2437 = 0x3b;
				_v2436 = 0x40;
				_v2435 = 0x82;
				_v2434 = 0x2b;
				_v2433 = 0x6f;
				_v2432 = 0;
				_v2431 = 0x3a;
				_v2430 = 0x4a;
				_v2429 = 0x19;
				_v2428 = 0x5c;
				_v2427 = 0x81;
				_v2426 = 0x76;
				_v2425 = 0x16;
				_v2424 = 0x1a;
				_v2423 = 0x75;
				_v2422 = 0x59;
				_v2421 = 0x53;
				_v2420 = 2;
				_v2419 = 0x83;
				_v2418 = 0xf;
				_v2417 = 0x13;
				_v2416 = 0x38;
				_v2415 = 0x1f;
				_v2414 = 5;
				_v2413 = 0x2b;
				_v2412 = 0x5d;
				_v2411 = 0x57;
				_v2410 = 0x99;
				_v2409 = 0x71;
				_v2408 = 0x53;
				_v2407 = 0x30;
				_v2406 = 0x40;
				_v2405 = 0x31;
				_v2404 = 0xa8;
				_v2403 = 0xe;
				_v2402 = 0xc0;
				_v2401 = 0x2a;
				_v2400 = 0x4f;
				_v2399 = 0x1e;
				_v2398 = 0x5b;
				_v2397 = 0x81;
				_v2396 = 0x77;
				_v2395 = 0xae;
				_v2394 = 0x2e;
				_v2393 = 0x49;
				_v2392 = 0x56;
				_v2391 = 0x4c;
				_v2390 = 0x95;
				_v2389 = 1;
				_v2388 = 0xeb;
				_v2387 = 0x43;
				_v2386 = 0x2a;
				_v2385 = 0x18;
				_v2384 = 9;
				_v2383 = 0x98;
				_v2382 = 0x7d;
				_v2381 = 0x95;
				_v2380 = 0x2a;
				_v2379 = 0x5c;
				_v2378 = 0x18;
				_v2377 = 0x3a;
				_v2376 = 0xe4;
				_v2375 = 0;
				_v2374 = 0xc7;
				_v2373 = 8;
				_v2372 = 0x39;
				_v2371 = 0xf;
				_v2370 = 0x4b;
				_v2369 = 0xac;
				_v2368 = 0x6c;
				_v2367 = 0x62;
				_v2366 = 0x5a;
				_v2365 = 0x75;
				_v2364 = 0x23;
				_v2363 = 0x74;
				_v2362 = 0x76;
				_v2361 = 0xf8;
				_v2360 = 0x16;
				_v2359 = 0x60;
				_v2358 = 0x27;
				_v2357 = 0x56;
				_v2356 = 0x2c;
				_v2355 = 4;
				_v2354 = 0x1c;
				_v2353 = 0x98;
				_v2352 = 0x7c;
				_v2351 = 0x15;
				_v2350 = 0x2e;
				_v2349 = 0x50;
				_v2348 = 0x24;
				_v2347 = 0x2d;
				_v2346 = 0x50;
				_v2345 = 0x82;
				_v2344 = 0x2b;
				_v2343 = 0x6f;
				_v2342 = 0x2c;
				_v2341 = 0x18;
				_v2340 = 0x46;
				_v2339 = 6;
				_v2338 = 0x61;
				_v2337 = 0x20;
				_v2336 = 0xf5;
				_v2335 = 0x76;
				_v2334 = 0x62;
				_v2333 = 0x78;
				_v2332 = 0x56;
				_v2331 = 0x59;
				_v2330 = 0x94;
				_v2329 = 0;
				_v2328 = 0x6f;
				_v2327 = 0x4d;
				_v2326 = 0x37;
				_v2325 = 0xaa;
				_v2324 = 0x2f;
				_v2323 = 0xdf;
				_v2322 = 0x6a;
				_v2321 = 0x45;
				_v2320 = 0x32;
				_v2319 = 0x74;
				_v2318 = 0xb0;
				_v2317 = 0x11;
				_v2316 = 0xa7;
				_v2315 = 0x21;
				_v2314 = 0xb;
				_v2313 = 0xd;
				_v2312 = 0x2d;
				_v2311 = 0xab;
				_v2310 = 0x66;
				_v2309 = 0xe3;
				_v2308 = 0x46;
				_v2307 = 0x25;
				_v2306 = 0x46;
				_v2305 = 0x5b;
				_v2304 = 0x81;
				_v2303 = 0x45;
				_v2302 = 0xb4;
				_v2301 = 0x50;
				_v2300 = 0x3c;
				_v2299 = 0x10;
				_v2298 = 0x2a;
				_v2297 = 0x51;
				_v2296 = 0x9f;
				_v2295 = 0x28;
				_v2294 = 0xfa;
				_v2293 = 0x3d;
				_v2292 = 0x54;
				_v2291 = 0xd9;
				_v2290 = 0x9c;
				_v2289 = 0x32;
				_v2288 = 0x77;
				_v2287 = 0x54;
				_v2286 = 0x9a;
				_v2285 = 0xf0;
				_v2284 = 0x2e;
				_v2283 = 0x92;
				_v2282 = 6;
				_v2281 = 0x24;
				_v2280 = 0xa8;
				_v2279 = 0xb3;
				_v2278 = 0xc0;
				_v2277 = 0xf3;
				_v2276 = 0x35;
				_v2275 = 0x32;
				_v2274 = 0x46;
				_v2273 = 0x4c;
				_v2272 = 0xb3;
				_v2271 = 0xd7;
				_v2270 = 0x1a;
				_v2269 = 0xcd;
				_v2268 = 0xe;
				_v2267 = 0xef;
				_v2266 = 0x10;
				_v2265 = 0xe0;
				_v2264 = 0x2f;
				_v2263 = 0xe7;
				_v2262 = 0xff;
				_v2261 = 0x74;
				_v2260 = 0x4e;
				_v2259 = 0x2d;
				_v2258 = 0x77;
				_v2257 = 0x4c;
				_v2256 = 0x23;
				_v2255 = 9;
				_v2254 = 0xe2;
				_v2253 = 7;
				_v2252 = 0x7c;
				_v2251 = 0x5c;
				_v2250 = 0x6b;
				_v2249 = 0xe2;
				_v2248 = 0x6d;
				_v2247 = 0x5e;
				_v2246 = 0x7e;
				_v2245 = 0xbf;
				_v2244 = 3;
				_v2243 = 0x10;
				_v2242 = 0xb;
				_v2241 = 0xed;
				_v2240 = 0x61;
				_v2239 = 0x8d;
				_v2238 = 0xb4;
				_v2237 = 0xe4;
				_v2236 = 0x10;
				_v2235 = 0xe6;
				_v2234 = 0x26;
				_v2233 = 0x7b;
				_v2232 = 8;
				_v2231 = 0x79;
				_v2230 = 0xd3;
				_v2229 = 0x71;
				_v2228 = 0x53;
				_v2227 = 0x6c;
				_v2226 = 0x66;
				_v2225 = 0x76;
				_v2224 = 0xaf;
				_v2223 = 3;
				_v2222 = 0xd1;
				_v2221 = 0x28;
				_v2220 = 7;
				_v2219 = 0x43;
				_v2218 = 0x64;
				_v2217 = 0xcb;
				_v2216 = 0x7f;
				_v2215 = 0x82;
				_v2214 = 0x81;
				_v2213 = 0x44;
				_v2212 = 0x1c;
				_v2211 = 0x1f;
				_v2210 = 0x5e;
				_v2209 = 0x44;
				_v2208 = 0x47;
				_v2207 = 0x37;
				_v2206 = 0x10;
				_v2205 = 0xe0;
				_v2204 = 0x3e;
				_v2203 = 0x7b;
				_v2202 = 0x18;
				_v2201 = 0x70;
				_v2200 = 0xa1;
				_v2199 = 0xe0;
				_v2198 = 0x3f;
				_v2197 = 0xdf;
				_v2196 = 0x6f;
				_v2195 = 0x61;
				_v2194 = 0x5f;
				_v2193 = 3;
				_v2192 = 0xd5;
				_v2191 = 0x28;
				_v2190 = 7;
				_v2189 = 0x33;
				_v2188 = 0x6d;
				_v2187 = 0x75;
				_v2186 = 0xf2;
				_v2185 = 0x7a;
				_v2184 = 0xcf;
				_v2183 = 0x44;
				_v2182 = 0x1c;
				_v2181 = 0x17;
				_v2180 = 0x1e;
				_v2179 = 0xc9;
				_v2178 = 6;
				_v2177 = 0xdf;
				_v2176 = 0x9f;
				_v2175 = 0x29;
				_v2174 = 0x4e;
				_v2173 = 0x7f;
				_v2172 = 0x36;
				_v2171 = 0x31;
				_v2170 = 0x50;
				_v2169 = 0x35;
				_v2168 = 0x3f;
				_v2167 = 0xd9;
				_v2166 = 0x77;
				_v2165 = 0x61;
				_v2164 = 0x4f;
				_v2163 = 0xa;
				_v2162 = 0xa7;
				_v2161 = 0xb9;
				_v2160 = 0x6b;
				_v2159 = 0xe6;
				_v2158 = 0x6d;
				_v2157 = 0xde;
				_v2156 = 0xf5;
				_v2155 = 0x76;
				_v2154 = 0x62;
				_v2153 = 0x20;
				_v2152 = 0x2d;
				_v2151 = 0x3f;
				_v2150 = 0x47;
				_v2149 = 0x44;
				_v2148 = 3;
				_v2147 = 0xbc;
				_v2146 = 0x14;
				_v2145 = 0x49;
				_v2144 = 0x5a;
				_v2143 = 0x13;
				_v2142 = 0xb5;
				_v2141 = 0x7c;
				_v2140 = 0xae;
				_v2139 = 0x70;
				_v2138 = 0x44;
				_v2137 = 0x94;
				_v2136 = 0x6b;
				_v2135 = 0xcc;
				_v2134 = 0x2b;
				_v2133 = 0x6f;
				_v2132 = 0x70;
				_v2131 = 0x24;
				_v2130 = 0xae;
				_v2129 = 0x3f;
				_v2128 = 0xc;
				_v2127 = 0x66;
				_v2126 = 0x73;
				_v2125 = 0xcd;
				_v2124 = 0x93;
				_v2123 = 0x48;
				_v2122 = 0xb3;
				_v2121 = 0x73;
				_v2120 = 0x76;
				_v2119 = 0x74;
				_v2118 = 3;
				_v2117 = 0xba;
				_v2116 = 0x1c;
				_v2115 = 0x49;
				_v2114 = 2;
				_v2113 = 0x1a;
				_v2112 = 0xb;
				_v2111 = 0xf1;
				_v2110 = 0x16;
				_v2109 = 0xbc;
				_v2108 = 0x33;
				_v2107 = 0x70;
				_v2106 = 0xb;
				_v2105 = 9;
				_v2104 = 0xe2;
				_v2103 = 6;
				_v2102 = 0xa0;
				_v2101 = 0xab;
				_v2100 = 0x67;
				_v2099 = 0x4f;
				_v2098 = 8;
				_v2097 = 0x55;
				_v2096 = 0x32;
				_v2095 = 0x21;
				_v2094 = 0x46;
				_v2093 = 0x48;
				_v2092 = 0xb5;
				_v2091 = 0x6b;
				_v2090 = 0x76;
				_v2089 = 0x64;
				_v2088 = 0xa;
				_v2087 = 0xc8;
				_v2086 = 0x8d;
				_v2085 = 0x25;
				_v2084 = 0xe1;
				_v2083 = 0x13;
				_v2082 = 0x1c;
				_v2081 = 1;
				_v2080 = 0x16;
				_v2079 = 0xb8;
				_v2078 = 0xf2;
				_v2077 = 0xec;
				_v2076 = 0x23;
				_v2075 = 0x45;
				_v2074 = 0x6f;
				_v2073 = 0xe;
				_v2072 = 0x6b;
				_v2071 = 0xac;
				_v2070 = 0x6b;
				_v2069 = 0xe2;
				_v2068 = 0x6c;
				_v2067 = 0x62;
				_v2066 = 0x1a;
				_v2065 = 0x7e;
				_v2064 = 0xcb;
				_v2063 = 0x4d;
				_v2062 = 0xe8;
				_v2061 = 0xf8;
				_v2060 = 0x16;
				_v2059 = 0x60;
				_v2058 = 0x6b;
				_v2057 = 0x32;
				_v2056 = 0x58;
				_v2055 = 0x68;
				_v2054 = 0x6a;
				_v2053 = 0x17;
				_v2052 = 0xb5;
				_v2051 = 0x65;
				_v2050 = 0x7a;
				_v2049 = 0x15;
				_v2048 = 0x36;
				_v2047 = 0xab;
				_v2046 = 0xf6;
				_v2045 = 0xd;
				_v2044 = 0xe4;
				_v2043 = 7;
				_v2042 = 0x7c;
				_v2041 = 0x5c;
				_v2040 = 0x6b;
				_v2039 = 0xe6;
				_v2038 = 0x6d;
				_v2037 = 0xc6;
				_v2036 = 0x77;
				_v2035 = 1;
				_v2034 = 0x86;
				_v2033 = 0x48;
				_v2032 = 0xb1;
				_v2031 = 0x7b;
				_v2030 = 0x76;
				_v2029 = 0x6c;
				_v2028 = 7;
				_v2027 = 0xba;
				_v2026 = 0x15;
				_v2025 = 0x65;
				_v2024 = 0xad;
				_v2023 = 0x1b;
				_v2022 = 0x1c;
				_v2021 = 0x11;
				_v2020 = 0x4d;
				_v2019 = 0x35;
				_v2018 = 0x64;
				_v2017 = 0x54;
				_v2016 = 0x6b;
				_v2015 = 0xc8;
				_v2014 = 0x3b;
				_v2013 = 0x6f;
				_v2012 = 0x78;
				_v2011 = 0x2d;
				_v2010 = 0xdc;
				_v2009 = 0xbe;
				_v2008 = 0x60;
				_v2007 = 0xcd;
				_v2006 = 0x7e;
				_v2005 = 0x16;
				_v2004 = 0x76;
				_v2003 = 0x48;
				_v2002 = 0xb5;
				_v2001 = 0x7b;
				_v2000 = 0x76;
				_v1999 = 0xc;
				_v1998 = 0xe;
				_v1997 = 4;
				_v1996 = 0x98;
				_v1995 = 0x25;
				_v1994 = 0xe3;
				_v1993 = 0x1b;
				_v1992 = 0x1c;
				_v1991 = 0x19;
				_v1990 = 0x12;
				_v1989 = 0xb8;
				_v1988 = 0x3a;
				_v1987 = 0xb4;
				_v1986 = 0xe4;
				_v1985 = 1;
				_v1984 = 0x4b;
				_v1983 = 0x6b;
				_v1982 = 0x54;
				_v1981 = 0x6c;
				_v1980 = 0x2f;
				_v1979 = 0x6b;
				_v1978 = 0x60;
				_v1977 = 0xcb;
				_v1976 = 0x66;
				_v1975 = 0x16;
				_v1974 = 0x66;
				_v1973 = 0x41;
				_v1972 = 0xc7;
				_v1971 = 0xea;
				_v1970 = 0x1e;
				_v1969 = 0x7d;
				_v1968 = 0x2e;
				_v1967 = 0x87;
				_v1966 = 0x57;
				_v1965 = 0xe9;
				_v1964 = 0xf;
				_v1963 = 0x59;
				_v1962 = 0x38;
				_v1961 = 0x31;
				_v1960 = 0x12;
				_v1959 = 0xc;
				_v1958 = 0x12;
				_v1957 = 0xbc;
				_v1956 = 0x2c;
				_v1955 = 0xc1;
				_v1954 = 0x34;
				_v1953 = 0x4d;
				_v1952 = 0x58;
				_v1951 = 0x6c;
				_v1950 = 0x6f;
				_v1949 = 0x52;
				_v1948 = 0x4d;
				_v1947 = 0x96;
				_v1946 = 0x3d;
				_v1945 = 0xb6;
				_v1944 = 0x17;
				_v1943 = 6;
				_v1942 = 0x38;
				_v1941 = 0x3f;
				_v1940 = 0x1e;
				_v1939 = 0x7d;
				_v1938 = 0x2e;
				_v1937 = 0xc7;
				_v1936 = 0x57;
				_v1935 = 0xe9;
				_v1934 = 0x2d;
				_v1933 = 0x59;
				_v1932 = 0x38;
				_v1931 = 0x31;
				_v1930 = 0x12;
				_v1929 = 0xbe;
				_v1928 = 0x3a;
				_v1927 = 0xac;
				_v1926 = 0x6e;
				_v1925 = 0xc0;
				_v1924 = 0xa6;
				_v1923 = 0x44;
				_v1922 = 0xdc;
				_v1921 = 0x56;
				_v1920 = 0x25;
				_v1919 = 0x6b;
				_v1918 = 0x28;
				_v1917 = 0xe;
				_v1916 = 0xb9;
				_v1915 = 0x74;
				_v1914 = 0x56;
				_v1913 = 0x48;
				_v1912 = 0x5b;
				_v1911 = 0x47;
				_v1910 = 0x6e;
				_v1909 = 0xc;
				_v1908 = 0x48;
				_v1907 = 0xcf;
				_v1906 = 0xd9;
				_v1905 = 0x52;
				_v1904 = 0x3a;
				_v1903 = 0x1a;
				_v1902 = 0x38;
				_v1901 = 0x31;
				_v1900 = 0x51;
				_v1899 = 0xb0;
				_v1898 = 0x54;
				_v1897 = 0x52;
				_v1896 = 0x23;
				_v1895 = 0x45;
				_v1894 = 0xd7;
				_v1893 = 0x2f;
				_v1892 = 0xde;
				_v1891 = 0x6c;
				_v1890 = 0x23;
				_v1889 = 0xd;
				_v1888 = 0x11;
				_v1887 = 1;
				_v1886 = 0x36;
				_v1885 = 0x3d;
				_v1884 = 0xc3;
				_v1883 = 0x14;
				_v1882 = 0x3e;
				_v1881 = 0x3f;
				_v1880 = 0x52;
				_v1879 = 0xcf;
				_v1878 = 0x1c;
				_v1877 = 0xf;
				_v1876 = 0x1d;
				_v1875 = 0xe0;
				_v1874 = 0x16;
				_v1873 = 0x7b;
				_v1872 = 0x39;
				_v1871 = 0x70;
				_v1870 = 0xda;
				_v1869 = 0xe2;
				_v1868 = 0x78;
				_v1867 = 0xd1;
				_v1866 = 0x20;
				_v1865 = 0x43;
				_v1864 = 0x6f;
				_v1863 = 0x4b;
				_v1862 = 0x57;
				_v1861 = 0xdb;
				_v1860 = 0x6c;
				_v1859 = 0x7f;
				_v1858 = 0x69;
				_v1857 = 0xcd;
				_v1856 = 0xee;
				_v1855 = 0x7a;
				_v1854 = 0xc5;
				_v1853 = 0xc1;
				_v1852 = 0x1c;
				_v1851 = 0x59;
				_v1850 = 0x16;
				_v1849 = 0x7f;
				_v1848 = 0x2c;
				_v1847 = 0x31;
				_v1846 = 0x2b;
				_v1845 = 0x46;
				_v1844 = 0x2e;
				_v1843 = 0x50;
				_v1842 = 0x8f;
				_v1841 = 0x66;
				_v1840 = 0x58;
				_v1839 = 0x7d;
				_v1838 = 0x74;
				_v1837 = 0x9b;
				_v1836 = 0xa8;
				_v1835 = 4;
				_v1834 = 0x6b;
				_v1833 = 0xf;
				_v1832 = 0xd3;
				_v1831 = 0x6d;
				_v1830 = 0xa6;
				_v1829 = 0xab;
				_v1828 = 0x5d;
				_v1827 = 0x40;
				_v1826 = 0x70;
				_v1825 = 0xbf;
				_v1824 = 0x42;
				_v1823 = 2;
				_v1822 = 0xd3;
				_v1821 = 0x3c;
				_v1820 = 0x13;
				_v1819 = 0x47;
				_v1818 = 0x8b;
				_v1817 = 0xc;
				_v1816 = 0x9b;
				_v1815 = 0x62;
				_v1814 = 0x2c;
				_v1813 = 0x9c;
				_v1812 = 0x70;
				_v1811 = 0xb2;
				_v1810 = 0x9f;
				_v1809 = 0x1d;
				_v1808 = 0xfc;
				_v1807 = 0x8c;
				_v1806 = 0x6e;
				_v1805 = 0x6e;
				_v1804 = 0xb8;
				_v1803 = 0x3e;
				_v1802 = 0x85;
				_v1801 = 0x24;
				_v1800 = 0xae;
				_v1799 = 0x26;
				_v1798 = 8;
				_v1797 = 7;
				_v1796 = 0xcd;
				_v1795 = 0xe3;
				_v1794 = 0xcd;
				_v1793 = 0x55;
				_v1792 = 0x1c;
				_v1791 = 0x7b;
				_v1790 = 0xd9;
				_v1789 = 0x86;
				_v1788 = 0xf;
				_v1787 = 0xba;
				_v1786 = 0x2a;
				_v1785 = 0x92;
				_v1784 = 0x9d;
				_v1783 = 0x85;
				_v1782 = 0x7c;
				_v1781 = 0x32;
				_v1780 = 0x29;
				_v1779 = 0x65;
				_v1778 = 0x3e;
				_v1777 = 0xd9;
				_v1776 = 0x6b;
				_v1775 = 0xba;
				_v1774 = 0xe4;
				_v1773 = 0x89;
				_v1772 = 0x14;
				_v1771 = 0x4f;
				_v1770 = 0xd3;
				_v1769 = 0xe0;
				_v1768 = 0xeb;
				_v1767 = 0xe;
				_v1766 = 0x31;
				_v1765 = 0xfa;
				_v1764 = 0xf;
				_v1763 = 0x8d;
				_v1762 = 0x78;
				_v1761 = 0xc0;
				_v1760 = 0x1a;
				_v1759 = 0xb3;
				_v1758 = 0x9b;
				_v1757 = 0x7f;
				_v1756 = 0x7b;
				_v1755 = 0xa5;
				_v1754 = 0x26;
				_v1753 = 0x64;
				_v1752 = 0xc9;
				_v1751 = 0x3e;
				_v1750 = 0xdb;
				_v1749 = 0xbb;
				_v1748 = 0x72;
				_v1747 = 0x54;
				_v1746 = 0x23;
				_v1745 = 0xd;
				_v1744 = 0xe4;
				_v1743 = 4;
				_v1742 = 0x68;
				_v1741 = 0x2d;
				_v1740 = 0x9a;
				_v1739 = 0x6f;
				_v1738 = 0x28;
				_v1737 = 0x46;
				_v1736 = 0x32;
				_v1735 = 0x73;
				_v1734 = 0xfe;
				_v1733 = 0;
				_v1732 = 8;
				_v1731 = 0x3f;
				_v1730 = 0x52;
				_v1729 = 0xd;
				_v1728 = 0xc0;
				_v1727 = 0xe1;
				_v1726 = 0xa7;
				_v1725 = 0x38;
				_v1724 = 0xda;
				_v1723 = 0x17;
				_v1722 = 0xb3;
				_v1721 = 0xe9;
				_v1720 = 0x16;
				_v1719 = 0xb0;
				_v1718 = 0xb7;
				_v1717 = 0x21;
				_v1716 = 0x36;
				_v1715 = 1;
				_v1714 = 0xe2;
				_v1713 = 3;
				_v1712 = 0x5c;
				_v1711 = 0x2d;
				_v1710 = 0x9b;
				_v1709 = 0x6b;
				_v1708 = 0x18;
				_v1707 = 0x46;
				_v1706 = 0x32;
				_v1705 = 0x7b;
				_v1704 = 0xcd;
				_v1703 = 0xd6;
				_v1702 = 0xb;
				_v1701 = 0xf6;
				_v1700 = 0xad;
				_v1699 = 0x11;
				_v1698 = 0xfb;
				_v1697 = 0x7f;
				_v1696 = 0xd3;
				_v1695 = 0xb5;
				_v1694 = 0x2e;
				_v1693 = 0xdb;
				_v1692 = 0x46;
				_v1691 = 0x39;
				_v1690 = 0x2a;
				_v1689 = 0x19;
				_v1688 = 0x3f;
				_v1687 = 0xdf;
				_v1686 = 0x65;
				_v1685 = 0x55;
				_v1684 = 0xe4;
				_v1683 = 3;
				_v1682 = 0x64;
				_v1681 = 0xe5;
				_v1680 = 0x68;
				_v1679 = 0x57;
				_v1678 = 0x60;
				_v1677 = 0xcd;
				_v1676 = 0x74;
				_v1675 = 0x22;
				_v1674 = 2;
				_v1673 = 0x8b;
				_v1672 = 0x78;
				_v1671 = 3;
				_v1670 = 0xb9;
				_v1669 = 0x54;
				_v1668 = 3;
				_v1667 = 0xbc;
				_v1666 = 0x1e;
				_v1665 = 0x7d;
				_v1664 = 0x2b;
				_v1663 = 0xd4;
				_v1662 = 0xe8;
				_v1661 = 0x74;
				_v1660 = 0x5d;
				_v1659 = 0xf2;
				_v1658 = 0xfd;
				_v1657 = 0x58;
				_v1656 = 0x21;
				_v1655 = 0xcd;
				_v1654 = 0x63;
				_v1653 = 0x51;
				_v1652 = 0x1c;
				_v1651 = 0x57;
				_v1650 = 0x64;
				_v1649 = 0x3f;
				_v1648 = 0x5a;
				_v1647 = 0xac;
				_v1646 = 0xd9;
				_v1645 = 0x2d;
				_v1644 = 3;
				_v1643 = 0x8b;
				_v1642 = 0xfc;
				_v1641 = 0x7b;
				_v1640 = 0x6b;
				_v1639 = 0x23;
				_v1638 = 0x1f;
				_v1637 = 0x41;
				_v1636 = 0x4e;
				_v1635 = 0x25;
				_v1634 = 0xe1;
				_v1633 = 0x19;
				_v1632 = 0x28;
				_v1631 = 0x70;
				_v1630 = 0xd5;
				_v1629 = 0xe5;
				_v1628 = 0x32;
				_v1627 = 0x57;
				_v1626 = 0xe4;
				_v1625 = 0xcf;
				_v1624 = 0x63;
				_v1623 = 0x49;
				_v1622 = 0xd0;
				_v1621 = 0x60;
				_v1620 = 0x39;
				_v1619 = 0x2f;
				_v1618 = 0x13;
				_v1617 = 1;
				_v1616 = 0x66;
				_v1615 = 0x40;
				_v1614 = 0xac;
				_v1613 = 0x48;
				_v1612 = 0x5b;
				_v1611 = 0x44;
				_v1610 = 0x6e;
				_v1609 = 1;
				_v1608 = 0xc0;
				_v1607 = 0xeb;
				_v1606 = 0x10;
				_v1605 = 0x6e;
				_v1604 = 0x91;
				_v1603 = 0x17;
				_v1602 = 0xb1;
				_v1601 = 0x4c;
				_v1600 = 0x5e;
				_v1599 = 0x71;
				_v1598 = 0x78;
				_v1597 = 0xe3;
				_v1596 = 0x6c;
				_v1595 = 0x51;
				_v1594 = 0x26;
				_v1593 = 0xc8;
				_v1592 = 0x99;
				_v1591 = 0x44;
				_v1590 = 0x45;
				_v1589 = 0x2f;
				_v1588 = 0x13;
				_v1587 = 0x21;
				_v1586 = 0x34;
				_v1585 = 0x41;
				_v1584 = 0x79;
				_v1583 = 0x4c;
				_v1582 = 0x3b;
				_v1581 = 0xf0;
				_v1580 = 0x17;
				_v1579 = 0xcf;
				_v1578 = 0x9f;
				_v1577 = 0x72;
				_v1576 = 0x61;
				_v1575 = 0x4c;
				_v1574 = 0x1c;
				_v1573 = 0x7b;
				_v1572 = 0x7d;
				_v1571 = 0xba;
				_v1570 = 0x1f;
				_v1569 = 0x31;
				_v1568 = 0x3f;
				_v1567 = 0xdf;
				_v1566 = 0x65;
				_v1565 = 0x55;
				_v1564 = 0x2e;
				_v1563 = 0xc0;
				_v1562 = 0x11;
				_v1561 = 0x90;
				_v1560 = 0x62;
				_v1559 = 0xe0;
				_v1558 = 0xfa;
				_v1557 = 3;
				_v1556 = 0x31;
				_v1555 = 0xe5;
				_v1554 = 0xa;
				_v1553 = 3;
				_v1552 = 0xfa;
				_v1551 = 0x77;
				_v1550 = 0x51;
				_v1549 = 0x8e;
				_v1548 = 0xa;
				_v1547 = 0xbd;
				_v1546 = 0x5c;
				_v1545 = 0x6d;
				_v1544 = 0xe2;
				_v1543 = 0x5b;
				_v1542 = 0x21;
				_v1541 = 0x74;
				_v1540 = 0x65;
				_v1539 = 0x24;
				_v1538 = 5;
				_v1537 = 0x88;
				_v1536 = 0x2c;
				_v1535 = 0xf2;
				_v1534 = 0x28;
				_v1533 = 0x4d;
				_v1532 = 0x1d;
				_v1531 = 0x6f;
				_v1530 = 0xfc;
				_v1529 = 0x22;
				_v1528 = 0xab;
				_v1527 = 0x87;
				_v1526 = 0x1a;
				_v1525 = 0x76;
				_v1524 = 0x7d;
				_v1523 = 0xd8;
				_v1522 = 0x4a;
				_v1521 = 0xfb;
				_v1520 = 0x1e;
				_v1519 = 0xcf;
				_v1518 = 0xb8;
				_v1517 = 0x76;
				_v1516 = 0xe0;
				_v1515 = 0x6f;
				_v1514 = 0x6a;
				_v1513 = 0x5f;
				_v1512 = 0x38;
				_v1511 = 0x7d;
				_v1510 = 0x75;
				_v1509 = 0x42;
				_v1508 = 0x47;
				_v1507 = 0x5b;
				_v1506 = 0xa7;
				_v1505 = 0x89;
				_v1504 = 0x6f;
				_v1503 = 0x4b;
				_v1502 = 0x58;
				_v1501 = 0x28;
				_v1500 = 0x1a;
				_v1499 = 0xcc;
				_v1498 = 0x9c;
				_v1497 = 0x46;
				_v1496 = 0x32;
				_v1495 = 0x32;
				_v1494 = 0x49;
				_v1493 = 0x84;
				_v1492 = 0x87;
				_v1491 = 0x3f;
				_v1490 = 0x52;
				_v1489 = 0x44;
				_v1488 = 0xf;
				_v1487 = 0xbc;
				_v1486 = 0xd7;
				_v1485 = 0xdd;
				_v1484 = 0x6a;
				_v1483 = 0x5f;
				_v1482 = 0x38;
				_v1481 = 0x7d;
				_v1480 = 0x5d;
				_v1479 = 0xfe;
				_v1478 = 0x32;
				_v1477 = 0x6d;
				_v1476 = 2;
				_v1475 = 0x4a;
				_v1474 = 0xeb;
				_v1473 = 0xe7;
				_v1472 = 0x58;
				_v1471 = 0x6c;
				_v1470 = 0x23;
				_v1469 = 0x26;
				_v1468 = 0xa5;
				_v1467 = 0x17;
				_v1466 = 0x3a;
				_v1465 = 0xdb;
				_v1464 = 0xc1;
				_v1463 = 0;
				_v1462 = 0x38;
				_v1461 = 0x3f;
				_v1460 = 0x17;
				_v1459 = 0x4b;
				_v1458 = 0xfc;
				_v1457 = 0x2d;
				_v1456 = 0x19;
				_v1455 = 0x62;
				_v1454 = 0xdd;
				_v1453 = 0x94;
				_v1452 = 0x79;
				_v1451 = 0x3e;
				_v1450 = 0xe9;
				_v1449 = 0xf6;
				_v1448 = 0x11;
				_v1447 = 0x95;
				_v1446 = 0xca;
				_v1445 = 0x49;
				_v1444 = 9;
				_v1443 = 0xc8;
				_v1442 = 0xa1;
				_v1441 = 0x66;
				_v1440 = 0x56;
				_v1439 = 0x4e;
				_v1438 = 0x6d;
				_v1437 = 0xcd;
				_v1436 = 0x33;
				_v1435 = 0x73;
				_v1434 = 0xc7;
				_v1433 = 0xe3;
				_v1432 = 0xc7;
				_v1431 = 0x30;
				_v1430 = 0x52;
				_v1429 = 0x44;
				_v1428 = 0;
				_v1427 = 0xba;
				_v1426 = 0x5c;
				_v1425 = 0x75;
				_v1424 = 0x22;
				_v1423 = 0xd4;
				_v1422 = 0x2c;
				_v1421 = 0x29;
				_v1420 = 0x15;
				_v1419 = 0xb8;
				_v1418 = 0x73;
				_v1417 = 0x4c;
				_v1416 = 0x6a;
				_v1415 = 0x46;
				_v1414 = 0xb9;
				_v1413 = 0xa;
				_v1412 = 0xe0;
				_v1411 = 0x6e;
				_v1410 = 0x23;
				_v1409 = 0x6b;
				_v1408 = 0x28;
				_v1407 = 0xe;
				_v1406 = 0xbb;
				_v1405 = 0x26;
				_v1404 = 0x5e;
				_v1403 = 0xeb;
				_v1402 = 0x71;
				_v1401 = 0x59;
				_v1400 = 0xd1;
				_v1399 = 0xbd;
				_v1398 = 0x48;
				_v1397 = 0x42;
				_v1396 = 0x56;
				_v1395 = 0x48;
				_v1394 = 0x95;
				_v1393 = 0x50;
				_v1392 = 0x38;
				_v1391 = 0x31;
				_v1390 = 0x16;
				_v1389 = 0xb8;
				_v1388 = 0x7b;
				_v1387 = 0x57;
				_v1386 = 0x62;
				_v1385 = 0xce;
				_v1384 = 0xa9;
				_v1383 = 0xa0;
				_v1382 = 0x76;
				_v1381 = 0xa;
				_v1380 = 0x62;
				_v1379 = 0x50;
				_v1378 = 0xe7;
				_v1377 = 0x33;
				_v1376 = 0x27;
				_v1375 = 0x17;
				_v1374 = 0xb9;
				_v1373 = 0xf;
				_v1372 = 0x38;
				_v1371 = 0x3f;
				_v1370 = 0x1a;
				_v1369 = 0xc9;
				_v1368 = 0x47;
				_v1367 = 0x34;
				_v1366 = 0x11;
				_v1365 = 0xe6;
				_v1364 = 0xac;
				_v1363 = 0x17;
				_v1362 = 0xf9;
				_v1361 = 0xd9;
				_v1360 = 0x4e;
				_v1359 = 0x3a;
				_v1358 = 0xc0;
				_v1357 = 0x94;
				_v1356 = 0xc8;
				_v1355 = 0x56;
				_v1354 = 9;
				_v1353 = 0xa;
				_v1352 = 0x63;
				_v1351 = 0xa4;
				_v1350 = 0x56;
				_v1349 = 0x7f;
				_v1348 = 0xd;
				_v1347 = 0xb9;
				_v1346 = 0x3d;
				_v1345 = 0x32;
				_v1344 = 0x46;
				_v1343 = 0x48;
				_v1342 = 0xb5;
				_v1341 = 0x33;
				_v1340 = 0x51;
				_v1339 = 5;
				_v1338 = 0x44;
				_v1337 = 0x80;
				_v1336 = 0x9e;
				_v1335 = 0x2c;
				_v1334 = 0xe1;
				_v1333 = 0x4e;
				_v1332 = 0x70;
				_v1331 = 0x30;
				_v1330 = 0x5a;
				_v1329 = 0x3f;
				_v1328 = 0x3a;
				_v1327 = 0x57;
				_v1326 = 0xf3;
				_v1325 = 4;
				_v1324 = 0xe4;
				_v1323 = 0xa;
				_v1322 = 0x5c;
				_v1321 = 0x25;
				_v1320 = 0x20;
				_v1319 = 0xaa;
				_v1318 = 0x64;
				_v1317 = 0x7d;
				_v1316 = 0xe2;
				_v1315 = 0x3d;
				_v1314 = 0xc3;
				_v1313 = 0x69;
				_v1312 = 0xc7;
				_v1311 = 0xc0;
				_v1310 = 0xad;
				_v1309 = 9;
				_v1308 = 0xc0;
				_v1307 = 0xfd;
				_v1306 = 0x1d;
				_v1305 = 0x54;
				_v1304 = 0x48;
				_v1303 = 0x50;
				_v1302 = 0xbd;
				_v1301 = 0x65;
				_v1300 = 0xa1;
				_v1299 = 0xca;
				_v1298 = 0x88;
				_v1297 = 0x10;
				_v1296 = 0xa8;
				_v1295 = 0x1b;
				_v1294 = 0x7f;
				_v1293 = 0xf;
				_v1292 = 0x61;
				_v1291 = 0xcb;
				_v1290 = 0xb7;
				_v1289 = 0x6b;
				_v1288 = 0x28;
				_v1287 = 0x46;
				_v1286 = 0x3d;
				_v1285 = 0xb6;
				_v1284 = 0xd8;
				_v1283 = 1;
				_v1282 = 0x38;
				_v1281 = 0x3f;
				_v1280 = 0xd9;
				_v1279 = 0xcb;
				_v1278 = 0xdb;
				_v1277 = 0x37;
				_v1276 = 0x58;
				_v1275 = 0x6d;
				_v1274 = 0x2f;
				_v1273 = 0xd4;
				_v1272 = 0xd4;
				_v1271 = 0x7d;
				_v1270 = 0xd3;
				_v1269 = 0x31;
				_v1268 = 0x6e;
				_v1267 = 0x1d;
				_v1266 = 0xae;
				_v1265 = 5;
				_v1264 = 0x63;
				_v1263 = 0xa0;
				_v1262 = 0x5f;
				_v1261 = 0x29;
				_v1260 = 0x20;
				_v1259 = 0x84;
				_v1258 = 0x60;
				_v1257 = 0xcb;
				_v1256 = 0x72;
				_v1255 = 0x26;
				_v1254 = 2;
				_v1253 = 0x39;
				_v1252 = 0x18;
				_v1251 = 0x4a;
				_v1250 = 0xa6;
				_v1249 = 0xb2;
				_v1248 = 0xd;
				_v1247 = 0x3f;
				_v1246 = 0x5c;
				_v1245 = 0xe6;
				_v1244 = 0xab;
				_v1243 = 0x1b;
				_v1242 = 0xb1;
				_v1241 = 0x94;
				_v1240 = 0xee;
				_v1239 = 0x35;
				_v1238 = 0x77;
				_v1237 = 0x54;
				_v1236 = 0x2c;
				_v1235 = 0xc1;
				_v1234 = 0xfc;
				_v1233 = 0x4b;
				_v1232 = 0x58;
				_v1231 = 0x6c;
				_v1230 = 0x66;
				_v1229 = 0x50;
				_v1228 = 0xc7;
				_v1227 = 0x49;
				_v1226 = 0xb4;
				_v1225 = 0xb8;
				_v1224 = 0x46;
				_v1223 = 0;
				_v1222 = 0x38;
				_v1221 = 0xb4;
				_v1220 = 0x14;
				_v1219 = 0x4c;
				_v1218 = 0xe;
				_v1217 = 0xba;
				_v1216 = 0x2d;
				_v1215 = 0x92;
				_v1214 = 0xab;
				_v1213 = 0xb7;
				_v1212 = 0x28;
				_v1211 = 0x74;
				_v1210 = 0xd5;
				_v1209 = 0xe1;
				_v1208 = 0xfe;
				_v1207 = 0xd1;
				_v1206 = 0x93;
				_v1205 = 0x45;
				_v1204 = 0x6f;
				_v1203 = 0x4b;
				_v1202 = 0xd3;
				_v1201 = 0xad;
				_v1200 = 0x66;
				_v1199 = 0xee;
				_v1198 = 0xde;
				_v1197 = 0x32;
				_v1196 = 0x42;
				_v1195 = 0x7f;
				_v1194 = 0xcd;
				_v1193 = 0xc8;
				_v1192 = 0x79;
				_v1191 = 0x30;
				_v1190 = 0x42;
				_v1189 = 0x45;
				_v1188 = 0x78;
				_v1187 = 0xe5;
				_v1186 = 0x19;
				_v1185 = 0xe6;
				_v1184 = 0xa7;
				_v1183 = 0x1e;
				_v1182 = 0x13;
				_v1181 = 0xfb;
				_v1180 = 0x1b;
				_v1179 = 0x5c;
				_v1178 = 0xac;
				_v1177 = 0xa9;
				_v1176 = 0x60;
				_v1175 = 0x46;
				_v1174 = 0x6f;
				_v1173 = 0xf3;
				_v1172 = 0xa7;
				_v1171 = 0x13;
				_v1170 = 0x23;
				_v1169 = 0x6b;
				_v1168 = 0xdf;
				_v1167 = 0xb7;
				_v1166 = 1;
				_v1165 = 0xe0;
				_v1164 = 7;
				_v1163 = 0x81;
				_v1162 = 0xfb;
				_v1161 = 0xfc;
				_v1160 = 0xcc;
				_v1159 = 0x62;
				_v1158 = 0x4b;
				_v1157 = 0x76;
				_v1156 = 0xd5;
				_v1155 = 0x61;
				_v1154 = 0x6d;
				_v1153 = 0x1e;
				_v1152 = 0xb3;
				_v1151 = 0xf2;
				_v1150 = 0x9f;
				_v1149 = 0xdd;
				_v1148 = 0x67;
				_v1147 = 0x71;
				_v1146 = 0xdc;
				_v1145 = 0x3a;
				_v1144 = 0x6f;
				_v1143 = 0x4b;
				_v1142 = 0xaf;
				_v1141 = 0x9d;
				_v1140 = 0x62;
				_v1139 = 0x68;
				_v1138 = 0xea;
				_v1137 = 3;
				_v1136 = 0x31;
				_v1135 = 0xe5;
				_v1134 = 0xe;
				_v1133 = 0x8d;
				_v1132 = 0x34;
				_v1131 = 0xbf;
				_v1130 = 0x13;
				_v1129 = 0xcf;
				_v1128 = 0x1f;
				_v1127 = 0xbf;
				_v1126 = 0x48;
				_v1125 = 0x2c;
				_v1124 = 0x65;
				_v1123 = 0x4f;
				_v1122 = 0x34;
				_v1121 = 0xb9;
				_v1120 = 0x1f;
				_v1119 = 0x3a;
				_v1118 = 0x66;
				_v1117 = 0x50;
				_v1116 = 0xab;
				_v1115 = 4;
				_v1114 = 0xe4;
				_v1113 = 0xa;
				_v1112 = 0x48;
				_v1111 = 0x2d;
				_v1110 = 0xaa;
				_v1109 = 0x2f;
				_v1108 = 0xa0;
				_v1107 = 0x56;
				_v1106 = 0x73;
				_v1105 = 0x3d;
				_v1104 = 0x57;
				_v1103 = 9;
				_v1102 = 0x79;
				_v1101 = 0xb6;
				_v1100 = 3;
				_v1099 = 0x54;
				_v1098 = 6;
				_v1097 = 0xba;
				_v1096 = 0x11;
				_v1095 = 0x79;
				_v1094 = 0x2f;
				_v1093 = 0x64;
				_v1092 = 0xee;
				_v1091 = 0x43;
				_v1090 = 0xc7;
				_v1089 = 0xbe;
				_v1088 = 0xf0;
				_v1087 = 0xc4;
				_v1086 = 0x23;
				_v1085 = 0x45;
				_v1084 = 0x6f;
				_v1083 = 0xf;
				_v1082 = 0xd3;
				_v1081 = 0x9c;
				_v1080 = 0x6f;
				_v1079 = 0x68;
				_v1078 = 0xdb;
				_v1077 = 7;
				_v1076 = 0xb9;
				_v1075 = 0x74;
				_v1074 = 0x4a;
				_v1073 = 0x85;
				_v1072 = 0xf8;
				_v1071 = 0x30;
				_v1070 = 0xd6;
				_v1069 = 0x87;
				_v1068 = 0x4b;
				_v1067 = 0x37;
				_v1066 = 0x58;
				_v1065 = 0xe6;
				_v1064 = 0xd7;
				_v1063 = 0xef;
				_v1062 = 0x38;
				_v1061 = 0x31;
				_v1060 = 0x5e;
				_v1059 = 0xbe;
				_v1058 = 0xbf;
				_v1057 = 0x1c;
				_v1056 = 0x20;
				_v1055 = 0x8e;
				_v1054 = 0x90;
				_v1053 = 0x1e;
				_v1052 = 0xb8;
				_v1051 = 0x24;
				_v1050 = 0xaa;
				_v1049 = 0x2f;
				_v1048 = 0xc;
				_v1047 = 0x76;
				_v1046 = 0x7e;
				_v1045 = 0xb9;
				_v1044 = 0x96;
				_v1043 = 0x45;
				_v1042 = 0xb3;
				_v1041 = 1;
				_v1040 = 0x17;
				_v1039 = 0xcf;
				_v1038 = 0x2d;
				_v1037 = 0x27;
				_v1036 = 0x14;
				_v1035 = 0x6e;
				_v1034 = 0x91;
				_v1033 = 0x13;
				_v1032 = 0x3b;
				_v1031 = 0xd2;
				_v1030 = 0x17;
				_v1029 = 0xbe;
				_v1028 = 0x78;
				_v1027 = 0x1c;
				_v1026 = 0xa6;
				_v1025 = 0x8c;
				_v1024 = 0x1b;
				_v1023 = 0x23;
				_v1022 = 0x10;
				_v1021 = 0xe7;
				_v1020 = 0x5e;
				_v1019 = 0xb3;
				_v1018 = 0x60;
				_v1017 = 0xc3;
				_v1016 = 0xfb;
				_v1015 = 0x4b;
				_v1014 = 0x4e;
				_v1013 = 0x45;
				_v1012 = 0x37;
				_v1011 = 0x88;
				_v1010 = 0x55;
				_v1009 = 0x77;
				_v1008 = 0x99;
				_v1007 = 0xdc;
				_v1006 = 0x6a;
				_v1005 = 0x25;
				_v1004 = 0xe7;
				_v1003 = 0xc;
				_v1002 = 0x3a;
				_v1001 = 2;
				_v1000 = 0x9e;
				_v999 = 0x7d;
				_v998 = 0x74;
				_v997 = 0x85;
				_v996 = 0x1b;
				_v995 = 0x47;
				_v994 = 0x1b;
				_v993 = 0x45;
				_v992 = 0x10;
				_v991 = 0xe7;
				_v990 = 0xe9;
				_v989 = 0x23;
				_v988 = 0xd7;
				_v987 = 0x87;
				_v986 = 0x7a;
				_v985 = 0xcd;
				_v984 = 0x86;
				_v983 = 0x80;
				_v982 = 1;
				_v981 = 0x3f;
				_v980 = 0x27;
				_v979 = 0xb1;
				_v978 = 3;
				_v977 = 0xbe;
				_v976 = 0xc;
				_v975 = 0x49;
				_v974 = 0x42;
				_v973 = 0x1a;
				_v972 = 0xb;
				_v971 = 0xf1;
				_v970 = 0x16;
				_v969 = 0xb8;
				_v968 = 0x23;
				_v967 = 0x70;
				_v966 = 3;
				_v965 = 0x23;
				_v964 = 0xe6;
				_v963 = 0xf;
				_v962 = 0x7c;
				_v961 = 0x4c;
				_v960 = 0x45;
				_v959 = 0xe2;
				_v958 = 0x6c;
				_v957 = 0x62;
				_v956 = 0x10;
				_v955 = 0x7f;
				_v954 = 0xcd;
				_v953 = 0xcc;
				_v952 = 0x71;
				_v951 = 0xb4;
				_v950 = 0x98;
				_v949 = 0xbb;
				_v948 = 0x9c;
				_v947 = 0x7e;
				_v946 = 0xdb;
				_v945 = 0xaa;
				_v944 = 0x62;
				_v943 = 0x16;
				_v942 = 0xbb;
				_v941 = 0xf5;
				_v940 = 0x56;
				_v939 = 0x7c;
				_v938 = 0xfc;
				_v937 = 0x5b;
				_v936 = 0x6b;
				_v935 = 0xc0;
				_v934 = 0xa6;
				_v933 = 0x3f;
				_v932 = 0x5f;
				_v931 = 0x20;
				_v930 = 0xa8;
				_v929 = 0x3f;
				_v928 = 0xc;
				_v927 = 0x76;
				_v926 = 0xd9;
				_v925 = 0x90;
				_v924 = 0xcd;
				_v923 = 0xbd;
				_v922 = 0x88;
				_v921 = 0x3f;
				_v920 = 0x52;
				_v919 = 0x44;
				_v918 = 0xe;
				_v917 = 4;
				_v916 = 0xbc;
				_v915 = 0xe8;
				_v914 = 0x95;
				_v913 = 0x2b;
				_v912 = 0x2d;
				_v911 = 0xc7;
				_v910 = 0x18;
				_v909 = 0x3d;
				_v908 = 0x73;
				_v907 = 0x20;
				_v906 = 0x2c;
				_v905 = 4;
				_v904 = 0xec;
				_v903 = 0xb6;
				_v902 = 0x59;
				_v901 = 0x1a;
				_v900 = 0x2a;
				_v899 = 2;
				_v898 = 0xe7;
				_v897 = 0xae;
				_v896 = 0x31;
				_v895 = 0x32;
				_v894 = 0x46;
				_v893 = 0xff;
				_v892 = 0x6d;
				_v891 = 0xef;
				_v890 = 0x13;
				_v889 = 0xcf;
				_v888 = 0xd;
				_v887 = 0x17;
				_v886 = 0x11;
				_v885 = 0xee;
				_v884 = 0xac;
				_v883 = 0x4b;
				_v882 = 0xbd;
				_v881 = 0xf1;
				_v880 = 0x51;
				_v879 = 0xb0;
				_v878 = 0x30;
				_v877 = 0xab;
				_v876 = 0xdc;
				_v875 = 0xba;
				_v874 = 0x27;
				_v873 = 0xc0;
				_v872 = 0x25;
				_v871 = 0x6c;
				_v870 = 0x6f;
				_v869 = 0xe0;
				_v868 = 0x45;
				_v867 = 0x9e;
				_v866 = 0x76;
				_v865 = 0xb;
				_v864 = 0xe1;
				_v863 = 0xf4;
				_v862 = 0x38;
				_v861 = 0x3f;
				_v860 = 0x52;
				_v859 = 0x4b;
				_v858 = 0xcf;
				_v857 = 0x8e;
				_v856 = 0x58;
				_v855 = 0x6d;
				_v854 = 0x6a;
				_v853 = 0x1b;
				_v852 = 0xb3;
				_v851 = 0x96;
				_v850 = 0xae;
				_v849 = 0x35;
				_v848 = 0x77;
				_v847 = 0x54;
				_v846 = 0x6a;
				_v845 = 0xc6;
				_v844 = 0xab;
				_v843 = 0x4f;
				_v842 = 0x14;
				_v841 = 0x6f;
				_v840 = 0xc0;
				_v839 = 0x2a;
				_v838 = 0xa3;
				_v837 = 0x42;
				_v836 = 0x16;
				_v835 = 0xb7;
				_v834 = 0x86;
				_v833 = 0xf;
				_v832 = 0xbc;
				_v831 = 0xa3;
				_v830 = 0x52;
				_v829 = 0x44;
				_v828 = 0x4b;
				_v827 = 0x88;
				_v826 = 0x78;
				_v825 = 0x6d;
				_v824 = 0x6a;
				_v823 = 0x5f;
				_v822 = 0xb3;
				_v821 = 0xf9;
				_v820 = 0x16;
				_v819 = 0x36;
				_v818 = 0xbc;
				_v817 = 0xab;
				_v816 = 0x76;
				_v815 = 0xa5;
				_v814 = 0x27;
				_v813 = 0xc2;
				_v812 = 0x1c;
				_v811 = 0x48;
				_v810 = 0x13;
				_v809 = 0x23;
				_v808 = 0xa3;
				_v807 = 0x8e;
				_v806 = 0x77;
				_v805 = 0xb9;
				_v804 = 0x32;
				_v803 = 0x24;
				_v802 = 0x30;
				_v801 = 0x7a;
				_v800 = 0xd9;
				_v799 = 0x38;
				_v798 = 0x6f;
				_v797 = 0x3b;
				_v796 = 0x14;
				_v795 = 0x6e;
				_v794 = 0x99;
				_v793 = 0x13;
				_v792 = 0x3b;
				_v791 = 0xca;
				_v790 = 0x17;
				_v789 = 0xb6;
				_v788 = 0x49;
				_v787 = 0x54;
				_v786 = 0x57;
				_v785 = 0x1b;
				_v784 = 0x26;
				_v783 = 0xc0;
				_v782 = 0x4f;
				_v781 = 0x24;
				_v780 = 0xa6;
				_v779 = 0xb9;
				_v778 = 0x51;
				_v777 = 0x4e;
				_v776 = 0x76;
				_v775 = 0x3d;
				_v774 = 0xf1;
				_v773 = 0xc2;
				_v772 = 0xb;
				_v771 = 0xed;
				_v770 = 0xb9;
				_v769 = 0x77;
				_v768 = 7;
				_v767 = 0xba;
				_v766 = 0x1b;
				_v765 = 0x6f;
				_v764 = 0x59;
				_v763 = 0x9f;
				_v762 = 0x74;
				_v761 = 0x32;
				_v760 = 0x9c;
				_v759 = 0x74;
				_v758 = 0x4f;
				_v757 = 0x54;
				_v756 = 0x57;
				_v755 = 0x4b;
				_v754 = 0x26;
				_v753 = 0xc0;
				_v752 = 0x88;
				_v751 = 0x24;
				_v750 = 0xdc;
				_v749 = 0xa9;
				_v748 = 0x60;
				_v747 = 0xb9;
				_v746 = 0xf2;
				_v745 = 0xb2;
				_v744 = 0x7c;
				_v743 = 0;
				_v742 = 0x4d;
				_v741 = 0xca;
				_v740 = 0x1e;
				_v739 = 0xcd;
				_v738 = 0xf;
				_v737 = 0x13;
				_v736 = 0x70;
				_v735 = 0x25;
				_v734 = 0xe7;
				_v733 = 0xb;
				_v732 = 0x1c;
				_v731 = 0x11;
				_v730 = 0x1b;
				_v729 = 6;
				_v728 = 0xb7;
				_v727 = 0x32;
				_v726 = 0xaa;
				_v725 = 1;
				_v724 = 0x4b;
				_v723 = 0x6b;
				_v722 = 0x3e;
				_v721 = 0xe5;
				_v720 = 0x67;
				_v719 = 0x4f;
				_v718 = 0xa;
				_v717 = 0xb;
				_v716 = 0xb9;
				_v715 = 0xfc;
				_v714 = 7;
				_v713 = 0xff;
				_v712 = 0xed;
				_v711 = 0x76;
				_v710 = 0xd1;
				_v709 = 0x82;
				_v708 = 0x43;
				_v707 = 0x7e;
				_v706 = 0xdb;
				_v705 = 0xaa;
				_v704 = 0x62;
				_v703 = 0x16;
				_v702 = 0xbb;
				_v701 = 0xf;
				_v700 = 0x5e;
				_v699 = 0x41;
				_v698 = 0x70;
				_v697 = 0x1c;
				_v696 = 0xa8;
				_v695 = 9;
				_v694 = 0x4b;
				_v693 = 0x7b;
				_v692 = 0xb3;
				_v691 = 0xce;
				_v690 = 0x6f;
				_v689 = 0x68;
				_v688 = 0xcf;
				_v687 = 7;
				_v686 = 0xb9;
				_v685 = 0x36;
				_v684 = 0x62;
				_v683 = 0x85;
				_v682 = 0xf8;
				_v681 = 0x30;
				_v680 = 0xd7;
				_v679 = 0x29;
				_v678 = 0xb4;
				_v677 = 0xc8;
				_v676 = 0xa7;
				_v675 = 0x25;
				_v674 = 0xe1;
				_v673 = 0x22;
				_v672 = 0x38;
				_v671 = 0x74;
				_v670 = 0x6d;
				_v669 = 0xd1;
				_v668 = 0x33;
				_v667 = 0x5b;
				_v666 = 0x94;
				_v665 = 0x32;
				_v664 = 0x7b;
				_v663 = 0xe;
				_v662 = 0xd3;
				_v661 = 0x90;
				_v660 = 0x6a;
				_v659 = 0xe8;
				_v658 = 0xee;
				_v657 = 0x6e;
				_v656 = 0x73;
				_v655 = 0x8f;
				_v654 = 0x47;
				_v653 = 0;
				_v652 = 0x38;
				_v651 = 0x3f;
				_v650 = 0x34;
				_v649 = 0;
				_v648 = 0x70;
				_v647 = 0x50;
				_v646 = 0x5e;
				_v645 = 0x62;
				_v644 = 0xe9;
				_v643 = 0xee;
				_v642 = 0x38;
				_v641 = 0x31;
				_v640 = 0x5e;
				_v639 = 0x79;
				_v638 = 0x74;
				_v637 = 0xa3;
				_v636 = 0x62;
				_v635 = 0xc8;
				_v634 = 0x1a;
				_v633 = 0x54;
				_v632 = 0x1d;
				_v631 = 0x55;
				_v630 = 5;
				_v629 = 0x64;
				_v628 = 0xac;
				_v627 = 0xc0;
				_v626 = 0x32;
				_v625 = 0x32;
				_v624 = 0x46;
				_v623 = 0x41;
				_v622 = 0xb3;
				_v621 = 0x79;
				_v620 = 0x46;
				_v619 = 0xcf;
				_v618 = 0x83;
				_v617 = 0xb6;
				_v616 = 0xb9;
				_v615 = 0x6d;
				_v614 = 0x6a;
				_v613 = 0x5f;
				_v612 = 0x78;
				_v611 = 0x3e;
				_v610 = 0xe4;
				_v609 = 0xd5;
				_v608 = 0x6a;
				_v607 = 0x26;
				_v606 = 1;
				_v605 = 0xc0;
				_v604 = 0xa6;
				_v603 = 0x3e;
				_v602 = 0x54;
				_v601 = 0xe9;
				_v600 = 0xe3;
				_v599 = 0x2f;
				_v598 = 0xa5;
				_v597 = 7;
				_v596 = 0x3a;
				_v595 = 0x77;
				_v594 = 0x49;
				_v593 = 0x49;
				_v592 = 0xfd;
				_v591 = 0xd4;
				_v590 = 0x61;
				_v589 = 5;
				_v588 = 0xf3;
				_v587 = 0x33;
				_v586 = 0x58;
				_v585 = 0x6d;
				_v584 = 0x6a;
				_v583 = 0xda;
				_v582 = 0xf8;
				_v581 = 0x70;
				_v580 = 0xd3;
				_v579 = 0x75;
				_v578 = 0x89;
				_v577 = 0x10;
				_v576 = 0x2c;
				_v575 = 0xc;
				_v574 = 0xaf;
				_v573 = 0xa0;
				_v572 = 0x79;
				_v571 = 0xe9;
				_v570 = 0xea;
				_v569 = 0x1e;
				_v568 = 0x39;
				_v567 = 0xff;
				_v566 = 0x22;
				_v565 = 0x32;
				_v564 = 0x46;
				_v563 = 0;
				_v562 = 0xbd;
				_v561 = 0xff;
				_v560 = 0x16;
				_v559 = 0xc9;
				_v558 = 0xa;
				_v557 = 0x47;
				_v556 = 0x1c;
				_v555 = 0x62;
				_v554 = 0x23;
				_v553 = 0x9e;
				_v552 = 0xd3;
				_v551 = 0x3d;
				_v550 = 0xdb;
				_v549 = 0xf5;
				_v548 = 0x36;
				_v547 = 0xec;
				_v546 = 0x63;
				_v545 = 0x45;
				_v544 = 0x6f;
				_v543 = 0x4b;
				_v542 = 0x1c;
				_v541 = 0x63;
				_v540 = 0x6a;
				_v539 = 0xad;
				_v538 = 0x6c;
				_v537 = 0xcf;
				_v536 = 0xb7;
				_v535 = 0x9a;
				_v534 = 0x46;
				_v533 = 0;
				_v532 = 0x38;
				_v531 = 0x7e;
				_v530 = 0xa5;
				_v529 = 2;
				_v528 = 0x5f;
				_v527 = 0x37;
				_v526 = 0x58;
				_v525 = 0x6d;
				_v524 = 0x6e;
				_v523 = 0x2b;
				_v522 = 0x34;
				_v521 = 0x70;
				_v520 = 0x51;
				_v519 = 0x8f;
				_v518 = 0x9f;
				_v517 = 0x5d;
				_v516 = 0x67;
				_v515 = 0xcc;
				_v514 = 0xea;
				_v513 = 0xe3;
				_v512 = 0x58;
				_v511 = 0x6c;
				_v510 = 0x23;
				_v509 = 0x2a;
				_v508 = 0xa3;
				_v507 = 8;
				_v506 = 0xce;
				_v505 = 0x7e;
				_v504 = 0xcb;
				_v503 = 0x8d;
				_v502 = 0x90;
				_v501 = 0x3f;
				_v500 = 0x52;
				_v499 = 0x44;
				_v498 = 0xa;
				_v497 = 0xbc;
				_v496 = 0x4e;
				_v495 = 0x25;
				_v494 = 0x69;
				_v493 = 0x94;
				_v492 = 0xc7;
				_v491 = 0x64;
				_v490 = 0xb6;
				_v489 = 0x3a;
				_v488 = 0xc0;
				_v487 = 0x13;
				_v486 = 0x25;
				_v485 = 0;
				_v484 = 0x6c;
				_v483 = 0xb6;
				_v482 = 0x11;
				_v481 = 0xef;
				_v480 = 0xe5;
				_v479 = 0x43;
				_v478 = 0x6c;
				_v477 = 0x7d;
				_v476 = 0xca;
				_v475 = 0x3d;
				_v474 = 0xc4;
				_v473 = 0x5d;
				_v472 = 0xc7;
				_v471 = 0xc0;
				_v470 = 0xad;
				_v469 = 0xc;
				_v468 = 0xc0;
				_v467 = 0x82;
				_v466 = 0xf8;
				_v465 = 0x6d;
				_v464 = 0x6a;
				_v463 = 0x5f;
				_v462 = 0x7d;
				_v461 = 2;
				_v460 = 0x9e;
				_v459 = 6;
				_v458 = 0xa5;
				_v457 = 0x1c;
				_v456 = 0xa0;
				_v455 = 0x8c;
				_v454 = 0x90;
				_v453 = 0xb4;
				_v452 = 0xd;
				_v451 = 0x9c;
				_v450 = 0x67;
				_v449 = 0x52;
				_v448 = 0x8f;
				_v447 = 0x92;
				_v446 = 0x32;
				_v445 = 0x32;
				_v444 = 0x46;
				_v443 = 0x74;
				_v442 = 0x1c;
				_v441 = 0xb4;
				_v440 = 0xd5;
				_v439 = 0x94;
				_v438 = 0x4b;
				_v437 = 0x37;
				_v436 = 0x58;
				_v435 = 0x21;
				_v434 = 0xe1;
				_v433 = 0x2b;
				_v432 = 0x20;
				_v431 = 0x29;
				_v430 = 0xb5;
				_v429 = 0x3a;
				_v428 = 0x32;
				_v427 = 0x67;
				_v426 = 0xe3;
				_v425 = 4;
				_v424 = 0xe4;
				_v423 = 0x9e;
				_v422 = 0x10;
				_v421 = 0xe7;
				_v420 = 0xe8;
				_v419 = 0x94;
				_v418 = 0xf8;
				_v417 = 0xb;
				_v416 = 0xbf;
				_v415 = 0x44;
				_v414 = 0x4e;
				_v413 = 0x49;
				_v412 = 0xb3;
				_v411 = 0x39;
				_v410 = 0x1a;
				_v409 = 0xc1;
				_v408 = 0x8b;
				_v407 = 0x42;
				_v406 = 0xb1;
				_v405 = 0x21;
				_v404 = 0xe1;
				_v403 = 0x12;
				_v402 = 0x30;
				_v401 = 0x7c;
				_v400 = 0xdb;
				_v399 = 0xfc;
				_v398 = 3;
				_v397 = 0x7b;
				_v396 = 0xa8;
				_v395 = 0xc2;
				_v394 = 0xcb;
				_v393 = 0x4b;
				_v392 = 0x58;
				_v391 = 0x6c;
				_v390 = 0xa6;
				_v389 = 0xab;
				_v388 = 0x5c;
				_v387 = 0x63;
				_v386 = 0xb9;
				_v385 = 0xfa;
				_v384 = 0xa;
				_v383 = 0x8b;
				_v382 = 0xfb;
				_v381 = 0x77;
				_v380 = 0xea;
				_v379 = 0xef;
				_v378 = 0xe1;
				_v377 = 0x9d;
				_v376 = 0xf2;
				_v375 = 0xc7;
				_v374 = 0xc0;
				_v373 = 0xf5;
				_v372 = 0x92;
				_v371 = 0x79;
				_v370 = 0xa9;
				_v369 = 0xd4;
				_v368 = 0xfc;
				_v367 = 0xdb;
				_v366 = 0x83;
				_v365 = 0x45;
				_v364 = 0x6f;
				_v363 = 0x4b;
				_v362 = 0x10;
				_v361 = 0xad;
				_v360 = 0xc9;
				_v359 = 0x68;
				_v358 = 0x60;
				_v357 = 0x45;
				_v356 = 0xf9;
				_v355 = 0x73;
				_v354 = 0x6d;
				_v353 = 0xd5;
				_v352 = 0x79;
				_v351 = 0xc0;
				_v350 = 0x83;
				_v349 = 0xcf;
				_v348 = 0xc;
				_v347 = 0x1f;
				_v346 = 0x15;
				_v345 = 0xe6;
				_v344 = 0xaf;
				_v343 = 0x17;
				_v342 = 0xb3;
				_v341 = 0x3f;
				_v340 = 0x16;
				_v339 = 0x36;
				_v338 = 0xb4;
				_v337 = 0x15;
				_v336 = 0xa8;
				_v335 = 0x90;
				_v334 = 0x90;
				_v333 = 0x9b;
				_v332 = 0x10;
				_v331 = 0xe7;
				_v330 = 0xe0;
				_v329 = 0x23;
				_v328 = 0xa1;
				_v327 = 0x18;
				_v326 = 0x2a;
				_v325 = 0xd9;
				_v324 = 0x44;
				_v323 = 0x33;
				_v322 = 0xf8;
				_v321 = 0x77;
				_v320 = 0xd3;
				_v319 = 0x80;
				_v318 = 0x13;
				_v317 = 0x36;
				_v316 = 0x58;
				_v315 = 0x6d;
				_v314 = 0x2b;
				_v313 = 0;
				_v312 = 0x79;
				_v311 = 0x6f;
				_v310 = 0x1f;
				_v309 = 0x68;
				_v308 = 0x36;
				_v307 = 8;
				_v306 = 0x7c;
				_v305 = 0x1b;
				_v304 = 0x34;
				_v303 = 0x16;
				_v302 = 0x9b;
				_v301 = 0xa0;
				_v300 = 0x6b;
				_v299 = 0xe0;
				_v298 = 0xec;
				_v297 = 0xe;
				_v296 = 0xbb;
				_v295 = 0x6a;
				_v294 = 0x4e;
				_v293 = 0x48;
				_v292 = 0xb1;
				_v291 = 0x57;
				_v290 = 0x42;
				_v289 = 0xc;
				_v288 = 0xc2;
				_v287 = 0x47;
				_v286 = 0x40;
				_v285 = 0x25;
				_v284 = 0xe3;
				_v283 = 0x27;
				_v282 = 0x18;
				_v281 = 0x70;
				_v280 = 8;
				_v279 = 0x7d;
				_v278 = 0xf4;
				_v277 = 0xb8;
				_v276 = 0x33;
				_v275 = 0x20;
				_v274 = 0x27;
				_v273 = 0xc0;
				_v272 = 0x5c;
				_v271 = 0x49;
				_v270 = 0x43;
				_v269 = 0x6b;
				_v268 = 0x28;
				_v267 = 0x46;
				_v266 = 0xb9;
				_v265 = 0xdb;
				_v264 = 3;
				_v263 = 0x33;
				_v262 = 0xce;
				_v261 = 0x77;
				_v260 = 0xd9;
				_v259 = 0x14;
				_v258 = 0x53;
				_v257 = 0x7b;
				_v256 = 0xd3;
				_v255 = 0x3f;
				_v254 = 0x7a;
				_v253 = 0x12;
				_v252 = 0xb3;
				_v251 = 0x73;
				_v250 = 0x6e;
				_v249 = 0x78;
				_v248 = 0xf2;
				_v247 = 0x94;
				_v246 = 0x2c;
				_v245 = 0xc1;
				_v244 = 0xd8;
				_v243 = 0x4b;
				_v242 = 0x58;
				_v241 = 0x6c;
				_v240 = 0x62;
				_v239 = 0x64;
				_v238 = 0x38;
				_v237 = 4;
				_v236 = 0x6a;
				_v235 = 0x7b;
				_v234 = 0x25;
				_v233 = 0x40;
				_v232 = 4;
				_v231 = 0x7e;
				_v230 = 0xd9;
				_v229 = 0x92;
				_v228 = 6;
				_v227 = 0xbc;
				_v226 = 0x4a;
				_v225 = 0x9e;
				_v224 = 0x65;
				_v223 = 0x20;
				_v222 = 0x3c;
				_v221 = 0x15;
				_v220 = 0x18;
				_v219 = 0xbe;
				_v218 = 0xeb;
				_v217 = 0x54;
				_v216 = 0xab;
				_v215 = 0x45;
				_v214 = 0x6f;
				_v213 = 0x4b;
				_v212 = 0x1d;
				_v211 = 0xe9;
				_v210 = 0xf8;
				_v209 = 0x1f;
				_v208 = 0xfa;
				_v207 = 0xe;
				_v206 = 0xb9;
				_v205 = 0x36;
				_v204 = 0x62;
				_v203 = 0x48;
				_v202 = 0xf9;
				_v201 = 0xd7;
				_v200 = 0x42;
				_v199 = 0x22;
				_v198 = 0xf;
				_v197 = 0xc;
				_v196 = 0xa8;
				_v195 = 0x1e;
				_v194 = 0x48;
				_v193 = 0x17;
				_v192 = 0xb3;
				_v191 = 0x7d;
				_v190 = 0x7a;
				_v189 = 0x3d;
				_v188 = 0x33;
				_v187 = 0x5b;
				_v186 = 0x94;
				_v185 = 0x8d;
				_v184 = 0x60;
				_v183 = 0xf5;
				_v182 = 0x59;
				_v181 = 0xad;
				_v180 = 0xe9;
				_v179 = 0x66;
				_v178 = 0xa8;
				_v177 = 0x7f;
				_v176 = 0x53;
				_v175 = 0x4e;
				_v174 = 0x45;
				_v173 = 0x83;
				_v172 = 0xfa;
				_v171 = 0xdf;
				_v170 = 0x51;
				_v169 = 0x94;
				_v168 = 3;
				_v167 = 0xc8;
				_v166 = 0x99;
				_v165 = 0x24;
				_v164 = 0xe9;
				_v163 = 0xb6;
				_v162 = 0x39;
				_v161 = 0x44;
				_v160 = 0xb9;
				_v159 = 0x7e;
				_v158 = 0xfa;
				_v157 = 0x68;
				_v156 = 0x3b;
				_v155 = 1;
				_v154 = 0xe4;
				_v153 = 4;
				_v152 = 0x40;
				_v151 = 0xe7;
				_v150 = 0x64;
				_v149 = 0x4b;
				_v148 = 0x69;
				_v147 = 0xb9;
				_v146 = 0xfb;
				_v145 = 0x7b;
				_v144 = 0x45;
				_v143 = 0xc0;
				_v142 = 0x72;
				_v141 = 0xb2;
				_v140 = 0x66;
				_v139 = 0xcc;
				_v138 = 0xa0;
				_v137 = 0x1f;
				_v136 = 0xd3;
				_v135 = 0x73;
				_v134 = 0x2f;
				_v133 = 0xd4;
				_v132 = 0xe6;
				_v131 = 0x78;
				_v130 = 0x5d;
				_v129 = 0xed;
				_v128 = 0x3f;
				_v127 = 0xd9;
				_v126 = 0x55;
				_v125 = 0xb9;
				_v124 = 0x60;
				_v123 = 0xf5;
				_v122 = 0x53;
				_v121 = 0x24;
				_v120 = 0xdc;
				_v119 = 0xa8;
				_v118 = 0x69;
				_v117 = 0x87;
				_v116 = 0xf9;
				_v115 = 0x3f;
				_v114 = 2;
				_v113 = 3;
				_v112 = 0xe1;
				_v111 = 0xbb;
				_v110 = 0x9b;
				_v109 = 0x31;
				_v108 = 0xa4;
				_v107 = 0x76;
				_v106 = 0xd5;
				_v105 = 0x69;
				_v104 = 0x79;
				_v103 = 0x64;
				_v102 = 0xfd;
				_v101 = 0x45;
				_v100 = 0x50;
				_v99 = 0x74;
				_v98 = 0x88;
				_v97 = 0x9d;
				_v96 = 0x62;
				_v95 = 0xc6;
				_v94 = 0x96;
				_v93 = 0x4a;
				_v92 = 0x2f;
				_v91 = 0xbe;
				_v90 = 0xca;
				_v89 = 0x33;
				_v88 = 0xd7;
				_v87 = 0xb9;
				_v86 = 0xcd;
				_v85 = 0xb9;
				_v84 = 1;
				_v83 = 0x24;
				_v82 = 0x7b;
				_v81 = 0xb2;
				_v80 = 0x5e;
				_v79 = 0x4d;
				_v78 = 2;
				_v77 = 0x34;
				_v76 = 0x98;
				_v75 = 0x62;
				_v74 = 0xdd;
				_v73 = 0x4b;
				_v72 = 0x39;
				_v71 = 0xba;
				_v70 = 0x11;
				_v69 = 0x29;
				_v68 = 0x3e;
				_v67 = 0x57;
				_v66 = 0xeb;
				_v65 = 0xce;
				_v64 = 0x6b;
				_v63 = 0xda;
				_v62 = 0x11;
				_v61 = 0x6f;
				_v60 = 0xe3;
				_v59 = 0x80;
				_v58 = 0x2a;
				_v57 = 0x75;
				_v56 = 0xf2;
				_v55 = 0x7a;
				_v54 = 0xcd;
				_v53 = 0x5c;
				_v52 = 0x1c;
				_v51 = 0x1f;
				_v50 = 0x1a;
				_v49 = 0xcf;
				_v48 = 0x27;
				_v47 = 0x13;
				_v46 = 0x70;
				_v45 = 0x25;
				_v44 = 0xe1;
				_v43 = 0x2b;
				_v42 = 0x1c;
				_v41 = 1;
				_v40 = 0x16;
				_v39 = 0xbe;
				_v38 = 0xb;
				_v37 = 0x70;
				_v36 = 0x1b;
				_v35 = 0xd;
				_v34 = 0xec;
				_v33 = 0x8f;
				_v32 = 0x48;
				_v31 = 0x2d;
				_v30 = 0x7d;
				_v29 = 0xa8;
				_v2796 = 0xa2c;
				_v2776 = 0;
				_t2657 = E0000000118004A270(0x5f5e100, 0, _t2696, _t2697, _v2792,  &_v2672, _t2743); // executed
				E00000001180001520(_t2657, _t2707);
				_v2760 = _t2707;
				E0000000118004A270(0x5f5e100, 0, _t2696, _t2697, _v2792,  &_v2704, _t2743); // executed
				E00000001180001530(_t2707);
				r9d = 0x5f5e100;
				if ((E0000000118004A020( &_v2776,  &_v2800, _t2707) & 0x000000ff) != 0) goto 0x80049e8e;
				_v2804 = 1;
				goto 0x80049e96;
				_v2804 = 0;
				_v2808 = _v2804 & 0x000000ff;
				E00000001180001550( &_v2704);
				E00000001180001550( &_v2672);
				if ((_v2808 & 0x000000ff) == 0) goto 0x80049f92;
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				E000000011800449C0(_a8);
				if (E00000001180044900(_a16, _a8) != 0) goto 0x80049f32;
				goto 0x80049ffa;
				r9d = 0;
				r8d = 0;
				if (GetMessageW(??, ??, ??, ??) == 0) goto 0x80049f8c;
				if (TranslateAcceleratorW(??, ??, ??) != 0) goto 0x80049f8a;
				r9d = 0;
				r8d = 0;
				MessageBoxA(??, ??, ??, ??);
				TranslateMessage(??);
				DispatchMessageW(??);
				goto 0x80049f32;
				goto 0x80049ffa;
				r8d = 0x20;
				E00000001180005C10(_v2736, 0, 0x8009a820, 0x8005a2a8,  &_v2752);
				_t2708 = _a8;
				 *0x8009a820 = _t2708;
				 *0x8009a828 = 1;
				E0000000118004A120(_v2800, TranslateAcceleratorW(??, ??, ??), _v2776, 0x8005a2a8); // executed
				 *0x8009a830 = _t2708;
				E0000000118004A120(_v2796, TranslateAcceleratorW(??, ??, ??),  &_v2632, 0x8005a2a8); // executed
				_v2768 = _t2708;
				_v2768();
				return E00000001180002630(1, 0, _v24 ^ _t2737);
			}

0x180044c30
0x180044c35
0x180044c39
0x180044c45
0x180044c4c
0x180044c4f
0x180044c5e
0x180044c67
0x180044c69
0x180044c6e
0x180044c76
0x180044c7e
0x180044c87
0x180044c95
0x180044c9a
0x180044ca5
0x180044ca7
0x180044cb4
0x180044cbe
0x180044cc3
0x180044ccb
0x180044cd3
0x180044cdb
0x180044ce3
0x180044ceb
0x180044cf3
0x180044cfb
0x180044d03
0x180044d0b
0x180044d13
0x180044d1b
0x180044d23
0x180044d2b
0x180044d33
0x180044d3b
0x180044d43
0x180044d4b
0x180044d53
0x180044d5b
0x180044d63
0x180044d6b
0x180044d73
0x180044d7b
0x180044d83
0x180044d8b
0x180044d93
0x180044d9b
0x180044da3
0x180044dab
0x180044db3
0x180044dbb
0x180044dc3
0x180044dcb
0x180044dd3
0x180044ddb
0x180044de3
0x180044deb
0x180044df3
0x180044dfb
0x180044e03
0x180044e0b
0x180044e13
0x180044e1b
0x180044e23
0x180044e2b
0x180044e33
0x180044e3b
0x180044e43
0x180044e4b
0x180044e53
0x180044e5b
0x180044e63
0x180044e6b
0x180044e73
0x180044e7b
0x180044e83
0x180044e8b
0x180044e93
0x180044e9b
0x180044ea3
0x180044eab
0x180044eb3
0x180044ebb
0x180044ec3
0x180044ecb
0x180044ed3
0x180044edb
0x180044ee3
0x180044eeb
0x180044ef3
0x180044efb
0x180044f03
0x180044f0b
0x180044f13
0x180044f1b
0x180044f23
0x180044f2b
0x180044f33
0x180044f3b
0x180044f43
0x180044f4b
0x180044f53
0x180044f5b
0x180044f63
0x180044f6b
0x180044f73
0x180044f7b
0x180044f83
0x180044f8b
0x180044f93
0x180044f9b
0x180044fa3
0x180044fab
0x180044fb3
0x180044fbb
0x180044fc3
0x180044fcb
0x180044fd3
0x180044fdb
0x180044fe3
0x180044feb
0x180044ff3
0x180044ffb
0x180045003
0x18004500b
0x180045013
0x18004501b
0x180045023
0x18004502b
0x180045033
0x18004503b
0x180045043
0x18004504b
0x180045053
0x18004505b
0x180045063
0x18004506b
0x180045073
0x18004507b
0x180045083
0x18004508b
0x180045093
0x18004509b
0x1800450a3
0x1800450ab
0x1800450b3
0x1800450bb
0x1800450c3
0x1800450cb
0x1800450d3
0x1800450db
0x1800450e3
0x1800450eb
0x1800450f3
0x1800450fb
0x180045103
0x18004510b
0x180045113
0x18004511b
0x180045123
0x18004512b
0x180045133
0x18004513b
0x180045143
0x18004514b
0x180045153
0x18004515b
0x180045163
0x18004516b
0x180045173
0x18004517b
0x180045183
0x18004518b
0x180045193
0x18004519b
0x1800451a3
0x1800451ab
0x1800451b3
0x1800451bb
0x1800451c3
0x1800451cb
0x1800451d3
0x1800451db
0x1800451e3
0x1800451eb
0x1800451f3
0x1800451fb
0x180045203
0x18004520b
0x180045213
0x18004521b
0x180045223
0x18004522b
0x180045233
0x18004523b
0x180045243
0x18004524b
0x180045253
0x18004525b
0x180045263
0x18004526b
0x180045273
0x18004527b
0x180045283
0x18004528b
0x180045293
0x18004529b
0x1800452a3
0x1800452ab
0x1800452b3
0x1800452bb
0x1800452c3
0x1800452cb
0x1800452d3
0x1800452db
0x1800452e3
0x1800452eb
0x1800452f3
0x1800452fb
0x180045303
0x18004530b
0x180045313
0x18004531b
0x180045323
0x18004532b
0x180045333
0x18004533b
0x180045343
0x18004534b
0x180045353
0x18004535b
0x180045363
0x18004536b
0x180045373
0x18004537b
0x180045383
0x18004538b
0x180045393
0x18004539b
0x1800453a3
0x1800453ab
0x1800453b3
0x1800453bb
0x1800453c3
0x1800453cb
0x1800453d3
0x1800453db
0x1800453e3
0x1800453eb
0x1800453f3
0x1800453fb
0x180045403
0x18004540b
0x180045413
0x18004541b
0x180045423
0x18004542b
0x180045433
0x18004543b
0x180045443
0x18004544b
0x180045453
0x18004545b
0x180045463
0x18004546b
0x180045473
0x18004547b
0x180045483
0x18004548b
0x180045493
0x18004549b
0x1800454a3
0x1800454ab
0x1800454b3
0x1800454bb
0x1800454c3
0x1800454cb
0x1800454d3
0x1800454db
0x1800454e3
0x1800454eb
0x1800454f3
0x1800454fb
0x180045503
0x18004550b
0x180045513
0x18004551b
0x180045523
0x18004552b
0x180045533
0x18004553b
0x180045543
0x18004554b
0x180045553
0x18004555b
0x180045563
0x18004556b
0x180045573
0x18004557b
0x180045583
0x18004558b
0x180045593
0x18004559b
0x1800455a3
0x1800455ab
0x1800455b3
0x1800455bb
0x1800455c3
0x1800455cb
0x1800455d3
0x1800455db
0x1800455e3
0x1800455eb
0x1800455f3
0x1800455fb
0x180045603
0x18004560b
0x180045613
0x18004561b
0x180045623
0x18004562b
0x180045633
0x18004563b
0x180045643
0x18004564b
0x180045653
0x18004565b
0x180045663
0x18004566b
0x180045673
0x18004567b
0x180045683
0x18004568b
0x180045693
0x18004569b
0x1800456a3
0x1800456ab
0x1800456b3
0x1800456bb
0x1800456c3
0x1800456cb
0x1800456d3
0x1800456db
0x1800456e3
0x1800456eb
0x1800456f3
0x1800456fb
0x180045703
0x18004570b
0x180045713
0x18004571b
0x180045723
0x18004572b
0x180045733
0x18004573b
0x180045743
0x18004574b
0x180045753
0x18004575b
0x180045763
0x18004576b
0x180045773
0x18004577b
0x180045783
0x18004578b
0x180045793
0x18004579b
0x1800457a3
0x1800457ab
0x1800457b3
0x1800457bb
0x1800457c3
0x1800457cb
0x1800457d3
0x1800457db
0x1800457e3
0x1800457eb
0x1800457f3
0x1800457fb
0x180045803
0x18004580b
0x180045813
0x18004581b
0x180045823
0x18004582b
0x180045833
0x18004583b
0x180045843
0x18004584b
0x180045853
0x18004585b
0x180045863
0x18004586b
0x180045873
0x18004587b
0x180045883
0x18004588b
0x180045893
0x18004589b
0x1800458a3
0x1800458ab
0x1800458b3
0x1800458bb
0x1800458c3
0x1800458cb
0x1800458d3
0x1800458db
0x1800458e3
0x1800458eb
0x1800458f3
0x1800458fb
0x180045903
0x18004590b
0x180045913
0x18004591b
0x180045923
0x18004592b
0x180045933
0x18004593b
0x180045943
0x18004594b
0x180045953
0x18004595b
0x180045963
0x18004596b
0x180045973
0x18004597b
0x180045983
0x18004598b
0x180045993
0x18004599b
0x1800459a3
0x1800459ab
0x1800459b3
0x1800459bb
0x1800459c3
0x1800459cb
0x1800459d3
0x1800459db
0x1800459e3
0x1800459eb
0x1800459f3
0x1800459fb
0x180045a03
0x180045a0b
0x180045a13
0x180045a1b
0x180045a23
0x180045a2b
0x180045a33
0x180045a3b
0x180045a43
0x180045a4b
0x180045a53
0x180045a5b
0x180045a63
0x180045a6b
0x180045a73
0x180045a7b
0x180045a83
0x180045a8b
0x180045a93
0x180045a9b
0x180045aa3
0x180045aab
0x180045ab3
0x180045abb
0x180045ac3
0x180045acb
0x180045ad3
0x180045adb
0x180045ae3
0x180045aeb
0x180045af3
0x180045afb
0x180045b03
0x180045b0b
0x180045b13
0x180045b1b
0x180045b23
0x180045b2b
0x180045b33
0x180045b3b
0x180045b43
0x180045b4b
0x180045b53
0x180045b5b
0x180045b63
0x180045b6b
0x180045b73
0x180045b7b
0x180045b83
0x180045b8b
0x180045b93
0x180045b9b
0x180045ba3
0x180045bab
0x180045bb3
0x180045bbb
0x180045bc3
0x180045bcb
0x180045bd3
0x180045bdb
0x180045be3
0x180045beb
0x180045bf3
0x180045bfb
0x180045c03
0x180045c0b
0x180045c13
0x180045c1b
0x180045c23
0x180045c2b
0x180045c33
0x180045c3b
0x180045c43
0x180045c4b
0x180045c53
0x180045c5b
0x180045c63
0x180045c6b
0x180045c73
0x180045c7b
0x180045c83
0x180045c8b
0x180045c93
0x180045c9b
0x180045ca3
0x180045cab
0x180045cb3
0x180045cbb
0x180045cc3
0x180045ccb
0x180045cd3
0x180045cdb
0x180045ce3
0x180045ceb
0x180045cf3
0x180045cfb
0x180045d03
0x180045d0b
0x180045d13
0x180045d1b
0x180045d23
0x180045d2b
0x180045d33
0x180045d3b
0x180045d43
0x180045d4b
0x180045d53
0x180045d5b
0x180045d63
0x180045d6b
0x180045d73
0x180045d7b
0x180045d83
0x180045d8b
0x180045d93
0x180045d9b
0x180045da3
0x180045dab
0x180045db3
0x180045dbb
0x180045dc3
0x180045dcb
0x180045dd3
0x180045ddb
0x180045de3
0x180045deb
0x180045df3
0x180045dfb
0x180045e03
0x180045e0b
0x180045e13
0x180045e1b
0x180045e23
0x180045e2b
0x180045e33
0x180045e3b
0x180045e43
0x180045e4b
0x180045e53
0x180045e5b
0x180045e63
0x180045e6b
0x180045e73
0x180045e7b
0x180045e83
0x180045e8b
0x180045e93
0x180045e9b
0x180045ea3
0x180045eab
0x180045eb3
0x180045ebb
0x180045ec3
0x180045ecb
0x180045ed3
0x180045edb
0x180045ee3
0x180045eeb
0x180045ef3
0x180045efb
0x180045f03
0x180045f0b
0x180045f13
0x180045f1b
0x180045f23
0x180045f2b
0x180045f33
0x180045f3b
0x180045f43
0x180045f4b
0x180045f53
0x180045f5b
0x180045f63
0x180045f6b
0x180045f73
0x180045f7b
0x180045f83
0x180045f8b
0x180045f93
0x180045f9b
0x180045fa3
0x180045fab
0x180045fb3
0x180045fbb
0x180045fc3
0x180045fcb
0x180045fd3
0x180045fdb
0x180045fe3
0x180045feb
0x180045ff3
0x180045ffb
0x180046003
0x18004600b
0x180046013
0x18004601b
0x180046023
0x18004602b
0x180046033
0x18004603b
0x180046043
0x18004604b
0x180046053
0x18004605b
0x180046063
0x18004606b
0x180046073
0x18004607b
0x180046083
0x18004608b
0x180046093
0x18004609b
0x1800460a3
0x1800460ab
0x1800460b3
0x1800460bb
0x1800460c3
0x1800460cb
0x1800460d3
0x1800460db
0x1800460e3
0x1800460eb
0x1800460f3
0x1800460fb
0x180046103
0x18004610b
0x180046113
0x18004611b
0x180046123
0x18004612b
0x180046133
0x18004613b
0x180046143
0x18004614b
0x180046153
0x18004615b
0x180046163
0x18004616b
0x180046173
0x18004617b
0x180046183
0x18004618b
0x180046193
0x18004619b
0x1800461a3
0x1800461ab
0x1800461b3
0x1800461bb
0x1800461c3
0x1800461cb
0x1800461d3
0x1800461db
0x1800461e3
0x1800461eb
0x1800461f3
0x1800461fb
0x180046203
0x18004620b
0x180046213
0x18004621b
0x180046223
0x18004622b
0x180046233
0x18004623b
0x180046243
0x18004624b
0x180046253
0x18004625b
0x180046263
0x18004626b
0x180046273
0x18004627b
0x180046283
0x18004628b
0x180046293
0x18004629b
0x1800462a3
0x1800462ab
0x1800462b3
0x1800462bb
0x1800462c3
0x1800462cb
0x1800462d3
0x1800462db
0x1800462e3
0x1800462eb
0x1800462f3
0x1800462fb
0x180046303
0x18004630b
0x180046313
0x18004631b
0x180046323
0x18004632b
0x180046333
0x18004633b
0x180046343
0x18004634b
0x180046353
0x18004635b
0x180046363
0x18004636b
0x180046373
0x18004637b
0x180046383
0x18004638b
0x180046393
0x18004639b
0x1800463a3
0x1800463ab
0x1800463b3
0x1800463bb
0x1800463c3
0x1800463cb
0x1800463d3
0x1800463db
0x1800463e3
0x1800463eb
0x1800463f3
0x1800463fb
0x180046403
0x18004640b
0x180046413
0x18004641b
0x180046423
0x18004642b
0x180046433
0x18004643b
0x180046443
0x18004644b
0x180046453
0x18004645b
0x180046463
0x18004646b
0x180046473
0x18004647b
0x180046483
0x18004648b
0x180046493
0x18004649b
0x1800464a3
0x1800464ab
0x1800464b3
0x1800464bb
0x1800464c3
0x1800464cb
0x1800464d3
0x1800464db
0x1800464e3
0x1800464eb
0x1800464f3
0x1800464fb
0x180046503
0x18004650b
0x180046513
0x18004651b
0x180046523
0x18004652b
0x180046533
0x18004653b
0x180046543
0x18004654b
0x180046553
0x18004655b
0x180046563
0x18004656b
0x180046573
0x18004657b
0x180046583
0x18004658b
0x180046593
0x18004659b
0x1800465a3
0x1800465ab
0x1800465b3
0x1800465bb
0x1800465c3
0x1800465cb
0x1800465d3
0x1800465db
0x1800465e3
0x1800465eb
0x1800465f3
0x1800465fb
0x180046603
0x18004660b
0x180046613
0x18004661b
0x180046623
0x18004662b
0x180046633
0x18004663b
0x180046643
0x18004664b
0x180046653
0x18004665b
0x180046663
0x18004666b
0x180046673
0x18004667b
0x180046683
0x18004668b
0x180046693
0x18004669b
0x1800466a3
0x1800466ab
0x1800466b3
0x1800466bb
0x1800466c3
0x1800466cb
0x1800466d3
0x1800466db
0x1800466e3
0x1800466eb
0x1800466f3
0x1800466fb
0x180046703
0x18004670b
0x180046713
0x18004671b
0x180046723
0x18004672b
0x180046733
0x18004673b
0x180046743
0x18004674b
0x180046753
0x18004675b
0x180046763
0x18004676b
0x180046773
0x18004677b
0x180046783
0x18004678b
0x180046793
0x18004679b
0x1800467a3
0x1800467ab
0x1800467b3
0x1800467bb
0x1800467c3
0x1800467cb
0x1800467d3
0x1800467db
0x1800467e3
0x1800467eb
0x1800467f3
0x1800467fb
0x180046803
0x18004680b
0x180046813
0x18004681b
0x180046823
0x18004682b
0x180046833
0x18004683b
0x180046843
0x18004684b
0x180046853
0x18004685b
0x180046863
0x18004686b
0x180046873
0x18004687b
0x180046883
0x18004688b
0x180046893
0x18004689b
0x1800468a3
0x1800468ab
0x1800468b3
0x1800468bb
0x1800468c3
0x1800468cb
0x1800468d3
0x1800468db
0x1800468e3
0x1800468eb
0x1800468f3
0x1800468fb
0x180046903
0x18004690b
0x180046913
0x18004691b
0x180046923
0x18004692b
0x180046933
0x18004693b
0x180046943
0x18004694b
0x180046953
0x18004695b
0x180046963
0x18004696b
0x180046973
0x18004697b
0x180046983
0x18004698b
0x180046993
0x18004699b
0x1800469a3
0x1800469ab
0x1800469b3
0x1800469bb
0x1800469c3
0x1800469cb
0x1800469d3
0x1800469db
0x1800469e3
0x1800469eb
0x1800469f3
0x1800469fb
0x180046a03
0x180046a0b
0x180046a13
0x180046a1b
0x180046a23
0x180046a2b
0x180046a33
0x180046a3b
0x180046a43
0x180046a4b
0x180046a53
0x180046a5b
0x180046a63
0x180046a6b
0x180046a73
0x180046a7b
0x180046a83
0x180046a8b
0x180046a93
0x180046a9b
0x180046aa3
0x180046aab
0x180046ab3
0x180046abb
0x180046ac3
0x180046acb
0x180046ad3
0x180046adb
0x180046ae3
0x180046aeb
0x180046af3
0x180046afb
0x180046b03
0x180046b0b
0x180046b13
0x180046b1b
0x180046b23
0x180046b2b
0x180046b33
0x180046b3b
0x180046b43
0x180046b4b
0x180046b53
0x180046b5b
0x180046b63
0x180046b6b
0x180046b73
0x180046b7b
0x180046b83
0x180046b8b
0x180046b93
0x180046b9b
0x180046ba3
0x180046bab
0x180046bb3
0x180046bbb
0x180046bc3
0x180046bcb
0x180046bd3
0x180046bdb
0x180046be3
0x180046beb
0x180046bf3
0x180046bfb
0x180046c03
0x180046c0b
0x180046c13
0x180046c1b
0x180046c23
0x180046c2b
0x180046c33
0x180046c3b
0x180046c43
0x180046c4b
0x180046c53
0x180046c5b
0x180046c63
0x180046c6b
0x180046c73
0x180046c7b
0x180046c83
0x180046c8b
0x180046c93
0x180046c9b
0x180046ca3
0x180046cab
0x180046cb3
0x180046cbb
0x180046cc3
0x180046ccb
0x180046cd3
0x180046cdb
0x180046ce3
0x180046ceb
0x180046cf3
0x180046cfb
0x180046d03
0x180046d0b
0x180046d13
0x180046d1b
0x180046d23
0x180046d2b
0x180046d33
0x180046d3b
0x180046d43
0x180046d4b
0x180046d53
0x180046d5b
0x180046d63
0x180046d6b
0x180046d73
0x180046d7b
0x180046d83
0x180046d8b
0x180046d93
0x180046d9b
0x180046da3
0x180046dab
0x180046db3
0x180046dbb
0x180046dc3
0x180046dcb
0x180046dd3
0x180046ddb
0x180046de3
0x180046deb
0x180046df3
0x180046dfb
0x180046e03
0x180046e0b
0x180046e13
0x180046e1b
0x180046e23
0x180046e2b
0x180046e33
0x180046e3b
0x180046e43
0x180046e4b
0x180046e53
0x180046e5b
0x180046e63
0x180046e6b
0x180046e73
0x180046e7b
0x180046e83
0x180046e8b
0x180046e93
0x180046e9b
0x180046ea3
0x180046eab
0x180046eb3
0x180046ebb
0x180046ec3
0x180046ecb
0x180046ed3
0x180046edb
0x180046ee3
0x180046eeb
0x180046ef3
0x180046efb
0x180046f03
0x180046f0b
0x180046f13
0x180046f1b
0x180046f23
0x180046f2b
0x180046f33
0x180046f3b
0x180046f43
0x180046f4b
0x180046f53
0x180046f5b
0x180046f63
0x180046f6b
0x180046f73
0x180046f7b
0x180046f83
0x180046f8b
0x180046f93
0x180046f9b
0x180046fa3
0x180046fab
0x180046fb3
0x180046fbb
0x180046fc3
0x180046fcb
0x180046fd3
0x180046fdb
0x180046fe3
0x180046feb
0x180046ff3
0x180046ffb
0x180047003
0x18004700b
0x180047013
0x18004701b
0x180047023
0x18004702b
0x180047033
0x18004703b
0x180047043
0x18004704b
0x180047053
0x18004705b
0x180047063
0x18004706b
0x180047073
0x18004707b
0x180047083
0x18004708b
0x180047093
0x18004709b
0x1800470a3
0x1800470ab
0x1800470b3
0x1800470bb
0x1800470c3
0x1800470cb
0x1800470d3
0x1800470db
0x1800470e3
0x1800470eb
0x1800470f3
0x1800470fb
0x180047103
0x18004710b
0x180047113
0x18004711b
0x180047123
0x18004712b
0x180047133
0x18004713b
0x180047143
0x18004714b
0x180047153
0x18004715b
0x180047163
0x18004716b
0x180047173
0x18004717b
0x180047183
0x18004718b
0x180047193
0x18004719b
0x1800471a3
0x1800471ab
0x1800471b3
0x1800471bb
0x1800471c3
0x1800471cb
0x1800471d3
0x1800471db
0x1800471e3
0x1800471eb
0x1800471f3
0x1800471fb
0x180047203
0x18004720b
0x180047213
0x18004721b
0x180047223
0x18004722b
0x180047233
0x18004723b
0x180047243
0x18004724b
0x180047253
0x18004725b
0x180047263
0x18004726b
0x180047273
0x18004727b
0x180047283
0x18004728b
0x180047293
0x18004729b
0x1800472a3
0x1800472ab
0x1800472b3
0x1800472bb
0x1800472c3
0x1800472cb
0x1800472d3
0x1800472db
0x1800472e3
0x1800472eb
0x1800472f3
0x1800472fb
0x180047303
0x18004730b
0x180047313
0x18004731b
0x180047323
0x18004732b
0x180047333
0x18004733b
0x180047343
0x18004734b
0x180047353
0x18004735b
0x180047363
0x18004736b
0x180047373
0x18004737b
0x180047383
0x18004738b
0x180047393
0x18004739b
0x1800473a3
0x1800473ab
0x1800473b3
0x1800473bb
0x1800473c3
0x1800473cb
0x1800473d3
0x1800473db
0x1800473e3
0x1800473eb
0x1800473f3
0x1800473fb
0x180047403
0x18004740b
0x180047413
0x18004741b
0x180047423
0x18004742b
0x180047433
0x18004743b
0x180047443
0x18004744b
0x180047453
0x18004745b
0x180047463
0x18004746b
0x180047473
0x18004747b
0x180047483
0x18004748b
0x180047493
0x18004749b
0x1800474a3
0x1800474ab
0x1800474b3
0x1800474bb
0x1800474c3
0x1800474cb
0x1800474d3
0x1800474db
0x1800474e3
0x1800474eb
0x1800474f3
0x1800474fb
0x180047503
0x18004750b
0x180047513
0x18004751b
0x180047523
0x18004752b
0x180047533
0x18004753b
0x180047543
0x18004754b
0x180047553
0x18004755b
0x180047563
0x18004756b
0x180047573
0x18004757b
0x180047583
0x18004758b
0x180047593
0x18004759b
0x1800475a3
0x1800475ab
0x1800475b3
0x1800475bb
0x1800475c3
0x1800475cb
0x1800475d3
0x1800475db
0x1800475e3
0x1800475eb
0x1800475f3
0x1800475fb
0x180047603
0x18004760b
0x180047613
0x18004761b
0x180047623
0x18004762b
0x180047633
0x18004763b
0x180047643
0x18004764b
0x180047653
0x18004765b
0x180047663
0x18004766b
0x180047673
0x18004767b
0x180047683
0x18004768b
0x180047693
0x18004769b
0x1800476a3
0x1800476ab
0x1800476b3
0x1800476bb
0x1800476c3
0x1800476cb
0x1800476d3
0x1800476db
0x1800476e3
0x1800476eb
0x1800476f3
0x1800476fb
0x180047703
0x18004770b
0x180047713
0x18004771b
0x180047723
0x18004772b
0x180047733
0x18004773b
0x180047743
0x18004774b
0x180047753
0x18004775b
0x180047763
0x18004776b
0x180047773
0x18004777b
0x180047783
0x18004778b
0x180047793
0x18004779b
0x1800477a3
0x1800477ab
0x1800477b3
0x1800477bb
0x1800477c3
0x1800477cb
0x1800477d3
0x1800477db
0x1800477e3
0x1800477eb
0x1800477f3
0x1800477fb
0x180047803
0x18004780b
0x180047813
0x18004781b
0x180047823
0x18004782b
0x180047833
0x18004783b
0x180047843
0x18004784b
0x180047853
0x18004785b
0x180047863
0x18004786b
0x180047873
0x18004787b
0x180047883
0x18004788b
0x180047893
0x18004789b
0x1800478a3
0x1800478ab
0x1800478b3
0x1800478bb
0x1800478c3
0x1800478cb
0x1800478d3
0x1800478db
0x1800478e3
0x1800478eb
0x1800478f3
0x1800478fb
0x180047903
0x18004790b
0x180047913
0x18004791b
0x180047923
0x18004792b
0x180047933
0x18004793b
0x180047943
0x18004794b
0x180047953
0x18004795b
0x180047963
0x18004796b
0x180047973
0x18004797b
0x180047983
0x18004798b
0x180047993
0x18004799b
0x1800479a3
0x1800479ab
0x1800479b3
0x1800479bb
0x1800479c3
0x1800479cb
0x1800479d3
0x1800479db
0x1800479e3
0x1800479eb
0x1800479f3
0x1800479fb
0x180047a03
0x180047a0b
0x180047a13
0x180047a1b
0x180047a23
0x180047a2b
0x180047a33
0x180047a3b
0x180047a43
0x180047a4b
0x180047a53
0x180047a5b
0x180047a63
0x180047a6b
0x180047a73
0x180047a7b
0x180047a83
0x180047a8b
0x180047a93
0x180047a9b
0x180047aa3
0x180047aab
0x180047ab3
0x180047abb
0x180047ac3
0x180047acb
0x180047ad3
0x180047adb
0x180047ae3
0x180047aeb
0x180047af3
0x180047afb
0x180047b03
0x180047b0b
0x180047b13
0x180047b1b
0x180047b23
0x180047b2b
0x180047b33
0x180047b3b
0x180047b43
0x180047b4b
0x180047b53
0x180047b5b
0x180047b63
0x180047b6b
0x180047b73
0x180047b7b
0x180047b83
0x180047b8b
0x180047b93
0x180047b9b
0x180047ba3
0x180047bab
0x180047bb3
0x180047bbb
0x180047bc3
0x180047bcb
0x180047bd3
0x180047bdb
0x180047be3
0x180047beb
0x180047bf3
0x180047bfb
0x180047c03
0x180047c0b
0x180047c13
0x180047c1b
0x180047c23
0x180047c2b
0x180047c33
0x180047c3b
0x180047c43
0x180047c4b
0x180047c53
0x180047c5b
0x180047c63
0x180047c6b
0x180047c73
0x180047c7b
0x180047c83
0x180047c8b
0x180047c93
0x180047c9b
0x180047ca3
0x180047cab
0x180047cb3
0x180047cbb
0x180047cc3
0x180047ccb
0x180047cd3
0x180047cdb
0x180047ce3
0x180047ceb
0x180047cf3
0x180047cfb
0x180047d03
0x180047d0b
0x180047d13
0x180047d1b
0x180047d23
0x180047d2b
0x180047d33
0x180047d3b
0x180047d43
0x180047d4b
0x180047d53
0x180047d5b
0x180047d63
0x180047d6b
0x180047d73
0x180047d7b
0x180047d83
0x180047d8b
0x180047d93
0x180047d9b
0x180047da3
0x180047dab
0x180047db3
0x180047dbb
0x180047dc3
0x180047dcb
0x180047dd3
0x180047ddb
0x180047de3
0x180047deb
0x180047df3
0x180047dfb
0x180047e03
0x180047e0b
0x180047e13
0x180047e1b
0x180047e23
0x180047e2b
0x180047e33
0x180047e3b
0x180047e43
0x180047e4b
0x180047e53
0x180047e5b
0x180047e63
0x180047e6b
0x180047e73
0x180047e7b
0x180047e83
0x180047e8b
0x180047e93
0x180047e9b
0x180047ea3
0x180047eab
0x180047eb3
0x180047ebb
0x180047ec3
0x180047ecb
0x180047ed3
0x180047edb
0x180047ee3
0x180047eeb
0x180047ef3
0x180047efb
0x180047f03
0x180047f0b
0x180047f13
0x180047f1b
0x180047f23
0x180047f2b
0x180047f33
0x180047f3b
0x180047f43
0x180047f4b
0x180047f53
0x180047f5b
0x180047f63
0x180047f6b
0x180047f73
0x180047f7b
0x180047f83
0x180047f8b
0x180047f93
0x180047f9b
0x180047fa3
0x180047fab
0x180047fb3
0x180047fbb
0x180047fc3
0x180047fcb
0x180047fd3
0x180047fdb
0x180047fe3
0x180047feb
0x180047ff3
0x180047ffb
0x180048003
0x18004800b
0x180048013
0x18004801b
0x180048023
0x18004802b
0x180048033
0x18004803b
0x180048043
0x18004804b
0x180048053
0x18004805b
0x180048063
0x18004806b
0x180048073
0x18004807b
0x180048083
0x18004808b
0x180048093
0x18004809b
0x1800480a3
0x1800480ab
0x1800480b3
0x1800480bb
0x1800480c3
0x1800480cb
0x1800480d3
0x1800480db
0x1800480e3
0x1800480eb
0x1800480f3
0x1800480fb
0x180048103
0x18004810b
0x180048113
0x18004811b
0x180048123
0x18004812b
0x180048133
0x18004813b
0x180048143
0x18004814b
0x180048153
0x18004815b
0x180048163
0x18004816b
0x180048173
0x18004817b
0x180048183
0x18004818b
0x180048193
0x18004819b
0x1800481a3
0x1800481ab
0x1800481b3
0x1800481bb
0x1800481c3
0x1800481cb
0x1800481d3
0x1800481db
0x1800481e3
0x1800481eb
0x1800481f3
0x1800481fb
0x180048203
0x18004820b
0x180048213
0x18004821b
0x180048223
0x18004822b
0x180048233
0x18004823b
0x180048243
0x18004824b
0x180048253
0x18004825b
0x180048263
0x18004826b
0x180048273
0x18004827b
0x180048283
0x18004828b
0x180048293
0x18004829b
0x1800482a3
0x1800482ab
0x1800482b3
0x1800482bb
0x1800482c3
0x1800482cb
0x1800482d3
0x1800482db
0x1800482e3
0x1800482eb
0x1800482f3
0x1800482fb
0x180048303
0x18004830b
0x180048313
0x18004831b
0x180048323
0x18004832b
0x180048333
0x18004833b
0x180048343
0x18004834b
0x180048353
0x18004835b
0x180048363
0x18004836b
0x180048373
0x18004837b
0x180048383
0x18004838b
0x180048393
0x18004839b
0x1800483a3
0x1800483ab
0x1800483b3
0x1800483bb
0x1800483c3
0x1800483cb
0x1800483d3
0x1800483db
0x1800483e3
0x1800483eb
0x1800483f3
0x1800483fb
0x180048403
0x18004840b
0x180048413
0x18004841b
0x180048423
0x18004842b
0x180048433
0x18004843b
0x180048443
0x18004844b
0x180048453
0x18004845b
0x180048463
0x18004846b
0x180048473
0x18004847b
0x180048483
0x18004848b
0x180048493
0x18004849b
0x1800484a3
0x1800484ab
0x1800484b3
0x1800484bb
0x1800484c3
0x1800484cb
0x1800484d3
0x1800484db
0x1800484e3
0x1800484eb
0x1800484f3
0x1800484fb
0x180048503
0x18004850b
0x180048513
0x18004851b
0x180048523
0x18004852b
0x180048533
0x18004853b
0x180048543
0x18004854b
0x180048553
0x18004855b
0x180048563
0x18004856b
0x180048573
0x18004857b
0x180048583
0x18004858b
0x180048593
0x18004859b
0x1800485a3
0x1800485ab
0x1800485b3
0x1800485bb
0x1800485c3
0x1800485cb
0x1800485d3
0x1800485db
0x1800485e3
0x1800485eb
0x1800485f3
0x1800485fb
0x180048603
0x18004860b
0x180048613
0x18004861b
0x180048623
0x18004862b
0x180048633
0x18004863b
0x180048643
0x18004864b
0x180048653
0x18004865b
0x180048663
0x18004866b
0x180048673
0x18004867b
0x180048683
0x18004868b
0x180048693
0x18004869b
0x1800486a3
0x1800486ab
0x1800486b3
0x1800486bb
0x1800486c3
0x1800486cb
0x1800486d3
0x1800486db
0x1800486e3
0x1800486eb
0x1800486f3
0x1800486fb
0x180048703
0x18004870b
0x180048713
0x18004871b
0x180048723
0x18004872b
0x180048733
0x18004873b
0x180048743
0x18004874b
0x180048753
0x18004875b
0x180048763
0x18004876b
0x180048773
0x18004877b
0x180048783
0x18004878b
0x180048793
0x18004879b
0x1800487a3
0x1800487ab
0x1800487b3
0x1800487bb
0x1800487c3
0x1800487cb
0x1800487d3
0x1800487db
0x1800487e3
0x1800487eb
0x1800487f3
0x1800487fb
0x180048803
0x18004880b
0x180048813
0x18004881b
0x180048823
0x18004882b
0x180048833
0x18004883b
0x180048843
0x18004884b
0x180048853
0x18004885b
0x180048863
0x18004886b
0x180048873
0x18004887b
0x180048883
0x18004888b
0x180048893
0x18004889b
0x1800488a3
0x1800488ab
0x1800488b3
0x1800488bb
0x1800488c3
0x1800488cb
0x1800488d3
0x1800488db
0x1800488e3
0x1800488eb
0x1800488f3
0x1800488fb
0x180048903
0x18004890b
0x180048913
0x18004891b
0x180048923
0x18004892b
0x180048933
0x18004893b
0x180048943
0x18004894b
0x180048953
0x18004895b
0x180048963
0x18004896b
0x180048973
0x18004897b
0x180048983
0x18004898b
0x180048993
0x18004899b
0x1800489a3
0x1800489ab
0x1800489b3
0x1800489bb
0x1800489c3
0x1800489cb
0x1800489d3
0x1800489db
0x1800489e3
0x1800489eb
0x1800489f3
0x1800489fb
0x180048a03
0x180048a0b
0x180048a13
0x180048a1b
0x180048a23
0x180048a2b
0x180048a33
0x180048a3b
0x180048a43
0x180048a4b
0x180048a53
0x180048a5b
0x180048a63
0x180048a6b
0x180048a73
0x180048a7b
0x180048a83
0x180048a8b
0x180048a93
0x180048a9b
0x180048aa3
0x180048aab
0x180048ab3
0x180048abb
0x180048ac3
0x180048acb
0x180048ad3
0x180048adb
0x180048ae3
0x180048aeb
0x180048af3
0x180048afb
0x180048b03
0x180048b0b
0x180048b13
0x180048b1b
0x180048b23
0x180048b2b
0x180048b33
0x180048b3b
0x180048b43
0x180048b4b
0x180048b53
0x180048b5b
0x180048b63
0x180048b6b
0x180048b73
0x180048b7b
0x180048b83
0x180048b8b
0x180048b93
0x180048b9b
0x180048ba3
0x180048bab
0x180048bb3
0x180048bbb
0x180048bc3
0x180048bcb
0x180048bd3
0x180048bdb
0x180048be3
0x180048beb
0x180048bf3
0x180048bfb
0x180048c03
0x180048c0b
0x180048c13
0x180048c1b
0x180048c23
0x180048c2b
0x180048c33
0x180048c3b
0x180048c43
0x180048c4b
0x180048c53
0x180048c5b
0x180048c63
0x180048c6b
0x180048c73
0x180048c7b
0x180048c83
0x180048c8b
0x180048c93
0x180048c9b
0x180048ca3
0x180048cab
0x180048cb3
0x180048cbb
0x180048cc3
0x180048ccb
0x180048cd3
0x180048cdb
0x180048ce3
0x180048ceb
0x180048cf3
0x180048cfb
0x180048d03
0x180048d0b
0x180048d13
0x180048d1b
0x180048d23
0x180048d2b
0x180048d33
0x180048d3b
0x180048d43
0x180048d4b
0x180048d53
0x180048d5b
0x180048d63
0x180048d6b
0x180048d73
0x180048d7b
0x180048d83
0x180048d8b
0x180048d93
0x180048d9b
0x180048da3
0x180048dab
0x180048db3
0x180048dbb
0x180048dc3
0x180048dcb
0x180048dd3
0x180048ddb
0x180048de3
0x180048deb
0x180048df3
0x180048dfb
0x180048e03
0x180048e0b
0x180048e13
0x180048e1b
0x180048e23
0x180048e2b
0x180048e33
0x180048e3b
0x180048e43
0x180048e4b
0x180048e53
0x180048e5b
0x180048e63
0x180048e6b
0x180048e73
0x180048e7b
0x180048e83
0x180048e8b
0x180048e93
0x180048e9b
0x180048ea3
0x180048eab
0x180048eb3
0x180048ebb
0x180048ec3
0x180048ecb
0x180048ed3
0x180048edb
0x180048ee3
0x180048eeb
0x180048ef3
0x180048efb
0x180048f03
0x180048f0b
0x180048f13
0x180048f1b
0x180048f23
0x180048f2b
0x180048f33
0x180048f3b
0x180048f43
0x180048f4b
0x180048f53
0x180048f5b
0x180048f63
0x180048f6b
0x180048f73
0x180048f7b
0x180048f83
0x180048f8b
0x180048f93
0x180048f9b
0x180048fa3
0x180048fab
0x180048fb3
0x180048fbb
0x180048fc3
0x180048fcb
0x180048fd3
0x180048fdb
0x180048fe3
0x180048feb
0x180048ff3
0x180048ffb
0x180049003
0x18004900b
0x180049013
0x18004901b
0x180049023
0x18004902b
0x180049033
0x18004903b
0x180049043
0x18004904b
0x180049053
0x18004905b
0x180049063
0x18004906b
0x180049073
0x18004907b
0x180049083
0x18004908b
0x180049093
0x18004909b
0x1800490a3
0x1800490ab
0x1800490b3
0x1800490bb
0x1800490c3
0x1800490cb
0x1800490d3
0x1800490db
0x1800490e3
0x1800490eb
0x1800490f3
0x1800490fb
0x180049103
0x18004910b
0x180049113
0x18004911b
0x180049123
0x18004912b
0x180049133
0x18004913b
0x180049143
0x18004914b
0x180049153
0x18004915b
0x180049163
0x18004916b
0x180049173
0x18004917b
0x180049183
0x18004918b
0x180049193
0x18004919b
0x1800491a3
0x1800491ab
0x1800491b3
0x1800491bb
0x1800491c3
0x1800491cb
0x1800491d3
0x1800491db
0x1800491e3
0x1800491eb
0x1800491f3
0x1800491fb
0x180049203
0x18004920b
0x180049213
0x18004921b
0x180049223
0x18004922b
0x180049233
0x18004923b
0x180049243
0x18004924b
0x180049253
0x18004925b
0x180049263
0x18004926b
0x180049273
0x18004927b
0x180049283
0x18004928b
0x180049293
0x18004929b
0x1800492a3
0x1800492ab
0x1800492b3
0x1800492bb
0x1800492c3
0x1800492cb
0x1800492d3
0x1800492db
0x1800492e3
0x1800492eb
0x1800492f3
0x1800492fb
0x180049303
0x18004930b
0x180049313
0x18004931b
0x180049323
0x18004932b
0x180049333
0x18004933b
0x180049343
0x18004934b
0x180049353
0x18004935b
0x180049363
0x18004936b
0x180049373
0x18004937b
0x180049383
0x18004938b
0x180049393
0x18004939b
0x1800493a3
0x1800493ab
0x1800493b3
0x1800493bb
0x1800493c3
0x1800493cb
0x1800493d3
0x1800493db
0x1800493e3
0x1800493eb
0x1800493f3
0x1800493fb
0x180049403
0x18004940b
0x180049413
0x18004941b
0x180049423
0x18004942b
0x180049433
0x18004943b
0x180049443
0x18004944b
0x180049453
0x18004945b
0x180049463
0x18004946b
0x180049473
0x18004947b
0x180049483
0x18004948b
0x180049493
0x18004949b
0x1800494a3
0x1800494ab
0x1800494b3
0x1800494bb
0x1800494c3
0x1800494cb
0x1800494d3
0x1800494db
0x1800494e3
0x1800494eb
0x1800494f3
0x1800494fb
0x180049503
0x18004950b
0x180049513
0x18004951b
0x180049523
0x18004952b
0x180049533
0x18004953b
0x180049543
0x18004954b
0x180049553
0x18004955b
0x180049563
0x18004956b
0x180049573
0x18004957b
0x180049583
0x18004958b
0x180049593
0x18004959b
0x1800495a3
0x1800495ab
0x1800495b3
0x1800495bb
0x1800495c3
0x1800495cb
0x1800495d3
0x1800495db
0x1800495e3
0x1800495eb
0x1800495f3
0x1800495fb
0x180049603
0x18004960b
0x180049613
0x18004961b
0x180049623
0x18004962b
0x180049633
0x18004963b
0x180049643
0x18004964b
0x180049653
0x18004965b
0x180049663
0x18004966b
0x180049673
0x18004967b
0x180049683
0x18004968b
0x180049693
0x18004969b
0x1800496a3
0x1800496ab
0x1800496b3
0x1800496bb
0x1800496c3
0x1800496cb
0x1800496d3
0x1800496db
0x1800496e3
0x1800496eb
0x1800496f3
0x1800496fb
0x180049703
0x18004970b
0x180049713
0x18004971b
0x180049723
0x18004972b
0x180049733
0x18004973b
0x180049743
0x18004974b
0x180049753
0x18004975b
0x180049763
0x18004976b
0x180049773
0x18004977b
0x180049783
0x18004978b
0x180049793
0x18004979b
0x1800497a3
0x1800497ab
0x1800497b3
0x1800497bb
0x1800497c3
0x1800497cb
0x1800497d3
0x1800497db
0x1800497e3
0x1800497eb
0x1800497f3
0x1800497fb
0x180049803
0x18004980b
0x180049813
0x18004981b
0x180049823
0x18004982b
0x180049833
0x18004983b
0x180049843
0x18004984b
0x180049853
0x18004985b
0x180049863
0x18004986b
0x180049873
0x18004987b
0x180049883
0x18004988b
0x180049893
0x18004989b
0x1800498a3
0x1800498ab
0x1800498b3
0x1800498bb
0x1800498c3
0x1800498cb
0x1800498d3
0x1800498db
0x1800498e3
0x1800498eb
0x1800498f3
0x1800498fb
0x180049903
0x18004990b
0x180049913
0x18004991b
0x180049923
0x18004992b
0x180049933
0x18004993b
0x180049943
0x18004994b
0x180049953
0x18004995b
0x180049963
0x18004996b
0x180049973
0x18004997b
0x180049983
0x18004998b
0x180049993
0x18004999b
0x1800499a3
0x1800499ab
0x1800499b3
0x1800499bb
0x1800499c3
0x1800499cb
0x1800499d3
0x1800499db
0x1800499e3
0x1800499eb
0x1800499f3
0x1800499fb
0x180049a03
0x180049a0b
0x180049a13
0x180049a1b
0x180049a23
0x180049a2b
0x180049a33
0x180049a3b
0x180049a43
0x180049a4b
0x180049a53
0x180049a5b
0x180049a63
0x180049a6b
0x180049a73
0x180049a7b
0x180049a83
0x180049a8b
0x180049a93
0x180049a9b
0x180049aa3
0x180049aab
0x180049ab3
0x180049abb
0x180049ac3
0x180049acb
0x180049ad3
0x180049adb
0x180049ae3
0x180049aeb
0x180049af3
0x180049afb
0x180049b03
0x180049b0b
0x180049b13
0x180049b1b
0x180049b23
0x180049b2b
0x180049b33
0x180049b3b
0x180049b43
0x180049b4b
0x180049b53
0x180049b5b
0x180049b63
0x180049b6b
0x180049b73
0x180049b7b
0x180049b83
0x180049b8b
0x180049b93
0x180049b9b
0x180049ba3
0x180049bab
0x180049bb3
0x180049bbb
0x180049bc3
0x180049bcb
0x180049bd3
0x180049bdb
0x180049be3
0x180049beb
0x180049bf3
0x180049bfb
0x180049c03
0x180049c0b
0x180049c13
0x180049c1b
0x180049c23
0x180049c2b
0x180049c33
0x180049c3b
0x180049c43
0x180049c4b
0x180049c53
0x180049c5b
0x180049c63
0x180049c6b
0x180049c73
0x180049c7b
0x180049c83
0x180049c8b
0x180049c93
0x180049c9b
0x180049ca3
0x180049cab
0x180049cb3
0x180049cbb
0x180049cc3
0x180049ccb
0x180049cd3
0x180049cdb
0x180049ce3
0x180049ceb
0x180049cf3
0x180049cfb
0x180049d03
0x180049d0b
0x180049d13
0x180049d1b
0x180049d23
0x180049d2b
0x180049d33
0x180049d3b
0x180049d43
0x180049d4b
0x180049d53
0x180049d5b
0x180049d63
0x180049d6b
0x180049d73
0x180049d7b
0x180049d83
0x180049d8b
0x180049d93
0x180049d9b
0x180049da3
0x180049dab
0x180049db3
0x180049dbb
0x180049dc3
0x180049dcb
0x180049dd3
0x180049ddb
0x180049de3
0x180049deb
0x180049df3
0x180049dfb
0x180049e03
0x180049e0b
0x180049e13
0x180049e1b
0x180049e23
0x180049e2b
0x180049e3c
0x180049e44
0x180049e49
0x180049e56
0x180049e5e
0x180049e68
0x180049e82
0x180049e84
0x180049e8c
0x180049e8e
0x180049e9b
0x180049ea7
0x180049eb4
0x180049ec0
0x180049ec6
0x180049ee0
0x180049ee6
0x180049f00
0x180049f0e
0x180049f29
0x180049f2d
0x180049f32
0x180049f35
0x180049f47
0x180049f5d
0x180049f5f
0x180049f62
0x180049f6e
0x180049f79
0x180049f84
0x180049f8a
0x180049f90
0x180049f92
0x180049fa1
0x180049fa6
0x180049fae
0x180049fb5
0x180049fc8
0x180049fcd
0x180049fe0
0x180049fe5
0x180049ff1
0x18004a011

Strings

W, xrefs: 0000000180046B6B
\, xrefs: 00000001800492E3
a, xrefs: 00000001800451FB
<, xrefs: 0000000180045723
-, xrefs: 000000018004586B
8, xrefs: 0000000180046FC3
$, xrefs: 000000018004869B
v, xrefs: 0000000180045533
\, xrefs: 00000001800458AB
-, xrefs: 00000001800455AB
k, xrefs: 000000018004630B
v, xrefs: 0000000180045DB3
{, xrefs: 00000001800473A3
6, xrefs: 0000000180049563
E, xrefs: 0000000180047FFB
5, xrefs: 000000018004847B
X, xrefs: 0000000180049773
:, xrefs: 0000000180047B3B
:, xrefs: 0000000180047133
l, xrefs: 0000000180049013
&, xrefs: 0000000180048683
m, xrefs: 00000001800493F3
>, xrefs: 0000000180046773
f, xrefs: 00000001800471FB
:, xrefs: 0000000180047583
E, xrefs: 000000018004567B
o, xrefs: 0000000180045A63
n, xrefs: 0000000180047EAB
v, xrefs: 0000000180045BAB
_, xrefs: 0000000180047793
_, xrefs: 00000001800481E3
R, xrefs: 0000000180048F63
,, xrefs: 0000000180049753
x, xrefs: 00000001800464A3
%, xrefs: 00000001800489EB
, xrefs: 00000001800477A3
1, xrefs: 00000001800450DB
b, xrefs: 000000018004664B
Q, xrefs: 00000001800486B3
2, xrefs: 0000000180048D5B
3, xrefs: 0000000180048A23
}, xrefs: 00000001800470BB
I, xrefs: 0000000180047053
0, xrefs: 000000018004724B
f, xrefs: 000000018004657B
7, xrefs: 00000001800451D3
|, xrefs: 0000000180045F33
o, xrefs: 00000001800483D3
=, xrefs: 00000001800486CB
8, xrefs: 0000000180048AA3
0, xrefs: 0000000180044FF3
K, xrefs: 0000000180048E0B
E, xrefs: 000000018004795B
T, xrefs: 00000001800463B3
4, xrefs: 00000001800461F3
z, xrefs: 0000000180045ABB
y, xrefs: 0000000180046D83
o, xrefs: 0000000180048973
;, xrefs: 0000000180047EC3
', xrefs: 00000001800483B3
N, xrefs: 000000018004998B
x, xrefs: 000000018004561B
z, xrefs: 0000000180048033
2, xrefs: 0000000180049113
E, xrefs: 0000000180045E2B
D, xrefs: 0000000180048F6B
-, xrefs: 0000000180047E93
F, xrefs: 0000000180049123
?, xrefs: 000000018004715B
%, xrefs: 00000001800483C3
q, xrefs: 0000000180048143
*, xrefs: 0000000180045733
t, xrefs: 0000000180047FD3
b, xrefs: 0000000180045BB3
s, xrefs: 00000001800493EB
9, xrefs: 0000000180049CC3
o, xrefs: 00000001800464C3
&, xrefs: 0000000180045933
P, xrefs: 00000001800473EB
W, xrefs: 00000001800453AB
X, xrefs: 0000000180047DB3
i, xrefs: 0000000180049A63
=, xrefs: 00000001800474F3
i, xrefs: 00000001800464F3
F, xrefs: 000000018004703B
j, xrefs: 00000001800495CB
t, xrefs: 00000001800451C3
$, xrefs: 0000000180049C6B
*, xrefs: 0000000180045213
K, xrefs: 0000000180048523
m, xrefs: 0000000180048323
>, xrefs: 00000001800466AB
), xrefs: 0000000180049CDB
h, xrefs: 0000000180045ECB
0, xrefs: 000000018004756B
w, xrefs: 0000000180045423
I, xrefs: 0000000180046C4B
C, xrefs: 0000000180047CEB
h, xrefs: 0000000180049A1B
., xrefs: 0000000180045593
T, xrefs: 0000000180048B3B
K, xrefs: 0000000180047B4B
., xrefs: 00000001800457A3
,, xrefs: 0000000180048D03
w, xrefs: 00000001800486FB
H, xrefs: 0000000180047C43
j, xrefs: 0000000180044DF3
/, xrefs: 0000000180049C23
@, xrefs: 00000001800497BB
>, xrefs: 0000000180048BEB
j, xrefs: 0000000180048543
>, xrefs: 0000000180045A23
d, xrefs: 0000000180045DBB
=, xrefs: 000000018004902B
T, xrefs: 000000018004848B
|, xrefs: 00000001800480F3
/, xrefs: 0000000180047733
p, xrefs: 0000000180044CC3
n, xrefs: 0000000180047763
/, xrefs: 0000000180045843
#, xrefs: 0000000180048F13
G, xrefs: 000000018004662B
/, xrefs: 0000000180044FB3
u, xrefs: 0000000180046FD3
T, xrefs: 000000018004686B
-, xrefs: 000000018004698B
/, xrefs: 0000000180045663
#, xrefs: 00000001800485BB
X, xrefs: 0000000180048F03
[, xrefs: 0000000180048A2B
C, xrefs: 0000000180044CE3
b, xrefs: 0000000180045E6B
m, xrefs: 00000001800470DB
O, xrefs: 0000000180048753
}, xrefs: 00000001800451CB
,, xrefs: 00000001800482B3
r, xrefs: 000000018004525B
(, xrefs: 0000000180045A8B
;, xrefs: 0000000180046013
c, xrefs: 0000000180046B53
K, xrefs: 000000018004716B
?, xrefs: 000000018004780B
H, xrefs: 0000000180049E03
K, xrefs: 000000018004876B
T, xrefs: 0000000180048C33
, xrefs: 0000000180044E5B
N, xrefs: 0000000180045B13
Z, xrefs: 0000000180047573
3, xrefs: 0000000180048CAB
$, xrefs: 0000000180045C6B
^, xrefs: 0000000180047323
6, xrefs: 000000018004856B
l, xrefs: 0000000180048F0B
t, xrefs: 000000018004552B
}, xrefs: 0000000180047FCB
O, xrefs: 000000018004888B
I, xrefs: 00000001800471DB
v, xrefs: 00000001800483F3
-, xrefs: 000000018004602B
O, xrefs: 0000000180045D6B
1, xrefs: 0000000180048303
V, xrefs: 00000001800474D3
9, xrefs: 00000001800477DB
:, xrefs: 000000018004919B
5, xrefs: 00000001800457E3
T, xrefs: 000000018004785B
$, xrefs: 00000001800466BB
Q, xrefs: 000000018004573B
Y, xrefs: 000000018004629B
o, xrefs: 000000018004601B
o, xrefs: 0000000180046F2B
/, xrefs: 00000001800463DB
S, xrefs: 0000000180045963
?, xrefs: 000000018004805B
#, xrefs: 00000001800463C3
t, xrefs: 0000000180044D2B
+, xrefs: 0000000180049533
n, xrefs: 0000000180049733
B, xrefs: 000000018004528B
|, xrefs: 0000000180045C1B
}, xrefs: 0000000180046F63
F, xrefs: 0000000180045D93
2, xrefs: 0000000180045153
?, xrefs: 0000000180045B43
u, xrefs: 0000000180049D3B
F, xrefs: 0000000180048BA3
?, xrefs: 0000000180048AAB
h, xrefs: 00000001800493CB
9, xrefs: 00000001800454E3
n, xrefs: 000000018004669B
`, xrefs: 0000000180046A93
E, xrefs: 0000000180046D53
R, xrefs: 000000018004637B
b, xrefs: 0000000180047ACB
s, xrefs: 0000000180048A83
2, xrefs: 0000000180045D83
j, xrefs: 0000000180048C03
m, xrefs: 0000000180047213
p, xrefs: 0000000180045D2B
H, xrefs: 0000000180046363
j, xrefs: 0000000180045673
}, xrefs: 0000000180046FCB
a, xrefs: 0000000180047AEB
2, xrefs: 00000001800491A3
&, xrefs: 0000000180046D33
v, xrefs: 000000018004820B
|, xrefs: 00000001800487C3
x, xrefs: 0000000180046AC3
r, xrefs: 0000000180049A93
2, xrefs: 000000018004704B
}, xrefs: 0000000180049E13
V, xrefs: 000000018004555B
1, xrefs: 0000000180045B2B
F, xrefs: 00000001800476CB
o, xrefs: 0000000180047963
x, xrefs: 0000000180048BE3
}, xrefs: 0000000180045493
K, xrefs: 000000018004985B
N, xrefs: 0000000180046BE3
l, xrefs: 000000018004596B
b, xrefs: 000000018004811B
t, xrefs: 0000000180048B13
j, xrefs: 0000000180046FB3
j, xrefs: 0000000180049083
K, xrefs: 0000000180048953
s, xrefs: 0000000180044EAB
P, xrefs: 0000000180047C1B
2, xrefs: 000000018004873B
E, xrefs: 0000000180049BDB
, xrefs: 0000000180047E03
u, xrefs: 000000018004534B
%, xrefs: 0000000180046303
M, xrefs: 0000000180045E8B
#, xrefs: 00000001800480C3
G, xrefs: 0000000180045BD3
w, xrefs: 0000000180047853
t, xrefs: 0000000180044D43
=, xrefs: 000000018004641B
J, xrefs: 00000001800470EB
{, xrefs: 000000018004593B
p, xrefs: 000000018004648B
2, xrefs: 000000018004675B
P, xrefs: 000000018004789B
9, xrefs: 000000018004922B
9, xrefs: 00000001800499F3
,, xrefs: 0000000180045563
}, xrefs: 000000018004658B
y, xrefs: 000000018004594B
b, xrefs: 0000000180048DAB
^, xrefs: 0000000180049C83
m, xrefs: 0000000180048CBB
a, xrefs: 00000001800455F3
(, xrefs: 0000000180046313
=, xrefs: 000000018004575B
d, xrefs: 000000018004978B
~, xrefs: 0000000180048F3B
&, xrefs: 0000000180048C0B
m, xrefs: 0000000180045F53
~, xrefs: 0000000180048E6B
H, xrefs: 0000000180046C9B
,, xrefs: 0000000180047293
y, xrefs: 0000000180048D23
W, xrefs: 00000001800451DB
o, xrefs: 0000000180047B43
d, xrefs: 00000001800475D3
K, xrefs: 00000001800454F3
(, xrefs: 00000001800468B3
3, xrefs: 0000000180045A9B
w, xrefs: 0000000180045873
m, xrefs: 0000000180048BCB
!, xrefs: 00000001800456AB
W, xrefs: 000000018004758B
o, xrefs: 0000000180044F23
W, xrefs: 0000000180046C2B
v, xrefs: 0000000180049BAB
m, xrefs: 0000000180048E9B
>, xrefs: 00000001800471AB
m, xrefs: 000000018004853B
o, xrefs: 0000000180047D23
8, xrefs: 00000001800461B3
H, xrefs: 00000001800498F3
b, xrefs: 0000000180048ADB
2, xrefs: 00000001800485E3
d, xrefs: 0000000180048FAB
{, xrefs: 0000000180045F8B
O, xrefs: 0000000180045403
>, xrefs: 0000000180046433
y, xrefs: 0000000180047C93
p, xrefs: 00000001800465F3
}, xrefs: 0000000180046AFB
t, xrefs: 0000000180049BEB
`, xrefs: 0000000180044CDB
y, xrefs: 0000000180048B9B
D, xrefs: 0000000180045BDB
Q, xrefs: 0000000180046D2B
W, xrefs: 0000000180047C83
y, xrefs: 0000000180047CCB
X, xrefs: 0000000180046203
c, xrefs: 0000000180046C43
L, xrefs: 000000018004544B
i, xrefs: 0000000180049B53
}, xrefs: 000000018004990B
\, xrefs: 0000000180046983
?, xrefs: 00000001800481DB
L, xrefs: 000000018004587B
K, xrefs: 00000001800493AB
(, xrefs: 0000000180047303
K, xrefs: 0000000180049A5B
t, xrefs: 0000000180048733
u, xrefs: 0000000180048CEB
g, xrefs: 00000001800451F3
x, xrefs: 0000000180049AEB
8, xrefs: 00000001800478D3
7, xrefs: 0000000180045653
d, xrefs: 0000000180045FF3
Q, xrefs: 0000000180046E93
M, xrefs: 0000000180046223
P, xrefs: 00000001800455B3
P, xrefs: 000000018004571B
,, xrefs: 0000000180047BDB
N, xrefs: 0000000180048F83
, xrefs: 0000000180045BBB
?, xrefs: 00000001800476FB
=, xrefs: 0000000180045123
?, xrefs: 000000018004757B
%, xrefs: 00000001800456EB
Y, xrefs: 00000001800461AB
B, xrefs: 0000000180048093
!, xrefs: 0000000180044D33
4, xrefs: 0000000180047BA3
w, xrefs: 0000000180046E8B
`, xrefs: 00000001800477B3
:, xrefs: 0000000180044F13
p, xrefs: 0000000180044D1B
|, xrefs: 0000000180044FC3
`, xrefs: 0000000180047F33
n, xrefs: 0000000180046353
<, xrefs: 0000000180049813
v, xrefs: 000000018004597B
|, xrefs: 0000000180044D63
i, xrefs: 0000000180048F93
P, xrefs: 000000018004737B
p, xrefs: 0000000180048803
2, xrefs: 000000018004506B
k, xrefs: 0000000180049D03
F, xrefs: 0000000180048E53
, xrefs: 00000001800475C3
&, xrefs: 0000000180048773
%, xrefs: 0000000180045DDB
V, xrefs: 00000001800481A3
n, xrefs: 0000000180046693
#, xrefs: 00000001800494BB
B, xrefs: 0000000180046FDB
f, xrefs: 00000001800456D3
z, xrefs: 0000000180049913
@, xrefs: 00000001800465EB
f, xrefs: 0000000180045973
N, xrefs: 0000000180047483
@, xrefs: 0000000180049A43
~, xrefs: 0000000180045E7B
., xrefs: 00000001800451B3
C, xrefs: 000000018004546B
I, xrefs: 0000000180045CEB
`, xrefs: 000000018004527B
%, xrefs: 0000000180046BEB
n, xrefs: 0000000180048EA3
c, xrefs: 00000001800492EB
, xrefs: 00000001800455FB
3, xrefs: 0000000180049C3B
}, xrefs: 000000018004626B
t, xrefs: 000000018004912B
/, xrefs: 0000000180047C5B
<, xrefs: 00000001800451A3
M, xrefs: 00000001800461FB
{, xrefs: 000000018004670B
H, xrefs: 0000000180047BD3
U, xrefs: 0000000180046E1B
g, xrefs: 0000000180048883
0, xrefs: 00000001800479CB
v, xrefs: 0000000180047ADB
p, xrefs: 0000000180048AC3
F, xrefs: 000000018004514B
(, xrefs: 00000001800496A3
n, xrefs: 000000018004862B
b, xrefs: 0000000180048B23
&, xrefs: 000000018004731B
R, xrefs: 0000000180048423
L, xrefs: 00000001800457FB
], xrefs: 0000000180049AF3
_, xrefs: 0000000180045A73
`, xrefs: 0000000180047A43
_, xrefs: 00000001800450CB
%, xrefs: 000000018004961B
8, xrefs: 0000000180048AF3
K, xrefs: 00000001800492BB
~, xrefs: 00000001800458D3
f, xrefs: 0000000180045C8B
], xrefs: 000000018004903B
$, xrefs: 0000000180046EEB
:, xrefs: 00000001800462C3
s, xrefs: 0000000180047C73
, xrefs: 000000018004980B
T, xrefs: 000000018004875B
[, xrefs: 0000000180046343
(, xrefs: 0000000180046F13
=, xrefs: 000000018004829B
c, xrefs: 0000000180048DF3
B, xrefs: 00000001800479A3
+, xrefs: 0000000180046553
/, xrefs: 0000000180047E3B
?, xrefs: 0000000180046E03
H, xrefs: 0000000180047353
>, xrefs: 000000018004684B
n, xrefs: 0000000180048A7B
T, xrefs: 0000000180045763
Z, xrefs: 0000000180045C03
j, xrefs: 0000000180048CC3
|, xrefs: 0000000180045583
g, xrefs: 00000001800490F3
X, xrefs: 0000000180047013
a, xrefs: 0000000180048C93
V, xrefs: 00000001800462FB
_, xrefs: 0000000180048E83
3, xrefs: 00000001800496CB
\, xrefs: 0000000180047813
t, xrefs: 0000000180045CCB
,, xrefs: 0000000180046543
D, xrefs: 000000018004725B
j, xrefs: 0000000180048BD3
o, xrefs: 0000000180047003
@, xrefs: 00000001800452E3
$, xrefs: 0000000180045193
H, xrefs: 0000000180045F7B
E, xrefs: 0000000180048103
], xrefs: 00000001800453A3
s, xrefs: 0000000180049ACB
v, xrefs: 0000000180048583
N, xrefs: 000000018004755B
:, xrefs: 000000018004530B
1, xrefs: 000000018004639B
k, xrefs: 0000000180046003
j, xrefs: 00000001800470A3
t, xrefs: 000000018004568B
6, xrefs: 0000000180046413
e, xrefs: 000000018004676B
y, xrefs: 0000000180049543
,, xrefs: 000000018004754B
#, xrefs: 0000000180047D13
{, xrefs: 0000000180049A7B
9, xrefs: 0000000180045293
W, xrefs: 00000001800495EB
>, xrefs: 0000000180048873
A, xrefs: 0000000180046BDB
p, xrefs: 0000000180048EBB
F, xrefs: 00000001800457F3
j, xrefs: 0000000180048493
', xrefs: 000000018004962B
*, xrefs: 00000001800453FB
y, xrefs: 000000018004936B
0, xrefs: 00000001800485F3
}, xrefs: 000000018004617B
., xrefs: 0000000180046183
-, xrefs: 000000018004717B
?, xrefs: 000000018004625B
t, xrefs: 0000000180046AA3
%, xrefs: 0000000180047F9B
w, xrefs: 0000000180045283
B, xrefs: 00000001800498C3
], xrefs: 00000001800465E3
., xrefs: 0000000180046273
\, xrefs: 0000000180045F3B
., xrefs: 0000000180045433
8, xrefs: 000000018004860B
I, xrefs: 0000000180048663
", xrefs: 0000000180048D53
l, xrefs: 0000000180045503
*, xrefs: 00000001800494D3
#, xrefs: 0000000180047113
v, xrefs: 0000000180046083
l, xrefs: 0000000180048FE3
Q, xrefs: 0000000180046B5B
e, xrefs: 0000000180047BE3
Q, xrefs: 0000000180048383
q, xrefs: 00000001800453BB
n, xrefs: 00000001800462D3
v, xrefs: 0000000180046F9B
X, xrefs: 0000000180048CB3
E, xrefs: 0000000180044E9B
, xrefs: 000000018004509B
1, xrefs: 00000001800453DB
E, xrefs: 000000018004939B
(, xrefs: 000000018004599B
, xrefs: 0000000180049183
3, xrefs: 0000000180049923
F, xrefs: 00000001800468BB
g, xrefs: 0000000180048EE3
a, xrefs: 0000000180045B5B
3, xrefs: 0000000180049663
u, xrefs: 0000000180045AAB
K, xrefs: 0000000180046103
G, xrefs: 0000000180047FEB
W, xrefs: 0000000180049CEB
m, xrefs: 0000000180047AF3
4, xrefs: 0000000180047BF3
2, xrefs: 0000000180046C23
b, xrefs: 0000000180046E43
$, xrefs: 000000018004878B
{, xrefs: 00000001800497AB
z, xrefs: 000000018004650B
I, xrefs: 0000000180048C7B
Y, xrefs: 000000018004652B
8, xrefs: 0000000180047DD3
i, xrefs: 0000000180049BBB
h, xrefs: 0000000180046A83
k, xrefs: 0000000180045DAB
O, xrefs: 0000000180048693
c, xrefs: 0000000180047783
", xrefs: 00000001800498CB
6, xrefs: 0000000180045B23
Y, xrefs: 0000000180045353
J, xrefs: 0000000180047D73
m, xrefs: 0000000180045AA3
`, xrefs: 0000000180046133
&, xrefs: 00000001800477CB
N, xrefs: 0000000180047F53
h, xrefs: 000000018004897B
m, xrefs: 00000001800465CB
s, xrefs: 0000000180045CBB
k, xrefs: 0000000180045EB3
%, xrefs: 0000000180048FD3
o, xrefs: 0000000180045E33
c, xrefs: 0000000180048E1B
*, xrefs: 0000000180048F1B
Z, xrefs: 0000000180045513
^, xrefs: 0000000180048B03
J, xrefs: 0000000180045313
$, xrefs: 00000001800499DB
), xrefs: 000000018004918B
y, xrefs: 0000000180049BC3
A, xrefs: 0000000180048B8B
R, xrefs: 0000000180047253
z, xrefs: 0000000180045EF3
F, xrefs: 000000018004505B
H, xrefs: 000000018004633B
7, xrefs: 000000018004771B
k, xrefs: 0000000180044D73
=, xrefs: 00000001800476D3
L, xrefs: 00000001800480FB
R, xrefs: 0000000180047073
D, xrefs: 00000001800459DB
j, xrefs: 00000001800497A3
2, xrefs: 0000000180048B7B
t, xrefs: 0000000180046EDB
#, xrefs: 0000000180045523
M, xrefs: 0000000180045FE3
F, xrefs: 0000000180044DA3
{, xrefs: 000000018004895B
>, xrefs: 0000000180049CE3
o, xrefs: 0000000180049D1B
5, xrefs: 0000000180045FEB
', xrefs: 0000000180049673
`, xrefs: 00000001800487A3
D, xrefs: 000000018004707B
9, xrefs: 0000000180046A2B
Y, xrefs: 00000001800482D3
", xrefs: 0000000180046F3B
*, xrefs: 00000001800484CB
E, xrefs: 000000018004984B
,, xrefs: 0000000180046653
d, xrefs: 0000000180046B73
r, xrefs: 0000000180046DBB
8, xrefs: 0000000180048E63
[, xrefs: 0000000180045413
<, xrefs: 000000018004661B
3, xrefs: 000000018004751B
S, xrefs: 0000000180049B33
K, xrefs: 0000000180047AD3
6, xrefs: 000000018004989B
k, xrefs: 0000000180045B83
L, xrefs: 00000001800472BB
O, xrefs: 0000000180047BEB
H, xrefs: 0000000180045D9B
_, xrefs: 00000001800470AB
k, xrefs: 0000000180045F43
{, xrefs: 000000018004607B
W, xrefs: 00000001800473AB
o, xrefs: 0000000180047D43
x, xrefs: 0000000180047EE3
x, xrefs: 00000001800467F3
v, xrefs: 0000000180044EB3
1, xrefs: 000000018004738B
L, xrefs: 0000000180045263
#, xrefs: 00000001800463F3
/, xrefs: 0000000180046D5B
T, xrefs: 0000000180045FFB
z, xrefs: 0000000180049D4B
m, xrefs: 00000001800458C3
l, xrefs: 00000001800483CB
o, xrefs: 00000001800452FB
/, xrefs: 0000000180046C6B
?, xrefs: 0000000180048F5B
Y, xrefs: 0000000180048723
:, xrefs: 0000000180044F7B
U, xrefs: 0000000180049B13
', xrefs: 0000000180044D5B
E, xrefs: 00000001800479DB
', xrefs: 0000000180048063
Y, xrefs: 000000018004562B
\, xrefs: 0000000180049D5B
R, xrefs: 000000018004621B
M, xrefs: 0000000180046F1B
}, xrefs: 000000018004774B
I, xrefs: 000000018004808B
|, xrefs: 00000001800481AB
+, xrefs: 0000000180048EAB
1, xrefs: 0000000180046DFB
(, xrefs: 000000018004701B
K, xrefs: 000000018004796B
u, xrefs: 000000018004551B
), xrefs: 000000018004779B
t, xrefs: 0000000180048A0B
R, xrefs: 00000001800490FB
F, xrefs: 00000001800455E3
v, xrefs: 00000001800488CB
\, xrefs: 0000000180046EB3
#, xrefs: 0000000180045103
{, xrefs: 000000018004929B
?, xrefs: 0000000180045C7B
!, xrefs: 0000000180046D6B
m, xrefs: 000000018004844B
F, xrefs: 0000000180048313
;, xrefs: 000000018004861B
[, xrefs: 0000000180046FEB
~, xrefs: 00000001800497CB
j, xrefs: 0000000180048453
%, xrefs: 00000001800460AB
X, xrefs: 0000000180047883
D, xrefs: 0000000180046CAB
1, xrefs: 00000001800467D3
U, xrefs: 0000000180046A5B
^, xrefs: 00000001800459F3
w, xrefs: 0000000180048483
., xrefs: 0000000180046A13
\, xrefs: 00000001800475B3
5, xrefs: 0000000180045B3B
T, xrefs: 0000000180046113
`, xrefs: 000000018004554B
H, xrefs: 000000018004750B
I, xrefs: 0000000180045BFB
R, xrefs: 0000000180048243
K, xrefs: 000000018004842B
D, xrefs: 000000018004920B
4, xrefs: 0000000180049583
~, xrefs: 000000018004816B
V, xrefs: 000000018004519B
_, xrefs: 000000018004908B
F, xrefs: 00000001800456F3
/, xrefs: 0000000180049AD3
L, xrefs: 0000000180046DCB
D, xrefs: 000000018004824B
?, xrefs: 000000018004706B
}, xrefs: 000000018004964B
Y, xrefs: 0000000180049953
B, xrefs: 0000000180046603
q, xrefs: 0000000180047B2B
B, xrefs: 000000018004924B
F, xrefs: 00000001800469AB
o, xrefs: 0000000180046213
O, xrefs: 00000001800467AB
q, xrefs: 0000000180047333
H, xrefs: 00000001800485AB
T, xrefs: 00000001800450D3
F, xrefs: 0000000180047A4B
s, xrefs: 00000001800468CB
?, xrefs: 00000001800481FB
*, xrefs: 00000001800454A3
d, xrefs: 00000001800459B3
-, xrefs: 0000000180047C4B
h, xrefs: 0000000180047D4B
}, xrefs: 0000000180049093
/, xrefs: 0000000180046123
?, xrefs: 000000018004970B
|, xrefs: 0000000180045173
x, xrefs: 0000000180046023
P, xrefs: 000000018004764B
B, xrefs: 00000001800495F3
l, xrefs: 0000000180045F9B
', xrefs: 0000000180048593
N, xrefs: 00000001800495D3
p, xrefs: 0000000180046C0B
d, xrefs: 0000000180047CDB
H, xrefs: 000000018004736B
E, xrefs: 0000000180047F5B
~, xrefs: 0000000180047E53
,, xrefs: 0000000180047863
S, xrefs: 0000000180049983
P, xrefs: 0000000180045B33
], xrefs: 0000000180048EDB
F, xrefs: 00000001800472CB
b, xrefs: 0000000180049C03
P, xrefs: 000000018004559B
V, xrefs: 0000000180044E3B
, xrefs: 000000018004501B
B, xrefs: 000000018004735B
H, xrefs: 00000001800498AB
J, xrefs: 0000000180049C1B
!, xrefs: 0000000180046B43
I, xrefs: 000000018004543B
T, xrefs: 000000018004983B
T, xrefs: 00000001800450FB
*, xrefs: 0000000180049D33
[, xrefs: 0000000180046ECB
w, xrefs: 00000001800494FB
X, xrefs: 0000000180047723
o, xrefs: 00000001800468AB
;, xrefs: 0000000180044CFB
b, xrefs: 00000001800489A3
W, xrefs: 0000000180046A8B
., xrefs: 0000000180046E23
, xrefs: 00000001800482AB
V, xrefs: 0000000180047C6B
o, xrefs: 00000001800484BB
a, xrefs: 0000000180045A6B
M, xrefs: 0000000180049C8B
b, xrefs: 000000018004718B
?, xrefs: 0000000180045BCB
Q, xrefs: 00000001800463A3
F, xrefs: 0000000180048D63
X, xrefs: 0000000180049163
b, xrefs: 000000018004523B
=, xrefs: 00000001800475EB
6, xrefs: 0000000180048DE3
m, xrefs: 0000000180048A13
X, xrefs: 0000000180045033
', xrefs: 000000018004511B
2, xrefs: 0000000180044D9B
;, xrefs: 0000000180049A23
F, xrefs: 00000001800478C3
t, xrefs: 0000000180047D6B
E, xrefs: 0000000180044DAB
2, xrefs: 00000001800470D3
o, xrefs: 0000000180045C5B
d, xrefs: 0000000180046A73
n, xrefs: 0000000180046CB3
\, xrefs: 0000000180049683
#, xrefs: 0000000180048DB3
6, xrefs: 000000018004899B
7, xrefs: 000000018004915B
k, xrefs: 0000000180045E53
3, xrefs: 00000001800473FB
H, xrefs: 0000000180045CAB
r, xrefs: 00000001800477C3
V, xrefs: 0000000180046333
u, xrefs: 0000000180044EF3
!, xrefs: 0000000180044EBB
D, xrefs: 00000001800494E3
E, xrefs: 0000000180048DFB
w, xrefs: 0000000180048C6B
a, xrefs: 00000001800476A3
#, xrefs: 00000001800480DB
z, xrefs: 0000000180049713
], xrefs: 0000000180046B23
[, xrefs: 00000001800481BB
N, xrefs: 0000000180045863
+, xrefs: 0000000180046B03
:, xrefs: 0000000180047C0B
m, xrefs: 000000018004907B
}, xrefs: 000000018004901B
I, xrefs: 00000001800478AB
I, xrefs: 0000000180048C73
K, xrefs: 0000000180048863
=, xrefs: 0000000180044D03
v, xrefs: 0000000180045F93
!, xrefs: 000000018004925B
1, xrefs: 00000001800461BB
5, xrefs: 000000018004784B
l, xrefs: 00000001800463EB
3, xrefs: 00000001800494EB
", xrefs: 00000001800489FB
d, xrefs: 0000000180048B5B
m, xrefs: 0000000180046EBB
(, xrefs: 0000000180047923
v, xrefs: 0000000180047E4B
p, xrefs: 000000018004963B
I, xrefs: 000000018004968B
Q, xrefs: 0000000180048EC3
!, xrefs: 000000018004916B
E, xrefs: 0000000180049993
x, xrefs: 0000000180046D13
W, xrefs: 0000000180046283
l, xrefs: 0000000180045E63
U, xrefs: 00000001800466FB
W, xrefs: 00000001800464D3
,, xrefs: 0000000180046F03
', xrefs: 0000000180047E9B
X, xrefs: 0000000180046B3B
1, xrefs: 0000000180044FEB
v, xrefs: 00000001800486C3
2, xrefs: 0000000180048A3B
G, xrefs: 0000000180045A03
#, xrefs: 0000000180046873
%, xrefs: 000000018004880B
', xrefs: 0000000180045553
v, xrefs: 0000000180046063
y, xrefs: 00000001800471A3
[, xrefs: 000000018004992B
\, xrefs: 0000000180047A2B
|, xrefs: 00000001800452B3
X, xrefs: 0000000180048E93
%, xrefs: 0000000180048F8B
b, xrefs: 0000000180048903
8, xrefs: 0000000180047383
*, xrefs: 0000000180045473
e, xrefs: 0000000180046A53
V, xrefs: 0000000180047363
2, xrefs: 0000000180048B73
\, xrefs: 0000000180047273
T, xrefs: 0000000180046ADB
8, xrefs: 0000000180049793
h, xrefs: 000000018004955B
0, xrefs: 0000000180049273
>, xrefs: 0000000180048C2B
!, xrefs: 000000018004695B
I, xrefs: 000000018004921B
E, xrefs: 0000000180047D1B
`, xrefs: 0000000180046043
f, xrefs: 0000000180047893
j, xrefs: 00000001800472C3
4, xrefs: 0000000180048AB3
k, xrefs: 0000000180046783
+, xrefs: 00000001800455C3
+, xrefs: 00000001800452A3
7, xrefs: 0000000180047F63
1, xrefs: 00000001800462AB
f, xrefs: 0000000180047C13
p, xrefs: 0000000180045C2B
1, xrefs: 0000000180047B83
b, xrefs: 00000001800473B3
), xrefs: 00000001800489CB
l, xrefs: 00000001800492CB
), xrefs: 0000000180045B0B
h, xrefs: 0000000180047B6B
s, xrefs: 000000018004972B
-, xrefs: 0000000180045BC3
v, xrefs: 000000018004560B
+, xrefs: 0000000180044F9B
:, xrefs: 0000000180046383
-, xrefs: 0000000180046293
+, xrefs: 0000000180045C53
1, xrefs: 0000000180048AFB
=, xrefs: 0000000180044ED3
(, xrefs: 000000018004574B
P, xrefs: 0000000180049BE3
a, xrefs: 0000000180046DC3
0, xrefs: 00000001800489BB
t, xrefs: 000000018004585B
~, xrefs: 00000001800488EB
:, xrefs: 000000018004748B
8, xrefs: 0000000180046253
#, xrefs: 00000001800472F3
p, xrefs: 0000000180045C63
#, xrefs: 0000000180047F0B
K, xrefs: 000000018004836B
F, xrefs: 0000000180048B83
k, xrefs: 00000001800465B3
&, xrefs: 00000001800466CB
k, xrefs: 0000000180045C43
|, xrefs: 000000018004927B
=, xrefs: 0000000180047C7B
w, xrefs: 0000000180047F7B
b, xrefs: 0000000180044CEB
*, xrefs: 000000018004520B
M, xrefs: 000000018004564B
7, xrefs: 0000000180045A0B
y, xrefs: 00000001800479C3
6, xrefs: 0000000180045F03
&, xrefs: 0000000180046833
:, xrefs: 0000000180048C63
^, xrefs: 00000001800458CB
@, xrefs: 0000000180046C8B
l, xrefs: 0000000180048113
S, xrefs: 00000001800453C3
j, xrefs: 0000000180048A63
o, xrefs: 0000000180045643
V, xrefs: 0000000180045623
-, xrefs: 00000001800456C3
o, xrefs: 0000000180048613
A, xrefs: 0000000180046D7B
K, xrefs: 000000018004976B
D, xrefs: 0000000180045ACB
W, xrefs: 0000000180044E8B
], xrefs: 00000001800470C3
e, xrefs: 000000018004765B
/, xrefs: 0000000180045253
), xrefs: 000000018004729B
Y, xrefs: 000000018004733B
l, xrefs: 00000001800464E3
2, xrefs: 00000001800468C3
`, xrefs: 0000000180046C5B
2, xrefs: 0000000180045EBB
1, xrefs: 000000018004775B
, xrefs: 000000018004966B
k, xrefs: 00000001800481C3
?, xrefs: 0000000180046B7B
8, xrefs: 0000000180048A03
C, xrefs: 00000001800459AB
o, xrefs: 00000001800455CB
E, xrefs: 000000018004510B
E, xrefs: 000000018004507B
d, xrefs: 000000018004524B
=, xrefs: 000000018004991B
j, xrefs: 0000000180047F93
4, xrefs: 0000000180046D73
-, xrefs: 0000000180049E0B
f, xrefs: 0000000180045043
G, xrefs: 0000000180047443
P, xrefs: 000000018004656B
V, xrefs: 00000001800474AB
_, xrefs: 0000000180046FBB
d, xrefs: 0000000180049BCB
e, xrefs: 0000000180045EEB
8, xrefs: 00000001800476F3
p, xrefs: 0000000180049DDB
, xrefs: 00000001800481EB
F, xrefs: 0000000180046A23
2, xrefs: 000000018004911B
p, xrefs: 0000000180045A3B
W, xrefs: 0000000180048763
K, xrefs: 00000001800450A3
?, xrefs: 0000000180045A53
X, xrefs: 0000000180049523
v, xrefs: 00000001800473D3
,, xrefs: 0000000180049E23
2, xrefs: 00000001800457EB
t, xrefs: 0000000180046B1B
-, xrefs: 0000000180047903
', xrefs: 0000000180047403
k, xrefs: 000000018004969B
., xrefs: 0000000180044EE3
{, xrefs: 0000000180046BBB
6, xrefs: 000000018004946B
F, xrefs: 00000001800496AB
=, xrefs: 0000000180046233
G, xrefs: 0000000180048A93
W, xrefs: 0000000180048673
k, xrefs: 0000000180045E43
s, xrefs: 00000001800482A3
/, xrefs: 0000000180048C4B
o, xrefs: 0000000180045023
7, xrefs: 0000000180047DAB
), xrefs: 0000000180046763
8, xrefs: 0000000180046393
$, xrefs: 0000000180047E2B
$, xrefs: 00000001800455A3
2, xrefs: 0000000180047043
X, xrefs: 0000000180044DE3
B, xrefs: 00000001800479D3
p, xrefs: 0000000180046663
g, xrefs: 00000001800491AB
^, xrefs: 0000000180048923
D, xrefs: 00000001800462EB
$, xrefs: 0000000180049B3B
+, xrefs: 000000018004539B
<, xrefs: 0000000180045113
~, xrefs: 0000000180049A0B
d, xrefs: 000000018004683B
O, xrefs: 00000001800484AB
j, xrefs: 0000000180048E23
:, xrefs: 0000000180047FB3
8, xrefs: 0000000180048413
{, xrefs: 00000001800451BB
J, xrefs: 00000001800477EB
G, xrefs: 000000018004960B
V, xrefs: 0000000180047203
R, xrefs: 0000000180045093
3, xrefs: 0000000180045D23
H, xrefs: 000000018004606B
2, xrefs: 000000018004830B
7, xrefs: 0000000180048E8B
F, xrefs: 0000000180047503
p, xrefs: 0000000180049D93
b, xrefs: 0000000180045613
{, xrefs: 0000000180045A2B
#, xrefs: 000000018004801B
H, xrefs: 0000000180047643
x, xrefs: 00000001800479E3
e, xrefs: 0000000180046E13
s, xrefs: 00000001800472B3
l, xrefs: 000000018004788B
k, xrefs: 000000018004886B
W, xrefs: 0000000180044F73
:, xrefs: 00000001800454BB
f, xrefs: 0000000180046153
E, xrefs: 0000000180049A83
X, xrefs: 0000000180045EC3
k, xrefs: 00000001800472FB
|, xrefs: 0000000180046753
2, xrefs: 000000018004515B
u, xrefs: 000000018004727B
4, xrefs: 000000018004744B
Q, xrefs: 0000000180047523
j, xrefs: 0000000180045ED3
f, xrefs: 0000000180046143
K, xrefs: 000000018004787B
5, xrefs: 0000000180044FFB
%, xrefs: 00000001800475BB
o, xrefs: 000000018004871B
V, xrefs: 0000000180045443
(, xrefs: 0000000180046C03
+, xrefs: 00000001800452F3
k, xrefs: 00000001800495A3
`, xrefs: 0000000180049B23
8, xrefs: 0000000180045383
b, xrefs: 0000000180049783
?, xrefs: 0000000180045203
x, xrefs: 000000018004973B
w, xrefs: 0000000180045783
o, xrefs: 0000000180048E03
3, xrefs: 0000000180047223
D, xrefs: 000000018004851B
g, xrefs: 0000000180045D63
U, xrefs: 0000000180047F73
K, xrefs: 0000000180047F4B
Q, xrefs: 00000001800499B3
b, xrefs: 000000018004550B
_, xrefs: 000000018004854B
?, xrefs: 0000000180046A43
*, xrefs: 0000000180046733
6, xrefs: 000000018004951B
k, xrefs: 00000001800458B3
X, xrefs: 0000000180047103
E, xrefs: 00000001800463CB
", xrefs: 0000000180047283
E, xrefs: 00000001800483E3
,, xrefs: 00000001800461E3
!, xrefs: 0000000180046ED3
{, xrefs: 0000000180046DDB
N, xrefs: 000000018004720B
P, xrefs: 0000000180048ACB
@, xrefs: 0000000180049613
l, xrefs: 000000018004611B
K, xrefs: 0000000180049153
x, xrefs: 0000000180048533
a, xrefs: 0000000180045903
q, xrefs: 000000018004595B
T, xrefs: 000000018004763B
#, xrefs: 0000000180046BCB
?, xrefs: 000000018004945B
}, xrefs: 0000000180046DE3
(, xrefs: 00000001800476C3
K, xrefs: 0000000180049CBB
2, xrefs: 0000000180045683
p, xrefs: 0000000180048CDB
4, xrefs: 0000000180049C9B
K, xrefs: 00000001800464CB
8, xrefs: 00000001800470B3
w, xrefs: 00000001800485D3
G, xrefs: 000000018004634B
*, xrefs: 0000000180046A33
?, xrefs: 0000000180049B6B
z, xrefs: 00000001800485FB
E, xrefs: 00000001800493DB
K, xrefs: 0000000180047DA3
l, xrefs: 0000000180048E33
w, xrefs: 00000001800496DB
o, xrefs: 0000000180046FAB
?, xrefs: 000000018004742B
2, xrefs: 000000018004577B
o, xrefs: 00000001800493A3
0, xrefs: 0000000180048393
C, xrefs: 00000001800464BB
^, xrefs: 0000000180047F23
b, xrefs: 0000000180047B63
K, xrefs: 000000018004700B
:, xrefs: 0000000180048FBB
F, xrefs: 000000018004655B
l, xrefs: 000000018004620B
k, xrefs: 000000018004612B
{, xrefs: 00000001800496FB
^, xrefs: 0000000180047DE3
J, xrefs: 0000000180046F73
H, xrefs: 00000001800495DB
^, xrefs: 0000000180046D03
}, xrefs: 00000001800475DB
w, xrefs: 000000018004931B
w, xrefs: 0000000180045F63
{, xrefs: 0000000180046823
*, xrefs: 00000001800482E3
N, xrefs: 00000001800486BB
n, xrefs: 00000001800472EB
/, xrefs: 0000000180044FD3
`, xrefs: 0000000180049943
D, xrefs: 0000000180046D4B
', xrefs: 000000018004502B
v, xrefs: 0000000180045333
8, xrefs: 0000000180047153
e, xrefs: 0000000180045FBB
R, xrefs: 0000000180048513
t, xrefs: 000000018004874B
f, xrefs: 000000018004996B
1, xrefs: 0000000180046E63
`, xrefs: 0000000180045EAB
:, xrefs: 00000001800460E3
r, xrefs: 0000000180046863
+, xrefs: 0000000180049DAB
L, xrefs: 0000000180046D8B
k, xrefs: 000000018004610B
&, xrefs: 000000018004711B
1, xrefs: 0000000180047DDB
|, xrefs: 0000000180049573
{, xrefs: 00000001800469BB
|, xrefs: 00000001800458A3
., xrefs: 0000000180046563
;, xrefs: 0000000180046D93
%, xrefs: 0000000180049D9B
t, xrefs: 000000018004632B
{, xrefs: 0000000180048A43
e, xrefs: 0000000180049803
L, xrefs: 00000001800478EB
Y, xrefs: 00000001800452CB
\, xrefs: 0000000180044DDB
X, xrefs: 0000000180048443
{, xrefs: 000000018004647B
F, xrefs: 0000000180044F53
^, xrefs: 0000000180048AD3
l, xrefs: 0000000180044D13
k, xrefs: 0000000180047A7B
C, xrefs: 00000001800488E3
?, xrefs: 000000018004823B
b, xrefs: 0000000180045223
-, xrefs: 0000000180048283
0, xrefs: 00000001800453CB
k, xrefs: 000000018004699B
f, xrefs: 0000000180049AA3
~, xrefs: 0000000180046053
e, xrefs: 0000000180046EE3
8, xrefs: 0000000180047423
#, xrefs: 0000000180045883
w, xrefs: 0000000180045B53
J, xrefs: 00000001800497F3
A, xrefs: 000000018004615B
#, xrefs: 0000000180045E23
J, xrefs: 0000000180044FE3
y, xrefs: 0000000180048B0B
T, xrefs: 000000018004578B
v, xrefs: 0000000180045CC3
$, xrefs: 00000001800457BB
R, xrefs: 0000000180046443
-, xrefs: 000000018004689B
R, xrefs: 00000001800468F3
", xrefs: 0000000180046AAB
L, xrefs: 0000000180046CFB
R, xrefs: 00000001800463BB
l, xrefs: 000000018004710B
$, xrefs: 00000001800485EB
[, xrefs: 00000001800456FB
X, xrefs: 0000000180046583
y, xrefs: 0000000180049403
\, xrefs: 00000001800454AB
9, xrefs: 0000000180046483
t, xrefs: 0000000180046593
`, xrefs: 00000001800493D3
,, xrefs: 00000001800455D3
m, xrefs: 000000018004952B
9, xrefs: 0000000180046C63
8, xrefs: 00000001800462A3
b, xrefs: 00000001800473E3
l, xrefs: 0000000180045233
2, xrefs: 00000001800474FB
d, xrefs: 0000000180049A53
b, xrefs: 0000000180048183
M, xrefs: 00000001800487D3
X, xrefs: 00000001800492C3
p, xrefs: 0000000180047563
6, xrefs: 0000000180046963
9, xrefs: 0000000180048D43
{, xrefs: 0000000180049C73
f, xrefs: 0000000180047983
%, xrefs: 00000001800497B3
k, xrefs: 00000001800476BB
k, xrefs: 0000000180046BC3
O, xrefs: 0000000180045B63
q, xrefs: 0000000180046D0B
E, xrefs: 0000000180047E6B
Z, xrefs: 0000000180046B83
d, xrefs: 0000000180044F63
U, xrefs: 0000000180045D7B
l, xrefs: 0000000180046D23
, xrefs: 00000001800464B3
c, xrefs: 00000001800474C3
G, xrefs: 0000000180046FE3
!, xrefs: 0000000180045D8B
o, xrefs: 0000000180047A53
2, xrefs: 00000001800469B3
?, xrefs: 000000018004841B
T, xrefs: 000000018004866B
=, xrefs: 0000000180048DCB
C, xrefs: 000000018004900B
;, xrefs: 0000000180048643
A, xrefs: 000000018004892B
W, xrefs: 0000000180046193
m, xrefs: 0000000180045B93
T, xrefs: 0000000180047CAB
v, xrefs: 0000000180046F5B
p, xrefs: 00000001800480CB
S, xrefs: 00000001800496F3
h, xrefs: 0000000180046893
n, xrefs: 0000000180046CDB
#, xrefs: 0000000180047A73
f, xrefs: 0000000180046C83
G, xrefs: 0000000180048D9B
o, xrefs: 0000000180049853
/, xrefs: 0000000180047CD3
1, xrefs: 000000018004654B
i, xrefs: 00000001800475FB
D, xrefs: 00000001800459FB
t, xrefs: 000000018004792B
s, xrefs: 0000000180045C93
+, xrefs: 000000018004917B
F, xrefs: 00000001800456E3
-, xrefs: 0000000180046B9B
o, xrefs: 000000018004954B
p, xrefs: 0000000180048933
6, xrefs: 0000000180045163
0, xrefs: 0000000180047D8B
m, xrefs: 000000018004772B
?, xrefs: 000000018004643B
;, xrefs: 00000001800452DB
3, xrefs: 0000000180044D93
\, xrefs: 0000000180045323
[, xrefs: 0000000180046CA3
b, xrefs: 00000001800498A3
b, xrefs: 0000000180049CAB
@, xrefs: 00000001800453D3
2, xrefs: 000000018004884B
4, xrefs: 0000000180048EB3
U, xrefs: 0000000180048B4B
?, xrefs: 00000001800468EB
+, xrefs: 000000018004827B
l, xrefs: 000000018004977B
E, xrefs: 000000018004570B
2, xrefs: 000000018004799B
D, xrefs: 0000000180045C33
1, xrefs: 0000000180049B9B
C, xrefs: 0000000180049693
g, xrefs: 0000000180047B23
?, xrefs: 0000000180049B03
N, xrefs: 0000000180049213
8, xrefs: 000000018004691B
', xrefs: 0000000180049D83
D, xrefs: 0000000180047533
s, xrefs: 000000018004722B
_, xrefs: 0000000180048BDB
], xrefs: 0000000180044F93
B, xrefs: 00000001800484DB
D, xrefs: 00000001800499FB
S, xrefs: 000000018004535B

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID: $ $ $ $ $ $ $ $ $ $ $ $ $ $!$!$!$!$!$!$!$!$!$!$"$"$"$"$"$"$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$$$$$$$$$$$$$$$$$$$$$$$$$$$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$&$&$&$&$&$&$&$&$&$&$'$'$'$'$'$'$'$'$'$'$'$'$($($($($($($($($($($($($)$)$)$)$)$)$)$*$*$*$*$*$*$*$*$*$*$*$*$*$+$+$+$+$+$+$+$+$+$+$+$+$+$,$,$,$,$,$,$,$,$,$,$,$,$,$,$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$.$.$.$.$.$.$.$.$.$.$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$0$0$0$0$0$0$0$0$0$0$1$1$1$1$1$1$1$1$1$1$1$1$1$1$1$1$1$1$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$3$3$3$3$3$3$3$3$3$3$3$3$3$4$4$4$4$4$4$4$4$4$5$5$5$5$5$5$6$6$6$6$6$6$6$6$6$6$6$6$7$7$7$7$7$7$7$7$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$8$9$9$9$9$9$9$9$9$9$9$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$;$;$;$;$;$;$;$;$<$<$<$<$<$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$>$>$>$>$>$>$>$>$>$>$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$@$@$@$@$@$@$@$A$A$A$A$A$B$B$B$B$B$B$B$B$B$B$B$C$C$C$C$C$C$C$C$D$D$D$D$D$D$D$D$D$D$D$D$D$D$D$D$D$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$G$G$G$G$G$G$G$G$G$G$H$H$H$H$H$H$H$H$H$H$H$H$H$H$H$H$H$H$I$I$I$I$I$I$I$I$I$I$I$I$I$J$J$J$J$J$J$J$J$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$K$L$L$L$L$L$L$L$L$L$L$M$M$M$M$M$M$M$M$N$N$N$N$N$N$N$N$N$N$N$N$O$O$O$O$O$O$O$O$O$P$P$P$P$P$P$P$P$P$P$P$P$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$R$R$R$R$R$R$R$R$R$R$R$R$R$S$S$S$S$S$S$T$T$T$T$T$T$T$T$T$T$T$T$T$T$T$T$T$T$U$U$U$U$U$U$U$V$V$V$V$V$V$V$V$V$V$V$V$V$W$W$W$W$W$W$W$W$W$W$W$W$W$W$W$W$W$X$X$X$X$X$X$X$X$X$X$X$X$X$X$X$X$X$X$X$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Z$Z$Z$Z$[$[$[$[$[$[$[$[$[$\$\$\$\$\$\$\$\$\$\$\$\$\$\$]$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$_$_$`$`$`$`$`$`$`$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$c$c$c$c$c$c$c$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$e$e$e$e$e$e$e$e$e$f$f$f$f$f$f$f$f$f$f$f$f$f$f$g$g$g$g$g$g$g$h$h$h$h$h$h$h$h$h$i$i$i$i$i$i$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$n$n$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$q$q$q$q$q$q$r$r$r$r$r$s$s$s$s$s$s$s$s$s$s$s$s$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$u$u$u$u$u$u$u$u$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$x$x$x$x$x$x$x$x$x$x$x$x$y$y$y$y$y$y$y$y$y$y$y$y$y$z$z$z$z$z$z$z$z${${${${${${${${${${${${${${${${${${${$|$|$|$|$|$|$|$|$|$|$|$|$|$|$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$~$~$~$~$~$~$~$~$~$~
API String ID: 0-3426580976
Opcode ID: 404c54652dc5ab335d0c8003bcfce4293d7c04543a7ec196317078e5bd2a80ea
Instruction ID: 2b7733940dc035ab14ad6126a52e24348c4ddf3aca1f58b53795b4302143cb4a
Opcode Fuzzy Hash: 404c54652dc5ab335d0c8003bcfce4293d7c04543a7ec196317078e5bd2a80ea
Instruction Fuzzy Hash: 5DA3605250DBC1C9E332C23CA4587CFAE8193A3319F484299D3E41AADBC7AE8155DF67

Uniqueness

Uniqueness Score: -1.00%

Function 00990000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 00990344
VirtualAlloc.KERNELBASE ref: 0099038A
VirtualAlloc.KERNELBASE ref: 009903A4
VirtualProtect.KERNELBASE ref: 0099085C
RtlAddFunctionTable.KERNEL32 ref: 009908E9

Strings

ativ, xrefs: 0099010F
ncti, xrefs: 00990141
ct, xrefs: 009900DD
Slee, xrefs: 00990084
Flus, xrefs: 009900E4
Load, xrefs: 00990095
nf, xrefs: 00990127
tion, xrefs: 009900F9
o, xrefs: 0099012E
Libr, xrefs: 0099009D
temI, xrefs: 0099011F
onTa, xrefs: 00990148
truc, xrefs: 009900F2
Cach, xrefs: 00990100
aryA, xrefs: 009900A5
lloc, xrefs: 009900BD
Virt, xrefs: 009900C5
Virt, xrefs: 009900AD
hIns, xrefs: 009900EB
ualA, xrefs: 009900B5
GetN, xrefs: 00990107
rote, xrefs: 009900D5
ddFu, xrefs: 0099013A
eSys, xrefs: 00990117
ualP, xrefs: 009900CD
RtlA, xrefs: 00990133

Memory Dump Source

Source File: 00000003.00000002.257880442.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_990000_regsvr32.jbxd

Similarity

API ID: Virtual$Alloc$FunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 394283112-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: 906c4068993eba9dec1f78c25ad1bafba30b1bb287066607c9ee295629f784bd
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: FA52F330618B488FDB19DF18D8856BAB7F1FB94304F14462DE89BC7251DB34E986CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00C44DDC Relevance: 7.8, Strings: 6, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

w, xrefs: 00C450FF
@_, xrefs: 00C44EFC
Q+, xrefs: 00C4533C
3C, xrefs: 00C45284
+, xrefs: 00C4530C
u, xrefs: 00C44DEF

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: @_$Q+$w$+$3C$u
API String ID: 0-4152583413
Opcode ID: 9f8a14a22d69b5951a2631c0067e0fc4d36d0f639cba0d102428ca4f006b14de
Instruction ID: 7d7b1d05231baf710f3e0f4e2ff33aab7ef111b511487072cec28c8d36cc1700
Opcode Fuzzy Hash: 9f8a14a22d69b5951a2631c0067e0fc4d36d0f639cba0d102428ca4f006b14de
Instruction Fuzzy Hash: CEF10471520789EFDB98DF24C8C99DD3BA1FB48358F952229FC0A972A0C774D985CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00C68C94 Relevance: 6.5, Strings: 5, Instructions: 249
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t.?8, xrefs: 00C69073
3m, xrefs: 00C69083
SW, xrefs: 00C68CD3
rS, xrefs: 00C68F00
r, xrefs: 00C68EC9

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 3m$SW$rS$r$t.?8
API String ID: 0-4220278859
Opcode ID: 85a6ee6c84f7a60e958ee75f08787c2d87ed4ffb25c6bd77534bac28b26f7971
Instruction ID: 70f473ffe73939b662fb751bc823054620395664211941708dd7b16094afab78
Opcode Fuzzy Hash: 85a6ee6c84f7a60e958ee75f08787c2d87ed4ffb25c6bd77534bac28b26f7971
Instruction Fuzzy Hash: A9C1EE7151A784ABD388DF28C5DA91FBBE1FBC4704F906A1DF896862A0D7B4D904CF02

Uniqueness

Uniqueness Score: -1.00%

Function 00C45DB4 Relevance: 6.4, Strings: 5, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

9, xrefs: 00C45E00
cG, xrefs: 00C46018
iP., xrefs: 00C45FF3
>, xrefs: 00C45E08
Qz, xrefs: 00C45E61

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 9$>$Qz$cG$iP.
API String ID: 0-2314038544
Opcode ID: 4158940623df5b63cf90af9ecb6c971ef7c92bce548850bfcd4728ba9d0de4d2
Instruction ID: 2078ee2fee440471248353ebfb509cb4c11f53b1e04ffd7aa5a532d2608838e7
Opcode Fuzzy Hash: 4158940623df5b63cf90af9ecb6c971ef7c92bce548850bfcd4728ba9d0de4d2
Instruction Fuzzy Hash: 4E814C70149B849BEBE8DF28C9C599E7BE1FB84304F50591DF84A8B291CB79DA44CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00C648E0 Relevance: 5.9, Strings: 4, Instructions: 869
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V%?, xrefs: 00C64E1D
X, xrefs: 00C64D35
Rl, xrefs: 00C64C1F
kr, xrefs: 00C64E1A

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Rl$X$kr$V%?
API String ID: 0-1881522904
Opcode ID: 5dd741f6e60041fe03f611797a4b3846b9fd1730b1ea24b65066ef5965caef92
Instruction ID: 20510e002c2de1e84e2815b1d12ff374a72d0a2bbb881e95ba74449430f82f54
Opcode Fuzzy Hash: 5dd741f6e60041fe03f611797a4b3846b9fd1730b1ea24b65066ef5965caef92
Instruction Fuzzy Hash: B6A2D4B051078D8BDF48CF24C88A8DE3BA1FB58358F56531DFC8AA6290D778D595CB88

Uniqueness

Uniqueness Score: -1.00%

Function 00C438A5 Relevance: 5.2, Strings: 4, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pN, xrefs: 00C43B71
x+MS, xrefs: 00C439C2
+s, xrefs: 00C43B8E
l@-T, xrefs: 00C43AC8

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: +s$l@-T$pN$x+MS
API String ID: 0-3074933293
Opcode ID: 81be9b45353ead76c9a7b6c7e167c5c32a8ae5faee5dc8465e9a6d9c4c43a028
Instruction ID: ecf59cf7ed4a3d89860c467c6c145cb54a744438e374c9d9bfa5298485212bdf
Opcode Fuzzy Hash: 81be9b45353ead76c9a7b6c7e167c5c32a8ae5faee5dc8465e9a6d9c4c43a028
Instruction Fuzzy Hash: BC91387550078D8BDB18DF28C89A4DE3BB1FB58358F514229EC4A97290C778DA55CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 00C4B1E0 Relevance: 4.1, Strings: 3, Instructions: 302COMMON

Download Yara Rule

Strings

m)7, xrefs: 00C4B456
\, xrefs: 00C4B6EF
m[+, xrefs: 00C4B7C8

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: \$m[+$m)7
API String ID: 0-1435720626
Opcode ID: af10a5be19bd77cf0563b38453e590c7ca23ba3a925fd2c55e2086c6d71307a8
Instruction ID: f55c8cf6135a8bcc12eb2726d78bb79b0a485859e16098a4b5fb671ab5b679b7
Opcode Fuzzy Hash: af10a5be19bd77cf0563b38453e590c7ca23ba3a925fd2c55e2086c6d71307a8
Instruction Fuzzy Hash: EBF1F7715083C88BDBBADF64C8896DE7BACFB54708F10461DEA0A9E258DBB49744CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00C438DC Relevance: 2.6, Strings: 2, Instructions: 90COMMON

Download Yara Rule

Strings

x+MS, xrefs: 00C439C2
8, xrefs: 00C43A1F

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: x+MS$8
API String ID: 0-2879286383
Opcode ID: 0b36e420fc5be994054ff9bd7cd914dceaa5a559053905e74aaceefae8f335f5
Instruction ID: f22acc3fcedc19a07f1ece78d857c0a67b080eb8d52a8c965de1dee1af63d871
Opcode Fuzzy Hash: 0b36e420fc5be994054ff9bd7cd914dceaa5a559053905e74aaceefae8f335f5
Instruction Fuzzy Hash: 484115B550078E8BDB48CF68C88A5DE7BB1FB18358F61422DFC4A96290D778D694CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 00C49E38 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

{6, xrefs: 00C4A051

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: {6
API String ID: 0-1346941803
Opcode ID: 8506dbb6b1252c503813ed30af6b5c4e6b9b4570125e6fd192f6fa1e5665ff7b
Instruction ID: 95f293589b2a1a6da717d923b62d8f8b027b9a440d5cee6f42c954f3a6cf681b
Opcode Fuzzy Hash: 8506dbb6b1252c503813ed30af6b5c4e6b9b4570125e6fd192f6fa1e5665ff7b
Instruction Fuzzy Hash: F77115B09047098BCF48DFA8C48A4EEBBB0FB48358F15521DE80ABB254D7789945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00C60454 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

1, xrefs: 00C6050B

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 1
API String ID: 0-4267224553
Opcode ID: 14ae2c29f1f0adff71999c81ec21c279a8b8cf5828faf7ab2494e8710ca5a4c5
Instruction ID: f080832450cb7202d1aac7cc571a5fffbb2e719a585149c6831a5d8baf3ba9d0
Opcode Fuzzy Hash: 14ae2c29f1f0adff71999c81ec21c279a8b8cf5828faf7ab2494e8710ca5a4c5
Instruction Fuzzy Hash: 53810F705087848FD779DF28C59A5DEBBF1FB89704F004A1CEA8A8B260D776D905CB42

Uniqueness

Uniqueness Score: -1.00%

Function 000000018004A120 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 74
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoLoadLibrary.OLE32 ref: 000000018004A154
VirtualAlloc.KERNELBASE ref: 000000018004A1DD

Strings

VirtualAlloc, xrefs: 000000018004A15A
8?RDK7Xmj_81^5wT#EoKXl#k(F22F, xrefs: 000000018004A136
4096, xrefs: 000000018004A1A4
8192, xrefs: 000000018004A1B4
156432rfsghdfghjcfsewy6347thf, xrefs: 000000018004A16B
kernel32.dll, xrefs: 000000018004A14D

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: AllocLibraryLoadVirtual
String ID: 156432rfsghdfghjcfsewy6347thf$4096$8192$8?RDK7Xmj_81^5wT#EoKXl#k(F22F$VirtualAlloc$kernel32.dll
API String ID: 3550616410-1549515471
Opcode ID: faa8c1da4ee19a5b2fadfb7ed2c1bf116011390757358226990128d31c9d3762
Instruction ID: 66c43ab8af27a50d2a897e563d63c1636b5f0fff8de7da17ea45997e27e9beff
Opcode Fuzzy Hash: faa8c1da4ee19a5b2fadfb7ed2c1bf116011390757358226990128d31c9d3762
Instruction Fuzzy Hash: 35310132608A8487E795DB54F49079AB7B1F3C9384F508126F6CA83B68DF7DC548DB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180002B10 Relevance: 12.2, APIs: 8, Instructions: 230
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00000001180002B10(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x80002b51;
				if (_t5 == 0) goto 0x80002b45;
				if (_t5 == 0) goto 0x80002b38;
				if (__edx == 1) goto 0x80002b31;
				return 1;
			}

0x180002b14
0x180002b16
0x180002b1b
0x180002b20
0x180002b25
0x180002b30

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 0000000180002B38
__scrt_acquire_startup_lock.LIBCMT ref: 0000000180002B8A
_RTC_Initialize.LIBCMT ref: 0000000180002BB8
__scrt_dllmain_after_initialize_c.LIBCMT ref: 0000000180002BDE
__scrt_release_startup_lock.LIBCMT ref: 0000000180002C09

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 190073905-0
Opcode ID: 7225654db850f8523e19bc10b7d43afc2ee461001a6197e7de4c6635e5daaa24
Instruction ID: 1a36060fb42be908551f4c1dcb569dc94220353f9e1ffaebaf11baef6f00541b
Opcode Fuzzy Hash: 7225654db850f8523e19bc10b7d43afc2ee461001a6197e7de4c6635e5daaa24
Instruction Fuzzy Hash: D881DD3170464D86FAE7EF6A98813D97290AB8DBC4F54C425BA4887396DF38CB4D8701

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800020B0 Relevance: 7.6, APIs: 5, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 47%

			E000000011800020B0(char __edx, void* __rax, long long __rcx, long long __r8, long long __r9, long long _a8, char _a16, long long _a24, long long _a32, intOrPtr _a40, intOrPtr _a48, intOrPtr _a56) {
				long long _v24;
				long long _v32;
				long long _v40;
				char _v48;
				long long _v56;
				void* _v64;
				long long _v72;
				long long _v80;
				signed char _v83;
				char _v84;
				char _v85;
				char _v86;
				signed int _v87;
				signed char _v88;
				void* _t63;
				void* _t71;
				void* _t75;
				void* _t84;
				intOrPtr* _t90;
				long long _t91;
				long long _t93;

				_t84 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				E000000011800023E0(E00000001180001700(_a24),  &_v84, _t84);
				_t63 = E00000001180001DC0(_v83 & 0x000000ff, _t84, _a8, _t84);
				_v64 = _a40 + _a56;
				_v72 = 0xf;
				_v80 = _a8;
				_v56 = _v80;
				_v40 = 0x8005739a;
				E000000011800014E0(_t63,  &_v85, _v40, _v80);
				_t90 = _v64;
				if (_v72 - _t90 >= 0) goto 0x80002165;
				_v88 = 1;
				goto 0x8000216a;
				_v88 = 0;
				_v87 = _v88 & 0x000000ff;
				if ((_v87 & 0x000000ff) == 0) goto 0x8000220d;
				E00000001180001B30(_v87 & 0x000000ff,  &_v64, 0x80091630);
				_t91 =  *_t90;
				_v32 = _t91;
				E00000001180002320(E00000001180002040(_t91, _a8), _v32, 0x80091630, _t91);
				_v72 = _t91;
				_t93 = _v72 + 1;
				_v24 = _t93;
				E00000001180001700(_a8);
				_t71 = E000000011800022F0(_t93, _t93, _v24); // executed
				_v48 = _t93;
				E00000001180001B80(_t71, _v48);
				_v56 = _t93;
				E00000001180001F50(_v80, _v80,  &_v48);
				 *((long long*)(_v80 + 0x10)) = _v64;
				 *((long long*)(_v80 + 0x18)) = _v72;
				E00000001180001CB0(_v56, _a32, _a40);
				_t75 = E00000001180001CB0(_v56 + _a40, _a48, _a56);
				_v86 = 0;
				return E000000011800014C0(E00000001180001C70(_t75, _v56 + _v64,  &_v86),  &_v85);
			}

0x1800020b0
0x1800020b0
0x1800020b5
0x1800020ba
0x1800020be
0x1800020dc
0x1800020f1
0x18000210d
0x180002112
0x180002123
0x18000212d
0x180002139
0x18000214d
0x180002152
0x18000215c
0x18000215e
0x180002163
0x180002165
0x18000216f
0x18000217a
0x18000218c
0x180002191
0x180002194
0x1800021b3
0x1800021b8
0x1800021c2
0x1800021c5
0x1800021d2
0x1800021e2
0x1800021e7
0x1800021f1
0x1800021f6
0x180002208
0x180002217
0x180002225
0x18000223e
0x180002269
0x18000226e
0x1800022a7

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000001800020CF
_Max_value.LIBCPMTD ref: 000000018000218C
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000001800021D2
allocator.LIBCONCRTD ref: 00000001800021E2
char_traits.LIBCPMTD ref: 000000018000228B

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueallocatorchar_traits
String ID:
API String ID: 1064552922-0
Opcode ID: 42b0587fdae5ce07e9bb1da3570c40e81cba69b5b2035fcdb9a99bbf0bc8c55c
Instruction ID: 7ed94072b58f654b8cd26511afab7ff2e9712d88b5d75250739544463423a1a7
Opcode Fuzzy Hash: 42b0587fdae5ce07e9bb1da3570c40e81cba69b5b2035fcdb9a99bbf0bc8c55c
Instruction Fuzzy Hash: 1B51BA36219B8485DAA1DB56E4903DBB7A1F7C9BC4F004116FACD43B6ADF2CC658CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180044A60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32 ref: 0000000180044AAE

Strings

4786534875678, xrefs: 0000000180044A85
DllRegisterServer, xrefs: 0000000180044A6D

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ExitProcess
String ID: 4786534875678$DllRegisterServer
API String ID: 621844428-3716491777
Opcode ID: 5e06a494142eabf322871d46691c5caf0507efabdd2b391a26ed3372171cceb9
Instruction ID: 9d26b3ce6bd9e65e49ae4c8dd4cd599cd316315bea038135a61f5a9614d53d29
Opcode Fuzzy Hash: 5e06a494142eabf322871d46691c5caf0507efabdd2b391a26ed3372171cceb9
Instruction Fuzzy Hash: 96E06D31618F8582E7A19B40F8403CA72A5F38A748F504225FA8C07B58DF7EC2998B00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001E30 Relevance: 4.6, APIs: 3, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E00000001180001E30(void* __rax, long long __rcx, long long __rdx, long long __r9, void* _a8, long long _a16, char _a24, long long _a32) {
				long long _v16;
				long long _v24;
				long long _v32;
				char _v40;
				void* _t42;
				void* _t43;
				long long _t53;
				long long _t55;

				_a32 = __r9;
				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				E00000001180002040(__rax, _a8);
				if (_a16 - __rax <= 0) goto 0x80001e5e;
				E00000001180001500();
				_t53 =  *((intOrPtr*)(_a8 + 0x18));
				_v24 = _t53;
				E00000001180002000(_t53, _a8, _a16);
				_v32 = _t53;
				E00000001180001700(_a8);
				_v16 = _t53;
				_t55 = _v32 + 1;
				_t42 = E000000011800022F0(_t55, _v16, _t55); // executed
				_v40 = _t55;
				_t43 = E000000011800014C0(_t42, _a8);
				 *((long long*)(_a8 + 0x10)) = _a16;
				 *((long long*)(_a8 + 0x18)) = _v32;
				E00000001180001B80(_t43, _v40);
				E00000001180001940( &_a24, _a8, _a16, _a32);
				if (_v24 - 0x10 < 0) goto 0x80001f27;
				E00000001180001C40(_v16,  *_a8, _v24 + 1);
				 *_a8 = _v40;
				goto 0x80001f39;
				return E00000001180001F50(_a8, _a8,  &_v40);
			}

0x180001e30
0x180001e35
0x180001e3a
0x180001e3f
0x180001e4d
0x180001e57
0x180001e59
0x180001e63
0x180001e67
0x180001e76
0x180001e7b
0x180001e85
0x180001e8a
0x180001e94
0x180001e9f
0x180001ea4
0x180001eb1
0x180001ec0
0x180001ece
0x180001ed7
0x180001eee
0x180001ef9
0x180001f13
0x180001f22
0x180001f25
0x180001f42

APIs

Part of subcall function 0000000180002040: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000000018000204E
Part of subcall function 0000000180002040: _Max_value.LIBCPMTD ref: 0000000180002073
Part of subcall function 0000000180002040: _Min_value.LIBCPMTD ref: 00000001800020A1

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000000180001E85
allocator.LIBCONCRTD ref: 0000000180001E9F
allocator.LIBCONCRTD ref: 0000000180001F13

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator$Max_valueMin_value
String ID:
API String ID: 584758874-0
Opcode ID: b3c2bc51d4f633b0b040bd873b5e8d3ecd0827f445b329631f767ada3ba82477
Instruction ID: f4447dada41ee96704ea77152d7904cdaf58bc95968033bf0c93953731bd85e2
Opcode Fuzzy Hash: b3c2bc51d4f633b0b040bd873b5e8d3ecd0827f445b329631f767ada3ba82477
Instruction Fuzzy Hash: 1C31EA36219B88C5DA91DB56F49039EF760F7C8BD4F004516FA8D43B69DFB8C2548B40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001720 Relevance: 4.5, APIs: 3, Instructions: 43
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E00000001180001720(long long __rcx, void* _a8) {
				long long _v24;
				long long _v32;
				char _v40;
				void* _t20;
				void* _t24;
				long long _t34;

				_a8 = __rcx;
				E000000011800014C0(_t20, _a8);
				if ((E00000001180001C10(_a8) & 0x000000ff) == 0) goto 0x80001791;
				_t34 =  *_a8;
				_v32 = _t34;
				_t24 = E00000001180001700(_a8);
				_v24 = _t34;
				E000000011800014C0(_t24, _a8);
				E00000001180001C40(_v24, _v32,  *((intOrPtr*)(_a8 + 0x18)) + 1); // executed
				 *((long long*)(_a8 + 0x10)) = 0;
				_t40 = _a8;
				 *((long long*)(_a8 + 0x18)) = 0xf;
				_v40 = 0;
				return E00000001180001C70(1, _a8 + _t40 * 0,  &_v40);
			}

0x180001720
0x180001731
0x180001748
0x18000174f
0x180001752
0x18000175c
0x180001761
0x18000176e
0x18000178c
0x180001796
0x18000179e
0x1800017a3
0x1800017ab
0x1800017d6

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000000018000175C
allocator.LIBCONCRTD ref: 000000018000178C
char_traits.LIBCPMTD ref: 00000001800017CC

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorkallocatorchar_traits
String ID:
API String ID: 2327947673-0
Opcode ID: 886270169f0994befd8da65f6aa0ec435191329139348c7d452505b7192bab11
Instruction ID: eb0a828f69fab7de510740f4c53e1bf980b42eeb8bff9bba9126fec7527c891a
Opcode Fuzzy Hash: 886270169f0994befd8da65f6aa0ec435191329139348c7d452505b7192bab11
Instruction Fuzzy Hash: F0110C36209B89C6DE95DB56E49139AB3A0F7C9BD4F004425FE8D47B6ADFBCC1188B40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001A90 Relevance: 4.5, APIs: 3, Instructions: 20
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 41%

			E00000001180001A90(void* __eflags, long long __rax, long long __rcx, long long __rdx, void* __r8, long long _a8, long long _a16, intOrPtr _a24) {
				long long _v24;
				void* _t16;
				long long _t17;

				_t17 = __rax;
				_t16 = __eflags;
				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				E00000001180001720(_a8); // executed
				E00000001180001700(_a16);
				_v24 = _t17;
				E00000001180001700(_a8);
				E00000001180001FA0(_t17, _v24);
				return E000000011800019A0(_t16, _a8, _a16);
			}

0x180001a90
0x180001a90
0x180001a90
0x180001a95
0x180001a9a
0x180001aa8
0x180001ab2
0x180001ab7
0x180001ac1
0x180001ad1
0x180001ae9

APIs

Part of subcall function 0000000180001720: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000000018000175C
Part of subcall function 0000000180001720: allocator.LIBCONCRTD ref: 000000018000178C
Part of subcall function 0000000180001720: char_traits.LIBCPMTD ref: 00000001800017CC

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000000180001AB2
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000000180001AC1
Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000000180001AD1

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Factory::FreeProxyRetireThreadallocatorchar_traits
String ID:
API String ID: 3895666439-0
Opcode ID: 2b4cb3b7af586d4331d983665e14efbfcbe2481c7a2d9efc7199155b383b0cd4
Instruction ID: d16bcd397e09131627fa2925fac9a575714df0396606277a73d66bee0c679583
Opcode Fuzzy Hash: 2b4cb3b7af586d4331d983665e14efbfcbe2481c7a2d9efc7199155b383b0cd4
Instruction Fuzzy Hash: 5CF0F276A18A84C5DA41EB21F85139EB7B0F7C97C1F908021FACD47B2ACE29C6148B40

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002B6EC Relevance: 3.1, APIs: 2, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E0000000118002B6EC(void* __esi, intOrPtr __ebp, long long __rbx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				long long _v16;
				long long _v24;
				intOrPtr _v32;
				signed long long _v40;
				WCHAR* _t21;
				void* _t22;
				signed long long _t39;
				signed long long _t41;
				signed long long _t54;
				signed long long _t67;
				long long _t72;

				_t39 = _t67;
				 *((long long*)(_t39 + 8)) = __rbx;
				 *((long long*)(_t39 + 0x10)) = __rbp;
				 *((long long*)(_t39 + 0x18)) = __rsi;
				 *((long long*)(_t39 + 0x20)) = __rdi;
				_t21 = GetEnvironmentStringsW(); // executed
				r14d = 0;
				if (_t39 == 0) goto 0x8002b7be;
				_t54 = _t39;
				if ( *_t39 == r14w) goto 0x8002b73f;
				_t41 = (_t39 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t54 + _t41 * 2)) != r14w) goto 0x8002b727;
				if ( *((intOrPtr*)(_t54 + _t41 * 2 + 2)) != r14w) goto 0x8002b723;
				_v16 = _t72;
				_v24 = _t72;
				r9d = __esi;
				_v32 = r14d;
				_v40 = _t72;
				E0000000118002B5F8(_t72);
				if (_t21 == 0) goto 0x8002b7be;
				_t22 = E00000001180028068(_t41, _t21); // executed
				if (_t41 == 0) goto 0x8002b7b1;
				_v16 = _t72;
				r9d = __esi;
				_v24 = _t72;
				_v32 = __ebp;
				_v40 = _t41;
				E0000000118002B5F8();
				if (_t22 == 0) goto 0x8002b7b1;
				goto 0x8002b7b4;
				E00000001180028028(_t41, _t72);
				goto 0x8002b7c1;
				if (_t39 == 0) goto 0x8002b7cf;
				return FreeEnvironmentStringsW(??);
			}

0x18002b6ec
0x18002b6ef
0x18002b6f3
0x18002b6f7
0x18002b6fb
0x18002b705
0x18002b70b
0x18002b714
0x18002b71a
0x18002b721
0x18002b727
0x18002b72f
0x18002b73d
0x18002b73f
0x18002b747
0x18002b756
0x18002b759
0x18002b760
0x18002b767
0x18002b771
0x18002b776
0x18002b781
0x18002b783
0x18002b788
0x18002b78b
0x18002b793
0x18002b79b
0x18002b7a0
0x18002b7a7
0x18002b7af
0x18002b7b7
0x18002b7bc
0x18002b7c4
0x18002b7ec

APIs

GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,0000000180016CEB,?,?,?,0000000180016BDE), ref: 000000018002B705
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,0000000180016CEB,?,?,?,0000000180016BDE), ref: 000000018002B7C9

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: EnvironmentStrings$Free
String ID:
API String ID: 3328510275-0
Opcode ID: f7d1e2edf70ebfe4e3ed4409cbcc992e1608d4ac8a7bc44ed8ff5b4fd365c4a8
Instruction ID: 074738c4bcc0398f5f9e0e0ca6300436fa40bae9b7ad9d57cd5ec6c46e340a01
Opcode Fuzzy Hash: f7d1e2edf70ebfe4e3ed4409cbcc992e1608d4ac8a7bc44ed8ff5b4fd365c4a8
Instruction Fuzzy Hash: C221E731B18B9481E6A29F126440399A7A4FB9CFD0F1C8125FE9AA7BD8DF38C5568700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800024B0 Relevance: 3.0, APIs: 2, Instructions: 34
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 58%

			E000000011800024B0(long long __rcx, void* __rdx, long long _a8) {
				signed long long _v24;
				long long _v32;
				long long _v40;
				long long _t27;
				signed long long _t30;

				_a8 = __rcx;
				_v32 = _a8 + 0x27;
				_t27 = _a8;
				if (_v32 - _t27 > 0) goto 0x800024d8;
				E00000001180001350(__rdx);
				E00000001180001400(_v32); // executed
				_v40 = _t27;
				if (_v40 == 0) goto 0x800024f1;
				goto 0x800024fc;
				E00000001180015960();
				if (0 != 0) goto 0x800024f1;
				if (0 != 0) goto 0x800024e7;
				_t30 = _v40 + 0x00000027 & 0xffffffe0;
				_v24 = _t30;
				 *((long long*)(_v24 + _t30 * 0xffffffff)) = _v40;
				return 8;
			}

0x1800024b0
0x1800024c2
0x1800024c7
0x1800024d1
0x1800024d3
0x1800024dd
0x1800024e2
0x1800024ed
0x1800024ef
0x1800024f1
0x1800024fa
0x180002500
0x18000250b
0x18000250f
0x180002527
0x180002534

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 00000001800024D3

Part of subcall function 0000000180001350: stdext::threads::lock_error::lock_error.LIBCPMTD ref: 0000000180001359

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00000001800024F1

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnstdext::threads::lock_error::lock_error
String ID:
API String ID: 4267930906-0
Opcode ID: 0acf1889d2cab0fe9e7a24d1799255eeeae166f263aae0f1e993857754b717b4
Instruction ID: 623f17b286e2f0e90c08dd0e24f7fb3e93f332f1f07fde3615f44444a65ac62f
Opcode Fuzzy Hash: 0acf1889d2cab0fe9e7a24d1799255eeeae166f263aae0f1e993857754b717b4
Instruction Fuzzy Hash: 4401E172214F4981DAA1DB19E48135AB3E4F7CC7E8F444221FADD86BD9DF38C6558B04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028028 Relevance: 3.0, APIs: 2, Instructions: 19
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 68%

			E00000001180028028(intOrPtr* __rax, void* __rcx) {
				int _t1;
				intOrPtr _t4;
				void* _t10;
				intOrPtr _t14;

				if (__rcx == 0) goto 0x80028064;
				_t14 =  *0x80099d38; // 0x9b0000, executed
				_t1 = HeapFree(_t10, ??); // executed
				if (_t1 != 0) goto 0x8002805f;
				E00000001180025224(__rax);
				_t4 = E0000000118002516C(GetLastError(), __rax, _t14, __rcx);
				 *__rax = _t4;
				return _t4;
			}

0x18002802b
0x180028037
0x18002803e
0x180028046
0x180028048
0x180028058
0x18002805d
0x180028064

APIs

RtlReleasePrivilege.NTDLL(?,?,00000000,00000001800338B0,?,?,?,0000000180033CAB,?,?,00006AECEB4FD839,000000018003259C,?,?,?,00000001800324CF), ref: 000000018002803E
GetLastError.KERNEL32(?,?,00000000,00000001800338B0,?,?,?,0000000180033CAB,?,?,00006AECEB4FD839,000000018003259C,?,?,?,00000001800324CF), ref: 0000000180028050

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: bfdec6c85e3aef865b3dd38aa6abe6c7b1fb1bd43b76877f790c84a8d3aeb39e
Instruction ID: 66938e604d05504447cfad78896583feb0f1dbf506add24b90c004ca4e7bd66c
Opcode Fuzzy Hash: bfdec6c85e3aef865b3dd38aa6abe6c7b1fb1bd43b76877f790c84a8d3aeb39e
Instruction Fuzzy Hash: 90E0E67460254982FFDB97F268853E513955F4DBC5F04C424B90546252EE2C469D4705

Uniqueness

Uniqueness Score: -1.00%

Function 00C684B0 Relevance: 1.6, APIs: 1, Instructions: 121processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE ref: 00C6867E

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: eca02c7731c8934ea1841d922ed6a3ee8757bbcf836c95516e294b93998a195c
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: C0413C7091C7848FE7B8DF18D48979ABBE0FB98315F104A1EE48DC7254DB749485CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800370F4 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E000000011800370F4(void* __ecx, intOrPtr* __rax, long long __rbx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				if (__ecx - 0x2000 < 0) goto 0x8003713c;
				E00000001180025224(__rax);
				 *__rax = 9;
				E00000001180015940();
				return 9;
			}

0x1800370f4
0x1800370f9
0x1800370fe
0x180037111
0x180037113
0x18003711d
0x18003711f
0x18003713b

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018003711F

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 39df4e884a210e48e9414003402260c9846b311074c36fc0e98b21cb6e87ffef
Instruction ID: 4b5d1a2f7f317e1dec4aa04a67db6caba2c413477e15c5e06a17df3fec3253be
Opcode Fuzzy Hash: 39df4e884a210e48e9414003402260c9846b311074c36fc0e98b21cb6e87ffef
Instruction Fuzzy Hash: 07119E37205648C6F3A39B19E44079A73A4F74C7C4F168424FA894B7E2DF38CA188740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001880 Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00000001180001880(void* __edi, void* __esp, long long __rcx, long long __rdx, long long __r8, intOrPtr _a4, long long _a8, intOrPtr _a12, long long _a16, long long _a24) {
				intOrPtr _v4;
				long long _v16;
				char _v23;
				char _v24;
				signed char _v35;
				void* _t27;
				void* _t31;
				long long _t42;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a24 -  *((intOrPtr*)(_a8 + 0x18)) > 0) goto 0x80001901;
				_t42 = _a8;
				E00000001180001AF0(_t42);
				_v16 = _t42;
				 *((long long*)(_a8 + 0x10)) = _a24;
				_t27 = E00000001180001CB0(_v16, _a16, _a24);
				_v24 = 0;
				E00000001180001C70(_t27, _v16 + _a24,  &_v24);
				goto 0x8000192c;
				memset(__edi, 0, 1 << 0);
				r8d = _v35 & 0x000000ff;
				_t31 = E00000001180001E30( &_v23, _v4, _a12, _a4); // executed
				return _t31;
			}

0x180001880
0x180001885
0x18000188a
0x1800018a2
0x1800018a4
0x1800018ac
0x1800018b1
0x1800018c0
0x1800018d3
0x1800018d8
0x1800018f5
0x1800018ff
0x180001910
0x180001917
0x180001927
0x180001931

APIs

char_traits.LIBCPMTD ref: 00000001800018F5

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: char_traits
String ID:
API String ID: 1158913984-0
Opcode ID: 65fd50cd954a9fc85fa876a6cc6f74d344019085a1dfd46fe960374fb723bc3e
Instruction ID: 7e5a8e55849e959354fa196c11e7880c93760e706876008ffabf2ab04e738f7a
Opcode Fuzzy Hash: 65fd50cd954a9fc85fa876a6cc6f74d344019085a1dfd46fe960374fb723bc3e
Instruction Fuzzy Hash: 0911C036208B8886DA51DB5AF09039EB7A1F3C9BD4F104526FF8D43B69DFB9C6548B40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001CF0 Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00000001180001CF0(intOrPtr* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				long long _v24;
				long long _v32;
				signed int _v36;
				signed char _v39;
				signed char _v40;
				long long _v56;
				long long _v64;
				long long _v72;
				void* _t29;
				signed int _t39;
				intOrPtr* _t43;
				long long _t44;

				_t43 = __rax;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v36 = 0;
				E00000001180001520(_t29, _a16);
				_v24 = _t43;
				E00000001180001B80(E00000001180001C90(_a24), _t43);
				_v32 = _t43;
				E00000001180002040(_t43, _a16);
				_t44 = _t43 - _v24;
				if (_t44 - _v32 >= 0) goto 0x80001d4f;
				E00000001180001500();
				_v40 = _v39 & 0x000000ff;
				E00000001180001530(_a16);
				_v16 = _t44;
				_v56 = _v32;
				_v64 = _a24;
				_v72 = _v24;
				E000000011800020B0(_v40 & 0x000000ff, _v24, _a8, _a16, _v16); // executed
				_t39 = _v36 | 0x00000001;
				_v36 = _t39;
				return _t39;
			}

0x180001cf0
0x180001cf0
0x180001cf5
0x180001cfa
0x180001d03
0x180001d10
0x180001d15
0x180001d2a
0x180001d2f
0x180001d39
0x180001d3e
0x180001d48
0x180001d4a
0x180001d54
0x180001d5d
0x180001d62
0x180001d6c
0x180001d79
0x180001d83
0x180001d9c
0x180001da5
0x180001da8
0x180001db5

APIs

Part of subcall function 0000000180002040: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000000018000204E
Part of subcall function 0000000180002040: _Max_value.LIBCPMTD ref: 0000000180002073
Part of subcall function 0000000180002040: _Min_value.LIBCPMTD ref: 00000001800020A1

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000000180001D5D

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
String ID:
API String ID: 348937374-0
Opcode ID: 9af01b5bc869ade5092184ee3a10a283f4f51b6d6417cc9ad76a45bb0eae8cc9
Instruction ID: 0466f04828169453b91e087f58db91aba77cc95e5da2e6c5a034980be07aaced
Opcode Fuzzy Hash: 9af01b5bc869ade5092184ee3a10a283f4f51b6d6417cc9ad76a45bb0eae8cc9
Instruction Fuzzy Hash: 9511A232109B8486D691EB69F45139ABBA4F3C97C1F204016FBCD47B6ADF79C5548F40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028498 Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00000001180028498(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x800284b7;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x800284fa;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x800284de;
				if (E00000001180035970() == 0) goto 0x800284fa;
				if (E00000001180015A88(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x800284fa;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x800284c9;
				goto 0x80028507;
				E00000001180025224(_t22);
				 *_t22 = 0xc;
				return 0;
			}

0x180028498
0x1800284a7
0x1800284ab
0x1800284ab
0x1800284b5
0x1800284c3
0x1800284c7
0x1800284d0
0x1800284dc
0x1800284ed
0x1800284f6
0x1800284f8
0x1800284fa
0x1800284ff
0x18002850c

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,0000000180025D41,?,?,00006AECEB4FD839,000000018002522D,?,?,?,?,0000000180036D3E,?,?,00000000), ref: 00000001800284ED

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3a679d93a3d92ef17507426c77df4915dbaeaa5120b8b2e23ca71279c77d4ad4
Instruction ID: 65efd80ce58bb397dc5c68888d6996e4919e38fb49c99e687b0d5184ea73a5d6
Opcode Fuzzy Hash: 3a679d93a3d92ef17507426c77df4915dbaeaa5120b8b2e23ca71279c77d4ad4
Instruction Fuzzy Hash: CAF06D7830360E82FED7A7A594517D503805F9CBC5F4CC4256E0A867D1DD2CC6889314

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028068 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00000001180028068(intOrPtr* __rax, void* __rcx) {

				if (__rcx - 0xffffffe0 > 0) goto 0x800280b3;
				_t16 =  ==  ? __rax : __rcx;
				goto 0x8002809a;
				if (E00000001180035970() == 0) goto 0x800280b3;
				if (E00000001180015A88(__rax,  ==  ? __rax : __rcx) == 0) goto 0x800280b3;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0x80028085;
				goto 0x800280c0;
				E00000001180025224(__rax);
				 *__rax = 0xc;
				return 0;
			}

0x180028075
0x18002807f
0x180028083
0x18002808c
0x180028098
0x1800280a6
0x1800280af
0x1800280b1
0x1800280b3
0x1800280b8
0x1800280c5

APIs

RtlAllocateHeap.NTDLL(?,?,?,0000000180036D25,?,?,00000000,000000018002C2FF,?,?,?,00000001800176BB,?,?,?,0000000180017561), ref: 00000001800280A6

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c8092719f78426c8dd707e659680084e9be2ebf4980ef614fa879867dcd585aa
Instruction ID: bd5907e6f38c93438a14692af0ed1de6e3928ec863730801fc552b80dfc2001d
Opcode Fuzzy Hash: c8092719f78426c8dd707e659680084e9be2ebf4980ef614fa879867dcd585aa
Instruction Fuzzy Hash: 80F0823830260C81FEE757A259817E513804F4C7E1F0DC7207D26853C1DD68C68C5751

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180002688 Relevance: 1.5, APIs: 1, Instructions: 26
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00000001180002688(void* __rax, void* __rcx) {
				void* _t1;

				goto 0x800026a2;
				_t1 = E00000001180015A88(__rax, __rcx);
				if (_t1 == 0) goto 0x800026b2;
				0x80015a34(); // executed
				if (__rax == 0) goto 0x80002693;
				return _t1;
			}

0x180002691
0x180002696
0x18000269d
0x1800026a2
0x1800026aa
0x1800026b1

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00000001800026B8

Part of subcall function 0000000180003260: std::bad_alloc::bad_alloc.LIBCMT ref: 0000000180003269

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: 09cd6c277b66b99f7e552c92081d3ae6c01394fda368d8b4270c7bcf5317e36f
Instruction ID: b87d77ba01b5ac351b509b52f3b65714dfd1efed647a7067e03a0b962680e5c0
Opcode Fuzzy Hash: 09cd6c277b66b99f7e552c92081d3ae6c01394fda368d8b4270c7bcf5317e36f
Instruction Fuzzy Hash: 72E01A30A5210D85FADBB277186B3F820841F5C7F1E288B247976483C3AD1586ED4711

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800028D4 Relevance: 1.5, APIs: 1, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E000000011800028D4(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t21;

				_t2 =  ==  ? 1 :  *0x80098dd0 & 0x000000ff;
				 *0x80098dd0 =  ==  ? 1 :  *0x80098dd0 & 0x000000ff;
				E000000011800032A0(1, _t12, __ecx, _t17, _t18, _t19, _t20, _t21);
				if (E00000001180005DA0() != 0) goto 0x80002903;
				goto 0x80002917; // executed
				E00000001180017B84(_t17); // executed
				if (0 != 0) goto 0x80002915;
				E00000001180005DF0(0);
				goto 0x800028ff;
				return 1;
			}

0x1800028e8
0x1800028eb
0x1800028f1
0x1800028fd
0x180002901
0x180002903
0x18000290a
0x18000290e
0x180002913
0x18000291c

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00000001800028F6

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: __scrt_dllmain_crt_thread_attach
String ID:
API String ID: 2860701742-0
Opcode ID: 7c8c488502e8eee4a9e69a13552d5ed36968f8a27bd96f140fadd32803946b87
Instruction ID: 9c3e602b08f22fc8395fa74d9d85cd421fe539b503f4bb62bd36118ca2dbfacb
Opcode Fuzzy Hash: 7c8c488502e8eee4a9e69a13552d5ed36968f8a27bd96f140fadd32803946b87
Instruction Fuzzy Hash: A7E04F3060524C45FEE7AA6214863EA33501F6E3C1F84C0AA7996831C3CE094B5D6721

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 000000018000A93C Relevance: 90.2, APIs: 36, Strings: 15, Instructions: 913
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 82%

			E0000000118000A93C(signed int __rbx, signed int* __rcx, intOrPtr* __rdx) {
				void* __rdi;
				void* __rsi;
				void* __r12;
				void* __r14;
				intOrPtr _t426;
				signed int _t464;
				signed int _t471;
				signed long long _t503;
				intOrPtr _t511;
				unsigned int _t521;
				unsigned int _t530;
				unsigned int _t539;
				signed int _t556;
				unsigned int _t576;
				unsigned int _t588;
				signed int _t601;
				signed int _t610;
				signed int _t623;
				signed int _t624;
				signed int _t626;
				unsigned int _t633;
				signed int _t639;
				unsigned int _t641;
				signed int _t656;
				signed int _t693;
				signed int _t695;
				signed int _t698;
				signed int _t699;
				void* _t704;
				void* _t709;
				void* _t777;
				void* _t781;
				void* _t785;
				void* _t788;
				void* _t789;
				signed int _t792;
				signed int _t793;
				signed int _t797;
				signed long long _t800;
				signed long long _t802;
				signed long long _t807;
				signed long long _t808;
				signed long long* _t809;
				signed long long* _t812;
				signed long long* _t815;
				signed long long _t819;
				signed long long _t836;
				signed long long _t837;
				signed long long* _t838;
				signed long long* _t839;
				void* _t842;
				signed long long _t860;
				signed long long _t864;
				signed long long* _t865;
				signed long long _t869;
				void* _t909;
				void* _t994;
				void* _t996;
				long long* _t997;
				void* _t999;
				void* _t1000;
				void* _t1002;
				void* _t1003;
				void* _t1031;
				void* _t1032;
				void* _t1033;
				void* _t1035;
				void* _t1037;
				void* _t1039;
				intOrPtr* _t1040;
				signed long long _t1043;

				 *((long long*)(_t1002 + 8)) = __rbx;
				_t1000 = _t1002 - 0x20;
				_t1003 = _t1002 - 0x120;
				_t426 =  *0x80099490; // 0x0
				_t1040 = __rdx;
				 *(_t1003 + 0x40) =  *(_t1003 + 0x40) & 0x00000000;
				_t997 = __rcx;
				 *((intOrPtr*)(_t1000 - 0x68)) = _t426 -  *0x80099498;
				 *(_t1003 + 0x48) = 0;
				_t699 = E000000011800110FC(__rcx, _t1031, _t1032);
				if ( *__rdx == 0) goto 0x8000a99b;
				if (( *(__rdx + 8) & 0x00000200) == 0) goto 0x8000a99b;
				 *(_t1000 + 0x78) = 1;
				goto 0x8000a99e;
				 *(_t1000 + 0x78) =  *(_t1000 + 0x78) & 0;
				if (_t699 != 0xffff) goto 0x8000a9b5;
				__rcx[2] = __rcx[2] & 0;
				 *__rcx =  *__rcx & __rbx;
				__rcx[2] = 2;
				goto 0x8000b7c3;
				if (_t699 != 0xfffe) goto 0x8000a9e2;
				 *(_t1003 + 0x58) =  *(_t1003 + 0x58) & 0;
				_t1005 = __rdx;
				 *(_t1003 + 0x50) = 0x8004e150;
				_t842 = _t1003 + 0x50;
				E0000000118000A4B0(_t842, __rcx, __rdx);
				goto 0x8000b7c3;
				_t704 = _t699 - 0xfffd;
				if (_t704 != 0) goto 0x8000a9f6;
				 *_t997 = 0x8004e150;
				goto 0x8000b7c0;
				r14d = _t699;
				r13d = 0x6000;
				r14d = r14d & 0x00008000;
				if (_t704 == 0) goto 0x8000b28d;
				r12d = _t699;
				r12d = r12d & 0x00001800;
				r13d = 0x1000;
				 *(_t1000 + 0x70) = 0 | r12d == 0x00000800;
				 *(_t1000 + 0x68) = 0 | (r13d & _t699) == 0x00000000;
				r13d =  ==  ? 0x400 : r13d;
				r13d = r13d & _t699;
				 *(_t1000 - 0x6c) = r13d;
				if (r12d == 0x800) goto 0x8000aa70;
				_t30 = _t842 - 0x1000; // -4096
				if ((_t30 & 0xfffffcff) != 0) goto 0x8000aa70;
				_t709 = (_t699 & 0x00001b00) - 0x1300;
				if (_t709 != 0) goto 0x8000b287;
				asm("bt edi, 0xe");
				if (_t709 >= 0) goto 0x8000aae7;
				_t633 =  *0x800994a0; // 0x0
				if (( !((_t633 >> 0x00000002 |  *0x800994a0) >> 1) & 0x00000001) == 0) goto 0x8000aad4;
				E0000000118000C054( !((_t633 >> 0x00000002 |  *0x800994a0) >> 1), _t699,  !((_t633 >> 0x00000002 |  *0x800994a0) >> 1) & 0x00000001, 0x8004e150, __rbx, _t1003 + 0x30, _t997, _t1005, _t1039);
				 *(_t1003 + 0x70) =  *(_t1003 + 0x70) & 0x00000000;
				 *(_t1003 + 0x78) =  *(_t1003 + 0x78) & 0x00000000;
				E0000000118000B87C(0x20, 0x8004e150, 0x8004e150, _t1003 + 0x70);
				E0000000118000A4B0(_t1003 + 0x70, _t1003 + 0x50, 0x8004e150);
				_t800 =  *(_t1003 + 0x50);
				 *(_t1003 + 0x40) = _t800;
				goto 0x8000aae3;
				E0000000118000C054( !((_t633 >> 0x00000002 |  *0x800994a0) >> 1), _t699,  !((_t633 >> 0x00000002 |  *0x800994a0) >> 1) & 0x00000001, _t800, 0x8004e150, _t1003 + 0x70, _t997, 0x8004e150, _t1037);
				if ( *(_t800 + 8) - 1 <= 0) goto 0x8000aae7;
				 *(_t1003 + 0x48) =  *(_t800 + 8) & 0x000000ff;
				if (r13d == 0) goto 0x8000ac73;
				if (r12d != 0x1800) goto 0x8000ac73;
				r8b = 0x7b;
				E0000000118000A4DC(_t1040, _t1003 + 0x50);
				_t836 = _t800;
				E0000000118000D644(0, _t836, _t1003 + 0x30, _t994, _t997, _t1031, _t1032, _t1037);
				E0000000118000A4B0(_t836, _t1003 + 0x70, _t1003 + 0x30);
				E0000000118000A5F8(0, _t1003 + 0x40, _t800, _t1003 + 0x30);
				E000000011800116B8(_t1003 + 0x30);
				if (( *0x800994a0 & 0x00001000) != 0) goto 0x8000abbf;
				 *(_t1003 + 0x70) =  *(_t1003 + 0x70) & 0x00000000;
				 *(_t1003 + 0x78) =  *(_t1003 + 0x78) & 0x00000000;
				 *(_t1003 + 0x50) = "}\' ";
				r13d = 3;
				 *(_t1003 + 0x58) = r13d;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm0");
				E0000000118000B87C(0x2c, "}\' ", _t836, _t1003 + 0x70);
				_t65 = _t1000 - 0x50; // -77
				E0000000118000A4B0(_t1003 + 0x70, _t65, _t1003 + 0x30);
				_t68 = _t1000 - 0x40; // -61
				_t69 = _t1000 - 0x50; // -77
				E0000000118000A484(_t69, _t68, _t1003 + 0x50);
				E0000000118000A5F8(0, _t1003 + 0x40, "}\' ", _t1003 + 0x50);
				_t802 = "}\'";
				 *(_t1003 + 0x58) = 2;
				 *(_t1003 + 0x50) = _t802;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				E0000000118000A578(0x2c, _t699, _t802, _t836, _t1003 + 0x40, _t1003 + 0x30, _t997);
				E0000000118000C838(_t836, _t1003 + 0x30, _t994, _t997, _t1035, _t1033);
				_t639 =  *0x800994a0; // 0x0
				if (( !(_t639 >> 1) & 0x00000001) == 0) goto 0x8000ac6b;
				if (( !(_t639 >> 4) & 0x00000001) == 0) goto 0x8000ac6b;
				if ((0x00001000 & _t639) != 0) goto 0x8000ac6b;
				 *(_t1003 + 0x70) =  *(_t1003 + 0x70) & 0x00000000;
				 *(_t1003 + 0x78) =  *(_t1003 + 0x78) & 0x00000000;
				E0000000118000B87C(0x20, _t802, _t836, _t1003 + 0x70);
				E0000000118000A4B0(_t1003 + 0x70, _t1003 + 0x50, _t1003 + 0x30);
				r8b = 0x20;
				_t90 = _t1000 - 0x50; // -77
				E0000000118000A4DC(_t1003 + 0x50, _t90);
				_t860 = _t802;
				_t93 = _t1000 - 0x40; // -61
				E0000000118000A4B0(_t860, _t93, _t1003 + 0x40);
				goto 0x8000b4ed;
				goto 0x8000b4fc;
				 *(_t1000 - 0x40) = _t860;
				 *(_t1000 - 0x38) = _t639;
				 *(_t1000 - 0x50) = _t860;
				 *(_t1000 - 0x48) = _t639;
				 *(_t1000 - 0x60) = _t860;
				 *(_t1000 - 0x58) = _t639;
				 *(_t1003 + 0x70) = _t860;
				 *(_t1003 + 0x78) = _t639;
				 *(_t1000 - 0x30) = _t860;
				 *(_t1000 - 0x28) = _t639;
				if (r13d == 0) goto 0x8000ad35;
				if (r12d != 0x800) goto 0x8000ad15;
				if ((_t699 & 0x00000700) != 0x600) goto 0x8000acf2;
				E0000000118000D644(1, _t836, _t1003 + 0x50, _t994, _t997, _t1031, _t1032, _t1037);
				 *(_t1000 - 0x40) =  *(_t1003 + 0x50);
				 *(_t1000 - 0x38) =  *(_t1003 + 0x58);
				E0000000118000D644(1, _t836, _t1003 + 0x50, _t994, _t997, _t1031, _t1032, _t1037);
				 *(_t1000 - 0x50) =  *(_t1003 + 0x50);
				_t464 =  *(_t1003 + 0x58);
				 *(_t1000 - 0x48) = _t464;
				goto 0x8000acf9;
				if (_t464 != 0x500) goto 0x8000ad15;
				E0000000118000D644(1, _t836, _t1003 + 0x50, _t994, _t997, _t1031, _t1032, _t1037);
				 *(_t1000 - 0x60) =  *(_t1003 + 0x50);
				 *(_t1000 - 0x58) =  *(_t1003 + 0x58);
				_t864 = _t1003 + 0x50;
				E0000000118000D644(1, _t836, _t864, _t994, _t997, _t1031, _t1032, _t1037);
				 *(_t1003 + 0x70) =  *(_t1003 + 0x50);
				 *(_t1003 + 0x78) =  *(_t1003 + 0x58);
				if (r12d != 0x800) goto 0x8000adc3;
				if ((_t699 & 0x00000700) == 0x200) goto 0x8000adc3;
				_t471 =  *0x800994a0; // 0x0
				r8d = 0;
				 *(_t1003 + 0x50) = _t864;
				 *(_t1003 + 0x58) = 0;
				 *(_t1003 + 0x20) = 1;
				if ((_t471 & 0x00000060) == 0x60) goto 0x8000ad9a;
				 *(_t1000 - 0x80) = _t864;
				 *(_t1000 - 0x78) = 0;
				_t132 = _t1000 - 0x80; // 0xf80
				_t865 = _t1003 + 0x30;
				E0000000118000C978(_t699, _t836, _t865, _t132, _t994, _t997, _t1003 + 0x50);
				_t807 =  *(_t1003 + 0x30);
				 *(_t1000 - 0x30) = _t807;
				goto 0x8000adc0;
				 *(_t1003 + 0x30) = _t865;
				 *(_t1003 + 0x38) = 0;
				_t141 = _t1000 - 0x80; // 0xf80
				E0000000118000C978(_t699, _t836, _t141, _t1003 + 0x50, _t994, _t997, _t1003 + 0x30);
				if ( *(_t1000 - 0x78) - 1 <= 0) goto 0x8000adc3;
				 *(_t1000 - 0x28) =  *(_t1000 - 0x78) & 0x000000ff;
				_t641 =  *0x800994a0; // 0x0
				r13d = 3;
				if (( !(_t641 >> 1) & 0x00000001) == 0) goto 0x8000ae8e;
				_t643 =  !(_t641 >> 4);
				if (( !(_t641 >> 4) & 0x00000001) == 0) goto 0x8000ae65;
				E0000000118000C838(_t836, _t1003 + 0x30, _t994, _t997, _t994, _t996);
				E0000000118000A4B0(_t807, _t1003 + 0x50, _t1003 + 0x40);
				_t869 =  *_t807;
				 *(_t1003 + 0x40) = _t869;
				 *(_t1003 + 0x48) =  *(_t807 + 8);
				_t808 =  *_t1040;
				if (_t808 == 0) goto 0x8000aea2;
				if (_t869 == 0) goto 0x8000ae95;
				if (( *0x800994a0 & 0x00001000) != 0) goto 0x8000ae95;
				 *(_t1000 - 0x80) = _t836;
				_t158 = _t1000 - 0x80; // -125
				 *(_t1000 - 0x78) = 0;
				E0000000118000B87C(0x20, _t808, _t836, _t158);
				_t161 = _t1000 - 0x80; // -125
				E0000000118000A4B0(_t161, _t1003 + 0x30, _t1040);
				E0000000118000A5F8( !(_t641 >> 4), _t1003 + 0x40, _t1003 + 0x30, _t1040);
				goto 0x8000aea2;
				E0000000118000C838(_t836, _t1003 + 0x40, _t994, _t997);
				if ( *(_t1003 + 0x48) == r13b) goto 0x8000ae12;
				if ( *(_t808 + 8) - 1 <= 0) goto 0x8000ae12;
				 *(_t1003 + 0x48) = 0;
				goto 0x8000ae12;
				goto 0x8000ae65;
				 *(_t1003 + 0x40) = _t808;
				 *(_t1003 + 0x48) =  *(_t1040 + 8);
				 *(_t1000 - 0x80) = _t836;
				 *(_t1000 - 0x70) = 0;
				if ( *(_t1000 + 0x78) == (0 |  *(_t808 + 8) & 0x000000ff)) goto 0x8000afc0;
				_t176 = _t1000 - 0x10; // -13
				E0000000118000FAC0(_t699, _t176, _t994);
				 *(_t1003 + 0x50) =  *(_t1003 + 0x50) & _t836;
				 *(_t1003 + 0x58) =  *(_t1003 + 0x58) & r15d;
				_t837 = _t808;
				E0000000118000B87C(0x20, _t808, _t837, _t1003 + 0x50);
				E0000000118000A4B0(_t1003 + 0x50, _t1003 + 0x30, _t837);
				E0000000118000A5F8( !(_t641 >> 4), _t1003 + 0x40, _t1003 + 0x30, _t837);
				if (( *0x800994a0 & 0x00001000) != 0) goto 0x8000b7b4;
				if ( *(_t1000 - 0x6c) == 0) goto 0x8000b0d3;
				if (r12d != 0x800) goto 0x8000b068;
				if ((_t699 & 0x00000700) != 0x600) goto 0x8000b002;
				 *(_t1003 + 0x38) = 0xc;
				_t809 = "`vtordispex{";
				 *(_t1003 + 0x30) = _t809;
				asm("movaps xmm0, [esp+0x30]");
				_t192 = _t1000 - 0x10; // -13
				asm("movdqa [esp+0x30], xmm0");
				E00000001180009F6C(_t809, _t192, _t1003 + 0x30);
				_t193 = _t1000 - 0x40; // -61
				E0000000118000A4B0(_t809, _t1003 + 0x30, _t193);
				r8b = 0x2c;
				E0000000118000A4DC(_t1003 + 0x30, _t1003 + 0x50);
				_t197 = _t1000 - 0x50; // -77
				E0000000118000A4B0(_t809, _t1000, _t197);
				r8b = 0x2c;
				_t198 = _t1000 + 0x10; // 0x13
				E0000000118000A4DC(_t809, _t198);
				_t199 = _t1000 - 0x60; // -93
				_t200 = _t1000 - 0x20; // -29
				E0000000118000A4B0(_t809, _t200, _t199);
				goto 0x8000b051;
				E0000000118000E5E0(_t809, _t837, 0x800994b8, _t1003 + 0x60, _t997, _t999);
				if (_t809 == 0) goto 0x8000afe1;
				 *_t809 = _t837;
				_t809[1] = 0;
				goto 0x8000afe4;
				_t1043 = _t837;
				_t203 = _t1000 - 0x10; // -13
				E0000000118000FAC0(_t699, _t203, _t994);
				_t503 = _t809[1];
				 *(_t1000 - 0x80) =  *_t809;
				 *(_t1000 - 0x70) = _t503;
				goto 0x8000af0c;
				if (_t503 != 0x500) goto 0x8000b068;
				 *(_t1003 + 0x38) = 0xa;
				 *(_t1003 + 0x30) = "`vtordisp{";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00000001180009F6C("`vtordisp{", _t1003 + 0x60, _t1003 + 0x30);
				_t211 = _t1000 - 0x60; // -93
				E0000000118000A4B0("`vtordisp{", _t1003 + 0x30, _t211);
				_t213 = _t1000 - 0x20; // -29
				r8b = 0x2c;
				E0000000118000A4DC(_t1003 + 0x30, _t213);
				E0000000118000A5F8( !(_t641 >> 4), _t1003 + 0x40, "`vtordisp{", _t211);
				goto 0x8000b096;
				 *(_t1003 + 0x38) = 0xa;
				 *(_t1003 + 0x30) = "`adjustor{";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E0000000118000A578(0x10, _t699, "`adjustor{", _t837, _t1003 + 0x40, _t1003 + 0x30, _t997);
				 *(_t1003 + 0x38) = r13d;
				_t812 = "}\' ";
				 *(_t1003 + 0x30) = _t812;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E0000000118000A484(_t1003 + 0x70, _t1003 + 0x60, _t1003 + 0x30);
				E0000000118000A5F8( !(_t641 >> 4), _t1003 + 0x40, _t812, _t1003 + 0x30);
				if ( *0x800994b4 != 1) goto 0x8000b0ee;
				_t511 =  *0x800994b0; // 0x0
				_t512 =  ==  ?  *((void*)(_t1000 - 0x68)) : _t511;
				 *0x800994b0 =  ==  ?  *((void*)(_t1000 - 0x68)) : _t511;
				E0000000118000BB4C(_t837, _t1003 + 0x60, _t812, _t997, _t1003 + 0x30);
				 *(_t1003 + 0x50) =  *(_t1003 + 0x50) & 0x00000000;
				 *(_t1003 + 0x58) =  *(_t1003 + 0x58) & 0x00000000;
				_t838 = _t812;
				E0000000118000B87C(0x28, _t812, _t838, _t1003 + 0x50);
				_t1020 = _t838;
				E0000000118000A4B0(_t1003 + 0x50, _t1003 + 0x30, _t838);
				r8b = 0x29;
				_t235 = _t1000 - 0x20; // -29
				E0000000118000A4DC(_t1003 + 0x30, _t235);
				E0000000118000A5F8( !(_t641 >> 4), _t1003 + 0x40, _t812, _t838);
				if (r12d != 0x800) goto 0x8000b167;
				if ((_t699 & 0x00000700) == 0x200) goto 0x8000b167;
				_t238 = _t1000 - 0x30; // -45
				E0000000118000A5F8(_t643, _t1003 + 0x40, _t238, _t838);
				_t521 =  *0x800994a0; // 0x0
				if ((0x00000001 &  !(_t521 >> 0x13)) == 0) goto 0x8000b194;
				E0000000118000F8F4(1, _t643, _t699, _t838, _t1003 + 0x60, _t994, _t997);
				E0000000118000A5F8(_t643, _t1003 + 0x40, _t812, _t838);
				goto 0x8000b1b9;
				E0000000118000F8F4(1, _t643, _t699, _t838, _t1003 + 0x40, _t994, _t997);
				if ( *(_t1003 + 0x48) == r13b) goto 0x8000b1b9;
				if (_t812[1] - 1 <= 0) goto 0x8000b1b9;
				 *(_t1003 + 0x48) =  *(_t1003 + 0x48) & 0xffffff00 | _t812[1] & 0x000000ff;
				E0000000118000E684(_t1003 + 0x60);
				E0000000118000A5F8( *(_t1003 + 0x48) & 0xffffff00 | _t812[1] & 0x000000ff, _t1003 + 0x40, _t812, _t838);
				_t530 =  *0x800994a0; // 0x0
				if ((0x00000001 &  !(_t530 >> 8)) == 0) goto 0x8000b1f8;
				E000000011800110D8(_t1003 + 0x60);
				E0000000118000A5F8( *(_t1003 + 0x48) & 0xffffff00 | _t812[1] & 0x000000ff, _t1003 + 0x40, _t812, _t838);
				goto 0x8000b21d;
				E000000011800110D8(_t1003 + 0x40);
				if ( *(_t1003 + 0x48) == r13b) goto 0x8000b21d;
				if (_t812[1] - 1 <= 0) goto 0x8000b21d;
				 *(_t1003 + 0x48) =  *(_t1003 + 0x48) & 0xffffff00 | _t812[1] & 0x000000ff;
				E0000000118000D790(_t812[1] & 0x000000ff, _t1003 + 0x60);
				if ( *(_t1003 + 0x48) == r13b) goto 0x8000b247;
				if (_t812[1] - 1 <= 0) goto 0x8000b247;
				 *(_t1003 + 0x48) =  *(_t1003 + 0x48) & 0xffffff00 | _t812[1] & 0x000000ff;
				_t539 =  *0x800994a0; // 0x0
				if ((0x00000001 &  !(_t539 >> 2)) == 0) goto 0x8000ac6b;
				if (_t1043 == 0) goto 0x8000ac6b;
				 *_t1043 =  *(_t1003 + 0x40);
				 *(_t1043 + 8) =  *(_t1003 + 0x48);
				 *(_t1003 + 0x40) =  *(_t1000 - 0x80);
				goto 0x8000b4f8;
				r13d = 0x6000;
				_t909 = _t1003 + 0x40;
				E0000000118000A5F8( *(_t1003 + 0x48) & 0xffffff00 | _t812[1] & 0x000000ff, _t909, _t1043, _t838);
				r9d = 0x7c00;
				if (r14d != 0) goto 0x8000b338;
				_t276 = _t909 - 0x6800; // -26624
				if ((_t276 & 0xfffff7ff) != 0) goto 0x8000b2cd;
				E00000001180011990(0x28, _t699, _t838, _t997, _t1003 + 0x40, _t994, _t997, _t1020, _t1031, _t1032, _t1033);
				goto 0x8000b7c3;
				if ((_t699 & r9d) != r13d) goto 0x8000b338;
				_t815 = "}\'";
				 *(_t1003 + 0x38) = 2;
				 *(_t1003 + 0x30) = _t815;
				asm("movaps xmm0, [esp+0x30]");
				r8b = 0x7b;
				asm("movdqa [esp+0x50], xmm0");
				E0000000118000A4DC(_t1003 + 0x40, _t1003 + 0x60);
				_t839 = _t815;
				E0000000118000D644(0, _t839, _t1003 + 0x30, _t994, _t997, _t1031, _t1032, _t1037);
				_t286 = _t1000 - 0x20; // 0x5fe0
				E0000000118000A4B0(_t839, _t286, _t1003 + 0x30);
				E0000000118000A484(_t815, _t997, _t1003 + 0x50);
				goto 0x8000b7c3;
				if ((_t699 & 0x0000fc00) != r9d) goto 0x8000b356;
				E00000001180011914(_t699 & r9d, 0, _t699, (_t699 & 0x0000fc00) - r9d, _t997, _t1003 + 0x40, _t994, _t997, _t1003 + 0x50, _t1031, _t1032, _t1033);
				goto 0x8000b7c3;
				r12d = _t699;
				r12d = r12d & 0x00001800;
				r15d = 0x1200;
				_t656 = 0 | r12d == 0x00000800;
				 *(_t1000 + 0x70) = _t656;
				r13d = 0x1100;
				_t623 =  *(_t1000 + 0x68) & 0xffffff00 | (r13d & _t699) == 0x00000000;
				_t555 =  !=  ? _t656 : _t623;
				_t556 =  ~( !=  ? _t656 : _t623);
				asm("sbb edx, edx");
				_t693 = 0x1000 & _t699;
				if (r14d == 0) goto 0x8000b45c;
				r8d = _t699;
				r8d = r8d & 0x00001b00;
				asm("sbb eax, eax");
				if (((0 | r8d == 0x00001000) &  ~r14d) == 0) goto 0x8000b3f5;
				 *(_t1003 + 0x38) = 0x20;
				 *(_t1003 + 0x30) = "`local static destructor helper\'";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E0000000118000A578(_t693, _t699, "`local static destructor helper\'", _t839, _t1003 + 0x40, _t1003 + 0x30, _t997);
				goto 0x8000b475;
				asm("sbb eax, eax");
				if (((0 | r8d == r13d) &  ~r14d) == 0) goto 0x8000b438;
				 *(_t1003 + 0x38) = 0x30;
				 *(_t1003 + 0x30) = "`template static data member constructor helper\'";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E0000000118000A578(_t693, _t699, "`template static data member constructor helper\'", _t839, _t1003 + 0x40, _t1003 + 0x30, _t997);
				goto 0x8000b4a3;
				asm("sbb eax, eax");
				if (((0 | r8d == r15d) &  ~r14d) == 0) goto 0x8000b45c;
				 *(_t1003 + 0x38) = 0x2f;
				goto 0x8000b417;
				if (r14d != 0) goto 0x8000b471;
				if ((_t699 & r9d) == 0x7800) goto 0x8000b7b4;
				if (_t693 == 0) goto 0x8000b4de;
				_t695 = _t699 & 0x00001b00;
				asm("sbb eax, eax");
				if (((0 | _t695 == r13d) &  ~r14d) != 0) goto 0x8000b4a3;
				asm("sbb eax, eax");
				if (((0 | _t695 == r15d) &  ~r14d) == 0) goto 0x8000b4de;
				 *(_t1003 + 0x50) =  *(_t1003 + 0x50) & 0x00000000;
				 *(_t1003 + 0x58) =  *(_t1003 + 0x58) & 0x00000000;
				E0000000118000B87C(0x20, "`template static data member destructor helper\'", _t839, _t1003 + 0x50);
				E0000000118000A4B0(_t1003 + 0x50, _t1003 + 0x30, _t1003 + 0x40);
				_t819 =  *(_t1003 + 0x30);
				 *(_t1003 + 0x40) = _t819;
				goto 0x8000b4f8;
				E0000000118000DD28(_t699, _t819, _t839, _t1003 + 0x60, _t1003 + 0x40, _t997, _t1003 + 0x40);
				 *(_t1003 + 0x40) =  *_t819;
				 *(_t1003 + 0x48) =  *(_t819 + 8);
				r13d = 0xb;
				_t624 =  !=  ?  *(_t1000 + 0x70) : _t623;
				 *(_t1000 + 0x68) = _t624;
				r15d = _t1035 - 3;
				if (_t624 == 0) goto 0x8000b6f2;
				_t576 =  *0x800994a0; // 0x0
				if (( !(_t576 >> 9) & 0x00000001) == 0) goto 0x8000b61d;
				_t626 = _t699 & 0x00000700;
				_t777 = _t626 - 0x200;
				_t580 =  !=  ? _t777 == 0 : _t1035 - 0xa;
				_t779 =  !=  ? _t777 == 0 : _t1035 - 0xa;
				if (( !=  ? _t777 == 0 : _t1035 - 0xa) == 0) goto 0x8000b5a0;
				 *(_t1003 + 0x38) = 7;
				 *(_t1003 + 0x30) = "static ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00000001180009F6C("static ", _t1003 + 0x60, _t1003 + 0x30);
				E0000000118000A4B0("static ", _t1003 + 0x30, _t1003 + 0x40);
				 *(_t1003 + 0x40) =  *(_t1003 + 0x30);
				 *(_t1003 + 0x48) =  *(_t1003 + 0x38);
				if (r14d == 0) goto 0x8000b5ad;
				_t781 = _t626 - 0x100;
				if (_t781 == 0) goto 0x8000b5c8;
				asm("bt edi, 0xa");
				if (_t781 >= 0) goto 0x8000b617;
				_t359 = _t839 - 0x400; // 0xe00
				if ((_t359 & 0xfffffcff) != 0) goto 0x8000b617;
				if (_t626 == 0x700) goto 0x8000b617;
				 *(_t1003 + 0x38) = r15d;
				 *(_t1003 + 0x30) = "virtual ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00000001180009F6C("virtual ", _t1003 + 0x60, _t1003 + 0x30);
				E0000000118000A4B0("virtual ", _t1003 + 0x30, _t1003 + 0x40);
				 *(_t1003 + 0x40) =  *(_t1003 + 0x30);
				 *(_t1003 + 0x48) =  *(_t1003 + 0x38);
				_t588 =  *0x800994a0; // 0x0
				if (( !(_t588 >> 7) & 0x00000001) == 0) goto 0x8000b6f2;
				_t698 = _t699 & 0x000000c0;
				_t785 = _t698 - 0x40;
				_t671 =  !=  ? _t785 == 0 :  *(_t1000 + 0x70);
				_t787 =  !=  ? _t785 == 0 :  *(_t1000 + 0x70);
				if (( !=  ? _t785 == 0 :  *(_t1000 + 0x70)) == 0) goto 0x8000b65b;
				 *(_t1003 + 0x38) = 9;
				goto 0x8000b6af;
				_t788 = _t698 - 0x80;
				_t789 = r12d - 0x1000;
				_t595 =  !=  ? _t788 == 0 : _t789 == 0;
				_t791 =  !=  ? _t788 == 0 : _t789 == 0;
				if (( !=  ? _t788 == 0 : _t789 == 0) == 0) goto 0x8000b68a;
				 *(_t1003 + 0x38) = r13d;
				goto 0x8000b6af;
				_t792 = _t698;
				_t793 = r12d;
				_t598 =  !=  ? _t792 == 0 : _t793 == 0;
				_t795 =  !=  ? _t792 == 0 : _t793 == 0;
				if (( !=  ? _t792 == 0 : _t793 == 0) == 0) goto 0x8000b6f2;
				 *(_t1003 + 0x38) = r15d;
				 *(_t1003 + 0x30) = "public: ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00000001180009F6C("public: ", _t1003 + 0x60, _t1003 + 0x30);
				E0000000118000A4B0("public: ", _t1003 + 0x30, _t1003 + 0x40);
				 *(_t1003 + 0x40) =  *(_t1003 + 0x30);
				_t601 =  *(_t1003 + 0x38);
				 *(_t1003 + 0x48) = _t601;
				asm("sbb eax, eax");
				if ((_t699 & (_t601 & 0xfffff400) + 0x00001000) == 0) goto 0x8000b75f;
				_t797 =  *0x800994a0 & 0x00001000;
				if (_t797 != 0) goto 0x8000b75f;
				 *(_t1003 + 0x38) = r15d;
				 *(_t1003 + 0x30) = "[thunk]:";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00000001180009F6C("[thunk]:", _t1003 + 0x60, _t1003 + 0x30);
				E0000000118000A4B0("[thunk]:", _t1003 + 0x30, _t1003 + 0x40);
				 *(_t1003 + 0x40) =  *(_t1003 + 0x30);
				 *(_t1003 + 0x48) =  *(_t1003 + 0x38);
				asm("bt edi, 0x10");
				if (_t797 >= 0) goto 0x8000b7b4;
				 *(_t1003 + 0x38) = r13d;
				 *(_t1003 + 0x30) = "extern \"C\" ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00000001180009F6C("extern \"C\" ", _t1003 + 0x60, _t1003 + 0x30);
				E0000000118000A4B0("extern \"C\" ", _t1003 + 0x30, _t1003 + 0x40);
				 *(_t1003 + 0x40) =  *(_t1003 + 0x30);
				 *(_t1003 + 0x48) =  *(_t1003 + 0x38);
				 *_t997 =  *(_t1003 + 0x40);
				_t610 =  *(_t1003 + 0x48);
				 *(_t997 + 8) = _t610;
				return _t610;
			}

0x18000a93c
0x18000a94c
0x18000a951
0x18000a958
0x18000a966
0x18000a969
0x18000a96f
0x18000a972
0x18000a975
0x18000a97e
0x18000a986
0x18000a990
0x18000a992
0x18000a999
0x18000a99b
0x18000a9a4
0x18000a9a6
0x18000a9a9
0x18000a9ac
0x18000a9b0
0x18000a9bb
0x18000a9bd
0x18000a9c8
0x18000a9cb
0x18000a9d3
0x18000a9d8
0x18000a9dd
0x18000a9e2
0x18000a9e8
0x18000a9ea
0x18000a9f1
0x18000a9f6
0x18000a9fe
0x18000aa04
0x18000aa0b
0x18000aa15
0x18000aa18
0x18000aa2c
0x18000aa32
0x18000aa3f
0x18000aa42
0x18000aa46
0x18000aa49
0x18000aa4d
0x18000aa57
0x18000aa62
0x18000aa64
0x18000aa6a
0x18000aa70
0x18000aa74
0x18000aa76
0x18000aa91
0x18000aa93
0x18000aa98
0x18000aaa3
0x18000aaad
0x18000aabf
0x18000aac4
0x18000aacd
0x18000aad2
0x18000aad4
0x18000aadd
0x18000aae3
0x18000aaec
0x18000aaf9
0x18000aaff
0x18000ab0a
0x18000ab16
0x18000ab19
0x18000ab2b
0x18000ab38
0x18000ab42
0x18000ab52
0x18000ab54
0x18000ab61
0x18000ab6b
0x18000ab70
0x18000ab76
0x18000ab7d
0x18000ab82
0x18000ab88
0x18000ab92
0x18000ab9b
0x18000aba5
0x18000aba9
0x18000abad
0x18000abba
0x18000abbf
0x18000abc6
0x18000abce
0x18000abd8
0x18000abe2
0x18000abe8
0x18000abf2
0x18000abf7
0x18000ac05
0x18000ac10
0x18000ac14
0x18000ac16
0x18000ac21
0x18000ac28
0x18000ac3c
0x18000ac41
0x18000ac44
0x18000ac4d
0x18000ac57
0x18000ac5a
0x18000ac5e
0x18000ac66
0x18000ac6e
0x18000ac73
0x18000ac77
0x18000ac7a
0x18000ac7e
0x18000ac81
0x18000ac85
0x18000ac88
0x18000ac8d
0x18000ac91
0x18000ac95
0x18000ac9b
0x18000aca8
0x18000acb6
0x18000acbf
0x18000acce
0x18000acd8
0x18000acdb
0x18000ace5
0x18000ace9
0x18000aced
0x18000acf0
0x18000acf7
0x18000ad00
0x18000ad0a
0x18000ad12
0x18000ad17
0x18000ad1c
0x18000ad28
0x18000ad31
0x18000ad3c
0x18000ad4e
0x18000ad50
0x18000ad56
0x18000ad5c
0x18000ad61
0x18000ad65
0x18000ad6f
0x18000ad71
0x18000ad7a
0x18000ad7d
0x18000ad81
0x18000ad86
0x18000ad8b
0x18000ad90
0x18000ad98
0x18000ad9a
0x18000ada4
0x18000adad
0x18000adb1
0x18000adba
0x18000adc0
0x18000adc3
0x18000adc9
0x18000add7
0x18000ade0
0x18000adea
0x18000adec
0x18000adfe
0x18000ae03
0x18000ae09
0x18000ae0e
0x18000ae12
0x18000ae1a
0x18000ae23
0x18000ae2f
0x18000ae33
0x18000ae37
0x18000ae3b
0x18000ae3e
0x18000ae4b
0x18000ae4f
0x18000ae5e
0x18000ae63
0x18000ae65
0x18000ae74
0x18000ae7a
0x18000ae88
0x18000ae8c
0x18000ae93
0x18000ae95
0x18000ae9e
0x18000aea5
0x18000aea9
0x18000aeaf
0x18000aeb7
0x18000aebb
0x18000aec0
0x18000aeca
0x18000aed1
0x18000aed4
0x18000aee6
0x18000aef5
0x18000af04
0x18000af0f
0x18000af1c
0x18000af2e
0x18000af34
0x18000af3c
0x18000af43
0x18000af4d
0x18000af52
0x18000af56
0x18000af5c
0x18000af61
0x18000af6d
0x18000af72
0x18000af7f
0x18000af84
0x18000af8f
0x18000af94
0x18000af97
0x18000af9e
0x18000afa3
0x18000afaa
0x18000afae
0x18000afbb
0x18000afcc
0x18000afd7
0x18000afd9
0x18000afdc
0x18000afdf
0x18000afe1
0x18000afe7
0x18000afeb
0x18000aff3
0x18000aff6
0x18000affa
0x18000affd
0x18000b007
0x18000b009
0x18000b018
0x18000b022
0x18000b02c
0x18000b032
0x18000b037
0x18000b043
0x18000b048
0x18000b051
0x18000b054
0x18000b061
0x18000b066
0x18000b068
0x18000b077
0x18000b081
0x18000b08b
0x18000b091
0x18000b096
0x18000b09b
0x18000b0a2
0x18000b0ac
0x18000b0bb
0x18000b0c1
0x18000b0ce
0x18000b0da
0x18000b0dc
0x18000b0e4
0x18000b0e8
0x18000b0f3
0x18000b0f8
0x18000b103
0x18000b10a
0x18000b10d
0x18000b112
0x18000b11f
0x18000b124
0x18000b127
0x18000b130
0x18000b13d
0x18000b149
0x18000b157
0x18000b159
0x18000b162
0x18000b167
0x18000b17e
0x18000b180
0x18000b18d
0x18000b192
0x18000b194
0x18000b19e
0x18000b1a3
0x18000b1b5
0x18000b1be
0x18000b1cb
0x18000b1d0
0x18000b1e2
0x18000b1e4
0x18000b1f1
0x18000b1f6
0x18000b1f8
0x18000b202
0x18000b207
0x18000b219
0x18000b222
0x18000b22c
0x18000b231
0x18000b243
0x18000b247
0x18000b254
0x18000b25d
0x18000b26b
0x18000b272
0x18000b27a
0x18000b282
0x18000b287
0x18000b290
0x18000b295
0x18000b29a
0x18000b2a3
0x18000b2ae
0x18000b2b9
0x18000b2c3
0x18000b2c8
0x18000b2d0
0x18000b2d2
0x18000b2d9
0x18000b2e1
0x18000b2eb
0x18000b2f5
0x18000b2f8
0x18000b2fe
0x18000b30a
0x18000b30d
0x18000b31a
0x18000b31e
0x18000b32e
0x18000b333
0x18000b342
0x18000b34c
0x18000b351
0x18000b358
0x18000b35b
0x18000b362
0x18000b36f
0x18000b375
0x18000b378
0x18000b37e
0x18000b386
0x18000b389
0x18000b38b
0x18000b399
0x18000b39b
0x18000b3a3
0x18000b3a6
0x18000b3bc
0x18000b3c0
0x18000b3c2
0x18000b3d1
0x18000b3db
0x18000b3e5
0x18000b3eb
0x18000b3f0
0x18000b402
0x18000b406
0x18000b40f
0x18000b417
0x18000b421
0x18000b42b
0x18000b431
0x18000b436
0x18000b445
0x18000b449
0x18000b452
0x18000b45a
0x18000b45f
0x18000b46b
0x18000b473
0x18000b479
0x18000b48a
0x18000b48e
0x18000b49d
0x18000b4a1
0x18000b4a3
0x18000b4ae
0x18000b4b5
0x18000b4c9
0x18000b4ce
0x18000b4d3
0x18000b4dc
0x18000b4e8
0x18000b4f3
0x18000b4f8
0x18000b502
0x18000b508
0x18000b50b
0x18000b50e
0x18000b514
0x18000b51a
0x18000b527
0x18000b535
0x18000b53b
0x18000b547
0x18000b54a
0x18000b54c
0x18000b54e
0x18000b55d
0x18000b567
0x18000b571
0x18000b577
0x18000b589
0x18000b593
0x18000b59c
0x18000b5a3
0x18000b5a5
0x18000b5ab
0x18000b5ad
0x18000b5b1
0x18000b5b3
0x18000b5be
0x18000b5c6
0x18000b5c8
0x18000b5d4
0x18000b5de
0x18000b5e8
0x18000b5ee
0x18000b600
0x18000b60a
0x18000b613
0x18000b61d
0x18000b62a
0x18000b634
0x18000b63a
0x18000b643
0x18000b646
0x18000b648
0x18000b651
0x18000b659
0x18000b65d
0x18000b668
0x18000b675
0x18000b678
0x18000b67a
0x18000b683
0x18000b688
0x18000b68c
0x18000b693
0x18000b69c
0x18000b69f
0x18000b6a1
0x18000b6aa
0x18000b6af
0x18000b6b9
0x18000b6c3
0x18000b6c9
0x18000b6db
0x18000b6e5
0x18000b6ea
0x18000b6ee
0x18000b6f4
0x18000b702
0x18000b704
0x18000b70e
0x18000b710
0x18000b71c
0x18000b726
0x18000b730
0x18000b736
0x18000b748
0x18000b752
0x18000b75b
0x18000b75f
0x18000b763
0x18000b765
0x18000b771
0x18000b77b
0x18000b785
0x18000b78b
0x18000b79d
0x18000b7a7
0x18000b7b0
0x18000b7b9
0x18000b7bc
0x18000b7c0
0x18000b7e0

APIs

DName::operator+.LIBVCRUNTIME ref: 000000018000A9D8
DName::operator+.LIBVCRUNTIME ref: 000000018000AABF
DName::operator+.LIBVCRUNTIME ref: 000000018000AB0A
DName::operator+.LIBVCRUNTIME ref: 000000018000AB2B
DName::operator+.LIBVCRUNTIME ref: 000000018000AB9B
DName::operator+.LIBVCRUNTIME ref: 000000018000ABAD

Strings

extern "C" , xrefs: 000000018000B76A
`vtordisp{, xrefs: 000000018000B011
private: , xrefs: 000000018000B64A
public: , xrefs: 000000018000B6A3
`local static destructor helper', xrefs: 000000018000B3CA
`adjustor{, xrefs: 000000018000B070
[thunk]:, xrefs: 000000018000B715
protected: , xrefs: 000000018000B67C
`template static data member constructor helper', xrefs: 000000018000B408
}' , xrefs: 000000018000AB5A, 000000018000B09B
virtual , xrefs: 000000018000B5CD
`vtordispex{, xrefs: 000000018000AF3C
`template static data member destructor helper', xrefs: 000000018000B44B
static , xrefs: 000000018000B556
/, xrefs: 000000018000B452

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+
String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
API String ID: 2943138195-2884338863
Opcode ID: 0358148bf59e917f07412e5f0f88ac3638c5110421eaed1c584cf62f1818e484
Instruction ID: 76bd8804b399595e2f697f87ec6aa6e113e488401cda165f439dc13ffd2eac00
Opcode Fuzzy Hash: 0358148bf59e917f07412e5f0f88ac3638c5110421eaed1c584cf62f1818e484
Instruction Fuzzy Hash: C192AC72618B8986F792CF54E4803DEB7A0F7893D4F509115FB8A87A99DF78C648CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000018003B5A0 Relevance: 18.8, APIs: 6, Strings: 4, Instructions: 1274
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 67%

			E0000000118003B5A0(void* __edx, signed int __rcx, long long __r8, signed int __r9) {
				void* _t507;
				void* _t519;
				void* _t527;
				signed long long _t536;
				signed int _t560;
				intOrPtr _t566;
				signed long long _t594;
				signed int _t602;
				intOrPtr _t609;
				signed long long _t636;
				signed int _t663;
				intOrPtr _t667;
				signed int _t714;
				signed int _t722;
				intOrPtr _t724;
				signed int _t729;
				signed long long _t731;
				signed long long _t737;
				signed long long _t743;
				intOrPtr _t772;
				signed int _t797;
				signed int _t799;
				signed int _t802;
				signed int _t803;
				void* _t807;
				void* _t809;
				void* _t814;
				void* _t844;
				void* _t850;
				signed long long _t960;
				signed long long _t962;
				intOrPtr _t967;
				signed long long _t968;
				void* _t970;
				signed long long _t972;
				signed long long _t973;
				signed long long _t974;
				signed long long _t975;
				signed long long _t977;
				void* _t980;
				intOrPtr* _t981;
				signed long long _t992;
				void* _t995;
				signed long long _t1002;
				long long _t1023;
				signed long long _t1047;
				signed long long _t1048;
				long long _t1055;
				signed long long _t1059;
				long long _t1069;
				signed long long _t1073;
				signed long long _t1077;
				signed long long _t1079;
				signed long long _t1084;
				signed long long _t1085;
				char* _t1086;
				void* _t1087;
				signed long long _t1088;
				void* _t1091;
				void* _t1092;
				signed long long _t1093;
				signed long long _t1098;
				signed long long _t1099;
				signed long long _t1100;
				signed long long _t1111;
				signed long long _t1112;
				signed long long _t1127;
				signed long long _t1128;
				signed long long _t1139;
				signed long long _t1140;
				void* _t1154;

				_t1140 = __r9;
				_t1091 = _t1092 - 0x6d8;
				_t1093 = _t1092 - 0x7d8;
				_t960 =  *0x80098010; // 0x6aeceb4fd839
				 *(_t1091 + 0x6c0) = _t960 ^ _t1093;
				 *(_t1093 + 0x38) = __rcx;
				_t1088 = __r9;
				 *((long long*)(_t1093 + 0x68)) = __r9;
				 *((long long*)(_t1093 + 0x78)) = __r8;
				E0000000118003FBF8(_t1093 + 0x58);
				r12d = 0;
				if (( *(_t1093 + 0x58) & 0x0000001f) != 0x1f) goto 0x8003b603;
				 *((intOrPtr*)(_t1093 + 0x60)) = r12b;
				goto 0x8003b612;
				_t507 = E0000000118003FC64(( *(_t1093 + 0x58) & 0x0000001f) - 0x1f, _t1093 + 0x58);
				 *((char*)(_t1093 + 0x60)) = 1;
				_t962 =  *(_t1093 + 0x38);
				 *((long long*)(__r8 + 8)) = __r9;
				r9d = 0x7ff;
				_t13 = _t972 + 0xd; // 0x2d
				_t729 = _t13;
				_t671 =  <  ? _t729 : 0x20;
				 *((intOrPtr*)(__r8)) =  <  ? _t729 : 0x20;
				if (_t962 != 0) goto 0x8003b65f;
				if ((0xffffffff & _t962) != 0) goto 0x8003b65f;
				 *(__r8 + 4) = r12d;
				goto 0x8003c79e;
				_t807 = (_t962 >> 0x00000034 & __r9) - __r9;
				if (_t807 == 0) goto 0x8003b669;
				goto 0x8003b6aa;
				if (_t807 != 0) goto 0x8003b678;
				goto 0x8003b6a2;
				if (_t962 >= 0) goto 0x8003b693;
				_t809 = (_t962 & 0xffffffff) - 0;
				if (_t809 != 0) goto 0x8003b693;
				goto 0x8003b6a2;
				 *(__r8 + 4) = 1;
				if (_t809 == 0) goto 0x8003c7b3;
				if (_t809 == 0) goto 0x8003c797;
				if (_t809 == 0) goto 0x8003c78e;
				if (0 == 1) goto 0x8003c785;
				 *(_t1093 + 0x38) = _t962 & 0xffffffff;
				_t772 = __edx + 1;
				asm("movsd xmm0, [esp+0x38]");
				 *((intOrPtr*)(_t1093 + 0x50)) = _t772;
				asm("movsd [esp+0x48], xmm0");
				_t1047 =  *((intOrPtr*)(_t1093 + 0x48));
				_t1098 = _t1047 >> 0x34;
				asm("dec eax");
				_t1048 = _t1047 & 0xffffffff;
				_t992 =  ~(_t1098 & __r9);
				asm("sbb eax, eax");
				r8d = r8d & r9d;
				r15d = __r9 + 0;
				r15d = r15d + r8d;
				0x8003fd80();
				E0000000118003FCB4(_t507, _t1098);
				asm("cvttsd2si ecx, xmm0");
				 *((intOrPtr*)(_t1091 - 0x7c)) = _t772;
				asm("inc ebp");
				r13d = r13d & 0;
				 *((intOrPtr*)(_t1091 - 0x78)) = _t772;
				 *(_t1093 + 0x40) = r13d;
				asm("sbb edx, edx");
				_t731 =  ~_t729 + 1;
				 *(_t1091 - 0x80) = _t731;
				if (r15d - 0x434 < 0) goto 0x8003ba01;
				 *(_t1091 + 0x328) = 0x100000;
				 *((intOrPtr*)(_t1091 + 0x324)) = 0;
				 *(_t1091 + 0x320) = 2;
				if (_t772 == 0) goto 0x8003b8de;
				r8d = r12d;
				if ( *((intOrPtr*)(_t1091 + 0x324 + _t992 * 4)) !=  *(_t1091 + _t992 * 4 - 0x7c)) goto 0x8003b8de;
				r8d = r8d + 1;
				_t814 = r8d - 2;
				if (_t814 != 0) goto 0x8003b79f;
				r11d = _t1154 - 0x432;
				 *(_t1093 + 0x38) = r12d;
				r8d = r11d;
				r11d = r11d & 0x0000001f;
				r8d = r8d >> 5;
				asm("bsr eax, [ebp+eax*4-0x7c]");
				r15d = 1;
				r15d =  !r15d;
				if (_t814 == 0) goto 0x8003b7f9;
				goto 0x8003b7fc;
				_t519 = _t1048 + _t1098;
				if (_t519 != 0x73) goto 0x8003b80e;
				if (r11d - 0x20 > 0) goto 0x8003b811;
				r12d = r12d | 0xffffffff;
				if (_t519 - 0x73 > 0) goto 0x8003b8aa;
				if (r12b != 0) goto 0x8003b8aa;
				r14d = 0x72;
				r14d =  <  ? _t519 : r14d;
				r10d = r14d;
				if (r14d == r12d) goto 0x8003b88a;
				if (r10d - r8d < 0) goto 0x8003b88a;
				if (r10d - r8d - _t731 >= 0) goto 0x8003b854;
				r9d =  *(_t1091 + 0x3fffffffffff84);
				goto 0x8003b857;
				r9d = 0;
				if (0xfffffffffffff - _t731 >= 0) goto 0x8003b861;
				goto 0x8003b863;
				r9d = r9d & 0;
				r10d = r10d + r12d;
				r9d = r9d << r11d;
				 *(_t1091 + 0x3fffffffffff84) = (0 & r15d) >> 0x00000020 - r11d | r9d;
				if (r10d == r12d) goto 0x8003b88a;
				_t737 =  *(_t1091 - 0x80);
				goto 0x8003b83b;
				if (r8d == 0) goto 0x8003b89d;
				 *(_t1091 + _t992 * 4 - 0x7c) =  *(_t1091 + _t992 * 4 - 0x7c) & 0x00000000;
				if (1 != r8d) goto 0x8003b891;
				r14d =  >  ? __r8 + 1 : r14d;
				goto 0x8003b8ad;
				r14d = 0;
				 *(_t1091 + 0x328) =  *(_t1091 + 0x328) & 0x00000000;
				r15d = 1;
				 *(_t1091 + 0x150) = r15d;
				 *(_t1091 - 0x80) = r14d;
				 *(_t1091 + 0x320) = 1;
				 *(_t1091 + 0x154) = 4;
				goto 0x8003bc00;
				r11d = _t1154 - 0x433;
				 *(_t1093 + 0x38) = r12d;
				r8d = r11d;
				r11d = r11d & 0x0000001f;
				r8d = r8d >> 5;
				_t1084 = (_t1079 & 0x00000000) + _t1048 >> 0x20 << 0x20 << 0x20;
				asm("bsr eax, [ebp+eax*4-0x7c]");
				r15d = 1;
				r15d =  !r15d;
				if (r11d == 0x20) goto 0x8003b91c;
				goto 0x8003b91f;
				_t527 = _t1048 + _t1098;
				if (_t527 != 0x73) goto 0x8003b931;
				if (r11d - 0x20 > 0) goto 0x8003b934;
				r12d = r12d | 0xffffffff;
				if (_t527 - 0x73 > 0) goto 0x8003b9cd;
				if (r12b != 0) goto 0x8003b9cd;
				r14d = 0x72;
				r14d =  <  ? _t527 : r14d;
				r10d = r14d;
				if (r14d == r12d) goto 0x8003b9ad;
				if (r10d - r8d < 0) goto 0x8003b9ad;
				if (r10d - r8d - _t737 >= 0) goto 0x8003b977;
				r9d =  *(_t1091 + 0x3fffffffffff84);
				goto 0x8003b97a;
				r9d = 0;
				if (0xfffffffffffff - _t737 >= 0) goto 0x8003b984;
				goto 0x8003b986;
				r9d = r9d & 0x00000001;
				r10d = r10d + r12d;
				r9d = r9d << r11d;
				 *(_t1091 + 0x3fffffffffff84) = (0 & r15d) >> 0x00000020 | r9d;
				if (r10d == r12d) goto 0x8003b9ad;
				_t743 =  *(_t1091 - 0x80);
				goto 0x8003b95e;
				if (r8d == 0) goto 0x8003b9c0;
				 *(_t1091 + _t992 * 4 - 0x7c) =  *(_t1091 + _t992 * 4 - 0x7c) & 0x00000000;
				if (1 != r8d) goto 0x8003b9b4;
				r14d =  >  ? __r8 + 1 : r14d;
				goto 0x8003b9d0;
				r14d = 0;
				 *(_t1091 + 0x328) =  *(_t1091 + 0x328) & 0x00000000;
				r15d = 1;
				 *(_t1091 + 0x150) = r15d;
				 *(_t1091 - 0x80) = r14d;
				 *(_t1091 + 0x320) = 1;
				 *(_t1091 + 0x154) = 2;
				goto 0x8003bc00;
				if (r15d == 0x36) goto 0x8003bb34;
				 *(_t1091 + 0x328) = 0x100000;
				 *((intOrPtr*)(_t1091 + 0x324)) = 0;
				 *(_t1091 + 0x320) = 0x20;
				if (0 == 0) goto 0x8003bb34;
				r8d = r12d;
				if ( *((intOrPtr*)(_t1091 + 0x324 + _t992 * 4)) !=  *(_t1091 + _t992 * 4 - 0x7c)) goto 0x8003bb34;
				r8d = r8d + 1;
				_t844 = r8d - 0x20;
				if (_t844 != 0) goto 0x8003ba2e;
				asm("bsr eax, edi");
				 *(_t1093 + 0x38) = r12d;
				if (_t844 == 0) goto 0x8003ba58;
				goto 0x8003ba5b;
				r14d = _t743;
				r12d = r12d | 0xffffffff;
				_t536 = _t743;
				r10d = _t536;
				r8d = 0xfffffffffffff;
				if (_t536 - _t743 >= 0) goto 0x8003ba78;
				r9d =  *(_t1091 + 0x3fffffffffff80);
				goto 0x8003ba7b;
				r9d = 0;
				if (r8d - _t743 >= 0) goto 0x8003ba87;
				goto 0x8003ba89;
				 *(_t1091 + 0x3fffffffffff80) = 0 >> 0x0000001e | r9d << 0x00000002;
				if (r8d == r12d) goto 0x8003baa6;
				goto 0x8003ba66;
				r14d =  <  ? __r8 + 1 : r14d;
				 *(_t1091 - 0x80) = r14d;
				_t973 = _t972 << 2;
				_t1099 = _t973;
				E00000001180005C10(__r8 + 1, 0, _t1091 + 0x324, _t1048, _t1099);
				 *(_t1091 + _t973 + 0x324) = 1 << sil;
				_t118 = _t1084 + 1; // 0x437
				r15d = _t118;
				r8d = r15d;
				_t1100 = _t1099 << 2;
				 *(_t1091 + 0x320) = r15d;
				 *(_t1091 + 0x150) = r15d;
				if (_t1100 == 0) goto 0x8003bc00;
				_t850 = _t1100 - _t973;
				if (_t850 > 0) goto 0x8003bbdf;
				E00000001180005560();
				goto 0x8003bbf9;
				 *(_t1093 + 0x38) = r12d;
				asm("bsr eax, [ebp+eax*4-0x7c]");
				if (_t850 == 0) goto 0x8003bb47;
				goto 0x8003bb4a;
				r14d = 0;
				r12d = r12d | 0xffffffff;
				r10d = 0;
				r8d = 0xfffffffffffff;
				if (0 >= 0) goto 0x8003bb67;
				r9d =  *(_t1091 + 0x3fffffffffff80);
				goto 0x8003bb6a;
				r9d = 0;
				if (r8d >= 0) goto 0x8003bb76;
				goto 0x8003bb78;
				 *(_t1091 + 0x3fffffffffff80) = 0 >> 0x0000001f | _t1140 + _t1140;
				if (r8d == r12d) goto 0x8003bb93;
				goto 0x8003bb55;
				_t995 = _t1091 + 0x324;
				r14d =  <  ? __r8 + 1 : r14d;
				 *(_t1091 - 0x80) = r14d;
				_t974 = _t973 << 2;
				E00000001180005C10(__r8 + 1, 0, _t995, _t1091 + 0x324, _t974);
				 *(_t1091 + _t974 + 0x324) = 1;
				goto 0x8003baec;
				E00000001180005C10(1 << sil, 0, _t995, _t1091 + 0x324, _t974);
				E00000001180025224(0);
				 *0 = 0x22;
				E00000001180015940();
				r15d =  *(_t1091 + 0x150);
				if (r13d < 0) goto 0x8003c0fe;
				_t560 = 0xcccccccd * r13d >> 0x20 >> 3;
				 *(_t1093 + 0x38) = _t560;
				r12d = _t560;
				 *(_t1093 + 0x30) = _t560;
				if (_t560 == 0) goto 0x8003c001;
				r13d = r12d;
				r13d =  >  ? 0x26 : r13d;
				 *(_t1093 + 0x44) = r13d;
				_t975 = _t974 << 2;
				 *(_t1091 + 0x320) = _t1088 + _t995;
				E00000001180005C10(_t1088 + _t995, 0, _t1091 + 0x324, 0x180000000, _t975);
				E00000001180005560();
				r10d =  *(_t1091 + 0x320);
				if (r10d - 1 > 0) goto 0x8003bd5d;
				_t566 =  *((intOrPtr*)(_t1091 + 0x324));
				if (_t566 != 0) goto 0x8003bcd4;
				r15d = 0;
				 *(_t1091 + 0x150) = r15d;
				goto 0x8003bfd4;
				if (_t566 == 1) goto 0x8003bfd4;
				if (r15d == 0) goto 0x8003bfd4;
				r8d = 0;
				r9d = 0;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x8003bcef;
				if (r8d == 0) goto 0x8003bd51;
				if ( *(_t1091 + 0x150) - 0x73 >= 0) goto 0x8003bd40;
				 *(_t1091 + 0x40000000000154) = r8d;
				r15d =  *(_t1091 + 0x150);
				r15d = r15d + 1;
				goto 0x8003bcc8;
				r15d = 0;
				 *(_t1091 + 0x150) = r15d;
				goto 0x8003bfd6;
				r15d =  *(_t1091 + 0x150);
				goto 0x8003bfd4;
				if (r15d - 1 > 0) goto 0x8003be14;
				_t663 =  *(_t1091 + 0x154);
				r15d = r10d;
				 *(_t1091 + 0x150) = r10d;
				if (0 << 2 == 0) goto 0x8003bdc3;
				_t1002 = _t1091 + 0x154;
				if (0 << 2 - 0 > 0) goto 0x8003bda2;
				E00000001180005560();
				goto 0x8003bdbc;
				E00000001180005C10(0x1cc, 0, _t1002, _t1091 + 0x324, 0);
				E00000001180025224(0);
				 *0 = 0x22;
				E00000001180015940();
				r15d =  *(_t1091 + 0x150);
				if (_t663 == 0) goto 0x8003bcc5;
				if (_t663 == 1) goto 0x8003bfd4;
				if (r15d == 0) goto 0x8003bfd4;
				r8d = 0;
				r9d = 0;
				_t1111 = _t1002 * _t975 + 0 >> 0x20;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x8003bde6;
				goto 0x8003bd18;
				r12d = r15d;
				_t1152 =  >=  ? _t1091 + 0x154 : _t1091 + 0x324;
				r12d =  <  ? r10d : r12d;
				_t1055 =  >=  ? _t1091 + 0x324 : _t1091 + 0x154;
				 *((long long*)(_t1093 + 0x48)) = _t1055;
				r10d =  !=  ? r15d : r10d;
				r15d = 0;
				r9d = 0;
				 *(_t1091 + 0x4f0) = r15d;
				if (r12d == 0) goto 0x8003bf77;
				_t797 =  *(( >=  ? _t1091 + 0x154 : _t1091 + 0x324) + _t1140 * 4);
				if (_t797 != 0) goto 0x8003be93;
				if (r9d != r15d) goto 0x8003bf6b;
				 *(_t1091 + 0x4f4 + _t1140 * 4) =  *(_t1091 + 0x4f4 + _t1140 * 4) & _t797;
				_t213 = _t1140 + 1; // 0x1
				r15d = _t213;
				 *(_t1091 + 0x4f0) = r15d;
				goto 0x8003bf6b;
				r11d = 0;
				r8d = r9d;
				if (r10d == 0) goto 0x8003bf5c;
				if (r8d == 0x73) goto 0x8003bf0a;
				if (r8d != r15d) goto 0x8003bec7;
				 *(_t1091 + 0x4f4 + _t1084 * 4) =  *(_t1091 + 0x4f4 + _t1084 * 4) & 0x00000000;
				_t221 = _t1111 + 1; // 0x1
				 *(_t1091 + 0x4f0) = _t221;
				r8d = r8d + 1;
				 *(_t1091 + 0x4f4 + _t1084 * 4) =  *(_t1055 + 0x40000000000000);
				r15d =  *(_t1091 + 0x4f0);
				if (_t1111 + _t975 == r10d) goto 0x8003bf0a;
				_t1059 =  *((intOrPtr*)(_t1093 + 0x48));
				goto 0x8003bea7;
				if (r11d == 0) goto 0x8003bf5c;
				if (r8d == 0x73) goto 0x8003c0f2;
				if (r8d != r15d) goto 0x8003bf33;
				 *(_t1091 + 0x4f4 + _t1059 * 4) =  *(_t1091 + 0x4f4 + _t1059 * 4) & 0x00000000;
				_t241 = _t1111 + 1; // 0x1
				 *(_t1091 + 0x4f0) = _t241;
				r8d = r8d + 1;
				_t714 = r11d;
				 *(_t1091 + 0x4f4 + _t1059 * 4) = _t714;
				r15d =  *(_t1091 + 0x4f0);
				r11d = _t714;
				if (_t714 != 0) goto 0x8003bf0f;
				if (r8d == 0x73) goto 0x8003c0f2;
				r9d = r9d + 1;
				if (r9d != r12d) goto 0x8003be66;
				r8d = r15d;
				_t1112 = _t1111 << 2;
				 *(_t1091 + 0x150) = r15d;
				if (_t1112 == 0) goto 0x8003bfca;
				if (_t1112 - 0 > 0) goto 0x8003bfa9;
				E00000001180005560();
				goto 0x8003bfc3;
				E00000001180005C10(0x1cc, 0, _t1091 + 0x154, _t1091 + 0x4f4, 0);
				E00000001180025224(0);
				 *0 = 0x22;
				E00000001180015940();
				r15d =  *(_t1091 + 0x150);
				r12d =  *(_t1093 + 0x30);
				r13d =  *(_t1093 + 0x44);
				if (1 == 0) goto 0x8003c0f2;
				r12d = r12d - r13d;
				 *(_t1093 + 0x30) = r12d;
				if (1 != 0) goto 0x8003bc35;
				r13d =  *(_t1093 + 0x40);
				if (1 == 0) goto 0x8003c092;
				_t594 =  *0x40000180055788;
				if (_t594 == 0) goto 0x8003c0f2;
				if (_t594 == 1) goto 0x8003c092;
				if (r15d == 0) goto 0x8003c092;
				r8d = 0;
				r10d = _t594;
				r9d = 0;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x8003c036;
				if (r8d == 0) goto 0x8003c08b;
				if ( *(_t1091 + 0x150) - 0x73 >= 0) goto 0x8003c0f2;
				 *(_t1091 + 0x40000000000154) = r8d;
				r15d =  *(_t1091 + 0x150);
				r15d = r15d + 1;
				goto 0x8003c0f5;
				r15d =  *(_t1091 + 0x150);
				_t1085 =  *((intOrPtr*)(_t1093 + 0x68));
				r12d = 0;
				if (r14d == 0) goto 0x8003c570;
				r8d = r12d;
				r9d = r12d;
				r9d = r9d + 1;
				 *(_t1091 + 0x5ffffff84) = r8d;
				if (r9d != r14d) goto 0x8003c0ac;
				if (r8d == 0) goto 0x8003c570;
				if ( *(_t1091 - 0x80) - 0x73 >= 0) goto 0x8003c54d;
				 *(_t1091 + 0x3fffffffffff84) = r8d;
				 *(_t1091 - 0x80) =  *(_t1091 - 0x80) + 1;
				goto 0x8003c570;
				r15d = 0;
				 *(_t1091 + 0x150) = r15d;
				goto 0x8003c092;
				r13d =  ~r13d;
				_t602 =  *(_t1091 - 0x80) * r13d >> 0x20 >> 3;
				 *(_t1093 + 0x44) = _t602;
				r12d = _t602;
				 *(_t1093 + 0x30) = _t602;
				if (_t602 == 0) goto 0x8003c4b5;
				_t604 =  >  ? 0x26 : r12d;
				 *(_t1093 + 0x38) =  >  ? 0x26 : r12d;
				_t977 = _t1085 << 2;
				 *(_t1091 + 0x320) = (_t1088 << 2) + 0x50000000000000;
				E00000001180005C10((_t1088 << 2) + 0x50000000000000, 0, _t1091 + 0x324, 0x180000000, _t977);
				E00000001180005560();
				r10d =  *(_t1091 + 0x320);
				if (r10d - 1 > 0) goto 0x8003c231;
				_t609 =  *((intOrPtr*)(_t1091 + 0x324));
				if (_t609 != 0) goto 0x8003c1c0;
				r14d = 0;
				 *(_t1091 - 0x80) = r14d;
				goto 0x8003c48b;
				if (_t609 == 1) goto 0x8003c48b;
				if (r14d == 0) goto 0x8003c48b;
				r8d = 0;
				r9d = 0;
				r9d = r9d + 1;
				if (r9d != r14d) goto 0x8003c1db;
				if (r8d == 0) goto 0x8003c228;
				if ( *(_t1091 - 0x80) - 0x73 >= 0) goto 0x8003c21a;
				 *(_t1091 + 0x3fffffffffff84) = r8d;
				r14d =  *(_t1091 - 0x80);
				r14d = r14d + 1;
				goto 0x8003c1b7;
				r14d = 0;
				 *(_t1091 - 0x80) = r14d;
				goto 0x8003c48d;
				r14d =  *(_t1091 - 0x80);
				goto 0x8003c48b;
				if (r14d - 1 > 0) goto 0x8003c2d6;
				_t667 =  *((intOrPtr*)(_t1091 - 0x7c));
				r14d = r10d;
				 *(_t1091 - 0x80) = r10d;
				if (0 << 2 == 0) goto 0x8003c28b;
				if (0 << 2 - 0 > 0) goto 0x8003c26d;
				E00000001180005560();
				goto 0x8003c287;
				E00000001180005C10(0x1cc, 0, _t1091 - 0x7c, _t1091 + 0x324, 0);
				E00000001180025224(0);
				 *0 = 0x22;
				E00000001180015940();
				r14d =  *(_t1091 - 0x80);
				if (_t667 == 0) goto 0x8003c1b4;
				if (_t667 == 1) goto 0x8003c48b;
				if (r14d == 0) goto 0x8003c48b;
				r8d = 0;
				r9d = 0;
				r9d = r9d + 1;
				if (r9d != r14d) goto 0x8003c2ae;
				goto 0x8003c1fe;
				r12d = r14d;
				_t1023 =  >=  ? _t1091 - 0x7c : _t1091 + 0x324;
				_t1127 = _t1091 + 0x324;
				r12d =  <  ? r10d : r12d;
				 *((long long*)(_t1093 + 0x70)) = _t1023;
				_t1069 =  >=  ? _t1127 : _t1091 - 0x7c;
				 *((long long*)(_t1093 + 0x48)) = _t1069;
				r10d =  !=  ? r14d : r10d;
				r14d = 0;
				r9d = 0;
				 *(_t1091 + 0x4f0) = r14d;
				if (r12d == 0) goto 0x8003c43c;
				_t799 =  *(_t1023 + _t1140 * 4);
				if (_t799 != 0) goto 0x8003c353;
				if (r9d != r14d) goto 0x8003c430;
				 *(_t1091 + 0x4f4 + _t1140 * 4) =  *(_t1091 + 0x4f4 + _t1140 * 4) & _t799;
				_t369 = _t1140 + 1; // 0x1
				r14d = _t369;
				 *(_t1091 + 0x4f0) = r14d;
				goto 0x8003c430;
				r11d = 0;
				r8d = r9d;
				if (r10d == 0) goto 0x8003c41c;
				if (r8d == 0x73) goto 0x8003c3ca;
				if (r8d != r14d) goto 0x8003c387;
				 *(_t1091 + 0x4f4 + _t1085 * 4) =  *(_t1091 + 0x4f4 + _t1085 * 4) & 0x00000000;
				_t377 = _t1127 + 1; // 0x1
				 *(_t1091 + 0x4f0) = _t377;
				r8d = r8d + 1;
				 *(_t1091 + 0x4f4 + _t1085 * 4) =  *(_t1069 + 0x40000000000000);
				r14d =  *(_t1091 + 0x4f0);
				if (_t977 + _t1127 == r10d) goto 0x8003c3ca;
				_t1073 =  *((intOrPtr*)(_t1093 + 0x48));
				goto 0x8003c367;
				if (r11d == 0) goto 0x8003c41c;
				if (r8d == 0x73) goto 0x8003c53c;
				if (r8d != r14d) goto 0x8003c3f3;
				 *(_t1091 + 0x4f4 + _t1073 * 4) =  *(_t1091 + 0x4f4 + _t1073 * 4) & 0x00000000;
				_t397 = _t1127 + 1; // 0x1
				 *(_t1091 + 0x4f0) = _t397;
				_t722 =  *(_t1091 + 0x4f4 + _t1073 * 4);
				r8d = r8d + 1;
				 *(_t1091 + 0x4f4 + _t1073 * 4) = _t722;
				r14d =  *(_t1091 + 0x4f0);
				r11d = _t722;
				if (_t722 != 0) goto 0x8003c3cf;
				if (r8d == 0x73) goto 0x8003c53c;
				r9d = r9d + 1;
				if (r9d != r12d) goto 0x8003c327;
				r8d = r14d;
				_t1128 = _t1127 << 2;
				 *(_t1091 - 0x80) = r14d;
				if (_t1128 == 0) goto 0x8003c486;
				if (_t1128 - 0 > 0) goto 0x8003c468;
				E00000001180005560();
				goto 0x8003c482;
				E00000001180005C10(0x1cc, 0, _t1091 - 0x7c, _t1091 + 0x4f4, 0);
				E00000001180025224(0);
				 *0 = 0x22;
				E00000001180015940();
				r14d =  *(_t1091 - 0x80);
				r12d =  *(_t1093 + 0x30);
				if (1 == 0) goto 0x8003c53c;
				r12d = r12d -  *(_t1093 + 0x38);
				 *(_t1093 + 0x30) = r12d;
				if (1 != 0) goto 0x8003c128;
				r13d = r13d - 0xa0000000000000;
				if (1 == 0) goto 0x8003c092;
				_t636 =  *0x40000180055788;
				if (_t636 == 0) goto 0x8003c53c;
				if (_t636 == 1) goto 0x8003c092;
				if (r14d == 0) goto 0x8003c092;
				r8d = 0;
				r10d = _t636;
				r9d = 0;
				_t724 =  *((intOrPtr*)(_t1091 + _t1140 * 4 - 0x7c));
				 *((intOrPtr*)(_t1091 + _t1140 * 4 - 0x7c)) = _t724;
				r9d = r9d + 1;
				if (r9d != r14d) goto 0x8003c4ed;
				if (r8d == 0) goto 0x8003c533;
				if ( *(_t1091 - 0x80) - 0x73 >= 0) goto 0x8003c53c;
				 *(_t1091 + 0x3fffffffffff84) = r8d;
				r14d =  *(_t1091 - 0x80);
				r14d = r14d + 1;
				 *(_t1091 - 0x80) = r14d;
				goto 0x8003c092;
				r14d =  *(_t1091 - 0x80);
				goto 0x8003c092;
				 *(_t1091 - 0x80) =  *(_t1091 - 0x80) & 0x00000000;
				_t1086 =  *((intOrPtr*)(_t1093 + 0x68));
				r12d = 0;
				goto 0x8003c570;
				r9d = 0;
				 *(_t1091 + 0x320) = r12d;
				 *(_t1091 - 0x80) = r12d;
				0x8002afe8();
				_t1077 = _t1091 + 0x150;
				0x8003a4d0();
				if ( *(_t1091 - 0x80) != 0xa) goto 0x8003c61d;
				 *_t1086 = 0x31;
				if (r15d == 0) goto 0x8003c62d;
				r8d = r12d;
				r9d = r12d;
				r9d = r9d + 1;
				 *(_t1091 + 0x154 + _t1077 * 4) = r8d;
				if (r9d != r15d) goto 0x8003c5a5;
				if (r8d == 0) goto 0x8003c62d;
				if ( *(_t1091 + 0x150) - 0x73 >= 0) goto 0x8003c5f2;
				 *(_t1091 + 0x40000000000154) = r8d;
				 *(_t1091 + 0x150) =  *(_t1091 + 0x150) + 1;
				goto 0x8003c62d;
				r9d = 0;
				 *(_t1091 + 0x320) = r12d;
				 *(_t1091 + 0x150) = r12d;
				0x8002afe8();
				goto 0x8003c62d;
				if ( *(_t1091 + 0x150) != 0) goto 0x8003c625;
				_t802 =  *(_t1093 + 0x40) + 1 - 1;
				goto 0x8003c62d;
				_t980 = _t1086 + 1;
				 *_t1086 = 1;
				_t967 =  *((intOrPtr*)(_t1093 + 0x78));
				 *(_t967 + 4) = _t802;
				if (_t802 < 0) goto 0x8003c647;
				if ( *((intOrPtr*)(_t1093 + 0x50)) - 0x7fffffff > 0) goto 0x8003c647;
				_t968 =  <  ?  *((intOrPtr*)(_t1091 + 0x740)) - 1 : _t967;
				_t1087 = _t1086 + _t968;
				if (_t980 == _t1087) goto 0x8003c74e;
				r14d = 9;
				_t803 = _t802 | 0xffffffff;
				r10d =  *(_t1091 - 0x80);
				if (r10d == 0) goto 0x8003c74e;
				r8d = r12d;
				r9d = r12d;
				r9d = r9d + 1;
				 *((intOrPtr*)(_t1091 + _t1077 * 4 - 0x7c)) = _t724;
				if (r9d != r10d) goto 0x8003c682;
				if (r8d == 0) goto 0x8003c6e4;
				if ( *(_t1091 - 0x80) - 0x73 >= 0) goto 0x8003c6c1;
				 *(_t1091 + _t968 * 4 - 0x7c) = r8d;
				 *(_t1091 - 0x80) =  *(_t1091 - 0x80) + 1;
				goto 0x8003c6e4;
				r9d = 0;
				 *(_t1091 + 0x320) = r12d;
				 *(_t1091 - 0x80) = r12d;
				0x8002afe8();
				0x8003a4d0();
				r10d = r8d;
				_t1139 = _t968;
				r10d = r10d -  ~r9d;
				r9d = 8;
				r8b = r8b - _t1091 - 0x80 + _t1091 + 0x150 + _t1091 - 0x80 + _t1091 + 0x150;
				_t499 = _t1139 + 0x30; // 0x30
				r8d = 0xcccccccd * r8d >> 0x20 >> 3;
				if (r10d - r9d < 0) goto 0x8003c72d;
				 *((char*)(_t968 + _t980)) = _t499;
				r9d = r9d + _t803;
				if (r9d != _t803) goto 0x8003c703;
				_t970 = _t1087 - _t980;
				_t971 =  >  ? __r8 : _t970;
				_t981 = _t980 + ( >  ? __r8 : _t970);
				if (_t981 != _t1087) goto 0x8003c66f;
				 *_t981 = r12b;
				if ( *((intOrPtr*)(_t1093 + 0x60)) == r12b) goto 0x8003c762;
				return E00000001180002630(E0000000118003FC18( *((intOrPtr*)(_t1093 + 0x60)) - r12b, _t1093 + 0x58), _t499,  *(_t1091 + 0x6c0) ^ _t1093);
			}

0x18003b5a0
0x18003b5ad
0x18003b5b5
0x18003b5bc
0x18003b5c6
0x18003b5cd
0x18003b5d2
0x18003b5da
0x18003b5e2
0x18003b5e9
0x18003b5f2
0x18003b5fa
0x18003b5fc
0x18003b601
0x18003b608
0x18003b60d
0x18003b612
0x18003b61f
0x18003b625
0x18003b635
0x18003b635
0x18003b638
0x18003b642
0x18003b648
0x18003b64d
0x18003b64f
0x18003b65a
0x18003b65f
0x18003b662
0x18003b667
0x18003b66f
0x18003b676
0x18003b67b
0x18003b687
0x18003b68a
0x18003b691
0x18003b6a2
0x18003b6ad
0x18003b6b6
0x18003b6bf
0x18003b6c8
0x18003b6e0
0x18003b6e5
0x18003b6e7
0x18003b6ed
0x18003b6f1
0x18003b6f7
0x18003b6ff
0x18003b719
0x18003b71c
0x18003b725
0x18003b728
0x18003b72a
0x18003b72d
0x18003b731
0x18003b734
0x18003b739
0x18003b73e
0x18003b742
0x18003b750
0x18003b757
0x18003b75a
0x18003b75f
0x18003b766
0x18003b76a
0x18003b76c
0x18003b776
0x18003b77e
0x18003b788
0x18003b78e
0x18003b796
0x18003b79c
0x18003b7ad
0x18003b7b3
0x18003b7b6
0x18003b7b9
0x18003b7bb
0x18003b7c2
0x18003b7c7
0x18003b7cd
0x18003b7d1
0x18003b7e8
0x18003b7ed
0x18003b7f0
0x18003b7f3
0x18003b7f7
0x18003b7fe
0x18003b805
0x18003b80c
0x18003b811
0x18003b818
0x18003b820
0x18003b826
0x18003b82f
0x18003b833
0x18003b839
0x18003b83e
0x18003b84b
0x18003b84d
0x18003b852
0x18003b854
0x18003b859
0x18003b85f
0x18003b86b
0x18003b870
0x18003b876
0x18003b87c
0x18003b883
0x18003b885
0x18003b888
0x18003b88f
0x18003b891
0x18003b89b
0x18003b8a4
0x18003b8a8
0x18003b8aa
0x18003b8ad
0x18003b8b4
0x18003b8ba
0x18003b8c1
0x18003b8c5
0x18003b8cf
0x18003b8d9
0x18003b8de
0x18003b8e5
0x18003b8ea
0x18003b8f0
0x18003b8f4
0x18003b904
0x18003b90b
0x18003b910
0x18003b913
0x18003b916
0x18003b91a
0x18003b921
0x18003b928
0x18003b92f
0x18003b934
0x18003b93b
0x18003b943
0x18003b949
0x18003b952
0x18003b956
0x18003b95c
0x18003b961
0x18003b96e
0x18003b970
0x18003b975
0x18003b977
0x18003b97c
0x18003b982
0x18003b98e
0x18003b993
0x18003b999
0x18003b99f
0x18003b9a6
0x18003b9a8
0x18003b9ab
0x18003b9b2
0x18003b9b4
0x18003b9be
0x18003b9c7
0x18003b9cb
0x18003b9cd
0x18003b9d0
0x18003b9d7
0x18003b9dd
0x18003b9e4
0x18003b9e8
0x18003b9f2
0x18003b9fc
0x18003ba05
0x18003ba0d
0x18003ba17
0x18003ba1d
0x18003ba25
0x18003ba2b
0x18003ba3c
0x18003ba42
0x18003ba45
0x18003ba48
0x18003ba4a
0x18003ba4d
0x18003ba52
0x18003ba56
0x18003ba5d
0x18003ba60
0x18003ba64
0x18003ba66
0x18003ba69
0x18003ba6f
0x18003ba71
0x18003ba76
0x18003ba78
0x18003ba7e
0x18003ba85
0x18003ba97
0x18003ba9f
0x18003baa4
0x18003bab8
0x18003bac1
0x18003bacc
0x18003bad0
0x18003bad3
0x18003bae5
0x18003baec
0x18003baec
0x18003baf0
0x18003baf3
0x18003baf7
0x18003bafe
0x18003bb08
0x18003bb1a
0x18003bb1d
0x18003bb2a
0x18003bb2f
0x18003bb37
0x18003bb3c
0x18003bb41
0x18003bb45
0x18003bb4c
0x18003bb4f
0x18003bb55
0x18003bb58
0x18003bb5e
0x18003bb60
0x18003bb65
0x18003bb67
0x18003bb6d
0x18003bb74
0x18003bb84
0x18003bb8c
0x18003bb91
0x18003bb9f
0x18003bba6
0x18003bbaf
0x18003bbba
0x18003bbc1
0x18003bbd3
0x18003bbda
0x18003bbe4
0x18003bbe9
0x18003bbee
0x18003bbf4
0x18003bbf9
0x18003bc08
0x18003bc1a
0x18003bc1d
0x18003bc21
0x18003bc24
0x18003bc2a
0x18003bc38
0x18003bc3b
0x18003bc3f
0x18003bc5e
0x18003bc6f
0x18003bc75
0x18003bca5
0x18003bcaa
0x18003bcb5
0x18003bcbb
0x18003bcc3
0x18003bcc5
0x18003bcc8
0x18003bccf
0x18003bcd7
0x18003bce0
0x18003bce6
0x18003bcec
0x18003bd10
0x18003bd16
0x18003bd1b
0x18003bd24
0x18003bd2c
0x18003bd34
0x18003bd3b
0x18003bd3e
0x18003bd40
0x18003bd43
0x18003bd4c
0x18003bd51
0x18003bd58
0x18003bd61
0x18003bd67
0x18003bd74
0x18003bd77
0x18003bd81
0x18003bd88
0x18003bd92
0x18003bd9b
0x18003bda0
0x18003bda7
0x18003bdac
0x18003bdb1
0x18003bdb7
0x18003bdbc
0x18003bdc5
0x18003bdce
0x18003bdd7
0x18003bddd
0x18003bde3
0x18003be03
0x18003be07
0x18003be0d
0x18003be0f
0x18003be1e
0x18003be28
0x18003be33
0x18003be3e
0x18003be47
0x18003be4c
0x18003be50
0x18003be53
0x18003be56
0x18003be60
0x18003be66
0x18003be70
0x18003be75
0x18003be7b
0x18003be83
0x18003be83
0x18003be87
0x18003be8e
0x18003be93
0x18003be96
0x18003be9c
0x18003beab
0x18003beb3
0x18003beb5
0x18003bebd
0x18003bec1
0x18003becb
0x18003beec
0x18003bef3
0x18003bf01
0x18003bf03
0x18003bf08
0x18003bf0d
0x18003bf13
0x18003bf1f
0x18003bf21
0x18003bf29
0x18003bf2d
0x18003bf3a
0x18003bf3d
0x18003bf43
0x18003bf4a
0x18003bf55
0x18003bf5a
0x18003bf60
0x18003bf6b
0x18003bf71
0x18003bf77
0x18003bf7a
0x18003bf7e
0x18003bf88
0x18003bf99
0x18003bfa2
0x18003bfa7
0x18003bfae
0x18003bfb3
0x18003bfb8
0x18003bfbe
0x18003bfc3
0x18003bfca
0x18003bfcf
0x18003bfd8
0x18003bfde
0x18003bfe8
0x18003bff2
0x18003bffc
0x18003c00b
0x18003c014
0x18003c01d
0x18003c026
0x18003c02b
0x18003c02d
0x18003c030
0x18003c033
0x18003c057
0x18003c05d
0x18003c062
0x18003c06b
0x18003c077
0x18003c07f
0x18003c086
0x18003c089
0x18003c08b
0x18003c092
0x18003c097
0x18003c0a0
0x18003c0a6
0x18003c0a9
0x18003c0af
0x18003c0c1
0x18003c0cd
0x18003c0d2
0x18003c0dc
0x18003c0e5
0x18003c0ea
0x18003c0ed
0x18003c0f2
0x18003c0f5
0x18003c0fc
0x18003c0fe
0x18003c10d
0x18003c110
0x18003c114
0x18003c117
0x18003c11d
0x18003c12e
0x18003c131
0x18003c14b
0x18003c15e
0x18003c164
0x18003c194
0x18003c199
0x18003c1a4
0x18003c1aa
0x18003c1b2
0x18003c1b4
0x18003c1b7
0x18003c1bb
0x18003c1c3
0x18003c1cc
0x18003c1d2
0x18003c1d8
0x18003c1f6
0x18003c1fc
0x18003c201
0x18003c207
0x18003c20c
0x18003c211
0x18003c215
0x18003c218
0x18003c21a
0x18003c21d
0x18003c223
0x18003c228
0x18003c22c
0x18003c235
0x18003c23b
0x18003c245
0x18003c248
0x18003c24f
0x18003c25d
0x18003c266
0x18003c26b
0x18003c272
0x18003c277
0x18003c27c
0x18003c282
0x18003c287
0x18003c28d
0x18003c296
0x18003c29f
0x18003c2a5
0x18003c2ab
0x18003c2c9
0x18003c2cf
0x18003c2d1
0x18003c2dd
0x18003c2e7
0x18003c2eb
0x18003c2f2
0x18003c2f6
0x18003c302
0x18003c308
0x18003c30d
0x18003c311
0x18003c314
0x18003c317
0x18003c321
0x18003c327
0x18003c330
0x18003c335
0x18003c33b
0x18003c343
0x18003c343
0x18003c347
0x18003c34e
0x18003c353
0x18003c356
0x18003c35c
0x18003c36b
0x18003c373
0x18003c375
0x18003c37d
0x18003c381
0x18003c38b
0x18003c3ac
0x18003c3b3
0x18003c3c1
0x18003c3c3
0x18003c3c8
0x18003c3cd
0x18003c3d3
0x18003c3df
0x18003c3e1
0x18003c3e9
0x18003c3ed
0x18003c3f3
0x18003c3fa
0x18003c403
0x18003c40a
0x18003c415
0x18003c41a
0x18003c420
0x18003c430
0x18003c436
0x18003c43c
0x18003c43f
0x18003c443
0x18003c44a
0x18003c458
0x18003c461
0x18003c466
0x18003c46d
0x18003c472
0x18003c477
0x18003c47d
0x18003c482
0x18003c486
0x18003c48f
0x18003c495
0x18003c4a1
0x18003c4ab
0x18003c4ba
0x18003c4bd
0x18003c4c7
0x18003c4d0
0x18003c4d5
0x18003c4de
0x18003c4e4
0x18003c4e7
0x18003c4ea
0x18003c4ed
0x18003c4ff
0x18003c508
0x18003c50e
0x18003c513
0x18003c519
0x18003c51e
0x18003c523
0x18003c527
0x18003c52a
0x18003c52e
0x18003c533
0x18003c537
0x18003c53c
0x18003c540
0x18003c545
0x18003c54b
0x18003c54d
0x18003c550
0x18003c55e
0x18003c56b
0x18003c570
0x18003c57b
0x18003c587
0x18003c58f
0x18003c599
0x18003c59f
0x18003c5a2
0x18003c5a8
0x18003c5bd
0x18003c5cc
0x18003c5d1
0x18003c5da
0x18003c5e2
0x18003c5ea
0x18003c5f0
0x18003c5f2
0x18003c5f5
0x18003c603
0x18003c616
0x18003c61b
0x18003c61f
0x18003c621
0x18003c623
0x18003c627
0x18003c62b
0x18003c62d
0x18003c636
0x18003c63b
0x18003c643
0x18003c656
0x18003c65a
0x18003c660
0x18003c666
0x18003c66c
0x18003c66f
0x18003c676
0x18003c67c
0x18003c67f
0x18003c685
0x18003c69c
0x18003c6a7
0x18003c6ac
0x18003c6b2
0x18003c6b7
0x18003c6bc
0x18003c6bf
0x18003c6c1
0x18003c6c4
0x18003c6d2
0x18003c6df
0x18003c6ef
0x18003c6f4
0x18003c6f7
0x18003c6fa
0x18003c6fd
0x18003c718
0x18003c71b
0x18003c71f
0x18003c725
0x18003c72a
0x18003c72d
0x18003c733
0x18003c738
0x18003c73e
0x18003c742
0x18003c748
0x18003c74e
0x18003c756
0x18003c784

APIs

fegetenv.LIBCMT ref: 000000018003B5E9
_invalid_parameter_noinfo.LIBCMT ref: 000000018003BBF4
_invalid_parameter_noinfo.LIBCMT ref: 000000018003BDB7
_invalid_parameter_noinfo.LIBCMT ref: 000000018003BFBE
_invalid_parameter_noinfo.LIBCMT ref: 000000018003C282
_invalid_parameter_noinfo.LIBCMT ref: 000000018003C47D

Strings

1#QNAN, xrefs: 000000018003C797
1#INF, xrefs: 000000018003C7B3
1#IND, xrefs: 000000018003C785
1#SNAN, xrefs: 000000018003C78E

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 1709182501-2761157908
Opcode ID: 64aebd5dd059af58ca6710261e99200829f2547bb6b338f38fc78b9470c066d4
Instruction ID: ec927db70caaf78a571d858d979730f5da5564ab4cbe2f8aff856557b4297f54
Opcode Fuzzy Hash: 64aebd5dd059af58ca6710261e99200829f2547bb6b338f38fc78b9470c066d4
Instruction Fuzzy Hash: 2DB2C2726106888AE7A7CE69D540BEB37A1F38C7C8F519115EB0697B89DF34CB48CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028B30 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 434
COMMONCrypto

Download Yara Rule

C-Code - Quality: 52%

			E00000001180028B30(void* __ecx, intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long _a8, void* _a16, long long _a24, intOrPtr _a26, long long _a32) {
				long long _v72;
				intOrPtr _v80;
				intOrPtr* _v88;
				long long _v96;
				long long _v104;
				intOrPtr _t42;
				intOrPtr _t66;
				signed long long _t69;
				long long _t71;
				long long _t73;
				long long _t79;
				void* _t84;
				void* _t91;
				long long _t105;
				long long _t109;
				signed long long _t111;
				signed long long _t112;
				intOrPtr _t128;
				void* _t130;
				void* _t131;
				signed long long _t134;
				intOrPtr* _t135;
				intOrPtr* _t140;

				_a8 = __rbx;
				_a16 = __rdx;
				if (__rdx != 0) goto 0x80028b6c;
				E00000001180025224(__rax);
				_t3 = _t109 + 0x16; // 0x16
				_t42 = _t3;
				 *__rax = _t42;
				E00000001180015940();
				goto 0x80028d0c;
				asm("xorps xmm0, xmm0");
				 *((long long*)(__rdx)) = _t109;
				_t66 =  *__rcx;
				asm("movdqu [ebp-0x20], xmm0");
				_v72 = _t109;
				if (_t66 == 0) goto 0x80028bd9;
				_a24 = 0x3f2a;
				_a26 = dil;
				E00000001180036090();
				if (_t66 != 0) goto 0x80028bb1;
				r8d = 0;
				0x80029108();
				goto 0x80028bbd;
				0x8002941c();
				if (_t42 != 0) goto 0x80028bcc;
				goto 0x80028b7e;
				goto 0x80028cd1;
				_t140 = _v88;
				_t128 = _v80;
				_a24 = _t109;
				_t69 = _t128 - _t140;
				_t134 = (_t69 >> 3) + 1;
				_t91 =  >  ? _t109 : _t69 + 7 >> 3;
				_t112 = _t111 | 0xffffffff;
				if (_t91 == 0) goto 0x80028c3b;
				_t71 = _t112 + 1;
				if ( *((intOrPtr*)( *_t140 + _t71)) != dil) goto 0x80028c1c;
				if (_t109 + 1 != _t91) goto 0x80028c16;
				_a24 = _t109 + 1 + _t71;
				r8d = 1;
				E00000001180016834(_t42, _t134, _t109 + 1 + _t71, _t109 + 1);
				_t79 = _t71;
				if (_t71 == 0) goto 0x80028cca;
				_t105 = _t71 + _t134 * 8;
				_t135 = _t140;
				_v96 = _t105;
				_a32 = _t105;
				if (_t140 == _t128) goto 0x80028cc1;
				_v104 = _t79 - _t140;
				_t130 = _t112 + 1;
				if ( *((intOrPtr*)( *_t135 + _t130)) != dil) goto 0x80028c7b;
				_t131 = _t130 + 1;
				if (E00000001180035F18(_t105, _t79, _t105, _t105 - _t105 + _a24,  *_t135, _t131) != 0) goto 0x80028d24;
				_t73 = _a32;
				 *((long long*)(_v104 + _t135)) = _t73;
				_a32 = _t73 + _t131;
				if (_t135 + 8 != _t128) goto 0x80028c75;
				 *_a16 = _t79;
				E00000001180028028(_a16, _v104);
				_t84 =  >  ? _t109 : _t128 - _t140 + 7 >> 3;
				if (_t84 == 0) goto 0x80028d02;
				E00000001180028028(_a16,  *_t140);
				if (_t109 + 1 != _t84) goto 0x80028cee;
				E00000001180028028(_a16, _t140);
				return 0;
			}

0x180028b30
0x180028b35
0x180028b54
0x180028b56
0x180028b5b
0x180028b5b
0x180028b5e
0x180028b60
0x180028b67
0x180028b6c
0x180028b6f
0x180028b72
0x180028b75
0x180028b7a
0x180028b81
0x180028b87
0x180028b90
0x180028b94
0x180028b9f
0x180028ba5
0x180028baa
0x180028baf
0x180028bb8
0x180028bc1
0x180028bca
0x180028bd4
0x180028bd9
0x180028be0
0x180028bea
0x180028bee
0x180028bfb
0x180028c09
0x180028c0d
0x180028c14
0x180028c1c
0x180028c23
0x180028c35
0x180028c37
0x180028c3b
0x180028c47
0x180028c4c
0x180028c52
0x180028c54
0x180028c58
0x180028c5b
0x180028c62
0x180028c69
0x180028c71
0x180028c7b
0x180028c82
0x180028c87
0x180028c9b
0x180028ca1
0x180028cad
0x180028cb8
0x180028cbf
0x180028cc7
0x180028ccc
0x180028ce5
0x180028cec
0x180028cf1
0x180028d00
0x180028d05
0x180028d23

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180028B60

Part of subcall function 0000000180015990: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,000000018001593D), ref: 0000000180015999
Part of subcall function 0000000180015990: GetCurrentProcess.KERNEL32(?,?,?,?,000000018001593D), ref: 00000001800159BE

_invalid_parameter_noinfo.LIBCMT ref: 0000000180028D85

Strings

*?, xrefs: 0000000180028B87

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo$CurrentFeaturePresentProcessProcessor
String ID: *?
API String ID: 1697365638-2564092906
Opcode ID: 0ff99c16e015ef5bfb8c4da4aaa3c18a996f0d451d28aef8fc2b4a664f0255f5
Instruction ID: 5c9256fdbb7d4eca915cb32b8da0e4d3a0333ed21581fcc892a891b01998a44a
Opcode Fuzzy Hash: 0ff99c16e015ef5bfb8c4da4aaa3c18a996f0d451d28aef8fc2b4a664f0255f5
Instruction Fuzzy Hash: 62F10376712A9885EFA3CF6298047EA63A0FB4CBD4F558526FE5907B84DF78C64D8300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800391F8 Relevance: 11.6, APIs: 5, Strings: 1, Instructions: 1132
COMMONCrypto

Download Yara Rule

C-Code - Quality: 73%

			E000000011800391F8(intOrPtr __ebx, signed int __ecx, signed int __edx, long long __r8, signed int __r9, void* __r10, signed int __r11) {
				void* _t474;
				void* _t487;
				void* _t496;
				signed int _t506;
				signed long long _t530;
				intOrPtr _t537;
				signed long long _t564;
				signed long long _t572;
				intOrPtr _t579;
				signed long long _t606;
				signed int _t625;
				signed int _t626;
				signed int _t627;
				signed int _t628;
				signed int _t633;
				intOrPtr _t637;
				signed int _t640;
				signed int _t671;
				signed int _t676;
				signed int _t680;
				signed int _t681;
				signed int _t686;
				signed long long _t690;
				signed int _t696;
				signed int _t702;
				signed int _t708;
				signed int _t743;
				signed int _t745;
				signed long long _t756;
				signed int _t759;
				signed int _t761;
				signed int _t771;
				signed int _t772;
				void* _t776;
				void* _t806;
				void* _t812;
				signed long long _t921;
				signed long long* _t928;
				signed long long _t929;
				void* _t931;
				signed long long _t933;
				signed long long _t937;
				signed long long _t938;
				signed long long _t939;
				signed long long _t941;
				void* _t944;
				intOrPtr* _t945;
				signed long long _t948;
				void* _t951;
				long long _t962;
				long long _t980;
				signed long long _t999;
				signed long long _t1000;
				void* _t1005;
				signed long long _t1008;
				signed long long _t1012;
				void* _t1019;
				long long _t1022;
				signed long long _t1026;
				signed long long _t1030;
				signed long long _t1032;
				signed long long _t1033;
				signed long long _t1034;
				void* _t1035;
				void* _t1036;
				signed long long _t1038;
				char* _t1040;
				void* _t1041;
				void* _t1042;
				signed long long _t1043;
				signed long long _t1047;
				signed long long _t1048;
				signed long long _t1049;
				signed long long _t1061;
				signed long long _t1062;
				signed long long _t1077;
				signed long long _t1078;
				signed long long _t1089;
				signed int _t1090;
				signed long long _t1096;
				void* _t1101;

				_t1096 = __r11;
				_t1090 = __r9;
				_t640 = __ecx;
				_t1041 = _t1042 - 0x6c8;
				_t1043 = _t1042 - 0x7c8;
				_t921 =  *0x80098010; // 0x6aeceb4fd839
				 *(_t1041 + 0x6b0) = _t921 ^ _t1043;
				 *((long long*)(_t1043 + 0x60)) =  *((intOrPtr*)(_t1041 + 0x730));
				 *((long long*)(_t1043 + 0x58)) = __r8;
				 *((intOrPtr*)(_t1043 + 0x40)) = __edx;
				asm("movsd [esp+0x38], xmm0");
				_t999 =  *((intOrPtr*)(_t1043 + 0x38));
				 *((long long*)(_t1043 + 0x48)) = __r9;
				_t1047 = _t999 >> 0x34;
				r9d = 0x7ff;
				asm("dec eax");
				_t1000 = _t999 & 0xffffffff;
				_t948 =  ~(_t1047 & __r9);
				asm("sbb eax, eax");
				r8d = r8d & r9d;
				0x8003fd80();
				E0000000118003FCB4(_t474, _t1047);
				asm("cvttsd2si ecx, xmm0");
				 *((intOrPtr*)(_t1043 + 0x74)) = __ebx;
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t1043 + 0x78)) = __ebx;
				 *(_t1043 + 0x20) =  ~(_t948 - 0x7fffffff & 0xfffffffe) & _t640;
				asm("sbb edx, edx");
				r14d = 0;
				_t696 =  ~__edx + 1;
				 *(_t1043 + 0x70) = _t696;
				if (_t1036 + 0xffffffff + r8d - 0x434 < 0) goto 0x80039581;
				 *(_t1041 + 0x318) = 0x100000;
				 *((intOrPtr*)(_t1041 + 0x314)) = 0;
				 *(_t1041 + 0x310) = 2;
				if (__ebx == 0) goto 0x80039450;
				r8d = r14d;
				if ( *((intOrPtr*)(_t1041 + 0x314 + _t948 * 4)) !=  *((intOrPtr*)(_t1043 + 0x74 + _t948 * 4))) goto 0x80039450;
				r8d = r8d + 1;
				_t776 = r8d - 2;
				if (_t776 != 0) goto 0x80039303;
				_t625 = _t1032 - 0x432;
				 *(_t1043 + 0x28) = r14d;
				r8d = 0x20;
				r9d = _t625;
				_t626 = _t625 & 0x0000001f;
				r9d = r9d >> 5;
				_t759 = r8d - _t626;
				_t27 = _t1047 - 0x1f; // -30
				_t1033 = _t1032 << _t759;
				_t743 = _t27 - 1;
				asm("bsr eax, [esp+eax*4+0x74]");
				r12d = _t743;
				r12d =  !r12d;
				if (_t776 == 0) goto 0x80039360;
				goto 0x80039363;
				r8d = r8d - r14d;
				_t487 = _t1000 + __r9;
				if (_t487 != 0x73) goto 0x80039376;
				if (_t626 - r8d > 0) goto 0x80039379;
				r13d = r13d | 0xffffffff;
				if (_t487 - 0x73 > 0) goto 0x8003941b;
				if (r14b != 0) goto 0x8003941b;
				r15d = 0x72;
				r15d =  <  ? _t487 : r15d;
				r11d = r15d;
				if (r15d == r13d) goto 0x800393f3;
				if (r11d - r9d < 0) goto 0x800393f3;
				if (r11d - r9d - _t696 >= 0) goto 0x800393bc;
				r10d =  *(_t1043 + 0x40000000000070);
				goto 0x800393bf;
				r10d = r14d;
				if (0xffffffffffffe - _t696 >= 0) goto 0x800393c9;
				goto 0x800393cc;
				r10d = r10d & _t743;
				r11d = r11d + r13d;
				r10d = r10d << _t626;
				 *(_t1043 + 0x40000000000070) = (r14d & r12d) >> _t759 | r10d;
				if (r11d == r13d) goto 0x800393f3;
				_t702 =  *(_t1043 + 0x70);
				goto 0x800393a3;
				if (r9d == 0) goto 0x80039409;
				 *(_t1043 + 0x40000000000070) = r14d;
				if (r14d + 1 != r9d) goto 0x800393fb;
				r15d =  >  ? _t1101 + 1 : r15d;
				 *(_t1043 + 0x70) = r15d;
				goto 0x80039423;
				r15d = r14d;
				 *(_t1043 + 0x70) = r14d;
				r12d = 1;
				 *(_t1041 + 0x318) = r14d;
				 *(_t1041 + 0x140) = r12d;
				 *(_t1041 + 0x310) = 1;
				 *(_t1041 + 0x144) = 4;
				goto 0x80039793;
				_t627 = _t1033 - 0x433;
				 *(_t1043 + 0x28) = r14d;
				r8d = 0x20;
				r9d = _t627;
				_t628 = _t627 & 0x0000001f;
				r9d = r9d >> 5;
				_t761 = r8d - _t628;
				_t1034 = _t1033 << _t761;
				_t745 = _t1047 - 0x1e;
				asm("bsr eax, [esp+eax*4+0x74]");
				r12d = _t745;
				r12d =  !r12d;
				if (_t626 == r8d) goto 0x80039491;
				goto 0x80039494;
				r8d = r8d - r14d;
				_t496 = _t1000 + __r9;
				if (_t496 != 0x73) goto 0x800394a7;
				if (_t628 - r8d > 0) goto 0x800394aa;
				r13d = r13d | 0xffffffff;
				if (_t496 - 0x73 > 0) goto 0x8003954c;
				if (r14b != 0) goto 0x8003954c;
				r15d = 0x72;
				r15d =  <  ? _t496 : r15d;
				r11d = r15d;
				if (r15d == r13d) goto 0x80039524;
				if (r11d - r9d < 0) goto 0x80039524;
				if (r11d - r9d - _t702 >= 0) goto 0x800394ed;
				r10d =  *(_t1043 + 0x40000000000070);
				goto 0x800394f0;
				r10d = r14d;
				if (0xffffffffffffe - _t702 >= 0) goto 0x800394fa;
				goto 0x800394fd;
				r10d = r10d & _t745;
				r11d = r11d + r13d;
				r10d = r10d << _t628;
				 *(_t1043 + 0x40000000000070) = (r14d & r12d) >> _t761 | r10d;
				if (r11d == r13d) goto 0x80039524;
				_t708 =  *(_t1043 + 0x70);
				goto 0x800394d4;
				if (r9d == 0) goto 0x8003953a;
				 *(_t1043 + 0x40000000000070) = r14d;
				if (r14d + 1 != r9d) goto 0x8003952c;
				r15d =  >  ? _t1101 + 1 : r15d;
				 *(_t1043 + 0x70) = r15d;
				goto 0x80039554;
				r15d = r14d;
				 *(_t1043 + 0x70) = r14d;
				r12d = 1;
				 *(_t1041 + 0x318) = r14d;
				 *(_t1041 + 0x140) = r12d;
				 *(_t1041 + 0x310) = 1;
				 *(_t1041 + 0x144) = 2;
				goto 0x80039793;
				if (_t745 == 0x36) goto 0x800396bd;
				 *(_t1041 + 0x318) = 0x100000;
				 *((intOrPtr*)(_t1041 + 0x314)) = 0;
				 *(_t1041 + 0x310) = _t761;
				if (_t628 == 0) goto 0x800396bd;
				r8d = r14d;
				if ( *((intOrPtr*)(_t1041 + 0x314 + _t948 * 4)) !=  *((intOrPtr*)(_t1043 + 0x74 + _t948 * 4))) goto 0x800396bd;
				r8d = r8d + 1;
				_t806 = r8d - _t761;
				if (_t806 != 0) goto 0x800395ad;
				asm("bsr eax, ebx");
				 *(_t1043 + 0x28) = r14d;
				if (_t806 == 0) goto 0x800395d7;
				goto 0x800395da;
				r8d = 0x20;
				r15d = _t708;
				r8d = r8d - r14d;
				_t506 = _t708;
				r13d = r13d | 0xffffffff;
				r11d = _t506;
				r9d = 0xffffffffffffe;
				if (_t506 - _t708 >= 0) goto 0x800395fe;
				r10d =  *(_t1043 + 0x74 + __r11 * 4);
				goto 0x80039601;
				r10d = r14d;
				if (r9d - _t708 >= 0) goto 0x8003960d;
				goto 0x80039610;
				 *(_t1043 + 0x74 + __r11 * 4) = r14d >> 0x0000001e | r10d << 0x00000002;
				if (r9d == r13d) goto 0x8003962e;
				goto 0x800395ec;
				r15d =  <  ? _t1101 + 1 : r15d;
				 *(_t1043 + 0x70) = r15d;
				_t937 = (_t933 & 0x00000000) + _t1000 >> 0x20 << 2;
				_t1048 = _t937;
				E00000001180005C10(_t1101 + 1, 0, _t1041 + 0x314, _t1000, _t1048);
				 *(_t1041 + _t937 + 0x314) = 1 << sil;
				_t102 = _t1034 + 1; // 0x437
				r12d = _t102;
				r8d = r12d;
				_t1049 = _t1048 << 2;
				 *(_t1041 + 0x310) = r12d;
				 *(_t1041 + 0x140) = r12d;
				if (_t1049 == 0) goto 0x80039793;
				_t812 = _t1049 - _t937;
				if (_t812 > 0) goto 0x80039772;
				E00000001180005560();
				goto 0x8003978c;
				 *(_t1043 + 0x28) = r14d;
				asm("bsr eax, [esp+eax*4+0x74]");
				if (_t812 == 0) goto 0x800396d0;
				goto 0x800396d3;
				r8d = 0x20;
				r15d = 0;
				r8d = r8d - r14d;
				r13d = r13d | 0xffffffff;
				r11d = 0;
				r9d = 0xffffffffffffe;
				if (0 >= 0) goto 0x800396f7;
				r10d =  *(_t1043 + 0x74 + _t1096 * 4);
				goto 0x800396fa;
				r10d = r14d;
				if (r9d >= 0) goto 0x80039706;
				goto 0x80039709;
				 *(_t1043 + 0x74 + _t1096 * 4) = r14d >> 0x0000001f | __r10 + __r10;
				if (r9d == r13d) goto 0x80039725;
				goto 0x800396e5;
				_t951 = _t1041 + 0x314;
				r15d =  <  ? _t1101 + 1 : r15d;
				 *(_t1043 + 0x70) = r15d;
				_t938 = _t937 << 2;
				E00000001180005C10(_t1101 + 1, 0, _t951, _t1041 + 0x314, _t938);
				 *(_t1041 + _t938 + 0x314) = 1;
				goto 0x80039675;
				E00000001180005C10(1 << sil, 0, _t951, _t1041 + 0x314, _t938);
				E00000001180025224(0xffffffff);
				 *0xffffffff = 0x22;
				E00000001180015940();
				r12d =  *(_t1041 + 0x140);
				_t671 =  *(_t1043 + 0x20);
				if (_t671 < 0) goto 0x80039ca9;
				_t530 = 0xcccccccd * _t671 >> 0x20 >> 3;
				 *(_t1043 + 0x34) = _t530;
				r13d = _t530;
				 *(_t1043 + 0x24) = _t530;
				if (_t530 == 0) goto 0x80039ba3;
				_t532 =  >  ? 0x26 : r13d;
				 *(_t1043 + 0x30) =  >  ? 0x26 : r13d;
				_t939 = _t938 << 2;
				 *(_t1041 + 0x310) = _t1036 + _t951;
				E00000001180005C10(_t1036 + _t951, 0, _t1041 + 0x314, 0x180000000, _t939);
				E00000001180005560();
				r10d =  *(_t1041 + 0x310);
				if (r10d - 1 > 0) goto 0x800398fa;
				_t537 =  *((intOrPtr*)(_t1041 + 0x314));
				if (_t537 != 0) goto 0x80039865;
				r12d = r14d;
				 *(_t1041 + 0x140) = r14d;
				goto 0x80039b75;
				if (_t537 == 1) goto 0x80039b75;
				if (r12d == 0) goto 0x80039b75;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				if (r9d != r12d) goto 0x80039880;
				if (r8d == 0) goto 0x800398ee;
				if ( *(_t1041 + 0x140) - 0x73 >= 0) goto 0x800398dc;
				 *(_t1041 + 0x40000000000140) = r8d;
				r12d =  *(_t1041 + 0x140);
				r12d = r12d + 1;
				 *(_t1041 + 0x140) = r12d;
				goto 0x80039b75;
				r12d = r14d;
				 *(_t1041 + 0x140) = r14d;
				goto 0x80039b77;
				r12d =  *(_t1041 + 0x140);
				goto 0x80039b75;
				if (r12d - 1 > 0) goto 0x800399b2;
				_t633 =  *(_t1041 + 0x144);
				r12d = r10d;
				 *(_t1041 + 0x140) = r10d;
				if (0xffffffff << 2 == 0) goto 0x80039960;
				if (0xffffffff << 2 - 0xffffffff > 0) goto 0x8003993f;
				_t1005 = _t1041 + 0x314;
				E00000001180005560();
				goto 0x80039959;
				E00000001180005C10(0x1cc, 0, _t1041 + 0x144, _t1005, 0xffffffff);
				E00000001180025224(0xffffffff);
				 *0xffffffff = 0x22;
				E00000001180015940();
				r12d =  *(_t1041 + 0x140);
				if (_t633 == 0) goto 0x80039856;
				if (_t633 == 1) goto 0x80039b75;
				if (r12d == 0) goto 0x80039b75;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				if (r9d != r12d) goto 0x80039983;
				goto 0x800398aa;
				 *(_t1041 + 0x4e0) = r14d;
				r13d = r12d;
				r13d =  <  ? r10d : r13d;
				_t962 =  >=  ? _t1041 + 0x144 : _t1041 + 0x314;
				_t1061 = _t1041 + 0x314;
				 *((long long*)(_t1043 + 0x38)) = _t962;
				r9d = r14d;
				_t1008 =  >=  ? _t1061 : _t1041 + 0x144;
				 *(_t1043 + 0x28) = _t1008;
				r10d =  !=  ? r12d : r10d;
				r12d = r14d;
				if (r13d == 0) goto 0x80039b1d;
				if ( *((intOrPtr*)(_t962 + 0x3ffffffffffffc)) != 0) goto 0x80039a34;
				if (r9d != r12d) goto 0x80039b11;
				_t193 = _t1090 + 1; // 0x1
				r12d = _t193;
				 *(_t1041 + 0x400000000004e0) = r14d;
				 *(_t1041 + 0x4e0) = r12d;
				goto 0x80039b11;
				r11d = r14d;
				r8d = r9d;
				if (r10d == 0) goto 0x80039afd;
				if (r8d == 0x73) goto 0x80039aab;
				if (r8d != r12d) goto 0x80039a68;
				_t198 = _t1061 + 1; // 0x1
				 *(_t1041 + 0x4e4 + _t1034 * 4) = r14d;
				 *(_t1041 + 0x4e0) = _t198;
				r8d = r8d + 1;
				 *(_t1041 + 0x4e4 + _t1034 * 4) =  *(_t1008 + 0x3ffffffffffffc);
				r12d =  *(_t1041 + 0x4e0);
				if (_t939 + _t1061 == r10d) goto 0x80039aab;
				_t1012 =  *(_t1043 + 0x28);
				goto 0x80039a48;
				if (r11d == 0) goto 0x80039afd;
				if (r8d == 0x73) goto 0x80039c9d;
				if (r8d != r12d) goto 0x80039ad4;
				_t215 = _t1061 + 1; // 0x1
				 *(_t1041 + 0x4e4 + _t1012 * 4) = r14d;
				 *(_t1041 + 0x4e0) = _t215;
				r8d = r8d + 1;
				_t676 = r11d;
				 *(_t1041 + 0x4e4 + _t1012 * 4) = _t676;
				r12d =  *(_t1041 + 0x4e0);
				r11d = _t676;
				if (_t676 != 0) goto 0x80039ab0;
				if (r8d == 0x73) goto 0x80039c9d;
				r9d = r9d + 1;
				if (r9d != r13d) goto 0x80039a09;
				r8d = r12d;
				_t1062 = _t1061 << 2;
				 *(_t1041 + 0x140) = r12d;
				if (_t1062 == 0) goto 0x80039b70;
				if (_t1062 - 0xffffffff > 0) goto 0x80039b4f;
				E00000001180005560();
				goto 0x80039b69;
				E00000001180005C10(0x1cc, 0, _t1041 + 0x144, _t1041 + 0x4e4, 0xffffffff);
				E00000001180025224(0xffffffff);
				 *0xffffffff = 0x22;
				E00000001180015940();
				r12d =  *(_t1041 + 0x140);
				r13d =  *(_t1043 + 0x24);
				if (1 == 0) goto 0x80039c9d;
				r13d = r13d -  *(_t1043 + 0x30);
				 *(_t1043 + 0x24) = r13d;
				if (1 != 0) goto 0x800397ca;
				if (1 == 0) goto 0x80039c34;
				_t564 =  *0x40000180055784;
				if (_t564 == 0) goto 0x80039c9d;
				if (_t564 == 1) goto 0x80039c34;
				if (r12d == 0) goto 0x80039c34;
				r8d = r14d;
				r9d = r14d;
				r10d = _t564;
				r9d = r9d + 1;
				_t680 =  *(_t1041 + 0x600000144);
				 *(_t1041 + 0x600000144) = _t680;
				if (r9d != r12d) goto 0x80039bd5;
				if (r8d == 0) goto 0x80039c94;
				if ( *(_t1041 + 0x140) - 0x73 >= 0) goto 0x80039c9d;
				 *(_t1041 + 0x40000000000140) = r8d;
				r12d =  *(_t1041 + 0x140);
				r12d = r12d + 1;
				 *(_t1041 + 0x140) = r12d;
				_t1038 =  *((intOrPtr*)(_t1043 + 0x48));
				if (r15d == 0) goto 0x8003a13e;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				 *(_t1043 + 0x600000074) = r8d;
				if (r9d != r15d) goto 0x80039c4b;
				if (r8d == 0) goto 0x8003a13e;
				if ( *(_t1043 + 0x70) - 0x73 >= 0) goto 0x8003a119;
				 *(_t1043 + 0x40000000000070) = r8d;
				 *(_t1043 + 0x70) =  *(_t1043 + 0x70) + 1;
				goto 0x8003a13e;
				r12d =  *(_t1041 + 0x140);
				goto 0x80039c34;
				r12d = r14d;
				 *(_t1041 + 0x140) = r14d;
				goto 0x80039c34;
				_t681 =  ~_t680;
				 *(_t1043 + 0x30) = _t681;
				_t572 =  *(_t1043 + 0x70) * _t681 >> 0x20 >> 3;
				 *(_t1043 + 0x28) = _t572;
				r13d = _t572;
				 *(_t1043 + 0x24) = _t572;
				if (_t572 == 0) goto 0x8003a07f;
				_t574 =  >  ? 0x26 : r13d;
				 *(_t1043 + 0x34) =  >  ? 0x26 : r13d;
				_t941 = _t1038 << 2;
				 *(_t1041 + 0x310) = _t1038 + 0x4ffffffffffffb;
				E00000001180005C10(_t1038 + 0x4ffffffffffffb, 0, _t1041 + 0x314, 0x180000000, _t941);
				E00000001180005560();
				r10d =  *(_t1041 + 0x310);
				if (r10d - 1 > 0) goto 0x80039dee;
				_t579 =  *((intOrPtr*)(_t1041 + 0x314));
				if (_t579 != 0) goto 0x80039d6e;
				r15d = r14d;
				 *(_t1043 + 0x70) = r14d;
				goto 0x8003a051;
				if (_t579 == 1) goto 0x8003a051;
				if (r15d == 0) goto 0x8003a051;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x80039d89;
				if (r8d == 0) goto 0x80039de4;
				if ( *(_t1043 + 0x70) - 0x73 >= 0) goto 0x80039dd4;
				 *(_t1043 + 0x40000000000070) = r8d;
				r15d =  *(_t1043 + 0x70);
				r15d = r15d + 1;
				 *(_t1043 + 0x70) = r15d;
				goto 0x8003a051;
				r15d = r14d;
				 *(_t1043 + 0x70) = r14d;
				goto 0x8003a053;
				r15d =  *(_t1043 + 0x70);
				goto 0x8003a051;
				if (r15d - 1 > 0) goto 0x80039e98;
				_t637 =  *((intOrPtr*)(_t1043 + 0x74));
				r15d = r10d;
				 *(_t1043 + 0x70) = r10d;
				if (0xffffffff << 2 == 0) goto 0x80039e4c;
				if (0xffffffff << 2 - 0xffffffff > 0) goto 0x80039e2d;
				_t1019 = _t1041 + 0x314;
				E00000001180005560();
				goto 0x80039e47;
				E00000001180005C10(0x1cc, 0, _t1043 + 0x74, _t1019, 0xffffffff);
				E00000001180025224(0xffffffff);
				 *0xffffffff = 0x22;
				E00000001180015940();
				r15d =  *(_t1043 + 0x70);
				if (_t637 == 0) goto 0x80039d61;
				if (_t637 == 1) goto 0x8003a051;
				if (r15d == 0) goto 0x8003a051;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x80039e6f;
				goto 0x80039dad;
				 *(_t1041 + 0x4e0) = r14d;
				r13d = r15d;
				r13d =  <  ? r10d : r13d;
				_t980 =  >=  ? _t1043 + 0x74 : _t1041 + 0x314;
				_t1077 = _t1041 + 0x314;
				 *((long long*)(_t1043 + 0x50)) = _t980;
				r9d = r14d;
				_t1022 =  >=  ? _t1077 : _t1043 + 0x74;
				 *((long long*)(_t1043 + 0x38)) = _t1022;
				r10d =  !=  ? r15d : r10d;
				r15d = r14d;
				if (r13d == 0) goto 0x80039fff;
				_t771 =  *(_t980 + 0x3ffffffffffffc);
				if (_t771 != 0) goto 0x80039f16;
				if (r9d != r15d) goto 0x80039ff3;
				_t344 = _t1090 + 1; // 0x1
				r15d = _t344;
				 *(_t1041 + 0x400000000004e0) = r14d;
				 *(_t1041 + 0x4e0) = r15d;
				goto 0x80039ff3;
				r11d = r14d;
				r8d = r9d;
				if (r10d == 0) goto 0x80039fdf;
				if (r8d == 0x73) goto 0x80039f8d;
				if (r8d != r15d) goto 0x80039f4a;
				_t349 = _t1077 + 1; // 0x1
				 *(_t1041 + 0x4e4 + _t1034 * 4) = r14d;
				 *(_t1041 + 0x4e0) = _t349;
				r8d = r8d + 1;
				 *(_t1041 + 0x4e4 + _t1034 * 4) =  *(_t1022 + 0x3ffffffffffffc);
				r15d =  *(_t1041 + 0x4e0);
				if (_t1077 + _t941 == r10d) goto 0x80039f8d;
				_t1026 =  *((intOrPtr*)(_t1043 + 0x38));
				goto 0x80039f2a;
				if (r11d == 0) goto 0x80039fdf;
				if (r8d == 0x73) goto 0x8003a10a;
				if (r8d != r15d) goto 0x80039fb6;
				_t366 = _t1077 + 1; // 0x1
				 *(_t1041 + 0x4e4 + _t1026 * 4) = r14d;
				 *(_t1041 + 0x4e0) = _t366;
				r8d = r8d + 1;
				_t686 = r11d;
				 *(_t1041 + 0x4e4 + _t1026 * 4) = _t686;
				r15d =  *(_t1041 + 0x4e0);
				r11d = _t686;
				if (_t686 != 0) goto 0x80039f92;
				if (r8d == 0x73) goto 0x8003a10a;
				r9d = r9d + 1;
				if (r9d != r13d) goto 0x80039eeb;
				r8d = r15d;
				_t1078 = _t1077 << 2;
				 *(_t1043 + 0x70) = r15d;
				if (_t1078 == 0) goto 0x8003a04c;
				if (_t1078 - 0xffffffff > 0) goto 0x8003a02d;
				E00000001180005560();
				goto 0x8003a047;
				E00000001180005C10(0x1cc, 0, _t1043 + 0x74, _t1041 + 0x4e4, 0xffffffff);
				E00000001180025224(0xffffffff);
				 *0xffffffff = 0x22;
				E00000001180015940();
				r15d =  *(_t1043 + 0x70);
				r13d =  *(_t1043 + 0x24);
				if (1 == 0) goto 0x8003a10a;
				r13d = r13d -  *(_t1043 + 0x34);
				 *(_t1043 + 0x24) = r13d;
				if (1 != 0) goto 0x80039cd5;
				if (1 == 0) goto 0x80039c34;
				_t606 =  *0x40000180055784;
				if (_t606 == 0) goto 0x8003a10a;
				if (_t606 == 1) goto 0x80039c34;
				if (r15d == 0) goto 0x80039c34;
				r8d = r14d;
				r9d = r14d;
				r10d = _t606;
				r9d = r9d + 1;
				_t690 =  *(_t1043 + 0x600000074);
				 *(_t1043 + 0x600000074) = _t690;
				if (r9d != r15d) goto 0x8003a0b5;
				if (r8d == 0) goto 0x8003a100;
				if ( *(_t1043 + 0x70) - 0x73 >= 0) goto 0x8003a10a;
				 *(_t1043 + 0x40000000000070) = r8d;
				r15d =  *(_t1043 + 0x70);
				r15d = r15d + 1;
				 *(_t1043 + 0x70) = r15d;
				goto 0x80039c34;
				r15d =  *(_t1043 + 0x70);
				goto 0x80039c34;
				_t1040 =  *((intOrPtr*)(_t1043 + 0x48));
				 *(_t1043 + 0x70) = r14d;
				goto 0x8003a13e;
				r9d = 0;
				 *(_t1041 + 0x310) = r14d;
				 *(_t1043 + 0x70) = r14d;
				0x8002afe8();
				_t1030 = _t1041 + 0x140;
				0x8003a4d0();
				if ( *(_t1043 + 0x70) != 0xa) goto 0x8003a1ec;
				 *_t1040 = 0x31;
				if (r12d == 0) goto 0x8003a1fc;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				 *(_t1041 + 0x144 + _t1030 * 4) = r8d;
				if (r9d != r12d) goto 0x8003a174;
				if (r8d == 0) goto 0x8003a1fc;
				if ( *(_t1041 + 0x140) - 0x73 >= 0) goto 0x8003a1c1;
				 *(_t1041 + 0x40000000000140) = r8d;
				 *(_t1041 + 0x140) =  *(_t1041 + 0x140) + 1;
				goto 0x8003a1fc;
				r9d = 0;
				 *(_t1041 + 0x310) = r14d;
				 *(_t1041 + 0x140) = r14d;
				0x8002afe8();
				goto 0x8003a1fc;
				if ( *(_t1041 + 0x140) != 0) goto 0x8003a1f4;
				_t756 =  *(_t1043 + 0x20) + 1 - 1;
				goto 0x8003a1fc;
				_t944 = _t1040 + 1;
				 *_t1040 = 1;
				_t928 =  *((intOrPtr*)(_t1043 + 0x58));
				 *_t928 = _t756;
				if (_t756 < 0) goto 0x8003a214;
				if ( *((intOrPtr*)(_t1043 + 0x40)) - 0x7fffffff > 0) goto 0x8003a214;
				_t929 =  <  ?  *((intOrPtr*)(_t1043 + 0x60)) - 1 : _t928;
				_t1035 = _t929 + _t1040;
				if (_t944 == _t1035) goto 0x8003a31f;
				r15d = 9;
				_t772 = _t771 | 0xffffffff;
				r10d =  *(_t1043 + 0x70);
				if (r10d == 0) goto 0x8003a31f;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				 *(_t1043 + 0x74 + _t1030 * 4) = _t690;
				if (r9d != r10d) goto 0x8003a24d;
				if (r8d == 0) goto 0x8003a2b4;
				if ( *(_t1043 + 0x70) - 0x73 >= 0) goto 0x8003a28f;
				 *(_t1043 + 0x74 + _t929 * 4) = r8d;
				 *(_t1043 + 0x70) =  *(_t1043 + 0x70) + 1;
				goto 0x8003a2b4;
				r9d = 0;
				 *(_t1041 + 0x310) = r14d;
				 *(_t1043 + 0x70) = r14d;
				0x8002afe8();
				0x8003a4d0();
				r10d = _t756;
				_t1089 = _t929;
				r10d = r10d -  ~r9d;
				r9d = 8;
				r8b = r8b - _t1043 + 0x70 + _t1041 + 0x140 + _t1043 + 0x70 + _t1041 + 0x140;
				_t471 = _t1089 + 0x30; // 0x30
				r8d = 0xcccccccd * r8d >> 0x20 >> 3;
				if (r10d - r9d < 0) goto 0x8003a2fe;
				 *((char*)(_t929 + _t944)) = _t471;
				r9d = r9d + _t772;
				if (r9d != _t772) goto 0x8003a2d4;
				_t931 = _t1035 - _t944;
				_t932 =  >  ? _t1101 : _t931;
				_t945 = _t944 + ( >  ? _t1101 : _t931);
				if (_t945 != _t1035) goto 0x8003a239;
				 *_t945 = r14b;
				return E00000001180002630(r9d, _t471,  *(_t1041 + 0x6b0) ^ _t1043);
			}

0x1800391f8
0x1800391f8
0x1800391f8
0x180039205
0x18003920d
0x180039214
0x18003921e
0x180039231
0x180039236
0x18003923b
0x18003923f
0x180039245
0x18003924d
0x180039252
0x180039256
0x180039272
0x180039282
0x180039288
0x18003928b
0x18003928d
0x180039296
0x18003929b
0x1800392a0
0x1800392a4
0x1800392b3
0x1800392bb
0x1800392bf
0x1800392c7
0x1800392c9
0x1800392ce
0x1800392d0
0x1800392da
0x1800392e2
0x1800392ec
0x1800392f2
0x1800392fa
0x180039300
0x180039311
0x180039317
0x18003931a
0x18003931d
0x18003931f
0x180039325
0x18003932a
0x180039333
0x180039339
0x18003933c
0x180039340
0x180039344
0x180039348
0x18003934b
0x18003934f
0x180039354
0x180039357
0x18003935a
0x18003935e
0x180039363
0x180039366
0x18003936d
0x180039374
0x180039379
0x180039380
0x180039388
0x18003938e
0x180039397
0x18003939b
0x1800393a1
0x1800393a6
0x1800393b3
0x1800393b5
0x1800393ba
0x1800393bc
0x1800393c1
0x1800393c7
0x1800393d4
0x1800393d9
0x1800393de
0x1800393e4
0x1800393eb
0x1800393ed
0x1800393f1
0x1800393f9
0x1800393ff
0x180039407
0x180039410
0x180039414
0x180039419
0x18003941b
0x18003941e
0x180039423
0x180039429
0x180039430
0x180039437
0x180039441
0x18003944b
0x180039450
0x180039456
0x18003945b
0x180039464
0x18003946a
0x18003946d
0x180039471
0x180039479
0x18003947c
0x180039480
0x180039485
0x180039488
0x18003948b
0x18003948f
0x180039494
0x180039497
0x18003949e
0x1800394a5
0x1800394aa
0x1800394b1
0x1800394b9
0x1800394bf
0x1800394c8
0x1800394cc
0x1800394d2
0x1800394d7
0x1800394e4
0x1800394e6
0x1800394eb
0x1800394ed
0x1800394f2
0x1800394f8
0x180039505
0x18003950a
0x18003950f
0x180039515
0x18003951c
0x18003951e
0x180039522
0x18003952a
0x180039530
0x180039538
0x180039541
0x180039545
0x18003954a
0x18003954c
0x18003954f
0x180039554
0x18003955a
0x180039561
0x180039568
0x180039572
0x18003957c
0x180039584
0x18003958c
0x180039596
0x18003959c
0x1800395a4
0x1800395aa
0x1800395bb
0x1800395c1
0x1800395c4
0x1800395c7
0x1800395c9
0x1800395cc
0x1800395d1
0x1800395d5
0x1800395da
0x1800395e0
0x1800395e3
0x1800395e6
0x1800395e8
0x1800395ec
0x1800395ef
0x1800395f5
0x1800395f7
0x1800395fc
0x1800395fe
0x180039604
0x18003960b
0x18003961e
0x180039626
0x18003962c
0x180039641
0x180039649
0x180039655
0x180039659
0x18003965c
0x18003966e
0x180039675
0x180039675
0x180039679
0x18003967c
0x180039680
0x180039687
0x180039691
0x1800396a3
0x1800396a6
0x1800396b3
0x1800396b8
0x1800396c0
0x1800396c5
0x1800396ca
0x1800396ce
0x1800396d3
0x1800396d9
0x1800396dc
0x1800396e1
0x1800396e5
0x1800396e8
0x1800396ee
0x1800396f0
0x1800396f5
0x1800396f7
0x1800396fd
0x180039704
0x180039715
0x18003971d
0x180039723
0x180039732
0x180039739
0x180039741
0x18003974d
0x180039754
0x180039766
0x18003976d
0x180039777
0x18003977c
0x180039781
0x180039787
0x18003978c
0x180039793
0x18003979e
0x1800397af
0x1800397b2
0x1800397b6
0x1800397b9
0x1800397bf
0x1800397d0
0x1800397d3
0x1800397ed
0x180039800
0x180039806
0x180039836
0x18003983b
0x180039846
0x18003984c
0x180039854
0x180039856
0x180039859
0x180039860
0x180039868
0x180039871
0x180039877
0x18003987a
0x180039883
0x1800398a8
0x1800398ad
0x1800398b6
0x1800398be
0x1800398c6
0x1800398cd
0x1800398d0
0x1800398d7
0x1800398dc
0x1800398df
0x1800398e9
0x1800398ee
0x1800398f5
0x1800398fe
0x180039904
0x180039911
0x180039914
0x18003991e
0x18003992f
0x180039931
0x180039938
0x18003993d
0x180039944
0x180039949
0x18003994e
0x180039954
0x180039959
0x180039962
0x18003996b
0x180039974
0x18003997a
0x18003997d
0x180039986
0x1800399ab
0x1800399ad
0x1800399b5
0x1800399c3
0x1800399c6
0x1800399d1
0x1800399d5
0x1800399df
0x1800399eb
0x1800399ee
0x1800399f4
0x1800399f9
0x1800399fd
0x180039a03
0x180039a11
0x180039a16
0x180039a1c
0x180039a1c
0x180039a20
0x180039a28
0x180039a2f
0x180039a34
0x180039a37
0x180039a3d
0x180039a4c
0x180039a54
0x180039a56
0x180039a5a
0x180039a62
0x180039a6c
0x180039a8d
0x180039a94
0x180039aa2
0x180039aa4
0x180039aa9
0x180039aae
0x180039ab4
0x180039ac0
0x180039ac2
0x180039ac6
0x180039ace
0x180039adb
0x180039ade
0x180039ae4
0x180039aeb
0x180039af6
0x180039afb
0x180039b01
0x180039b11
0x180039b17
0x180039b1d
0x180039b20
0x180039b24
0x180039b2e
0x180039b3f
0x180039b48
0x180039b4d
0x180039b54
0x180039b59
0x180039b5e
0x180039b64
0x180039b69
0x180039b70
0x180039b79
0x180039b7f
0x180039b8b
0x180039b95
0x180039baa
0x180039bb3
0x180039bbc
0x180039bc5
0x180039bca
0x180039bcc
0x180039bcf
0x180039bd2
0x180039bd8
0x180039bde
0x180039bef
0x180039bfd
0x180039c02
0x180039c0f
0x180039c1b
0x180039c23
0x180039c2a
0x180039c2d
0x180039c34
0x180039c3f
0x180039c45
0x180039c48
0x180039c4e
0x180039c60
0x180039c6c
0x180039c71
0x180039c7c
0x180039c86
0x180039c8b
0x180039c8f
0x180039c94
0x180039c9b
0x180039c9d
0x180039ca0
0x180039ca7
0x180039ca9
0x180039cad
0x180039cba
0x180039cbd
0x180039cc1
0x180039cc4
0x180039cca
0x180039cdb
0x180039cde
0x180039cf8
0x180039d0b
0x180039d11
0x180039d41
0x180039d46
0x180039d51
0x180039d57
0x180039d5f
0x180039d61
0x180039d64
0x180039d69
0x180039d71
0x180039d7a
0x180039d80
0x180039d83
0x180039d8c
0x180039dab
0x180039db0
0x180039db7
0x180039dbd
0x180039dc2
0x180039dc7
0x180039dca
0x180039dcf
0x180039dd4
0x180039dd7
0x180039ddf
0x180039de4
0x180039de9
0x180039df2
0x180039df8
0x180039e03
0x180039e06
0x180039e0e
0x180039e1d
0x180039e1f
0x180039e26
0x180039e2b
0x180039e32
0x180039e37
0x180039e3c
0x180039e42
0x180039e47
0x180039e4e
0x180039e57
0x180039e60
0x180039e66
0x180039e69
0x180039e72
0x180039e91
0x180039e93
0x180039e9b
0x180039ea7
0x180039eaa
0x180039eb5
0x180039eb9
0x180039ec3
0x180039ecd
0x180039ed0
0x180039ed6
0x180039edb
0x180039edf
0x180039ee5
0x180039eee
0x180039ef3
0x180039ef8
0x180039efe
0x180039efe
0x180039f02
0x180039f0a
0x180039f11
0x180039f16
0x180039f19
0x180039f1f
0x180039f2e
0x180039f36
0x180039f38
0x180039f3c
0x180039f44
0x180039f4e
0x180039f6f
0x180039f76
0x180039f84
0x180039f86
0x180039f8b
0x180039f90
0x180039f96
0x180039fa2
0x180039fa4
0x180039fa8
0x180039fb0
0x180039fbd
0x180039fc0
0x180039fc6
0x180039fcd
0x180039fd8
0x180039fdd
0x180039fe3
0x180039ff3
0x180039ff9
0x180039fff
0x18003a002
0x18003a006
0x18003a00e
0x18003a01d
0x18003a026
0x18003a02b
0x18003a032
0x18003a037
0x18003a03c
0x18003a042
0x18003a047
0x18003a04c
0x18003a055
0x18003a05b
0x18003a067
0x18003a071
0x18003a086
0x18003a08f
0x18003a098
0x18003a09d
0x18003a0a6
0x18003a0ac
0x18003a0af
0x18003a0b2
0x18003a0b8
0x18003a0be
0x18003a0cc
0x18003a0d7
0x18003a0dc
0x18003a0e3
0x18003a0e9
0x18003a0ee
0x18003a0f3
0x18003a0f6
0x18003a0fb
0x18003a100
0x18003a105
0x18003a10a
0x18003a112
0x18003a117
0x18003a119
0x18003a11c
0x18003a12a
0x18003a139
0x18003a13e
0x18003a14a
0x18003a156
0x18003a15e
0x18003a168
0x18003a16e
0x18003a171
0x18003a177
0x18003a18c
0x18003a19b
0x18003a1a0
0x18003a1a9
0x18003a1b1
0x18003a1b9
0x18003a1bf
0x18003a1c1
0x18003a1c4
0x18003a1d2
0x18003a1e5
0x18003a1ea
0x18003a1ee
0x18003a1f0
0x18003a1f2
0x18003a1f6
0x18003a1fa
0x18003a1fc
0x18003a201
0x18003a209
0x18003a210
0x18003a21f
0x18003a223
0x18003a22a
0x18003a230
0x18003a236
0x18003a239
0x18003a241
0x18003a247
0x18003a24a
0x18003a250
0x18003a267
0x18003a272
0x18003a277
0x18003a27e
0x18003a284
0x18003a289
0x18003a28d
0x18003a28f
0x18003a292
0x18003a2a0
0x18003a2af
0x18003a2c0
0x18003a2c5
0x18003a2c8
0x18003a2cb
0x18003a2ce
0x18003a2e9
0x18003a2ec
0x18003a2f0
0x18003a2f6
0x18003a2fb
0x18003a2fe
0x18003a304
0x18003a309
0x18003a30f
0x18003a313
0x18003a319
0x18003a31f
0x18003a344

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180039787

Strings

s, xrefs: 000000018003A279

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: s
API String ID: 3215553584-453955339
Opcode ID: f0add5323d83b33d0e830ab169d3c3028a80d3d4925b945365f2973b8b53d94c
Instruction ID: e80fe578c6d6c182609dd6c754862b7f166ffe2ad7f4c86c2c86c3982804d22c
Opcode Fuzzy Hash: f0add5323d83b33d0e830ab169d3c3028a80d3d4925b945365f2973b8b53d94c
Instruction Fuzzy Hash: BBA2D0B26152C88BEBB7CE69E5407DA77D5F3887C8F119215EB0657B94DB38CB488B00

Uniqueness

Uniqueness Score: -1.00%

Function 00C43BE8 Relevance: 10.9, Strings: 8, Instructions: 895COMMON

Download Yara Rule

Strings

@, xrefs: 00C43F3F
K, xrefs: 00C443B5
KI@l, xrefs: 00C440D8
Hp, xrefs: 00C440E6
~JO, xrefs: 00C43CC5
%wk, xrefs: 00C44571
^e?u, xrefs: 00C43EAF
]I, xrefs: 00C43E1A

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: %wk$@$Hp$KI@l$]I$^e?u$~JO$K
API String ID: 0-1942796489
Opcode ID: 0db96a3033a52dec7f41ba08dcaea74adbed8d76393b2956a65234561adab349
Instruction ID: 1ba0f3a81f862c9c1938638b6a951d5160bd88884a7d78e86c65fdcb38f1fd50
Opcode Fuzzy Hash: 0db96a3033a52dec7f41ba08dcaea74adbed8d76393b2956a65234561adab349
Instruction Fuzzy Hash: B592E871904B888FEB58DF28C98A49E7BF2FB94744F20461DF96A87260D774D845CF82

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180034BB8 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E00000001180034BB8(void* __ecx, void* __edx, long long __rbx, intOrPtr* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, void* __r8, signed int __r9) {
				intOrPtr _t37;
				intOrPtr _t49;
				void* _t50;
				void* _t87;
				intOrPtr* _t88;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t114;
				intOrPtr* _t118;
				long long _t121;
				void* _t122;
				void* _t124;
				signed long long _t137;
				void* _t138;
				void* _t139;
				int _t141;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t145;

				_t110 = __rdx;
				_t50 = __ecx;
				_t87 = _t124;
				 *((long long*)(_t87 + 8)) = __rbx;
				 *((long long*)(_t87 + 0x10)) = _t121;
				 *((long long*)(_t87 + 0x18)) = __rsi;
				 *((long long*)(_t87 + 0x20)) = __rdi;
				_push(_t139);
				_t122 = __r8;
				_t142 = __rdx;
				_t118 = __rcx;
				E00000001180025B68(_t87, __rbx, __rdx, __rcx, _t144);
				r12d = 0;
				_t5 = _t87 + 0x98; // 0x98
				_t93 = _t5;
				_t88 = _t118 + 0x80;
				 *((intOrPtr*)(_t93 + 0x10)) = r12d;
				_t8 = _t93 + 0x258; // 0x2f0
				_t145 = _t8;
				 *_t93 = _t118;
				_t9 = _t93 + 8; // 0xa0
				_t114 = _t9;
				 *_t145 = r12w;
				 *_t114 = _t88;
				if ( *_t88 == r12w) goto 0x80034c2d;
				_t10 = _t139 + 0x16; // 0x16
				E00000001180034B1C(_t10, _t93, 0x80050f10, _t114, _t118, _t114);
				if ( *((intOrPtr*)( *_t93)) == r12w) goto 0x80034c83;
				if ( *((intOrPtr*)( *_t114)) == r12w) goto 0x80034c46;
				E00000001180034404(_t93, _t93, _t114, __r9);
				goto 0x80034c4b;
				E000000011800344D4(_t93, _t93, _t114, __r9);
				if ( *((intOrPtr*)(_t93 + 0x10)) != r12d) goto 0x80034c92;
				if (E00000001180034B1C(0x40, _t93, 0x80050af0, _t114, _t118, _t93) == 0) goto 0x80034c88;
				_t90 =  *_t114;
				if ( *_t90 == r12w) goto 0x80034c7c;
				E00000001180034404(_t93, _t93, _t93, __r9);
				goto 0x80034c88;
				E000000011800344D4(_t93, _t93, _t93, __r9);
				goto 0x80034c88;
				E0000000118003435C(_t50,  *_t90 - r12w, _t93, _t93, _t110, _t93, __r9);
				if ( *((intOrPtr*)(_t93 + 0x10)) == r12d) goto 0x80034de5;
				if ( *_t118 != r12w) goto 0x80034cad;
				if ( *((intOrPtr*)(_t118 + 0x100)) != r12w) goto 0x80034cad;
				GetACP();
				goto 0x80034cb5;
				_t37 = E00000001180034974(_t93, _t118 + 0x100, _t93, _t118);
				_t49 = _t37;
				if (_t37 == 0) goto 0x80034de5;
				if (_t37 == 0xfde8) goto 0x80034de5;
				if (IsValidCodePage(_t141) == 0) goto 0x80034de5;
				if (_t142 == 0) goto 0x80034ce3;
				 *_t142 = _t49;
				if (_t122 == 0) goto 0x80034dde;
				_t119 = _t122 + 0x120;
				 *((intOrPtr*)(_t122 + 0x120)) = r12w;
				_t137 = (__r9 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t145 + _t137 * 2)) != r12w) goto 0x80034cfb;
				_t138 = _t137 + 1;
				if (E00000001180034204(_t90, _t93, _t122 + 0x120, _t93, _t145, _t138) != 0) goto 0x80034e06;
				_t17 = _t90 + 0x40; // 0x40
				r9d = _t17;
				if (E0000000118002D3CC(0x1001, E00000001180034204(_t90, _t93, _t122 + 0x120, _t93, _t145, _t138), _t90, _t93, _t122 + 0x120, _t122 + 0x120, _t122, _t122) == 0) goto 0x80034de5;
				r9d = 0x40;
				if (E0000000118002D3CC(0x1002, E0000000118002D3CC(0x1001, E00000001180034204(_t90, _t93, _t122 + 0x120, _t93, _t145, _t138), _t90, _t93, _t122 + 0x120, _t122 + 0x120, _t122, _t122), _t90, _t93, _t122 + 0x120, _t119, _t122, _t122 + 0x80) == 0) goto 0x80034de5;
				E000000011800428E8(0x5f, _t122 + 0x80, _t138);
				if (_t90 != 0) goto 0x80034d83;
				_t19 = _t90 + 0x2e; // 0x2e
				E000000011800428E8(_t19, _t122 + 0x80, _t138);
				if (_t90 == 0) goto 0x80034d9c;
				r9d = 0x40;
				_t20 = _t138 - 0x39; // 0x7
				if (E0000000118002D3CC(_t20, _t90, _t90, _t93, _t119, _t119, _t122, _t122 + 0x80) == 0) goto 0x80034de5;
				if (_t49 != 0xfde9) goto 0x80034dca;
				r9d = 5;
				if (E00000001180034204(_t122 + 0x100, _t93, _t122 + 0x100, _t93, L"utf8", _t138) != 0) goto 0x80034e06;
				goto 0x80034dde;
				r9d = 0xa;
				_t23 = _t138 + 6; // 0x46
				r8d = _t23;
				E0000000118003DA20(_t49);
				goto 0x80034de7;
				return 0;
			}

0x180034bb8
0x180034bb8
0x180034bb8
0x180034bbb
0x180034bbf
0x180034bc3
0x180034bc7
0x180034bcb
0x180034bd5
0x180034bd8
0x180034bdb
0x180034bde
0x180034be3
0x180034be9
0x180034be9
0x180034bf0
0x180034bf7
0x180034bfb
0x180034bfb
0x180034c02
0x180034c05
0x180034c05
0x180034c09
0x180034c0d
0x180034c14
0x180034c19
0x180034c25
0x180034c34
0x180034c3d
0x180034c3f
0x180034c44
0x180034c46
0x180034c4f
0x180034c67
0x180034c69
0x180034c73
0x180034c75
0x180034c7a
0x180034c7c
0x180034c81
0x180034c83
0x180034c8c
0x180034c9d
0x180034ca3
0x180034ca5
0x180034cab
0x180034cb0
0x180034cb5
0x180034cb9
0x180034cc4
0x180034cd5
0x180034cde
0x180034ce0
0x180034ce6
0x180034cec
0x180034cf7
0x180034cfb
0x180034d03
0x180034d05
0x180034d1a
0x180034d20
0x180034d20
0x180034d36
0x180034d43
0x180034d5b
0x180034d69
0x180034d71
0x180034d73
0x180034d79
0x180034d81
0x180034d83
0x180034d8f
0x180034d9a
0x180034da9
0x180034dab
0x180034dc6
0x180034dc8
0x180034dca
0x180034dd5
0x180034dd5
0x180034dd9
0x180034de3
0x180034e05

APIs

Part of subcall function 0000000180025B68: GetLastError.KERNEL32 ref: 0000000180025B77
Part of subcall function 0000000180025B68: SetLastError.KERNEL32 ref: 0000000180025C15

TranslateName.LIBCMT ref: 0000000180034C25
TranslateName.LIBCMT ref: 0000000180034C60
GetACP.KERNEL32(?,?,?,00000000,00000092,0000000180026BC4), ref: 0000000180034CA5
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,0000000180026BC4), ref: 0000000180034CCD

Strings

utf8, xrefs: 0000000180034DB1

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValid
String ID: utf8
API String ID: 2136749100-905460609
Opcode ID: 440409529d28638b00c03fbfbcb40841af7e47dd8188cdf77043c84a51a0a29f
Instruction ID: 3c1b9e4bdc2c32d0cfe3d519404145512e4624dbf9ee28430fc6316065a7ff1d
Opcode Fuzzy Hash: 440409529d28638b00c03fbfbcb40841af7e47dd8188cdf77043c84a51a0a29f
Instruction Fuzzy Hash: A891783320074886EBE79B61D4513EA23A4F788BC4F46C121AA494FB96DF78EA59C741

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800356BC Relevance: 10.7, APIs: 7, Instructions: 171
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E000000011800356BC(void* __ecx, void* __edx, long long __rcx, intOrPtr* __rdx, void* __r8, void* __r9) {
				signed int _v72;
				int _v80;
				int _v84;
				signed int _v88;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				int _t60;
				intOrPtr _t61;
				void* _t73;
				intOrPtr _t82;
				intOrPtr _t84;
				void* _t90;
				signed long long _t116;
				signed long long _t117;
				intOrPtr* _t118;
				intOrPtr* _t119;
				intOrPtr* _t120;
				intOrPtr* _t121;
				intOrPtr* _t122;
				void* _t125;
				intOrPtr* _t126;
				signed long long _t134;
				signed long long _t136;
				void* _t147;
				void* _t148;
				signed long long _t149;
				void* _t151;
				void* _t159;
				long long _t160;
				intOrPtr* _t162;

				_t159 = __r9;
				_t141 = __rdx;
				_t73 = __ecx;
				_t116 =  *0x80098010; // 0x6aeceb4fd839
				_t117 = _t116 ^ _t151 - 0x00000040;
				_v72 = _t117;
				_t147 = __r8;
				_t162 = __rdx;
				_t160 = __rcx;
				E00000001180025B68(_t117, _t125, __rdx, _t148);
				_t149 = _t117;
				_v88 = _t117;
				_v80 = 0;
				E00000001180025B68(_t117, _t125, _t141, _t149);
				r12d = 0;
				_t5 = _t149 + 0xa0; // 0xa0
				_t126 = _t5;
				 *((long long*)(_t117 + 0x3a0)) =  &_v88;
				_t118 = _t160 + 0x80;
				 *((long long*)(_t149 + 0x98)) = _t160;
				 *_t126 = _t118;
				if (_t118 == 0) goto 0x80035743;
				if ( *_t118 == r12w) goto 0x80035743;
				_t82 =  *0x80051080; // 0x17
				E0000000118003563C(_t82 - 1, _t126, 0x80050f10, _t149, _t151, _t126);
				_v88 = r12d;
				_t119 =  *((intOrPtr*)(_t149 + 0x98));
				if (_t119 == 0) goto 0x800357cc;
				if ( *_t119 == r12w) goto 0x800357cc;
				_t120 =  *_t126;
				if (_t120 == 0) goto 0x80035772;
				if ( *_t120 == r12w) goto 0x80035772;
				E00000001180034F88(_t73, _t82 - 1, _t120, _t126,  &_v88, _t141, _t126);
				goto 0x8003577b;
				E00000001180035058(_t73, _t82 - 1, _t120, _t126,  &_v88, _t141, _t126);
				if (_v88 != r12d) goto 0x80035842;
				_t84 =  *0x80050f00; // 0x41
				_t14 = _t149 + 0x98; // 0x98
				if (E0000000118003563C(_t84 - 1, _t126, 0x80050af0, _t149, _t151, _t14) == 0) goto 0x80035838;
				_t121 =  *_t126;
				if (_t121 == 0) goto 0x800357c1;
				if ( *_t121 == r12w) goto 0x800357c1;
				E00000001180034F88(_t73, _t84 - 1, _t121, _t126,  &_v88, _t141, _t14);
				goto 0x80035838;
				_t134 =  &_v88;
				E00000001180035058(_t73, _t84 - 1, _t121, _t126, _t134, _t141, _t14);
				goto 0x80035838;
				_t122 =  *_t126;
				if (_t122 == 0) goto 0x80035825;
				if ( *_t122 == r12w) goto 0x80035825;
				E00000001180025B68(_t122, _t126, _t141, _t149);
				_t136 = (_t134 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t122 + 0xa0)) + _t136 * 2)) != r12w) goto 0x800357ed;
				 *(_t122 + 0xb4) = r12d & 0xffffff00 | _t136 == 0x00000003;
				EnumSystemLocalesW(??, ??);
				if ((_v88 & 0x00000004) != 0) goto 0x80035838;
				_v88 = r12d;
				goto 0x80035838;
				_v88 = 0x104;
				_t60 = GetUserDefaultLCID();
				_v80 = _t60;
				_v84 = _t60;
				if (_v88 == r12d) goto 0x8003591d;
				asm("dec eax");
				_t61 = E000000011800354BC(_t126, 0x180034e1c & _t160 + 0x00000100,  &_v88, _t149);
				if (_t61 == 0) goto 0x8003591d;
				if (IsValidCodePage(??) == 0) goto 0x8003591d;
				if (IsValidLocale(??, ??) == 0) goto 0x8003591d;
				if (_t162 == 0) goto 0x80035894;
				 *_t162 = _t61;
				_t36 = _t149 + 0x2f0; // 0x2f0
				r9d = 0;
				_t37 = _t159 + 0x55; // 0x55
				_t90 = _t37;
				r8d = _t90;
				E0000000118002D6B8(_v84, _t162, _t160 + 0x100, _t126, _t36, _t149, _t151);
				if (_t147 == 0) goto 0x80035916;
				r9d = 0;
				r8d = _t90;
				E0000000118002D6B8(_v84, _t147, _t160 + 0x100, _t126, _t147 + 0x120, _t149, _t151);
				r9d = 0x40;
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x8003591d;
				r9d = 0x40;
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x8003591d;
				_t44 = _t149 - 0x36; // 0xa
				r9d = _t44;
				_t45 = _t149 - 0x30; // 0x10
				r8d = _t45;
				E0000000118003DA20(_t61);
				goto 0x8003591f;
				return E00000001180002630(0, _t61, _v72 ^ _t151 - 0x00000040);
			}

0x1800356bc
0x1800356bc
0x1800356bc
0x1800356ce
0x1800356d5
0x1800356d8
0x1800356dc
0x1800356df
0x1800356e2
0x1800356e5
0x1800356ea
0x1800356ef
0x1800356f3
0x1800356f6
0x1800356ff
0x180035702
0x180035702
0x180035709
0x180035710
0x180035717
0x18003571e
0x180035724
0x18003572a
0x18003572c
0x18003573e
0x180035743
0x180035747
0x180035751
0x180035757
0x180035759
0x18003575f
0x180035765
0x18003576b
0x180035770
0x180035776
0x18003577f
0x180035785
0x18003578b
0x1800357a2
0x1800357a8
0x1800357ae
0x1800357b4
0x1800357ba
0x1800357bf
0x1800357c1
0x1800357c5
0x1800357ca
0x1800357cc
0x1800357d2
0x1800357d8
0x1800357da
0x1800357ed
0x1800357f5
0x180035808
0x180035813
0x18003581d
0x18003581f
0x180035823
0x180035825
0x18003582c
0x180035832
0x180035835
0x18003583c
0x180035850
0x180035856
0x18003585f
0x180035870
0x180035886
0x18003588f
0x180035891
0x180035897
0x18003589e
0x1800358a1
0x1800358a1
0x1800358a5
0x1800358a8
0x1800358b0
0x1800358bc
0x1800358bf
0x1800358c2
0x1800358cf
0x1800358e2
0x1800358ee
0x1800358fe
0x180035909
0x180035909
0x18003590d
0x18003590d
0x180035911
0x18003591b
0x180035939

APIs

Part of subcall function 0000000180025B68: GetLastError.KERNEL32 ref: 0000000180025B77
Part of subcall function 0000000180025B68: SetLastError.KERNEL32 ref: 0000000180025C15

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,0000000180026BBD), ref: 0000000180035813
GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 000000018003582C
ProcessCodePage.LIBCMT ref: 0000000180035856
IsValidCodePage.KERNEL32 ref: 0000000180035868
IsValidLocale.KERNEL32 ref: 000000018003587E
GetLocaleInfoW.KERNEL32 ref: 00000001800358DA
GetLocaleInfoW.KERNEL32 ref: 00000001800358F6

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 3939093798-0
Opcode ID: bf9eddf0001c6e3b2dafd5e0eae01a950324976332fd2ce05ca1f8a85cb59dd3
Instruction ID: 7142a3fea5f608320bc1218768d47fedd76da48c4fe79bb1456936ca1dfbe8dc
Opcode Fuzzy Hash: bf9eddf0001c6e3b2dafd5e0eae01a950324976332fd2ce05ca1f8a85cb59dd3
Instruction Fuzzy Hash: DB71AC32700B1889FB939B60D4407EE33A0BB4CB89F468426AE99576E5EF38C749C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180003460 Relevance: 10.6, APIs: 7, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00000001180003460(signed int __ecx, void* __rax, long long __rbx) {
				void* _t35;
				void* _t36;
				int _t38;
				void* _t58;
				void* _t76;
				long _t79;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t85;

				_t58 = __rax;
				 *((long long*)(_t82 + 8)) = __rbx;
				_t80 = _t82 - 0x4c0;
				_t83 = _t82 - 0x5c0;
				if (IsProcessorFeaturePresent(_t79) == 0) goto 0x8000348a;
				asm("int 0x29");
				_t35 = E00000001180003458(_t34);
				r8d = 0x4d0;
				_t36 = E00000001180005C10(_t35, 0, _t80 - 0x10, _t76, _t85);
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t58 == 0) goto 0x8000350a;
				 *(_t83 + 0x38) =  *(_t83 + 0x38) & 0x00000000;
				 *((long long*)(_t83 + 0x30)) = _t80 + 0x4e0;
				 *((long long*)(_t83 + 0x28)) = _t80 + 0x4e8;
				 *((long long*)(_t83 + 0x20)) = _t80 - 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t80 + 0xe8)) =  *((intOrPtr*)(_t80 + 0x4c8));
				r8d = 0x98;
				 *((long long*)(_t80 + 0x88)) = _t80 + 0x4d0;
				E00000001180005C10(_t36, 0, _t83 + 0x50,  *((intOrPtr*)(_t80 + 0x4d8)),  *((intOrPtr*)(_t80 + 0xe8)));
				 *((long long*)(_t83 + 0x60)) =  *((intOrPtr*)(_t80 + 0x4c8));
				 *((intOrPtr*)(_t83 + 0x50)) = 0x40000015;
				 *((intOrPtr*)(_t83 + 0x54)) = 1;
				_t38 = IsDebuggerPresent();
				 *((long long*)(_t83 + 0x40)) = _t83 + 0x50;
				 *((long long*)(_t83 + 0x48)) = _t80 - 0x10;
				SetUnhandledExceptionFilter(??);
				if (UnhandledExceptionFilter(??) != 0) goto 0x8000359a;
				if ((__ecx & 0xffffff00 | _t38 == 0x00000001) != 0) goto 0x8000359a;
				return E00000001180003458(_t40);
			}

0x180003460
0x180003460
0x180003466
0x18000346e
0x180003484
0x180003488
0x18000348f
0x18000349a
0x1800034a0
0x1800034a9
0x1800034c0
0x1800034c3
0x1800034cc
0x1800034ce
0x1800034e5
0x1800034f4
0x1800034fd
0x180003504
0x180003516
0x180003526
0x180003530
0x180003537
0x180003543
0x180003548
0x180003550
0x180003558
0x180003566
0x180003572
0x180003579
0x18000358c
0x180003590
0x1800035aa

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 000000018000347C
RtlCaptureContext.KERNEL32 ref: 00000001800034A9
RtlLookupFunctionEntry.KERNEL32 ref: 00000001800034C3
RtlVirtualUnwind.KERNEL32 ref: 0000000180003504
IsDebuggerPresent.KERNEL32 ref: 0000000180003558
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000180003579
UnhandledExceptionFilter.KERNEL32 ref: 0000000180003584

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 7fc5dd9757b432d8b4963fee5a5369d10e148f2188ed5273a0988622e6a7ea92
Instruction ID: 11cbba65b94737df8d8573042c68236ac086763058f6d4dc9e1168d5b4f35abc
Opcode Fuzzy Hash: 7fc5dd9757b432d8b4963fee5a5369d10e148f2188ed5273a0988622e6a7ea92
Instruction Fuzzy Hash: 07315E72204F848AEBA1CF61E8807ED7364F789788F44842AEA8D47B95DF38C64CC714

Uniqueness

Uniqueness Score: -1.00%

Function 00C52780 Relevance: 9.3, Strings: 7, Instructions: 537COMMON

Download Yara Rule

Strings

y, xrefs: 00C52C97
k, xrefs: 00C5303C
G(, xrefs: 00C52F52
7', xrefs: 00C52DC7
o7=/, xrefs: 00C52D35
D, xrefs: 00C52E27
Z<, xrefs: 00C52E02

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: k$7'$D$G($Z<$o7=/$y
API String ID: 0-1865188920
Opcode ID: d517ad9a530fb802bb13479e859ccf9692cae92b90ad32258a35f0c9934de413
Instruction ID: 195cb7f0031b4dd587170210a81ce5827503529b45f49b8c24fae4f8cc438677
Opcode Fuzzy Hash: d517ad9a530fb802bb13479e859ccf9692cae92b90ad32258a35f0c9934de413
Instruction Fuzzy Hash: 1A32FE716087848FD758CFA9C58A51BFBE1FB88704F108A1DE896872A0D7F8D949CF46

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800156F8 Relevance: 9.1, APIs: 6, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E000000011800156F8(void* __ecx, intOrPtr __edx, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* _t36;
				void* _t37;
				void* _t38;
				int _t40;
				signed long long _t62;
				long long _t65;
				_Unknown_base(*)()* _t85;
				void* _t89;
				void* _t90;
				void* _t92;
				signed long long _t93;
				struct _EXCEPTION_POINTERS* _t99;

				 *((long long*)(_t92 + 0x10)) = __rbx;
				 *((long long*)(_t92 + 0x18)) = __rsi;
				_t90 = _t92 - 0x4f0;
				_t93 = _t92 - 0x5f0;
				_t62 =  *0x80098010; // 0x6aeceb4fd839
				 *(_t90 + 0x4e0) = _t62 ^ _t93;
				if (__ecx == 0xffffffff) goto 0x80015737;
				_t37 = E00000001180003458(_t36);
				r8d = 0x98;
				_t38 = E00000001180005C10(_t37, 0, _t93 + 0x70, __rdx, __r8);
				r8d = 0x4d0;
				E00000001180005C10(_t38, 0, _t90 + 0x10, __rdx, __r8);
				 *((long long*)(_t93 + 0x48)) = _t93 + 0x70;
				_t65 = _t90 + 0x10;
				 *((long long*)(_t93 + 0x50)) = _t65;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t65 == 0) goto 0x800157ca;
				 *(_t93 + 0x38) =  *(_t93 + 0x38) & 0x00000000;
				 *((long long*)(_t93 + 0x30)) = _t93 + 0x58;
				 *((long long*)(_t93 + 0x28)) = _t93 + 0x60;
				 *((long long*)(_t93 + 0x20)) = _t90 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t90 + 0x108)) =  *((intOrPtr*)(_t90 + 0x508));
				 *((intOrPtr*)(_t93 + 0x70)) = __edx;
				 *((long long*)(_t90 + 0xa8)) = _t90 + 0x510;
				 *((long long*)(_t90 - 0x80)) =  *((intOrPtr*)(_t90 + 0x508));
				 *((intOrPtr*)(_t93 + 0x74)) = r8d;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t85, _t89);
				if (UnhandledExceptionFilter(_t99) != 0) goto 0x8001582c;
				if (_t40 != 0) goto 0x8001582c;
				if (__ecx == 0xffffffff) goto 0x8001582c;
				return E00000001180002630(E00000001180003458(_t42), __ecx,  *(_t90 + 0x4e0) ^ _t93);
			}

0x1800156f8
0x1800156fd
0x180015706
0x18001570e
0x180015715
0x18001571f
0x180015730
0x180015732
0x18001573e
0x180015744
0x18001574f
0x180015755
0x18001575f
0x180015768
0x18001576c
0x180015771
0x180015786
0x180015789
0x180015792
0x180015794
0x1800157a7
0x1800157b4
0x1800157bd
0x1800157c4
0x1800157d1
0x1800157e3
0x1800157e7
0x1800157f5
0x1800157f9
0x1800157fd
0x180015807
0x18001581a
0x18001581e
0x180015823
0x180015852

APIs

RtlCaptureContext.KERNEL32 ref: 0000000180015771
RtlLookupFunctionEntry.KERNEL32 ref: 0000000180015789
RtlVirtualUnwind.KERNEL32 ref: 00000001800157C4
IsDebuggerPresent.KERNEL32 ref: 00000001800157FD
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000180015807
UnhandledExceptionFilter.KERNEL32 ref: 0000000180015812

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ece6d869d9deafd81f9def1decb0bc76ed6a26b253409cf14fb92af0296d1011
Instruction ID: 1e58ff558a753dfd143f1ef06c0e7f9bd0f158f2fb1577651b8e83fb77a5b539
Opcode Fuzzy Hash: ece6d869d9deafd81f9def1decb0bc76ed6a26b253409cf14fb92af0296d1011
Instruction Fuzzy Hash: BF316E36214F8486EBA1CF25E8407DE73A4F78D798F504115EA9D47BA9DF38C249CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002972C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 119
fileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E0000000118002972C(long long __rbx, void* __rcx, signed short* __rdx, intOrPtr* __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				void* _t32;
				signed int _t36;
				void* _t42;
				void* _t45;
				void* _t49;
				signed long long _t59;
				void* _t61;
				signed short* _t77;
				void* _t87;
				void* _t89;
				signed long long _t92;
				void* _t94;
				void* _t97;
				signed long long _t98;
				union _FINDEX_INFO_LEVELS _t108;
				WCHAR* _t111;

				 *((long long*)(_t97 + 0x20)) = __rbx;
				_t98 = _t97 - 0x290;
				_t59 =  *0x80098010; // 0x6aeceb4fd839
				 *(_t98 + 0x280) = _t59 ^ _t98;
				if (__rdx == __rcx) goto 0x80029785;
				_t45 = ( *__rdx & 0x0000ffff) - 0x2f - 0x2d;
				if (_t45 > 0) goto 0x8002977c;
				asm("dec ecx");
				if (_t45 < 0) goto 0x80029785;
				_t77 = __rdx - 2;
				if (_t77 != __rcx) goto 0x80029766;
				_t36 =  *_t77 & 0x0000ffff;
				if (_t36 != 0x3a) goto 0x800297ac;
				_t61 = __rcx + 2;
				if (_t77 == _t61) goto 0x800297ac;
				r8d = 0;
				E00000001180029290(__rbx, __rcx, _t77, _t89, 0x801, __r8);
				goto 0x800298a0;
				_t49 = _t36 - 0x2f - 0x2d;
				if (_t49 > 0) goto 0x800297c3;
				asm("dec ecx");
				if (_t49 < 0) goto 0x800297c6;
				 *((intOrPtr*)(_t98 + 0x28)) = 0;
				 *(_t98 + 0x20) = _t87;
				asm("dec ebp");
				r9d = 0;
				FindFirstFileExW(_t111, _t108, _t87);
				if (_t61 != 0xffffffff) goto 0x80029813;
				r8d = 0;
				_t42 = E00000001180029290(_t61, __rcx, (_t77 - __rcx >> 1) + 1, _t89, _t98 + 0x30, __r8);
				goto 0x8002989e;
				_t92 =  *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3;
				if ( *((short*)(_t98 + 0x5c)) != 0x2e) goto 0x8002983c;
				if ( *((intOrPtr*)(_t98 + 0x5e)) == _t42) goto 0x80029853;
				if ( *((short*)(_t98 + 0x5e)) != 0x2e) goto 0x8002983c;
				if ( *((intOrPtr*)(_t98 + 0x60)) == _t42) goto 0x80029853;
				if (E00000001180029290(_t61, _t98 + 0x5c, __rcx, _t92, _t111 & (_t77 - __rcx >> 0x00000001) + 0x00000001, __r8) != 0) goto 0x80029893;
				if (FindNextFileW(_t89) != 0) goto 0x8002981e;
				if (_t92 ==  *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3) goto 0x80029895;
				r8d = 8;
				_t32 = E00000001180035AA0(_t61,  *__r8 + _t92 * 8, ( *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3) - _t92, _t87, _t92, __rcx, _t111 & (_t77 - __rcx >> 0x00000001) + 0x00000001, 0x180028510, _t111 & (_t77 - __rcx >> 0x00000001) + 0x00000001);
				goto 0x80029895;
				FindClose(_t94);
				return E00000001180002630(_t32, _t36 - 0x2f,  *(_t98 + 0x280) ^ _t98);
			}

0x18002972c
0x180029738
0x18002973f
0x180029749
0x180029764
0x18002976d
0x180029771
0x180029776
0x18002977a
0x18002977c
0x180029783
0x180029785
0x18002978c
0x18002978e
0x180029795
0x18002979a
0x1800297a2
0x1800297a7
0x1800297b2
0x1800297b6
0x1800297bb
0x1800297c1
0x1800297c9
0x1800297d8
0x1800297e2
0x1800297e5
0x1800297ed
0x1800297fa
0x1800297ff
0x18002980c
0x18002980e
0x18002981a
0x180029824
0x18002982b
0x180029833
0x18002983a
0x180029851
0x180029863
0x180029876
0x180029886
0x18002988c
0x180029891
0x180029898
0x1800298c6

APIs

FindFirstFileExW.KERNEL32 ref: 00000001800297ED
FindNextFileW.KERNEL32 ref: 000000018002985B
FindClose.KERNEL32 ref: 0000000180029898

Strings

., xrefs: 000000018002982D
., xrefs: 000000018002981E

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID: .$.
API String ID: 3541575487-3769392785
Opcode ID: 67ef11076812a7bb460d4ed2686c2ae25d3571036cc8b8aafd9d7fb5ad708c30
Instruction ID: 42f3888310520c4ee444487fc8282c4bbfd0b73a00b559ecf8630b4863248461
Opcode Fuzzy Hash: 67ef11076812a7bb460d4ed2686c2ae25d3571036cc8b8aafd9d7fb5ad708c30
Instruction Fuzzy Hash: 9A41E57261659844FAE39FE294047EAB391E389BE4F49C122BE4947784DE78C64D8300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180037854 Relevance: 7.8, APIs: 5, Instructions: 321
fileCOMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E00000001180037854(void* __eax, signed int __edx, void* __esi, void* __eflags, long long __rbx, long long __rcx, void* __rdx, signed char* __r8, void* __r10) {
				void* __rsi;
				void* __rbp;
				char _t158;
				char _t164;
				char _t169;
				int _t170;
				int _t172;
				intOrPtr _t178;
				void* _t184;
				signed char _t185;
				intOrPtr _t193;
				signed long long _t235;
				signed long long _t241;
				long long _t245;
				void* _t246;
				intOrPtr _t260;
				signed long long _t268;
				long long _t281;
				intOrPtr _t287;
				void* _t288;
				void* _t292;
				void* _t295;
				char _t298;
				void* _t300;
				long _t304;
				void* _t306;
				DWORD* _t309;
				void* _t310;
				void* _t312;
				signed long long _t313;
				void* _t321;
				intOrPtr _t322;
				long long _t329;
				void* _t331;
				signed long long _t333;
				void* _t335;
				long long _t336;
				intOrPtr _t337;
				void* _t339;
				signed long long _t340;
				long long _t342;
				long long _t344;

				 *((long long*)(_t312 + 8)) = __rbx;
				_t310 = _t312 - 0x27;
				_t313 = _t312 - 0x100;
				_t235 =  *0x80098010; // 0x6aeceb4fd839
				 *(_t310 + 0x1f) = _t235 ^ _t313;
				 *((long long*)(_t310 - 1)) = __rcx;
				r13d = r9d;
				 *((long long*)(_t310 - 0x19)) = __r8;
				_t336 = _t335 + __r8;
				 *((long long*)(_t310 - 9)) = __edx;
				 *((long long*)(_t310 - 0x49)) = _t336;
				_t340 = __edx + __edx * 8;
				_t333 = __edx >> 6;
				 *((long long*)(_t310 - 0x41)) =  *((intOrPtr*)( *((intOrPtr*)(0x180000000 + 0x99d40 + _t333 * 8)) + 0x28 + _t340 * 8));
				 *((intOrPtr*)(_t310 - 0x59)) = GetConsoleCP();
				E00000001180014D4C( *((intOrPtr*)( *((intOrPtr*)(0x180000000 + 0x99d40 + _t333 * 8)) + 0x28 + _t340 * 8)), __edx, _t313 + 0x50, __rdx, _t304, _t342);
				_t260 =  *((intOrPtr*)(_t313 + 0x58));
				r15d = 0;
				r10d = 0;
				 *((long long*)(_t310 - 0x51)) = _t342;
				 *((long long*)(_t310 - 0x69)) = _t342;
				_t193 =  *((intOrPtr*)(_t260 + 0xc));
				 *((intOrPtr*)(_t310 - 0x55)) = _t193;
				if (__r8 - _t336 >= 0) goto 0x80037c32;
				_t241 = __edx >> 6;
				 *(_t310 - 0x11) = _t241;
				r15d = 1;
				 *((char*)(_t313 + 0x40)) =  *__r8;
				 *(_t313 + 0x44) = r10d;
				if (_t193 != 0xfde9) goto 0x80037aa6;
				_t322 =  *((intOrPtr*)(0x180000000 + 0x99d40 + _t241 * 8));
				if ( *((intOrPtr*)(_t322 + _t340 * 8 + __r10 + 0x3e)) == r10b) goto 0x80037953;
				_t295 = __r10 + 1;
				if (_t295 - 5 < 0) goto 0x80037941;
				if (_t295 <= 0) goto 0x80037a49;
				r15d =  *((char*)(_t260 + 0x180098960));
				r15d = r15d + 1;
				r13d = r15d;
				r13d = r13d - r10d + 1;
				if (r13d -  *((intOrPtr*)(_t310 - 0x49)) - __r8 > 0) goto 0x80037bf7;
				if (_t295 <= 0) goto 0x800379bb;
				_t329 = _t322 - _t310 + 7 + _t340 * 8;
				 *((char*)(_t310 + 7 + __r10)) =  *((intOrPtr*)(_t310 + 7 + __r10 + _t329 + 0x3e));
				if (__r10 + 1 - _t295 < 0) goto 0x800379a2;
				r10d = 0;
				if (r13d <= 0) goto 0x800379d5;
				E00000001180005560();
				r10d = 0;
				_t281 = _t329;
				if (_t295 <= 0) goto 0x800379fc;
				 *((intOrPtr*)( *((intOrPtr*)(0x180000000 + 0x99d40 + _t333 * 8)) + _t281 + 0x3e + _t340 * 8)) = r10b;
				if (_t281 + 1 - _t295 < 0) goto 0x800379e4;
				_t245 = _t310 + 7;
				 *((long long*)(_t310 - 0x39)) = _t329;
				 *((long long*)(_t310 - 0x31)) = _t245;
				_t158 = (r10d & 0xffffff00 | r15d == 0x00000004) + 1;
				r8d = _t158;
				r15d = _t158;
				E00000001180038924(_t245, __edx, _t313 + 0x44, _t310 - 0x31, 0x180000000, _t310 - 0x39);
				if (_t245 == 0xffffffff) goto 0x80037d0a;
				_t337 =  *((intOrPtr*)(_t310 - 0x49));
				goto 0x80037b1b;
				_t298 =  *((char*)(_t245 + 0x180098960));
				_t184 = _t298 + 1;
				_t246 = _t184;
				if (_t246 - _t337 - __r8 > 0) goto 0x80037c7f;
				 *((long long*)(_t310 - 0x29)) = _t329;
				 *((long long*)(_t310 - 0x21)) = __r8;
				_t164 = (r10d & 0xffffff00 | _t184 == 0x00000004) + 1;
				r8d = _t164;
				_t268 = _t313 + 0x44;
				E00000001180038924(_t246, __edx, _t268, _t310 - 0x21, 0x180000000, _t310 - 0x29);
				if (_t246 == 0xffffffff) goto 0x80037d0a;
				r15d = _t164;
				goto 0x80037b1b;
				_t287 =  *((intOrPtr*)(0x180000000 + 0x99d40 + _t333 * 8));
				_t185 =  *(_t287 + 0x3d + _t340 * 8);
				if ((_t185 & 0x00000004) == 0) goto 0x80037ae0;
				 *((char*)(_t310 + 0xf)) =  *((intOrPtr*)(_t287 + 0x3e + _t340 * 8));
				r8d = 2;
				 *(_t287 + 0x3d + _t340 * 8) = _t185 & 0x000000fb;
				_t288 = _t310 + 0xf;
				 *((char*)(_t310 + 0x10)) =  *__r8;
				goto 0x80037b08;
				E00000001180024F6C(0x180000000);
				if ( *((intOrPtr*)(0x180000000 + _t268 * 2)) >= 0) goto 0x80037b02;
				_t300 = _t298 + __r8 + 1;
				if (_t300 - _t337 >= 0) goto 0x80037cd0;
				_t100 = _t288 + 2; // 0x2
				r8d = _t100;
				goto 0x80037b05;
				_t169 = E0000000118002F5BC( *__r8 & 0x000000ff, 0, _t300 - _t337, 0x180000000, __edx, _t313 + 0x44, 0x180000000, _t339);
				if (_t169 == 0xffffffff) goto 0x80037d0a;
				_t321 = _t313 + 0x44;
				 *((long long*)(_t313 + 0x38)) = __edx;
				_t106 = _t300 + 1; // 0x2
				_t306 = _t106;
				 *((long long*)(_t313 + 0x30)) = __edx;
				r9d = r15d;
				 *((intOrPtr*)(_t313 + 0x28)) = 5;
				 *((long long*)(_t313 + 0x20)) = _t310 + 0x17;
				E0000000118002B5F8(_t335);
				if (_t169 == 0) goto 0x80037d1c;
				r8d = _t169;
				 *((long long*)(_t313 + 0x20)) = __edx;
				_t170 = WriteFile(_t331, _t292, _t304, _t309);
				r10d = 0;
				if (_t170 == 0) goto 0x80037d13;
				_t344 =  *((intOrPtr*)(_t310 - 0x51));
				_t178 =  *((intOrPtr*)(_t310 - 0x41)) + _t344;
				 *((intOrPtr*)(_t310 - 0x65)) = _t178;
				if ( *((intOrPtr*)(_t313 + 0x48)) - _t169 < 0) goto 0x80037c32;
				if ( *((char*)(_t313 + 0x40)) != 0xa) goto 0x80037be3;
				_t121 = _t329 + 0xd; // 0xd
				 *((short*)(_t313 + 0x40)) = _t121;
				_t124 = _t329 + 1; // 0x1
				r8d = _t124;
				 *((long long*)(_t313 + 0x20)) = _t329;
				_t172 = WriteFile(??, ??, ??, ??, ??);
				r10d = 0;
				if (_t172 == 0) goto 0x80037d01;
				if ( *((intOrPtr*)(_t313 + 0x48)) - 1 < 0) goto 0x80037c32;
				r15d = r15d + 1;
				 *((long long*)(_t310 - 0x51)) = _t344;
				 *((intOrPtr*)(_t310 - 0x65)) = _t178 + 1;
				_t301 = _t306;
				if (_t306 - _t337 >= 0) goto 0x80037c32;
				goto 0x8003790b;
				if (_t321 <= 0) goto 0x80037c2c;
				 *((char*)( *((intOrPtr*)(0x180000000 + 0x99d40 + _t333 * 8)) + _t301 + 0x3e + _t340 * 8)) =  *((intOrPtr*)(_t306 - _t306 + _t306));
				if (r10d + 1 - _t321 < 0) goto 0x80037c09;
				 *((intOrPtr*)(_t310 - 0x65)) =  *((intOrPtr*)(_t310 - 0x65)) + r8d;
				if ( *((intOrPtr*)(_t310 - 0x71)) == r10b) goto 0x80037c44;
				 *( *((intOrPtr*)(_t313 + 0x50)) + 0x3a8) =  *( *((intOrPtr*)(_t313 + 0x50)) + 0x3a8) & 0xfffffffd;
				asm("movsd xmm0, [ebp-0x69]");
				asm("movsd [eax], xmm0");
				 *((intOrPtr*)( *((intOrPtr*)(_t310 - 1)) + 8)) = __esi -  *((intOrPtr*)(_t310 - 0x19));
				return E00000001180002630( *((intOrPtr*)(_t306 - _t306 + _t306)), __esi -  *((intOrPtr*)(_t310 - 0x19)),  *(_t310 + 0x1f) ^ _t313);
			}

0x180037854
0x180037864
0x180037869
0x180037870
0x18003787a
0x180037887
0x18003788e
0x180037898
0x18003789c
0x18003789f
0x1800378a6
0x1800378aa
0x1800378ae
0x1800378bf
0x1800378d0
0x1800378d3
0x1800378d8
0x1800378dd
0x1800378e0
0x1800378e3
0x1800378e7
0x1800378ee
0x1800378f1
0x1800378f7
0x180037903
0x180037907
0x18003790d
0x180037913
0x180037917
0x180037922
0x180037932
0x180037946
0x18003794a
0x180037951
0x180037956
0x180037971
0x18003797a
0x18003797d
0x180037980
0x180037989
0x180037995
0x18003799e
0x1800379b1
0x1800379b6
0x1800379b8
0x1800379be
0x1800379cd
0x1800379d2
0x1800379d5
0x1800379db
0x1800379f2
0x1800379fa
0x1800379fc
0x180037a00
0x180037a04
0x180037a1f
0x180037a21
0x180037a24
0x180037a27
0x180037a30
0x180037a3a
0x180037a44
0x180037a52
0x180037a5b
0x180037a5e
0x180037a64
0x180037a6d
0x180037a74
0x180037a7f
0x180037a85
0x180037a88
0x180037a8f
0x180037a98
0x180037aa1
0x180037aa4
0x180037aad
0x180037ab5
0x180037abd
0x180037ac7
0x180037aca
0x180037ad2
0x180037ad7
0x180037adb
0x180037ade
0x180037ae0
0x180037aee
0x180037af0
0x180037af6
0x180037afc
0x180037afc
0x180037b00
0x180037b0d
0x180037b15
0x180037b24
0x180037b29
0x180037b2e
0x180037b2e
0x180037b32
0x180037b37
0x180037b3a
0x180037b44
0x180037b49
0x180037b52
0x180037b61
0x180037b64
0x180037b6d
0x180037b73
0x180037b78
0x180037b7e
0x180037b87
0x180037b8b
0x180037b92
0x180037b9d
0x180037ba3
0x180037bac
0x180037bb1
0x180037bb1
0x180037bb5
0x180037bbf
0x180037bc5
0x180037bca
0x180037bd5
0x180037bd7
0x180037bdc
0x180037be0
0x180037be3
0x180037be9
0x180037bf2
0x180037bfd
0x180037c1c
0x180037c27
0x180037c2f
0x180037c36
0x180037c3d
0x180037c48
0x180037c51
0x180037c55
0x180037c7e

APIs

GetConsoleCP.KERNEL32 ref: 00000001800378C3
WriteFile.KERNEL32 ref: 0000000180037B6D
WriteFile.KERNEL32 ref: 0000000180037BBF
GetLastError.KERNEL32 ref: 0000000180037D01
GetLastError.KERNEL32 ref: 0000000180037D13

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorFileLastWrite$Console
String ID:
API String ID: 786612050-0
Opcode ID: e7830fc2d631968cf6e5db46c32e6abccbf16382e35da4d5856963a9f836dfa6
Instruction ID: 2a4be2ef8c239316bbbdc8dcd28c81a5fbd933ed7f1abef7e5827173a578f225
Opcode Fuzzy Hash: e7830fc2d631968cf6e5db46c32e6abccbf16382e35da4d5856963a9f836dfa6
Instruction Fuzzy Hash: 85D1E072704A888AE762CB64D4843EE77B1F7497DCF558116EE8E47B9ADE34C21AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00C61A2C Relevance: 7.0, Strings: 5, Instructions: 775COMMON

Download Yara Rule

Strings

Aw, xrefs: 00C623B5
F, xrefs: 00C62101
??, xrefs: 00C61F2D
J, xrefs: 00C62998
>#3, xrefs: 00C626F2

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: >#3$??$Aw$F$J
API String ID: 0-2784440385
Opcode ID: 9b37fcd8b9b3a2236a01d1c259a381c152bbfd2ce75b9ee2bc70d5e09618c5cf
Instruction ID: 51b05b71db398bfc098fd99b9b11b70c86ce2f3fcb07f9cc71960c0265f863bd
Opcode Fuzzy Hash: 9b37fcd8b9b3a2236a01d1c259a381c152bbfd2ce75b9ee2bc70d5e09618c5cf
Instruction Fuzzy Hash: DF923F7154438B8BDB78CF24C885BEE7BE1FB84304F10452DE8AA8B761E7749645DB82

Uniqueness

Uniqueness Score: -1.00%

Function 00C46B5C Relevance: 6.6, Strings: 5, Instructions: 375COMMON

Download Yara Rule

Strings

9`^p, xrefs: 00C46F9F
<, xrefs: 00C47028
>S1, xrefs: 00C46C51
$, xrefs: 00C47041
@K, xrefs: 00C46E7C

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: $$9`^p$>S1$@K$<
API String ID: 0-904861090
Opcode ID: 7e13130689c942aa12df05012069a4264cc12f2cb0cc79f599492960cab10520
Instruction ID: 41e8a9f0a295f174a2993b1dd5fa8487dea4f7ea06b4c361264900efe81ed658
Opcode Fuzzy Hash: 7e13130689c942aa12df05012069a4264cc12f2cb0cc79f599492960cab10520
Instruction Fuzzy Hash: 5702E471500788DBDBACDF68C88A49D7FB0FB443A4F605219FD4297290D7B6D985CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00C54C48 Relevance: 6.5, Strings: 5, Instructions: 236COMMON

Download Yara Rule

Strings

f_, xrefs: 00C54F12
, xrefs: 00C54E7F, 00C54EDA
fzT, xrefs: 00C54CEF
"4, xrefs: 00C54F27
, xrefs: 00C54CE7, 00C54DEE, 00C54D11

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: "4$f_$fzT$$
API String ID: 0-2251851231
Opcode ID: 22d9a0b68b50d0ea5fd6d1aeab0a3e2fc9a27e070a6cf0ea182e7b607f92900b
Instruction ID: de1c5fc4169424b9708f53a90a681043668cf69fff03fc8bd5c0b3e6fcf2a2c2
Opcode Fuzzy Hash: 22d9a0b68b50d0ea5fd6d1aeab0a3e2fc9a27e070a6cf0ea182e7b607f92900b
Instruction Fuzzy Hash: F4B123B090471A8FCF48DFA8C48A4AEBBF0FB48358F15461DE856A7250D774AA85CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C5CF30 Relevance: 6.3, Strings: 5, Instructions: 69COMMON

Download Yara Rule

Strings

[n, xrefs: 00C5CF40
8, xrefs: 00C5D04E
CX, xrefs: 00C5CF47
\, xrefs: 00C5CFD2
eI$E, xrefs: 00C5CFB1

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: CX$[n$\$eI$E$8
API String ID: 0-2019653245
Opcode ID: b58e03c4429f51dfff5bc7e79067d6589c1b082eef975631b4c3cbf620760393
Instruction ID: 68dc347bbad24bbc6c85897f51995e9ee1eb9696385fa7d919b276fd5137781e
Opcode Fuzzy Hash: b58e03c4429f51dfff5bc7e79067d6589c1b082eef975631b4c3cbf620760393
Instruction Fuzzy Hash: 91319EB190074E8FDB44CF64C48A4CE7FB0FF68798F204618E859A6250D3B8D6A4CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 00C5E76C Relevance: 5.7, Strings: 4, Instructions: 737COMMON

Download Yara Rule

Strings

$, xrefs: 00C5F2F7
, xrefs: 00C5EC4C
, xrefs: 00C5E7AD
|nV, xrefs: 00C5E94F

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: $ $$$|nV
API String ID: 0-3281042611
Opcode ID: a7c4594aceaea0e8dab67c6b4234a17b84941429c25f26251dab7e9d55dda18c
Instruction ID: 0deeee1d66240e4a7e63639f32e2d7f1fda1a9df3addfc345f52d61bc6559f87
Opcode Fuzzy Hash: a7c4594aceaea0e8dab67c6b4234a17b84941429c25f26251dab7e9d55dda18c
Instruction Fuzzy Hash: 0272FA71A0474CCBDF58CFA8C05A99DBBF6FB54344F00412DED4AAB298D7B4A81ACB45

Uniqueness

Uniqueness Score: -1.00%

Function 00C4F3E0 Relevance: 5.4, Strings: 4, Instructions: 432COMMON

Download Yara Rule

Strings

u`, xrefs: 00C4FCE6
R7i, xrefs: 00C4FA02
]>S, xrefs: 00C4FBA2
VG, xrefs: 00C4F95D

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: R7i$VG$]>S$u`
API String ID: 0-1600827667
Opcode ID: 32acbc697c5eb7ce2dca7a46b63a12961e990b109133ed3221841dcaa14a51a8
Instruction ID: 934b6189147a12aeb484ac96a1798f1a4b528bf1fe77ce32acf50ad75d74f3f1
Opcode Fuzzy Hash: 32acbc697c5eb7ce2dca7a46b63a12961e990b109133ed3221841dcaa14a51a8
Instruction Fuzzy Hash: CC3203709097C88BDBF8DF24C8896DD7BF0FF48344F50115A984E9A694DBB8A685CF42

Uniqueness

Uniqueness Score: -1.00%

Function 00C573F8 Relevance: 5.4, Strings: 4, Instructions: 380COMMON

Download Yara Rule

Strings

4, xrefs: 00C579BA
z<, xrefs: 00C576EB
., xrefs: 00C57964
BB, xrefs: 00C5788F

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: BB$z<$.$4
API String ID: 0-1591233792
Opcode ID: aa7d0a4ee19aefbaa19c8d8e8495d0b927018643d7d53871069b311c10225edc
Instruction ID: a7d00121ce4e249d5d7eb4f75814ffa0b543c96acd7ad79eed00492d6c4dc610
Opcode Fuzzy Hash: aa7d0a4ee19aefbaa19c8d8e8495d0b927018643d7d53871069b311c10225edc
Instruction Fuzzy Hash: BC0202B1904749CFDF6CDF68C88A4AE7BB0FF44344F10422DEA46A6290D77A9949CF84

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002D3CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E0000000118002D3CC(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24) {
				void* _t11;
				void* _t22;
				void* _t32;

				_t23 = __rbx;
				_t22 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t11 = r9d;
				_t32 = __rcx;
				E0000000118002CA30(0xb, __rbx, "GetLocaleInfoEx", __rsi, 0x800503f0, "GetLocaleInfoEx");
				if (_t22 == 0) goto 0x8002d422;
				r9d = _t11;
				 *0x8004c3c0();
				goto 0x8002d439;
				E0000000118002D804(0, 0, _t22, _t23, _t32);
				r9d = _t11;
				return GetLocaleInfoW(??, ??, ??, ??);
			}

0x18002d3cc
0x18002d3cc
0x18002d3cc
0x18002d3d1
0x18002d3d6
0x18002d3e0
0x18002d3ef
0x18002d405
0x18002d410
0x18002d412
0x18002d41a
0x18002d420
0x18002d424
0x18002d42b
0x18002d44d

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002D405
GetLocaleInfoW.KERNEL32(?,?,?,?,?,0000000180026D97), ref: 000000018002D433

Strings

GetLocaleInfoEx, xrefs: 000000018002D3E8, 000000018002D3F9

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: InfoLocaletry_get_function
String ID: GetLocaleInfoEx
API String ID: 2200034068-2904428671
Opcode ID: 41e484a5b2d4521eb4d0b23e4a1a383f8aa989f965f6a755b1a8ecbed573269d
Instruction ID: b2a904c564fe919fbd3ab3ce631aa8afb9b5adca29fa16b36b937dae3a64d03e
Opcode Fuzzy Hash: 41e484a5b2d4521eb4d0b23e4a1a383f8aa989f965f6a755b1a8ecbed573269d
Instruction Fuzzy Hash: E0016D35B00B8982E7869F56B4407CAA764E788BC0F68C026FE4813B55CE78CB498380

Uniqueness

Uniqueness Score: -1.00%

Function 00C42128 Relevance: 5.3, Strings: 4, Instructions: 256COMMON

Download Yara Rule

Strings

M[, xrefs: 00C423F9
jP, xrefs: 00C4214C
Jx, xrefs: 00C422B1
xy, xrefs: 00C42465

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Jx$M[$jP$xy
API String ID: 0-882801676
Opcode ID: a27b4655e249ce8e00af1ad73db02211fa2bbf7353868e6a6b849cd1b884cbbc
Instruction ID: 2ee1b424ebfa9bcdbb9eeae8225f88a1530ab4b87ddd53216e07591339996f75
Opcode Fuzzy Hash: a27b4655e249ce8e00af1ad73db02211fa2bbf7353868e6a6b849cd1b884cbbc
Instruction Fuzzy Hash: 54C1077090075CCBDF58DFA8D88A5DDBBB1FB48308F114319E89AAB260DB789905CF49

Uniqueness

Uniqueness Score: -1.00%

Function 00C5827C Relevance: 5.2, Strings: 4, Instructions: 178COMMON

Download Yara Rule

Strings

&, xrefs: 00C584B7
Jn, xrefs: 00C58469
^, xrefs: 00C583F5
@2, xrefs: 00C58500

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: &$@2$Jn$^
API String ID: 0-1816242221
Opcode ID: 569fa3d4bf83859d4808d779e504945ae089fbdc48947470bf052a87739f6000
Instruction ID: d5ac0b0fff33fdc5ed6dc8ee983852d696424d927b9ac91b42e928a9117396f9
Opcode Fuzzy Hash: 569fa3d4bf83859d4808d779e504945ae089fbdc48947470bf052a87739f6000
Instruction Fuzzy Hash: AF811474D0471A8FDF48DFA8D88A4AEBBB0FB48304F108519D955B72A0D7789A48CF96

Uniqueness

Uniqueness Score: -1.00%

Function 00C4CB8D Relevance: 5.2, Strings: 4, Instructions: 173COMMON

Download Yara Rule

Strings

@, xrefs: 00C4CE44
0e, xrefs: 00C4CD96
64, xrefs: 00C4CDD8
o=, xrefs: 00C4CD18

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 0e$64$@$o=
API String ID: 0-3194635012
Opcode ID: 2a7eec621bc3736d8bcf3cd4502b1118f0a5049720cbc299d1d867f1de7ce1b9
Instruction ID: 90db98bc76abe15811626fecfcc8c5f77e29b3382d41cd12c008b2b78b910cfd
Opcode Fuzzy Hash: 2a7eec621bc3736d8bcf3cd4502b1118f0a5049720cbc299d1d867f1de7ce1b9
Instruction Fuzzy Hash: C891D271520789AFDF88DF24C89A9DD3BB0FB58318F815319FC8AA6290C778D585CB49

Uniqueness

Uniqueness Score: -1.00%

Function 00C68A04 Relevance: 5.1, Strings: 4, Instructions: 92COMMON

Download Yara Rule

Strings

Yfr4, xrefs: 00C68A22
kWa^, xrefs: 00C68B78
;, xrefs: 00C68B42
36H, xrefs: 00C68AE0

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ;$36H$Yfr4$kWa^
API String ID: 0-3599472112
Opcode ID: 05a798feef6af16b9893fff0148a6d85916b1b1ef146ddbd548bcf6645ccff48
Instruction ID: 762dc2ebe176bf6971989901291fb4925a937693e2d362e5aa687f97e31b10e8
Opcode Fuzzy Hash: 05a798feef6af16b9893fff0148a6d85916b1b1ef146ddbd548bcf6645ccff48
Instruction Fuzzy Hash: 9541A0B090034E8BDF48CF24C9865DE7FB0FB68394F214619E85AA6250D37896A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 00C47AF0 Relevance: 5.1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

Strings

u, xrefs: 00C47AFC
?M, xrefs: 00C47B48
B , xrefs: 00C47C10
bN, xrefs: 00C47BF0

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ?M$B $bN$u
API String ID: 0-4267052880
Opcode ID: c9a15cb732fd24f5d33c0626e266d07e83fb093bffd41cbb69e3c4f465881b9b
Instruction ID: 221bde93578d8c14d6c1e3b9eb4b74e7f4e40f5da113ba3c34b977185c22d733
Opcode Fuzzy Hash: c9a15cb732fd24f5d33c0626e266d07e83fb093bffd41cbb69e3c4f465881b9b
Instruction Fuzzy Hash: AD310A715187808FD76CCF28C19A11FBBF1BBC6704F50891CE69A8B390D7B69948CB46

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180035118 Relevance: 4.7, APIs: 3, Instructions: 169
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00000001180035118(void* __ecx, void* __edx, void* __ebp, long long __rbx, void* __rcx, void* __rdx) {
				void* __rsi;
				signed int _t47;
				int _t48;
				void* _t49;
				void* _t55;
				signed int _t63;
				signed int _t72;
				signed int _t81;
				signed long long _t123;
				signed long long _t124;
				void* _t130;
				void* _t149;
				signed int* _t150;
				int _t152;
				intOrPtr* _t153;
				signed long long _t155;
				signed long long _t156;
				void* _t159;
				signed long long _t160;
				void* _t168;

				_t143 = __rdx;
				 *((long long*)(_t159 + 0x10)) = __rbx;
				 *(_t159 + 0x18) = _t155;
				_t160 = _t159 - 0x120;
				_t123 =  *0x80098010; // 0x6aeceb4fd839
				_t124 = _t123 ^ _t160;
				 *(_t160 + 0x110) = _t124;
				_t130 = __rcx;
				E00000001180025B68(_t124, __rcx, __rdx, _t152, _t168);
				_t4 = _t124 + 0x98; // 0x98
				_t153 = _t4;
				E00000001180025B68(_t124, _t130, _t143, _t153, _t149);
				_t150 =  *((intOrPtr*)(_t124 + 0x3a0));
				_t47 = E0000000118003546C(_t130, _t143);
				r9d = 0x78;
				_t72 = _t47;
				asm("sbb edx, edx");
				_t48 = GetLocaleInfoW(_t152, ??, ??);
				r14d = 0;
				if (_t48 == 0) goto 0x80035332;
				_t49 = E0000000118003DBBC(_t124,  *((intOrPtr*)(_t153 + 8)));
				_t156 = _t155 | 0xffffffff;
				if (_t49 != 0) goto 0x80035267;
				_t11 = _t168 + 0x78; // 0x78
				r9d = _t11;
				asm("sbb edx, edx");
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x80035332;
				if (E0000000118003DBBC(_t124,  *_t153) != 0) goto 0x800351f9;
				_t150[1] = _t72;
				goto 0x80035262;
				if ((( *_t150 | 0x00000304) & 0x00000002) != 0) goto 0x80035267;
				if ( *((intOrPtr*)(_t153 + 0x14)) == r14d) goto 0x80035241;
				_t55 = E0000000118003DD78(_t124,  *_t153);
				if (_t55 != 0) goto 0x8003523f;
				_t81 =  *_t150 | 0x00000002;
				_t150[2] = _t72;
				 *_t150 = _t81;
				if ( *((intOrPtr*)( *_t153 + (_t156 + 1) * 2)) != r14w) goto 0x8003522b;
				if (_t55 !=  *((intOrPtr*)(_t153 + 0x14))) goto 0x80035267;
				_t150[1] = _t72;
				goto 0x80035267;
				if ((_t81 & 0x00000001) != 0) goto 0x80035267;
				if (_t72 ==  *0x80051ac8) goto 0x80035267;
				if (r14d + 1 - 0xa < 0) goto 0x8003524f;
				_t150[2] = _t72;
				 *_t150 = _t81 | 0x00000001;
				if (( *_t150 & 0x00000300) == 0x300) goto 0x80035326;
				r9d = 0x78;
				asm("sbb edx, edx");
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x80035332;
				if (E0000000118003DBBC(0x180051aca,  *_t153) != 0) goto 0x800352ec;
				_t63 =  *_t150;
				asm("bts eax, 0x9");
				 *_t150 = _t63;
				if ( *((intOrPtr*)(_t153 + 0x18)) == r14d) goto 0x800352cd;
				asm("bts eax, 0x8");
				 *_t150 = _t63;
				goto 0x8003531d;
				if ( *((intOrPtr*)(_t153 + 0x14)) == r14d) goto 0x800352c5;
				if ( *((intOrPtr*)( *_t153 + (_t156 + 1) * 2)) != r14w) goto 0x800352d6;
				if (__ebp !=  *((intOrPtr*)(_t153 + 0x14))) goto 0x800352c5;
				goto 0x8003530b;
				if ( *((intOrPtr*)(_t153 + 0x18)) != r14d) goto 0x80035326;
				if ( *((intOrPtr*)(_t153 + 0x14)) == r14d) goto 0x80035326;
				if (E0000000118003DBBC(0x180051aca,  *_t153) != 0) goto 0x80035326;
				if (E00000001180035590(_t72, 0, 0x180051aca, _t130,  *_t153, _t160 + 0x20, _t153) == 0) goto 0x80035326;
				asm("bts dword [edi], 0x8");
				if (_t150[1] != r14d) goto 0x80035326;
				_t150[1] = _t72;
				goto 0x8003533a;
				 *_t150 = r14d;
				return E00000001180002630(1, _t72,  *(_t160 + 0x110) ^ _t160);
			}

0x180035118
0x180035118
0x18003511d
0x180035126
0x18003512d
0x180035134
0x180035137
0x18003513f
0x180035142
0x180035147
0x180035147
0x18003514e
0x180035156
0x18003515d
0x18003516c
0x180035174
0x180035176
0x180035184
0x18003518a
0x18003518f
0x18003519e
0x1800351a3
0x1800351a9
0x1800351b2
0x1800351b2
0x1800351bf
0x1800351d5
0x1800351ec
0x1800351f4
0x1800351f7
0x1800351fc
0x180035204
0x180035212
0x18003521b
0x18003521d
0x180035220
0x180035223
0x180035233
0x180035238
0x18003523a
0x18003523d
0x180035243
0x180035252
0x18003525d
0x180035262
0x180035265
0x180035272
0x180035282
0x18003528a
0x1800352a0
0x1800352b5
0x1800352b7
0x1800352b9
0x1800352bd
0x1800352c3
0x1800352c5
0x1800352c9
0x1800352cb
0x1800352d1
0x1800352de
0x1800352e3
0x1800352ea
0x1800352f0
0x1800352f6
0x180035307
0x180035317
0x180035319
0x180035321
0x180035323
0x180035330
0x180035332
0x180035361

APIs

Part of subcall function 0000000180025B68: GetLastError.KERNEL32 ref: 0000000180025B77
Part of subcall function 0000000180025B68: SetLastError.KERNEL32 ref: 0000000180025C15

GetLocaleInfoW.KERNEL32 ref: 0000000180035184

Part of subcall function 000000018003DBBC: _invalid_parameter_noinfo.LIBCMT ref: 000000018003DBD9

GetLocaleInfoW.KERNEL32 ref: 00000001800351CD

Part of subcall function 000000018003DBBC: _invalid_parameter_noinfo.LIBCMT ref: 000000018003DC32

GetLocaleInfoW.KERNEL32 ref: 0000000180035298

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: InfoLocale$ErrorLast_invalid_parameter_noinfo
String ID:
API String ID: 3644580040-0
Opcode ID: 12cb7ff268ef6808b8643bb3fedc3de1f29e6bb1cd571aa15edbc592cab0170a
Instruction ID: 079f403e3cf6ac6614ac5bc562721ae9b5b1dc5567329d3dcc1949bf7713f16e
Opcode Fuzzy Hash: 12cb7ff268ef6808b8643bb3fedc3de1f29e6bb1cd571aa15edbc592cab0170a
Instruction Fuzzy Hash: 9861A23220064986EBB78F11E5403EE73A1F7497C5F46C125EBDA936A1DF78D659C700

Uniqueness

Uniqueness Score: -1.00%

Function 00C664F8 Relevance: 4.2, Strings: 3, Instructions: 454COMMON

Download Yara Rule

Strings

U, xrefs: 00C66E54
(, xrefs: 00C66CE0
wU, xrefs: 00C66E3F

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ($U$wU
API String ID: 0-2031152664
Opcode ID: d030330acb421e585ce2b574953e0510a66a350c77e1366bf0b1b6b086404ac8
Instruction ID: 0af380bf8ce84ac0cfe7961e51ab8e7a9af7ba4a2be734745f4578490935d15f
Opcode Fuzzy Hash: d030330acb421e585ce2b574953e0510a66a350c77e1366bf0b1b6b086404ac8
Instruction Fuzzy Hash: EE42C2719097C88BDBF8DF24C88A2DD7BF1FF48344F50515A984E9A658CBB86684CF42

Uniqueness

Uniqueness Score: -1.00%

Function 00C56464 Relevance: 4.1, Strings: 3, Instructions: 330COMMON

Download Yara Rule

Strings

y, xrefs: 00C56AAA
U, xrefs: 00C56ACA
!d.#, xrefs: 00C565F6

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: y$!d.#$U
API String ID: 0-1702114524
Opcode ID: 061c74f3ba4e2152ff7bfc3bb03a690cfa0dcda01d33ce28c375482b364cb02f
Instruction ID: 155caa1dcb2bb140ee41d9e11a0b77503ee6722f6bab00d3d4a850837575466c
Opcode Fuzzy Hash: 061c74f3ba4e2152ff7bfc3bb03a690cfa0dcda01d33ce28c375482b364cb02f
Instruction Fuzzy Hash: 9E02D271504AC88BDBBCDF24CC896EF7BA1FB84346F50561ED88A9A290DBB45785CF01

Uniqueness

Uniqueness Score: -1.00%

Function 00C55B18 Relevance: 4.0, Strings: 3, Instructions: 261COMMON

Download Yara Rule

Strings

h, xrefs: 00C55F52
h^, xrefs: 00C55B32
=1Z, xrefs: 00C55B8A

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: =1Z$h^$h
API String ID: 0-2636329743
Opcode ID: 36181cb170d6f76158f3dc770eb623a7b3ca10ea6b51aaa1b83d78e1cc7645e9
Instruction ID: 61ea271ac21e837316dae7416d4dd73f63c235f180417bebe90c4d46e3d6d693
Opcode Fuzzy Hash: 36181cb170d6f76158f3dc770eb623a7b3ca10ea6b51aaa1b83d78e1cc7645e9
Instruction Fuzzy Hash: 60E1E8705087C8CBEBBECF64C8896DA7BA8FB44708F10561DE94ADE258DBB45749CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00C67EA4 Relevance: 4.0, Strings: 3, Instructions: 253COMMON

Download Yara Rule

Strings

o(, xrefs: 00C67F9A
bVZ, xrefs: 00C68141
V, xrefs: 00C67F18

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: V$bVZ$o(
API String ID: 0-1660054416
Opcode ID: c573c94778afb4164dd1f31be71a66e0f46c26de5815c84ea55065cf2efd2382
Instruction ID: c1c527e8637316b6c29a892b69e3321abc88d4fbadcd90b51956520c7ac35e34
Opcode Fuzzy Hash: c573c94778afb4164dd1f31be71a66e0f46c26de5815c84ea55065cf2efd2382
Instruction Fuzzy Hash: 62C1267050478A8FDF48DF28C89A9DE3BA1FB58348F114719FC4AA62A0C778D995CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C53FE0 Relevance: 4.0, Strings: 3, Instructions: 227COMMON

Download Yara Rule

Strings

$&], xrefs: 00C54371
#X, xrefs: 00C54170
m%K, xrefs: 00C541F5

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: #X$$&]$m%K
API String ID: 0-1065608980
Opcode ID: 7c1237e4964242170fe6cd8b4d96af821d7603f8e1f845348ad2ac7cd3c31af6
Instruction ID: d15f2cf1af6d8aecebe20a43ab890f96b13648cd71ff6350f2d1816e4274f128
Opcode Fuzzy Hash: 7c1237e4964242170fe6cd8b4d96af821d7603f8e1f845348ad2ac7cd3c31af6
Instruction Fuzzy Hash: 9CC169B1A0460DCFDB68DF78D15A49D7BF1FB48308F206129E8269A2B2E374E509CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00C4569C Relevance: 4.0, Strings: 3, Instructions: 217COMMON

Download Yara Rule

Strings

cn , xrefs: 00C4573A
LI, xrefs: 00C4575A
K#, xrefs: 00C458C8

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: K#$LI$cn
API String ID: 0-3773415493
Opcode ID: 959f25c4968512607ae0cca543834cbc84a398ae39e464127cc603f4c4925a13
Instruction ID: ca034efc13ce08e58c30d31464986eb94ca58d7e1cd6790474dc62bd3292ff7a
Opcode Fuzzy Hash: 959f25c4968512607ae0cca543834cbc84a398ae39e464127cc603f4c4925a13
Instruction Fuzzy Hash: 8CA14770914748EBDF98CF68E8C989DBBB0FB44314F90521AFC16AB2A1DB749985CF41

Uniqueness

Uniqueness Score: -1.00%

Function 00C65D84 Relevance: 3.9, Strings: 3, Instructions: 164COMMON

Download Yara Rule

Strings

$e, xrefs: 00C65EB9
^F, xrefs: 00C65DC4
Is, xrefs: 00C65DCC

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: $e$Is$^F
API String ID: 0-4110932142
Opcode ID: 8b01df609d42911d7dbed2b5ba814d47211c694639234543d432211bb7cfcbab
Instruction ID: cf8103877d15216a9672c0bc46a4154956d4bba7d675f9bc3330e3b70036d66a
Opcode Fuzzy Hash: 8b01df609d42911d7dbed2b5ba814d47211c694639234543d432211bb7cfcbab
Instruction Fuzzy Hash: E5515A7061C7488FC7B8DF58D8866ABB7E0FB85710F801A1DE8CA87255D771A845CB87

Uniqueness

Uniqueness Score: -1.00%

Function 00C61728 Relevance: 3.9, Strings: 3, Instructions: 156COMMON

Download Yara Rule

Strings

4, xrefs: 00C619C7
dUn, xrefs: 00C6184B
0ZI, xrefs: 00C618B6

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 0ZI$4$dUn
API String ID: 0-3362017604
Opcode ID: c73b6bf479576f7c26dbb328f7938954da3fed1ffa6b789c040732a3e6a37130
Instruction ID: 716b8dcfbe4e1aed410a2bcbd9eba46827e38fcf2b1e58ec97a2913ab2e1350c
Opcode Fuzzy Hash: c73b6bf479576f7c26dbb328f7938954da3fed1ffa6b789c040732a3e6a37130
Instruction Fuzzy Hash: B6713A7050C7848FD7B8DF28C58559EBBF5FB86704F10491DEA8A8B2A0C776DA44CB02

Uniqueness

Uniqueness Score: -1.00%

Function 00C5B520 Relevance: 3.9, Strings: 3, Instructions: 152COMMON

Download Yara Rule

Strings

j , xrefs: 00C5B572
[_K&, xrefs: 00C5B6AA
O, xrefs: 00C5B6B8

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: O$[_K&$j
API String ID: 0-2002151384
Opcode ID: 5cf88421c4129e4e4d54df4380985a4d6ea1c7f681516431ef3b689608c2f6b2
Instruction ID: ac51f298e7f735887d6e0bb58c286277cac577e273e729bcade423584180b20c
Opcode Fuzzy Hash: 5cf88421c4129e4e4d54df4380985a4d6ea1c7f681516431ef3b689608c2f6b2
Instruction Fuzzy Hash: 5E71C87090074E8BDF58CF64C8865DE7FB0FB58398F211219EC4AA62A0D378D995CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 00C46650 Relevance: 3.9, Strings: 3, Instructions: 145COMMON

Download Yara Rule

Strings

>"I, xrefs: 00C4683A
-h, xrefs: 00C46672
WT, xrefs: 00C46817

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: -h$WT$>"I
API String ID: 0-2979910649
Opcode ID: 5da2aa70a551583c734fba3b02d0d500b77670d66d11a43c5cdac74a8a900ebb
Instruction ID: 71fd4c24b464a1c5d8a91809034f62340453520ffa867bd1fd561c8b4c778264
Opcode Fuzzy Hash: 5da2aa70a551583c734fba3b02d0d500b77670d66d11a43c5cdac74a8a900ebb
Instruction Fuzzy Hash: 9C512470D04719DBDF68DFA9E8C68ADBBB0FB54314F10422EE806A72A4D7749986CF41

Uniqueness

Uniqueness Score: -1.00%

Function 00C69124 Relevance: 3.9, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

I$s, xrefs: 00C6916E
34, xrefs: 00C69346
-, xrefs: 00C69367

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 34$I$s$-
API String ID: 0-2987712878
Opcode ID: d159740019d0e44eb242a52937dbef6f57aff17195a7a3dbeb5ec86a09e691a0
Instruction ID: b98420111fa29c44e4f111197e68655cad75653186483bd08c9bee4ef67382ff
Opcode Fuzzy Hash: d159740019d0e44eb242a52937dbef6f57aff17195a7a3dbeb5ec86a09e691a0
Instruction Fuzzy Hash: 6B817FB590438E8FDF48CF64D88A5CE7BB0FB58358F004A19F86696250D3B8DA25CF85

Uniqueness

Uniqueness Score: -1.00%

Function 00C48FA0 Relevance: 3.8, Strings: 3, Instructions: 93COMMON

Download Yara Rule

Strings

3W, xrefs: 00C490E2
v , xrefs: 00C4903E
sR, xrefs: 00C49081

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 3W$sR$v
API String ID: 0-1518777123
Opcode ID: f3dd92e2af734b6d8115ba1069bd08988295307ba7074c78637fd19ad14d7fff
Instruction ID: 3461373197ef0f193ecb42a6a29c70af37addc682fffa8ef1fde71f0ca13a896
Opcode Fuzzy Hash: f3dd92e2af734b6d8115ba1069bd08988295307ba7074c78637fd19ad14d7fff
Instruction Fuzzy Hash: 5741D8B180034A8FDB48CF64C48A4DE7FB1FB58358F104619FC55A6290D3B896A4CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C5C1DC Relevance: 3.8, Strings: 3, Instructions: 88COMMON

Download Yara Rule

Strings

Da, xrefs: 00C5C1FD
p, xrefs: 00C5C1F6
>, xrefs: 00C5C204

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: >$Da$p
API String ID: 0-3088490888
Opcode ID: f12031464043262cdf2dafd4592515557577c67e86acbf92f010fd442108c94b
Instruction ID: c70aad6ffb586b2d3e805044b776ae3dea756722ee50866e124b83af080750c2
Opcode Fuzzy Hash: f12031464043262cdf2dafd4592515557577c67e86acbf92f010fd442108c94b
Instruction Fuzzy Hash: 2341E7B191078E8BDF48CF64C85A4DE7BB0FB48358F50461DEC66A6290D3B8DA64CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00C55334 Relevance: 3.8, Strings: 3, Instructions: 87COMMON

Download Yara Rule

Strings

z, xrefs: 00C55340
[?, xrefs: 00C553BD
Y, xrefs: 00C682F9

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Y$[?$z
API String ID: 0-81702474
Opcode ID: de9be9ef5f92379645fd7b383ffa1058af5c5180b6576b9449143d6c210c2e7c
Instruction ID: bdb9e0555dfb1251993d4a4e9db585b76de0cfa4377655bbfc8f7ce7aaad949c
Opcode Fuzzy Hash: de9be9ef5f92379645fd7b383ffa1058af5c5180b6576b9449143d6c210c2e7c
Instruction Fuzzy Hash: EB41E2705187859BD398DF68C48981FBBF0FBC5348F906A1DF982866A0D3B4D858CB43

Uniqueness

Uniqueness Score: -1.00%

Function 00C4D1E0 Relevance: 3.8, Strings: 3, Instructions: 84COMMON

Download Yara Rule

Strings

~!, xrefs: 00C4D9DC
z, xrefs: 00C4D9A8
%.&, xrefs: 00C4D945

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: %.&$~!$z
API String ID: 0-3431779881
Opcode ID: 75f8db90995428d235334ca748c23d9b71a29a6c06c75c993f3f4e05e3c73a3c
Instruction ID: bb5e907cfc1e7e9c8252d963fef7e995a5217a77e20bf3923a90a1759047ee9e
Opcode Fuzzy Hash: 75f8db90995428d235334ca748c23d9b71a29a6c06c75c993f3f4e05e3c73a3c
Instruction Fuzzy Hash: 8441E3B150438A8BDB48CF28C88A4DE3BB0FB58358F11471DFC9AA6290D7B8D565CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00C559A0 Relevance: 3.8, Strings: 3, Instructions: 84COMMON

Download Yara Rule

Strings

o, xrefs: 00C55A11
J_d, xrefs: 00C559D3
%i, xrefs: 00C55AC7

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: %i$J_d$o
API String ID: 0-2302849290
Opcode ID: 26ed555b5558ee36b46f6658a60b078ea9f2e99077f6798d56f26bd8e6eafb97
Instruction ID: e15aea1fc1299828dcd3a43c9720abc5c8900accaeb753b43263c0ff9311726d
Opcode Fuzzy Hash: 26ed555b5558ee36b46f6658a60b078ea9f2e99077f6798d56f26bd8e6eafb97
Instruction Fuzzy Hash: D141B4B080074E8FDB48CF24D4864DE7FB1FB68398F640619F856A62A0D3B4D6A5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C44B4C Relevance: 3.8, Strings: 3, Instructions: 77COMMON

Download Yara Rule

Strings

J:, xrefs: 00C44C3F
B3, xrefs: 00C44B5F
., xrefs: 00C44C0F

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: .$B3$J:
API String ID: 0-3064689667
Opcode ID: fd8509d6533ef7e32cb756af4334f2030a9ae0f8979fbcbea7cb16ab3bf8e675
Instruction ID: 1162aac5a3f8b91bb3b8973c082aba7f966dc11ccb61a4998955bdd5dcf0ca43
Opcode Fuzzy Hash: fd8509d6533ef7e32cb756af4334f2030a9ae0f8979fbcbea7cb16ab3bf8e675
Instruction Fuzzy Hash: 3841E3B090078E8FDB48CF64C88A4DE7FB0FB58358F114A1DEC56A6290D3B89665CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00C4B8D0 Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

p7, xrefs: 00C4B8E3
ie, xrefs: 00C4B9A8
Ks, xrefs: 00C4B90F

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Ks$ie$p7
API String ID: 0-1618259084
Opcode ID: 80a2af57191d82605d2cef362d461bc808ae7e9cf162dbf889fca5d963639e5b
Instruction ID: ca3b304efba4e4c05b5242569c77dd65e0fa027f7931a3a7ef7fc6b9e9d4865e
Opcode Fuzzy Hash: 80a2af57191d82605d2cef362d461bc808ae7e9cf162dbf889fca5d963639e5b
Instruction Fuzzy Hash: D641C2B180478E8FDF44CF64D88A5CE7BB0FB18358F104A09E869A6290D3B8C664CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 00C5B898 Relevance: 3.8, Strings: 3, Instructions: 64COMMON

Download Yara Rule

Strings

v, xrefs: 00C5B8B4
N=?S, xrefs: 00C5B907
}j, xrefs: 00C5B917

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: N=?S$v$}j
API String ID: 0-4092938293
Opcode ID: 9d3866c83932be72d87d742c92594d1c0fe478a87f622f102371e8f125a421ef
Instruction ID: 54dec06334bbf627d24f67783be14b86d88a048cda1b1689bae95d8364cff78c
Opcode Fuzzy Hash: 9d3866c83932be72d87d742c92594d1c0fe478a87f622f102371e8f125a421ef
Instruction Fuzzy Hash: 4D210770219B44ABD39CDF28D19652ABAF1FBC4744F906A1DF986CA3A0C774C8458B42

Uniqueness

Uniqueness Score: -1.00%

Function 00C598DC Relevance: 3.8, Strings: 3, Instructions: 55COMMON

Download Yara Rule

Strings

XS, xrefs: 00C599A3
2`, xrefs: 00C598E0
WFY, xrefs: 00C59901

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 2`$XS$WFY
API String ID: 0-4220438673
Opcode ID: 4214e4b7748eee943712e52e0a0b26d526995497c398dca3acb8c82fd8363403
Instruction ID: 1a3a2533c7ad1ec2e7205bdb6f80c12431c695e37eabcbb0c696e965016089c0
Opcode Fuzzy Hash: 4214e4b7748eee943712e52e0a0b26d526995497c398dca3acb8c82fd8363403
Instruction Fuzzy Hash: 68215AB46087848FD388DF28D04941BBBE1BB88358F414B2DF4CAA7260D7789A54CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800305F8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 248
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 91%

			E000000011800305F8(intOrPtr* __rax, long long __rbx, unsigned int* __rcx, char* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, char* _a40, intOrPtr _a48, signed int _a56, intOrPtr _a64, signed long long _a72) {
				void* _v40;
				intOrPtr _v48;
				intOrPtr _v64;
				intOrPtr _v72;
				long long _v88;
				intOrPtr _v96;
				char _v104;
				intOrPtr _v112;
				long long _v120;
				void* _t68;
				intOrPtr _t74;
				void* _t75;
				char _t76;
				signed int _t78;
				void* _t111;
				intOrPtr _t112;
				void* _t113;
				signed int _t114;
				void* _t128;
				intOrPtr* _t144;
				char* _t148;
				unsigned long long _t164;
				char* _t178;
				char* _t179;
				char* _t186;
				intOrPtr* _t189;
				char* _t190;
				void* _t191;
				void* _t194;
				void* _t195;
				signed long long _t200;
				signed long long _t204;
				signed long long _t207;
				void* _t210;
				char* _t214;
				void* _t215;
				void* _t219;
				void* _t221;
				void* _t225;
				char* _t227;
				char* _t228;
				char* _t229;
				char* _t234;
				void* _t236;
				long long _t241;
				unsigned int* _t244;
				void* _t246;
				intOrPtr* _t247;
				signed int* _t248;

				_t144 = __rax;
				_t236 = _t221;
				 *((long long*)(_t236 + 8)) = __rbx;
				 *((long long*)(_t236 + 0x10)) = __rbp;
				 *((long long*)(_t236 + 0x18)) = __rsi;
				_push(_t210);
				_push(_t241);
				r13d = 0;
				 *((intOrPtr*)(__rdx)) = r13b;
				_t178 = __rdx;
				_t244 = __rcx;
				_t200 = _a72;
				_t219 = __r9;
				_t111 =  >=  ? _a48 : r13d;
				E00000001180014D4C(__rax, __rdx, _t236 - 0x48, _t200, __r8, _t246);
				_t7 = _t210 + 0xb; // 0xb
				if (__r8 - _t7 > 0) goto 0x80030666;
				E00000001180025224(_t144);
				_t8 = _t241 + 0x22; // 0x22
				_t112 = _t8;
				 *_t144 = _t112;
				E00000001180015940();
				goto 0x80030932;
				if (( *__rcx >> 0x00000034 & _t200) != _t200) goto 0x800306f3;
				_v88 = _t241;
				_t225 = __r8;
				_v96 = _a64;
				_t148 = _a40;
				_v104 = r13b;
				_v112 = _t112;
				_v120 = _t148;
				_t68 = E00000001180030968(_t178, __rcx, _t178, __r8, __r8, __r10);
				_t113 = _t68;
				if (_t68 == 0) goto 0x800306c2;
				 *_t178 = r13b;
				goto 0x80030932;
				_t186 = _t178;
				E00000001180042964(_t68, 0x65, _t148, _t186);
				if (_t148 == 0) goto 0x8003092f;
				 *_t148 = ((_a56 ^ 0x00000001) << 5) + 0x50;
				 *((intOrPtr*)(_t148 + 3)) = r13b;
				goto 0x8003092f;
				if (_t186 >= 0) goto 0x80030705;
				 *_t178 = 0x2d;
				_t179 = _t178 + 1;
				_t19 = _t179 + 1; // 0x3
				_t247 = _t19;
				r12d = (_a56 ^ 0x00000001) & 0x000000ff;
				r10d = 0x30;
				if ((0x00000000 &  *_t244) != 0) goto 0x8003075a;
				 *_t179 = r10b;
				asm("dec eax");
				goto 0x8003075d;
				 *_t179 = 0x31;
				_t22 = _t247 + 1; // 0x3
				_t214 = _t22;
				if (_t113 != 0) goto 0x8003076a;
				goto 0x8003077b;
				_t74 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xf8))))));
				 *_t247 = _t74;
				if (( *_t244 & 0xffffffff) <= 0) goto 0x80030814;
				r8d = r10w & 0xffffffff;
				if (_t113 <= 0) goto 0x800307c7;
				_t75 = _t74 + r10w;
				_t128 = _t75 - 0x39;
				if (_t128 <= 0) goto 0x800307b5;
				_t76 = _t75 + (r12d << 5) + 7;
				 *_t214 = _t76;
				_t114 = _t113 - 1;
				_t215 = _t214 + 1;
				r8w = r8w + 0xfffc;
				if (_t128 >= 0) goto 0x80030795;
				if (r8w < 0) goto 0x80030814;
				if (_t76 - 8 <= 0) goto 0x80030814;
				_t27 = _t215 - 1; // 0x3
				_t189 = _t27;
				r8b =  *_t189;
				if ((_t225 - 0x00000046 & 0x000000df) != 0) goto 0x800307f9;
				 *_t189 = r10b;
				_t190 = _t189 - 1;
				goto 0x800307e6;
				if (_t190 == _t247) goto 0x80030811;
				if (r8b != 0x39) goto 0x80030809;
				goto 0x8003080d;
				 *_t190 = _t225 + 1;
				goto 0x80030814;
				 *((char*)(_t190 - 1)) =  *((char*)(_t190 - 1)) + 1;
				if (_t114 <= 0) goto 0x80030831;
				r8d = _t114;
				_t191 = _t215;
				_t78 = E00000001180005C10(_t225 - 0x46, r10b, _t191, _t178, _t225);
				r10d = 0x30;
				_t248 =  !=  ? _t215 + _t179 : _t247;
				r12b = r12b << 5;
				r12b = r12b + 0x50;
				 *_t248 = r12b;
				_t34 =  &(_t248[0]); // 0x4
				_t234 = _t34;
				_t164 =  *_t244 >> 0x34;
				if ( *_t247 - r13b >= 0) goto 0x80030863;
				_t194 = _t219 - _t164;
				_t35 = _t164 + 2; // 0x2d
				_t81 =  <  ? _t35 : 0x2b;
				_t248[0] =  <  ? _t35 : 0x2b;
				 *_t234 = r10b;
				if (_t194 - 0x3e8 < 0) goto 0x800308b4;
				_t37 = _t234 + 1; // 0x5
				_t227 = _t37;
				_t204 = (_t191 - _t219 >> 7) + (_t191 - _t219 >> 7 >> 0x3f);
				 *_t234 = __r10 + _t204;
				_t195 = _t194 + _t204 * 0xfffffc18;
				if (_t227 != _t234) goto 0x800308bf;
				if (_t195 - 0x64 < 0) goto 0x800308ee;
				_t207 = (_t204 + _t195 >> 6) + (_t204 + _t195 >> 6 >> 0x3f);
				 *_t227 = __r10 + _t207;
				_t228 = _t227 + 1;
				if (_t228 != _t234) goto 0x800308f9;
				if (_t195 + _t207 * 0xffffff9c - 0xa < 0) goto 0x80030925;
				 *_t228 = __r10 + (_t207 >> 2) + (_t207 >> 2 >> 0x3f);
				_t229 = _t228 + 1;
				 *_t229 = (_t78 & 0x000007ff) + r10b;
				 *((intOrPtr*)(_t229 + 1)) = r13b;
				if (_v48 == r13b) goto 0x80030945;
				 *(_v72 + 0x3a8) =  *(_v72 + 0x3a8) & 0xfffffffd;
				return r13d;
			}

0x1800305f8
0x1800305f8
0x1800305fb
0x1800305ff
0x180030603
0x180030607
0x18003060a
0x18003061b
0x180030620
0x180030623
0x180030626
0x180030629
0x180030638
0x18003063b
0x180030641
0x180030646
0x18003064f
0x180030651
0x180030656
0x180030656
0x18003065a
0x18003065c
0x180030661
0x18003067b
0x180030687
0x18003068c
0x18003068f
0x180030696
0x1800306a1
0x1800306a6
0x1800306aa
0x1800306af
0x1800306b4
0x1800306b8
0x1800306ba
0x1800306bd
0x1800306c7
0x1800306ca
0x1800306d2
0x1800306e8
0x1800306ea
0x1800306ee
0x1800306fb
0x1800306fd
0x1800306ff
0x18003070c
0x18003070c
0x180030717
0x18003071b
0x180030741
0x180030743
0x18003074f
0x180030758
0x18003075a
0x18003075d
0x18003075d
0x180030763
0x180030768
0x180030779
0x18003077b
0x180030781
0x180030787
0x180030797
0x1800307a8
0x1800307ac
0x1800307b0
0x1800307b2
0x1800307b5
0x1800307b7
0x1800307b9
0x1800307c0
0x1800307c5
0x1800307cb
0x1800307e0
0x1800307e2
0x1800307e2
0x1800307e6
0x1800307ef
0x1800307f1
0x1800307f4
0x1800307f7
0x1800307fc
0x180030802
0x180030807
0x18003080d
0x18003080f
0x180030811
0x180030816
0x180030818
0x18003081e
0x180030823
0x18003082b
0x180030834
0x180030838
0x18003083c
0x180030840
0x180030843
0x180030843
0x18003084a
0x18003085b
0x180030860
0x18003086e
0x180030871
0x180030874
0x180030878
0x180030882
0x18003088e
0x18003088e
0x1800308a0
0x1800308a7
0x1800308b1
0x1800308b7
0x1800308bd
0x1800308da
0x1800308e1
0x1800308e4
0x1800308f1
0x1800308f7
0x180030918
0x18003091b
0x180030928
0x18003092b
0x180030937
0x18003093e
0x180030964

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018003065C

Strings

gfffffff, xrefs: 00000001800308F9

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: gfffffff
API String ID: 3215553584-1523873471
Opcode ID: 0b4eb77db3021fb5beec0670e94adc5cdb9a28668c746f5ac4f89992de5bc4bd
Instruction ID: 3da0032d2be96eee2175e7d414339493f8853c0bf8c4480e8fea61efc0f7af92
Opcode Fuzzy Hash: 0b4eb77db3021fb5beec0670e94adc5cdb9a28668c746f5ac4f89992de5bc4bd
Instruction Fuzzy Hash: 29915876B067CC86EF97CB6594203EE7794A759BC0F16C022EA8947391EE39D60AC701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180031018 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 216
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 61%

			E00000001180031018(signed char __edx, intOrPtr* __rax, long long __rbx, unsigned int* __rcx, char* __rdx, long long __rsi, signed int __rbp, void* __r8, void* __r9, long long _a8, long long _a16, long long _a24, signed long long _a40, intOrPtr _a48, long long _a56, signed long long _a64, void* _a72) {
				void* _v8;
				long long _v16;
				intOrPtr _v20;
				char _v24;
				long long _v40;
				intOrPtr _v48;
				intOrPtr _v56;
				long long _v64;
				long long _v72;
				void* __rdi;
				signed char _t88;
				intOrPtr _t96;
				intOrPtr _t98;
				void* _t106;
				void* _t114;
				void* _t128;
				signed long long _t129;
				long long _t130;
				void* _t136;
				unsigned int _t146;
				signed long long _t152;
				void* _t163;
				unsigned int* _t165;
				unsigned long long _t173;
				signed long long _t183;
				signed long long _t184;
				long long _t185;
				long long _t190;

				_t167 = __rbp;
				_t88 = __edx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t165 = __rcx;
				if (__rdx != 0) goto 0x80031055;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				goto 0x800312f0;
				if (__r8 == 0) goto 0x8003103d;
				if (__r9 == 0) goto 0x8003103d;
				_t183 = _a40;
				if (_t183 == 0) goto 0x8003103d;
				if (_a48 == 0x41) goto 0x80031085;
				if (__rcx - 0x45 - 2 <= 0) goto 0x80031085;
				r11b = 0;
				goto 0x80031088;
				r11b = 1;
				_t152 = _a64;
				if ((_t88 & 0x00000008) != 0) goto 0x8003117a;
				_t173 =  *((intOrPtr*)(__rcx));
				_t106 = (_t173 >> 0x00000034 & __rbp) - __rbp;
				if (_t106 != 0) goto 0x8003117a;
				if (_t106 != 0) goto 0x800310cf;
				goto 0x800310fc;
				if (_t173 >= 0) goto 0x800310e8;
				if ((_t173 & 0xffffffff) != 0) goto 0x800310e8;
				goto 0x800310fc;
				asm("dec eax");
				_t143 = (_t152 & 0xfffffffc) + 8;
				_t128 = (_t173 >> 0x3f) + 4;
				if (__r8 - _t128 >= 0) goto 0x8003110e;
				 *__rdx = 0;
				goto 0x80031173;
				_t184 = _t183 | 0xffffffff;
				if (r8b == 0) goto 0x80031128;
				 *__rdx = 0x2d;
				_t136 = __rdx + 1;
				 *_t136 = 0;
				if (__r8 == _t184) goto 0x80031128;
				_t163 = __r8 - 1;
				_t129 = _t128 + (_t152 & 0xfffffffc) + 8;
				_t175 =  *((intOrPtr*)(0x800506c0 + _t129 * 8));
				_t185 = _t184 + 1;
				if ( *((char*)( *((intOrPtr*)(0x800506c0 + _t129 * 8)) + _t185)) != 0) goto 0x80031141;
				r8d = _t152 + _t129;
				_t114 = E00000001180017E04(_t129, _t136, _t163,  *((intOrPtr*)(0x800506c0 + (_t175 + _t143) * 8)));
				if (_t114 != 0) goto 0x80031306;
				goto 0x800312f0;
				if (_t114 == 0) goto 0x800312b9;
				if (_t114 == 0) goto 0x80031280;
				if (_t114 == 0) goto 0x800311f3;
				if (_t114 == 0) goto 0x800311b7;
				if (_t114 == 0) goto 0x800312b9;
				if (_t114 == 0) goto 0x80031280;
				if (0xffffffffffffff9b == 1) goto 0x800311f3;
				_t130 = _a72;
				_v40 = _t130;
				_v48 = 2;
				_v56 = r11b;
				_v64 = _a56;
				_v72 = _t185;
				E00000001180030E04(0x16, _t130, _t136, __rcx, _t136, _t163, __rbp, _t163);
				goto 0x800312f0;
				_t98 = _a56;
				_t146 =  *_t165;
				_v72 = 0x800506c0;
				_t96 = _t98;
				_v24 = _t130;
				_v16 = _t130;
				E0000000118003B5A0(_t96, _t146,  &_v24, 0x800506c0);
				r8d = _v20;
				r8d = r8d + _t98;
				_t158 =  ==  ? _t163 : _t163 - _t146;
				if (E00000001180039114(_t130, _t136, _t146 + _t136,  ==  ? _t163 : _t163 - _t146,  &_v24) == 0) goto 0x80031259;
				 *_t136 = 0;
				goto 0x800312f0;
				_t190 =  &_v24;
				_v64 = _a72;
				r8d = _t98;
				_v72 = 0;
				E00000001180030CC0(E00000001180039114(_t130, _t136, _t146 + _t136,  ==  ? _t163 : _t163 - _t146,  &_v24), _t136, _t136, _t163, _t165, _t167, _t190);
				goto 0x800312f0;
				_v40 = _a72;
				_v48 = _t96;
				_v56 = r11b;
				_v64 = _a56;
				_v72 = _t190;
				E00000001180030968(_t136, _t165, _t136, _t165, _t163, 0x800506c0);
				goto 0x800312f0;
				_v40 = _a72;
				_v48 = _t96;
				_v56 = r11b;
				_v64 = _a56;
				_v72 = 0x800506c0;
				return E000000011800305F8(_a72, _t136, _t165, _t136, _t165, _t167, _t163, 0x800506c0, 0x800506c0);
			}

0x180031018
0x180031018
0x180031018
0x18003101d
0x180031022
0x180031035
0x18003103b
0x18003103d
0x180031047
0x180031049
0x180031050
0x180031058
0x18003105d
0x18003105f
0x18003106a
0x180031076
0x18003107e
0x180031080
0x180031083
0x180031085
0x180031088
0x180031093
0x180031099
0x1800310ab
0x1800310ae
0x1800310c9
0x1800310cd
0x1800310dc
0x1800310e1
0x1800310e6
0x1800310f1
0x1800310f8
0x180031100
0x180031107
0x180031109
0x18003110c
0x18003110e
0x180031115
0x180031117
0x18003111a
0x18003111d
0x180031123
0x180031125
0x18003113a
0x18003113d
0x180031141
0x180031149
0x180031153
0x180031169
0x18003116b
0x180031175
0x180031187
0x180031190
0x180031199
0x18003119e
0x1800311a3
0x1800311ac
0x1800311b5
0x1800311b7
0x1800311c2
0x1800311d1
0x1800311d8
0x1800311dd
0x1800311e1
0x1800311e9
0x1800311ee
0x1800311f3
0x1800311ff
0x180031204
0x180031209
0x18003120e
0x180031213
0x180031218
0x18003121d
0x180031236
0x180031241
0x18003124f
0x180031251
0x180031254
0x180031261
0x180031266
0x18003126b
0x180031271
0x180031279
0x18003127e
0x18003128b
0x18003129a
0x1800312a1
0x1800312a6
0x1800312aa
0x1800312b2
0x1800312b7
0x1800312c4
0x1800312d3
0x1800312da
0x1800312df
0x1800312e3
0x180031305

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180031049

Part of subcall function 0000000180015990: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,000000018001593D), ref: 0000000180015999
Part of subcall function 0000000180015990: GetCurrentProcess.KERNEL32(?,?,?,?,000000018001593D), ref: 00000001800159BE

Strings

-, xrefs: 0000000180031224

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
String ID: -
API String ID: 4036615347-2547889144
Opcode ID: 580ff4738bbdadc79cdb12bb99cdda29876cbcff1343374fdf6594e45ea5ad60
Instruction ID: 133921d046084ba2c2000f399c89d7e3834a0367dad283aaf6fdd147babf6b74
Opcode Fuzzy Hash: 580ff4738bbdadc79cdb12bb99cdda29876cbcff1343374fdf6594e45ea5ad60
Instruction Fuzzy Hash: D381F4723047888AEBA78B55A4007EBB791F79D7E0F558225FA9943BD9DF3CC6098700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002D450 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0000000118002D450() {
				void* _t4;
				void* _t7;
				void* _t10;

				E0000000118002CA30(0xd, _t7, "GetSystemTimePreciseAsFileTime", _t10, 0x80050428, 0x8005042c);
				if (_t4 == 0) goto 0x8002d48c;
				goto ( *0x8004c3c0);
			}

0x18002d473
0x18002d47e
0x18002d485

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002D473

Strings

GetSystemTimePreciseAsFileTime, xrefs: 000000018002D46C

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: try_get_function
String ID: GetSystemTimePreciseAsFileTime
API String ID: 2742660187-595813830
Opcode ID: 35d76f633c6379c37cf2c0dd81ea458bba648d4e394172a7677c69d30c1ad43e
Instruction ID: 437c28c0abdbdbee5d21425c740e7a309719a72173432e34eed8ca22595ef3cb
Opcode Fuzzy Hash: 35d76f633c6379c37cf2c0dd81ea458bba648d4e394172a7677c69d30c1ad43e
Instruction Fuzzy Hash: 07E0C2B2B12C0DC1FEC79B91A8617E41350EB0C7C8F88D023BA08162A1DE388BCDCB45

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180031C3C Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 0000000180031E8B
RaiseException.KERNEL32 ref: 0000000180031E9C

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 5e60b6d6ad4f0aa26a7f886528b8d0fca9df2e346bdc4af125dbc9467789e505
Instruction ID: a10106a137c24cf26e8a3f769fd9ae4b086bb56589f5a4d548d940c25149da18
Opcode Fuzzy Hash: 5e60b6d6ad4f0aa26a7f886528b8d0fca9df2e346bdc4af125dbc9467789e505
Instruction Fuzzy Hash: 17B13C77610B888FEB56CF29C88639D77A0F348B89F16C911EB59877A8CB35C956C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018004A020 Relevance: 3.1, APIs: 2, Instructions: 60encryptionCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32 ref: 000000018004A075

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 6bd9c8a54f7720d5f9a9c333adc42be751e5fd0d7d57b18296a8ec85b8b65ea6
Instruction ID: 99c16582d58de55a838334d345133101c55846105b5e28824e0e996626af1f18
Opcode Fuzzy Hash: 6bd9c8a54f7720d5f9a9c333adc42be751e5fd0d7d57b18296a8ec85b8b65ea6
Instruction Fuzzy Hash: C121EB32208B88C6EB91CF55E48075AB7A0F3C97D8F518115FA8987B68DF7DC5498B08

Uniqueness

Uniqueness Score: -1.00%

Function 00C50954 Relevance: 2.9, Strings: 2, Instructions: 410COMMON

Download Yara Rule

Strings

d9(4, xrefs: 00C509F6
Y6}, xrefs: 00C50ADE

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Y6}$d9(4
API String ID: 0-3330832364
Opcode ID: b043fa54239bd32b140c4ade51c25e42e7665cf50e01dff0b3be8c5be184675f
Instruction ID: 4b14e0286bc277fea9aa973dc4f8990f1486c37ba8af318dd8204489e4a88406
Opcode Fuzzy Hash: b043fa54239bd32b140c4ade51c25e42e7665cf50e01dff0b3be8c5be184675f
Instruction Fuzzy Hash: 301217B0904709EFDB58CFA8C49A99EBBF1FF44304F40816DE849EB290D7749A59CB45

Uniqueness

Uniqueness Score: -1.00%

Function 00C5308C Relevance: 2.8, Strings: 2, Instructions: 302COMMON

Download Yara Rule

Strings

LPX, xrefs: 00C53275
?T~, xrefs: 00C532DA

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ?T~$LPX
API String ID: 0-3819494200
Opcode ID: 5371fcae6a6dea951bf7840fb42d0654fda63255fe2b3c817271c2b7c944b8ce
Instruction ID: ea0fe80920a086afdf8556e628e40e1aacf7dd6e85ab822e814045340afbe256
Opcode Fuzzy Hash: 5371fcae6a6dea951bf7840fb42d0654fda63255fe2b3c817271c2b7c944b8ce
Instruction Fuzzy Hash: 1CD128B1A0874C9FDF58DFA8D4895DDBBB1FB48384F00411AE80AF7290D774994ACB99

Uniqueness

Uniqueness Score: -1.00%

Function 00C657B4 Relevance: 2.7, Strings: 2, Instructions: 219COMMON

Download Yara Rule

Strings

K>DO, xrefs: 00C65A9D
5]w, xrefs: 00C65AE4

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 5]w$K>DO
API String ID: 0-1721466923
Opcode ID: 93887384d1e3e316060a719fa74046c8221635d2d4d23715a552f7898b76f6a5
Instruction ID: 5e54486d778c9f78883fd8f656f295282b8da9da42c3b5b3bfbab903ecafd848
Opcode Fuzzy Hash: 93887384d1e3e316060a719fa74046c8221635d2d4d23715a552f7898b76f6a5
Instruction Fuzzy Hash: 4DA12175A02748CFDB68DF68D5CA59D7BF1EF24344F200019EC1A9B2A2C774D929CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00C63D28 Relevance: 2.7, Strings: 2, Instructions: 218COMMON

Download Yara Rule

Strings

lqCn, xrefs: 00C63E96
m[l, xrefs: 00C63E02

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: lqCn$m[l
API String ID: 0-3128696216
Opcode ID: 4c7d10dd5693097ca8244591837128d2cd95e17d02ebbf0952c9b834f9068715
Instruction ID: 3e70f827ed4b37114a45360e6e817c00816fdb21cbea1cd581fb0cd85c86093a
Opcode Fuzzy Hash: 4c7d10dd5693097ca8244591837128d2cd95e17d02ebbf0952c9b834f9068715
Instruction Fuzzy Hash: 0EA11671504709CFDB58CF28C58A9CD3BA0FF58318F82122AFD49A72A0D774DA59CB89

Uniqueness

Uniqueness Score: -1.00%

Function 00C510AC Relevance: 2.7, Strings: 2, Instructions: 217COMMON

Download Yara Rule

Strings

U, xrefs: 00C513BA
Nt, xrefs: 00C51290

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Nt$U
API String ID: 0-2773090818
Opcode ID: 75f2b5d32e15d85487eb668497678b5eb0055a4daa499d447cf193525b22889b
Instruction ID: 03651798e6834a9565c1c44f92afcbee50a7c6d0760a6ef3a07302c7163fd7fa
Opcode Fuzzy Hash: 75f2b5d32e15d85487eb668497678b5eb0055a4daa499d447cf193525b22889b
Instruction Fuzzy Hash: BBA1C4B05047888FEB58DF68D8865D93FA1FB58398F11421DFC8AA72A0D778D885CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C4FF64 Relevance: 2.7, Strings: 2, Instructions: 192COMMON

Download Yara Rule

Strings

#X, xrefs: 00C501A3
Us, xrefs: 00C502A7

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: #X$Us
API String ID: 0-3203413852
Opcode ID: 927f4b49d76b73256ea5c740f2e30509fd742bc0798702765f896e21c4c8ed3c
Instruction ID: 55442d1559020434024da76e3bf20fb6e514fc77cb6c3e5d9d1d23292f39a3fc
Opcode Fuzzy Hash: 927f4b49d76b73256ea5c740f2e30509fd742bc0798702765f896e21c4c8ed3c
Instruction Fuzzy Hash: ABB167B590070DCFEB98DF28C18A59D3BA9FF55308F404129FC1E962A1E3B8E518CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00C5FB88 Relevance: 2.7, Strings: 2, Instructions: 164COMMON

Download Yara Rule

Strings

tt", xrefs: 00C5FCF1
%R, xrefs: 00C5FBFE

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: %R$tt"
API String ID: 0-772664118
Opcode ID: cdb4b53f2f09b2303a41a9c0704183505d0985f12a48c0c3b60d1fd3dd25ac21
Instruction ID: 04b132cbb5f85ab8e49a83546eea1374470874bbcf4e3954453815f8314e448e
Opcode Fuzzy Hash: cdb4b53f2f09b2303a41a9c0704183505d0985f12a48c0c3b60d1fd3dd25ac21
Instruction Fuzzy Hash: BE713B7451434D8BDF48CF28C89A5DD3BA0FB48398F56132DFD9AA6290C778D985CB88

Uniqueness

Uniqueness Score: -1.00%

Function 00C4BA24 Relevance: 2.7, Strings: 2, Instructions: 152COMMON

Download Yara Rule

Strings

5t%, xrefs: 00C4BA9E
y, xrefs: 00C4BC4B

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 5t%$y
API String ID: 0-493594994
Opcode ID: 6f0e00c9ead975cfaf4ea2e77c512cc28932c103f1f544ab72cc7830bdf191ce
Instruction ID: fed6daf8427f1b61ed7eb82547e9d035f01a0bebbaaaa0327b89ef2fdced51e1
Opcode Fuzzy Hash: 6f0e00c9ead975cfaf4ea2e77c512cc28932c103f1f544ab72cc7830bdf191ce
Instruction Fuzzy Hash: 67918BB190078ECFDB58CF68C84A5CE7BB0FB14358F404A19F866962A0D3B4DA65CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00C496B8 Relevance: 2.6, Strings: 2, Instructions: 147COMMON

Download Yara Rule

Strings

1e, xrefs: 00C496D8
f<$F, xrefs: 00C49875

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 1e$f<$F
API String ID: 0-2724976541
Opcode ID: 1d95138f6fdf08470e8f176c0dd76d9716459aa4dede15dc4b9a20d9c628de90
Instruction ID: 1fff4f9fb3e529dfdef6588e4b504057480f5b83180186fea9bae0b9f3de6da6
Opcode Fuzzy Hash: 1d95138f6fdf08470e8f176c0dd76d9716459aa4dede15dc4b9a20d9c628de90
Instruction Fuzzy Hash: AD711A7110478CAFDBB9CF28C89A6DA37A0FB49308F50861DD94E8E290DF749B49DB41

Uniqueness

Uniqueness Score: -1.00%

Function 00C484F8 Relevance: 2.6, Strings: 2, Instructions: 146COMMON

Download Yara Rule

Strings

Y", xrefs: 00C4860B
L, xrefs: 00C486D6

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: L$Y"
API String ID: 0-1467774553
Opcode ID: 2c48c4371220eb54a9ab09e752dd04f6ad79d49a1bf6e2c0c73efc3286d8c696
Instruction ID: d51f757aef0f01beb15d613aeb064373f335caf6bebff5b8eb590bf71ad5d27c
Opcode Fuzzy Hash: 2c48c4371220eb54a9ab09e752dd04f6ad79d49a1bf6e2c0c73efc3286d8c696
Instruction Fuzzy Hash: 295114B151074D9FCB88DF28C8C99C97BA1FB483A8F556218FC0A97254C7B4D885CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00C64680 Relevance: 2.6, Strings: 2, Instructions: 128COMMON

Download Yara Rule

Strings

y&, xrefs: 00C646FF
Sa, xrefs: 00C683E3

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Sa$y&
API String ID: 0-700414750
Opcode ID: 20d9025a8a3505d7d31e7295bad198ad76a83a447a1e61e4b9726380a692546c
Instruction ID: 91345013e0710d22e394ef8f6c6a3c1529cb00a3222c8af76f46245932b76a36
Opcode Fuzzy Hash: 20d9025a8a3505d7d31e7295bad198ad76a83a447a1e61e4b9726380a692546c
Instruction Fuzzy Hash: F051EF7061C7848FD768DF28C58A65BBBF0FBDA704F000A2DE689C7261D7B69845CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00C68690 Relevance: 2.6, Strings: 2, Instructions: 115COMMON

Download Yara Rule

Strings

, N, xrefs: 00C687E1
0gL, xrefs: 00C6880D

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: , N$0gL
API String ID: 0-3996470819
Opcode ID: f2532db71947988c01e260eeb170c32121aeeb8cf32307669213a599370f11e8
Instruction ID: 85cf004068c2f2089a92fe41064326a0145466988acd795295c2101aef315ac3
Opcode Fuzzy Hash: f2532db71947988c01e260eeb170c32121aeeb8cf32307669213a599370f11e8
Instruction Fuzzy Hash: 1351B670500BCCCBDBBACF54CC8DADA3BA1FB98305F104619D94A9E7A0DB795A49CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00C548B0 Relevance: 2.6, Strings: 2, Instructions: 100COMMON

Download Yara Rule

Strings

G`OV, xrefs: 00C54A14
1/, xrefs: 00C5498D

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 1/$G`OV
API String ID: 0-3929948944
Opcode ID: d62949ad0294063053f77de7a54004d2a4a62d647e2eb2b3cc8fcc7dd014da9b
Instruction ID: 9a3146f850e4450a032c15acfaafa1013bb226cb2cb8fb96945d69db6e298710
Opcode Fuzzy Hash: d62949ad0294063053f77de7a54004d2a4a62d647e2eb2b3cc8fcc7dd014da9b
Instruction Fuzzy Hash: C241177050CB848BDBB8DF28D48579AB7E1FB98304F508A1EE88DC7351DB749588CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00C54FA4 Relevance: 2.6, Strings: 2, Instructions: 99COMMON

Download Yara Rule

Strings

W5, xrefs: 00C550D1
2V, xrefs: 00C550AE

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 2V$W5
API String ID: 0-1873325321
Opcode ID: 2cac5ebb664ebc0649a93560a62f559e178364f761da87e25be392b8304fa33a
Instruction ID: 2ee1bd5f94967c99569ad95773be7df533acefeb5ecc9c1f7e5c5490938b9d7a
Opcode Fuzzy Hash: 2cac5ebb664ebc0649a93560a62f559e178364f761da87e25be392b8304fa33a
Instruction Fuzzy Hash: A041C4B190074A8BDB48DF24C4964DE7FB1FB68398F10421DFC5A9A290D3B8D6A4CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 00C41000 Relevance: 2.6, Strings: 2, Instructions: 97COMMON

Download Yara Rule

Strings

ANSk, xrefs: 00C4109F
oB#x, xrefs: 00C41159

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ANSk$oB#x
API String ID: 0-2811520726
Opcode ID: 113bf255f30907f85ca083131261c133160d8791ed09c7962e46f1e4aa7aeec8
Instruction ID: 8f5f35d053bb1063f95efb2171dad19438fdecf9733857c19c37954fb450759d
Opcode Fuzzy Hash: 113bf255f30907f85ca083131261c133160d8791ed09c7962e46f1e4aa7aeec8
Instruction Fuzzy Hash: C141E2B090078E8FDF48CF68C8864DE7BB0FB48358F50461DFC56A6294D3B49664CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00C6005C Relevance: 2.6, Strings: 2, Instructions: 95COMMON

Download Yara Rule

Strings

(B, xrefs: 00C6015C
3, xrefs: 00C60119

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: (B$3
API String ID: 0-3108688774
Opcode ID: ae8899e9af14a8bd0728e043f2f3e6ee9a39677d1fd67c8acad13cfb8091b350
Instruction ID: 07aa22d1925d712499c5d6f9e2101479bbcbe8c02302c10e999bcdc810ee619c
Opcode Fuzzy Hash: ae8899e9af14a8bd0728e043f2f3e6ee9a39677d1fd67c8acad13cfb8091b350
Instruction Fuzzy Hash: 4441B1706087408BD758DF28C18941BBBF1BBC9744F104A1DFA968B360DB75D945CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00C5FA08 Relevance: 2.6, Strings: 2, Instructions: 93COMMON

Download Yara Rule

Strings

\I, xrefs: 00C5FA24
6`, xrefs: 00C5FAB8

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 6`$\I
API String ID: 0-4113516648
Opcode ID: c820624380164a86f4011e9cac2eee3e4169805a9087f8d545a9fc14e305f8a8
Instruction ID: c59e5fa8906899e796396ffec730a006b5aacd905567a48517b8eac6d47c3e53
Opcode Fuzzy Hash: c820624380164a86f4011e9cac2eee3e4169805a9087f8d545a9fc14e305f8a8
Instruction Fuzzy Hash: 11410A7190070D8BDF48DF68C58A4DE7FB0FB483A8F2A621DE80AB6250D7759585CF88

Uniqueness

Uniqueness Score: -1.00%

Function 00C49144 Relevance: 2.6, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

'7, xrefs: 00C49152
pr, xrefs: 00C491CC

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: '7$pr
API String ID: 0-1984906187
Opcode ID: 056c662d811a8c845d4963eb3dfda1ff298b6ec1510e4f1f57fedda2cc0e9922
Instruction ID: 5a6476a3fc2881c1024f6587dd14d0d970ef27965030042cb67a8fa4ec937050
Opcode Fuzzy Hash: 056c662d811a8c845d4963eb3dfda1ff298b6ec1510e4f1f57fedda2cc0e9922
Instruction Fuzzy Hash: D331A2B05187818BD358DF68C48A41AFBF5BBC6344F104A1DF9C2966A0D7F5D856CB43

Uniqueness

Uniqueness Score: -1.00%

Function 00C46880 Relevance: 2.6, Strings: 2, Instructions: 80COMMON

Download Yara Rule

Strings

KrTD, xrefs: 00C4691E
_D, xrefs: 00C468FA

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: KrTD$_D
API String ID: 0-934927992
Opcode ID: e1601d4e70e378c5a6ecebcd8442673b18ca16eef11f20bd0ff53c9d04a0e76b
Instruction ID: 79f0e27b47198620a76255f61a383142c91a704a78014043126b857d0cce2a1e
Opcode Fuzzy Hash: e1601d4e70e378c5a6ecebcd8442673b18ca16eef11f20bd0ff53c9d04a0e76b
Instruction Fuzzy Hash: 54316D716187818BD748DF28C05A42ABBE1FB9D30CF444B1DF8CAA6291D7789615CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00C4C498 Relevance: 2.6, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

V, xrefs: 00C4C4F9
A%9{, xrefs: 00C4C57D

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: A%9{$V
API String ID: 0-1820082490
Opcode ID: 625af2db419091958e7d4df6c25d7188c91703984e83660915dca7ebc696b449
Instruction ID: 4a89c75939ec6590ac1b7af36921b882fd6c22607b5e7bddba69bbd5997fafd4
Opcode Fuzzy Hash: 625af2db419091958e7d4df6c25d7188c91703984e83660915dca7ebc696b449
Instruction Fuzzy Hash: 6E41A2B180038E8FDF48DF64D8864CE7FF4FB48348F114619E859AA254D3B8D6A4CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00C41A1C Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

>>, xrefs: 00C41AD9
(, xrefs: 00C41A33

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ($>>
API String ID: 0-1145299130
Opcode ID: bfec8586a8ac1bda717ee4d3e998b35be4f018f17ebb2d31d060e621415d9480
Instruction ID: d61d789a22dd42e40bd676641cf20e6ed846b2da0e187c2ac134ea98bee1fe45
Opcode Fuzzy Hash: bfec8586a8ac1bda717ee4d3e998b35be4f018f17ebb2d31d060e621415d9480
Instruction Fuzzy Hash: 4D31C3B190074E8BDF48CF64C88A4DE7FB0FB58358F24461DE946A6294D3B8D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C67348 Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

f, xrefs: 00C6739A
bv, xrefs: 00C67354

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: bv$f
API String ID: 0-3039744445
Opcode ID: 46d2aa2ebc9209d71c82958834864fb94c0878401221f978366f9a402f9450e9
Instruction ID: 175ba421a2144c14d8e2bd17f3c97d528fdcd9677861c87290375925982f2acc
Opcode Fuzzy Hash: 46d2aa2ebc9209d71c82958834864fb94c0878401221f978366f9a402f9450e9
Instruction Fuzzy Hash: DE41C27091438A9FDB48CF68D84A5DE7FF0FB58348F104A29F86AA6250D3B4D664CF85

Uniqueness

Uniqueness Score: -1.00%

Function 00C44CA0 Relevance: 2.6, Strings: 2, Instructions: 71COMMON

Download Yara Rule

Strings

mV5, xrefs: 00C44D66
*!#, xrefs: 00C44CBA

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: *!#$mV5
API String ID: 0-2993575305
Opcode ID: 4245992fb973f88090a409a267d2f85edccab32cf52bd4f60c75fea94f1a4a84
Instruction ID: 648263e4bc5d5776d287b1f22f91e5099b37b083ef8c46b7ffc7a57954b98542
Opcode Fuzzy Hash: 4245992fb973f88090a409a267d2f85edccab32cf52bd4f60c75fea94f1a4a84
Instruction Fuzzy Hash: 7D31D5B150078E8BDB58CF28C98A5DE7BB0FB58358F010A19FC6696290D7B8D665CFC4

Uniqueness

Uniqueness Score: -1.00%

Function 00C499EC Relevance: 2.6, Strings: 2, Instructions: 68COMMON

Download Yara Rule

Strings

l^jf, xrefs: 00C49A95
`{, xrefs: 00C49AD7

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: `{$l^jf
API String ID: 0-1869605660
Opcode ID: 28521cbd4e872c1ef803d1df5e8c14565f9c4bc258fc16fe96f59b7c9f67bd2e
Instruction ID: eb540d20a08f5e40d8c0ff40e11836e8ded1822f40ca17c0ef14950dbd3fc5a0
Opcode Fuzzy Hash: 28521cbd4e872c1ef803d1df5e8c14565f9c4bc258fc16fe96f59b7c9f67bd2e
Instruction Fuzzy Hash: D1317FB162D784AFD388DF28D49591ABBE0FB88354F806A1DF8868B290D775D855CB02

Uniqueness

Uniqueness Score: -1.00%

Function 00C5F550 Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

-, xrefs: 00C5F618
2-, xrefs: 00C5F560

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 2-$-
API String ID: 0-2034864362
Opcode ID: 20bbbdbc3827e50294dde3ee49f0cdd293043f0a077c143f70453fda15f8f7c4
Instruction ID: 4005107032f2b12f9f607655d62483a8781f58ab60f16824121cd48537e79645
Opcode Fuzzy Hash: 20bbbdbc3827e50294dde3ee49f0cdd293043f0a077c143f70453fda15f8f7c4
Instruction Fuzzy Hash: CC317FB190078E8FDF48DF68C84A59A7BB0FB18318F414A1AFC6996254D3B4CA64CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 00C4EAC4 Relevance: 2.6, Strings: 2, Instructions: 61COMMON

Download Yara Rule

Strings

q/, xrefs: 00C4EACC
<&, xrefs: 00C4EB86

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: <&$q/
API String ID: 0-2233190826
Opcode ID: 15a5214ead44a1f0762e7863b7fdc3010a0d9091678656a87e304455b9a574ab
Instruction ID: 9bd053f9b35f2f4033e986bbba913c284afc32c230e79e308d8ab0fbf525c611
Opcode Fuzzy Hash: 15a5214ead44a1f0762e7863b7fdc3010a0d9091678656a87e304455b9a574ab
Instruction Fuzzy Hash: A5319CB0508B848BE758DF25C48A50BBBF2FBC5788F200A1DF292867A0D775D545CF42

Uniqueness

Uniqueness Score: -1.00%

Function 00C51664 Relevance: 2.6, Strings: 2, Instructions: 57COMMON

Download Yara Rule

Strings

g%, xrefs: 00C51703
?P>, xrefs: 00C516D2

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ?P>$g%
API String ID: 0-4203485977
Opcode ID: e7f509d9a25edf16b23a548fc7fe81b9e6bc0ab59227e88e5feb3085b6c3579d
Instruction ID: d38e8bf9a486bedfd03c2efca0676d92a9f1c226b60651064b29c17b4af09fba
Opcode Fuzzy Hash: e7f509d9a25edf16b23a548fc7fe81b9e6bc0ab59227e88e5feb3085b6c3579d
Instruction Fuzzy Hash: DC31BFB090038E9FDB44DF64D88A5DF7BB0FB58348F104A19EC6996250D3B8D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C479D8 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

"X,h, xrefs: 00C47AA5
Ts, xrefs: 00C47A84

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: "X,h$Ts
API String ID: 0-4155455058
Opcode ID: 217a8b3ebbc510d3abab149b4def833290e522513fd0b99837b1368bb75def2b
Instruction ID: 78e44bf7acd730168ef7454480584198ea74db249acf4ebf7474d583245c3fc9
Opcode Fuzzy Hash: 217a8b3ebbc510d3abab149b4def833290e522513fd0b99837b1368bb75def2b
Instruction Fuzzy Hash: 7D215DB0529785ABD398DF28D08991EBBE0BBC4308F806A1DF8858A350D7B4D548CF43

Uniqueness

Uniqueness Score: -1.00%

Function 00C599E8 Relevance: 2.2, Strings: 1, Instructions: 936COMMON

Download Yara Rule

Strings

Mbqz, xrefs: 00C5ADD0

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Mbqz
API String ID: 0-2241695783
Opcode ID: c7e5bd259350cc8d432e2e418653ef11db78de1d8ea4b143f2c3ed3acbc8f7f6
Instruction ID: 73bc4b0da731fbf4f489b99f8353042cd92dcecaeee1363fb1e4f5f947fe6a45
Opcode Fuzzy Hash: c7e5bd259350cc8d432e2e418653ef11db78de1d8ea4b143f2c3ed3acbc8f7f6
Instruction Fuzzy Hash: 9CB23AB552568D8FDBBADF28C8A97D93BE5FB5C304F00422ADC0ACA260E7749755CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002B890 Relevance: 1.9, APIs: 1, Instructions: 439
COMMONCrypto

Download Yara Rule

C-Code - Quality: 78%

			E0000000118002B890(intOrPtr __edx, void* __ebp, signed int __rax, long long __rbx, signed long long __rcx, void* __rdx, signed char _a8, intOrPtr _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t35;
				void* _t37;
				void* _t41;
				void* _t43;
				void* _t45;
				void* _t55;
				intOrPtr _t65;
				void* _t76;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				signed long long _t107;
				intOrPtr _t109;
				signed long long _t111;
				intOrPtr* _t114;
				intOrPtr* _t116;
				signed long long _t122;
				signed long long _t124;
				signed long long _t125;
				void* _t147;
				long long _t152;
				signed long long _t154;
				signed long long _t155;
				signed long long _t156;
				void* _t163;
				void* _t164;
				void* _t166;
				signed long long _t167;
				signed long long _t168;
				signed long long _t170;
				signed long long _t172;
				intOrPtr* _t173;
				long long _t177;

				_a24 = __rbx;
				_a16 = __edx;
				_t177 = __rcx;
				if (__rcx != 0) goto 0x8002b8c8;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				_t107 = __rax | 0xffffffff;
				goto 0x8002bb83;
				E00000001180042868(_t55, 0x3d, __rcx, __rcx, __rdx, _t163);
				_t167 = _t107;
				if (_t107 == 0) goto 0x8002bb62;
				if (_t107 == __rcx) goto 0x8002bb62;
				_t168 =  *0x80099870; // 0x9dbde0
				_t76 = _t168 -  *0x80099888; // 0x9dbde0
				bpl =  *(_t107 + 1);
				_a8 = bpl;
				if (_t76 != 0) goto 0x8002b915;
				0x8002bed4();
				 *0x80099870 = _t107;
				r12d = 1;
				if (_t107 != 0) goto 0x8002b9d9;
				if (__edx == 0) goto 0x8002b967;
				_t79 =  *0x80099878 - _t152; // 0x0
				if (_t79 == 0) goto 0x8002b967;
				_t35 = E000000011800173A8(_t168, _t152);
				if (_t107 == 0) goto 0x8002bb62;
				_t170 =  *0x80099870; // 0x9dbde0
				_t81 = _t170 -  *0x80099888; // 0x9dbde0
				if (_t81 != 0) goto 0x8002b9d4;
				0x8002bed4();
				 *0x80099870 = _t107;
				goto 0x8002b9d4;
				if (bpl == 0) goto 0x8002bb71;
				E00000001180028498(_t35, _t164, __rdx);
				 *0x80099870 = _t107;
				_t37 = E00000001180028028(_t107, _t164);
				_t172 =  *0x80099870; // 0x9dbde0
				if (_t172 != 0) goto 0x8002b9a0;
				_t155 = _t154 | 0xffffffff;
				goto 0x8002bb73;
				_t84 =  *0x80099878 - _t152; // 0x0
				if (_t84 != 0) goto 0x8002b9d4;
				E00000001180028498(_t37, _t164, __rdx);
				 *0x80099878 = _t107;
				E00000001180028028(_t107, _t164);
				_t85 =  *0x80099878 - _t152; // 0x0
				if (_t85 == 0) goto 0x8002b997;
				_t173 =  *0x80099870; // 0x9dbde0
				if (_t173 == 0) goto 0x8002b997;
				_t166 = _t167 - __rcx;
				_t116 = _t173;
				if ( *_t173 == 0) goto 0x8002ba1e;
				if (E00000001180036A14(_t65, _t116, __rcx,  *_t173, _t152, _t155, _t166, _t163) != 0) goto 0x8002ba0c;
				_t109 =  *_t116;
				if ( *((char*)(_t166 + _t109)) == 0x3d) goto 0x8002ba15;
				if ( *((intOrPtr*)(_t166 + _t109)) == sil) goto 0x8002ba15;
				goto 0x8002b9e5;
				goto 0x8002ba28;
				_t122 =  ~((_t116 + 8 - _t173 >> 3) - _t173 >> 3);
				if (_t122 < 0) goto 0x8002ba84;
				if ( *_t173 == _t152) goto 0x8002ba84;
				_t41 = E00000001180028028( *((intOrPtr*)(_t116 + 8)),  *(_t173 + _t122 * 8));
				if (bpl == 0) goto 0x8002ba55;
				 *(_t173 + _t122 * 8) = __rcx;
				goto 0x8002bade;
				_t12 = _t122 * 8; // 0x9c8f20
				_t111 =  *((intOrPtr*)(_t173 + _t12 + 8));
				 *(_t173 + _t122 * 8) = _t111;
				if ( *((intOrPtr*)(_t173 + (_t122 + 1) * 8)) != _t152) goto 0x8002ba49;
				r8d = 8;
				E0000000118002C2A0(_t41, _t122 + 1, _t173, _t122 + 1, _t152, _t155, _t166);
				_t124 = _t111;
				_t43 = E00000001180028028(_t111, _t173);
				if (_t124 == 0) goto 0x8002bae1;
				 *0x80099870 = _t124;
				goto 0x8002bae1;
				if (bpl == 0) goto 0x8002bb75;
				_t125 =  ~_t124;
				_t18 = _t125 + 2; // 0x9dbde2
				_t147 = _t18;
				if (_t147 - _t125 >= 0) goto 0x8002baa2;
				_t156 = _t155 | 0xffffffff;
				goto 0x8002bb77;
				if (_t147 - 0xffffffff >= 0) goto 0x8002ba99;
				r8d = 8;
				E0000000118002C2A0(_t43, _t125, _t173, _t147, _t152, _t156, _t166);
				_t45 = E00000001180028028(0xffffffff, _t173);
				if (0xffffffff == 0) goto 0x8002ba99;
				 *((long long*)(0xffffffff + _t125 * 8)) = _t177;
				 *((long long*)(0xffffffff + 8 + _t125 * 8)) = _t152;
				 *0x80099870 = 0xffffffff;
				if (_a16 == 0) goto 0x8002bb79;
				_t176 = (_t156 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t177 + (_t156 | 0xffffffff) + 1)) != sil) goto 0x8002baf2;
				E00000001180028498(_t45, (_t156 | 0xffffffff) + 3, _t147);
				if (0xffffffff == 0) goto 0x8002bb58;
				if (E00000001180017E04(0xffffffff, 0xffffffff, _t176 + 2, _t177) != 0) goto 0x8002bb9b;
				_t28 = _t167 + 1; // 0x1
				_t114 = 0xffffffff - _t177;
				_a8 =  ~_a8;
				asm("dec eax");
				 *((intOrPtr*)(_t28 + _t114 - 1)) = sil;
				if (E00000001180036B2C(0, E00000001180017E04(0xffffffff, 0xffffffff, _t176 + 2, _t177), 0xffffffff, 0xffffffff, _t176 + 0x00000002 & _t28 + _t114, _t152, _t152, _t177, _t163) != 0) goto 0x8002bb58;
				E00000001180025224(_t114);
				 *_t114 = 0x2a;
				E00000001180028028(_t114, 0xffffffff);
				goto 0x8002bb79;
				E00000001180025224(_t114);
				 *_t114 = 0x16;
				E00000001180028028(_t114, _t152);
				return __ebp;
			}

0x18002b890
0x18002b895
0x18002b8ac
0x18002b8b2
0x18002b8b4
0x18002b8b9
0x18002b8bf
0x18002b8c3
0x18002b8d0
0x18002b8d5
0x18002b8db
0x18002b8e4
0x18002b8ea
0x18002b8f1
0x18002b8f8
0x18002b8fc
0x18002b901
0x18002b906
0x18002b90e
0x18002b915
0x18002b91e
0x18002b926
0x18002b928
0x18002b92f
0x18002b931
0x18002b939
0x18002b93f
0x18002b946
0x18002b94d
0x18002b956
0x18002b95e
0x18002b965
0x18002b96a
0x18002b978
0x18002b97f
0x18002b986
0x18002b98b
0x18002b995
0x18002b997
0x18002b99b
0x18002b9a0
0x18002b9a7
0x18002b9b1
0x18002b9b8
0x18002b9bf
0x18002b9c4
0x18002b9cb
0x18002b9cd
0x18002b9d7
0x18002b9df
0x18002b9e2
0x18002b9e8
0x18002b9fa
0x18002b9fc
0x18002ba04
0x18002ba0a
0x18002ba13
0x18002ba1c
0x18002ba25
0x18002ba2b
0x18002ba30
0x18002ba36
0x18002ba3e
0x18002ba40
0x18002ba44
0x18002ba49
0x18002ba49
0x18002ba4e
0x18002ba59
0x18002ba5b
0x18002ba67
0x18002ba6e
0x18002ba71
0x18002ba79
0x18002ba7b
0x18002ba82
0x18002ba87
0x18002ba8d
0x18002ba90
0x18002ba90
0x18002ba97
0x18002ba99
0x18002ba9d
0x18002baaf
0x18002bab1
0x18002baba
0x18002bac4
0x18002bacc
0x18002bace
0x18002bad2
0x18002bad7
0x18002bae5
0x18002baf2
0x18002baf9
0x18002bb04
0x18002bb0f
0x18002bb22
0x18002bb27
0x18002bb2b
0x18002bb31
0x18002bb35
0x18002bb3b
0x18002bb49
0x18002bb4b
0x18002bb52
0x18002bb5b
0x18002bb60
0x18002bb62
0x18002bb6b
0x18002bb7c
0x18002bb9a

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95159e0520de03578076ab07051385d4427d919af5efdb8317ef6b695f681d40
Instruction ID: 0adf5448c45c1bfa4ee41eba07b7c8a11651f1cafa3e31ba5b5aef192dfc02b1
Opcode Fuzzy Hash: 95159e0520de03578076ab07051385d4427d919af5efdb8317ef6b695f681d40
Instruction Fuzzy Hash: D302E53131264C80FEE7AF6594403EA67D4AB4DBE0F59C629BE69873D1DE78C60D8300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180032824 Relevance: 1.9, APIs: 1, Instructions: 371
COMMONCrypto

Download Yara Rule

C-Code - Quality: 34%

			E00000001180032824(signed long long __rbx, long long __rcx, void* __rdx, long long __rsi) {
				void* __rdi;
				signed int _t134;
				signed int _t156;
				void* _t173;
				signed int _t189;
				signed int _t195;
				void* _t200;
				signed long long _t238;
				signed long long _t239;
				signed int _t240;
				long long _t241;
				signed long long _t242;
				long long _t244;
				long long _t253;
				signed char* _t261;
				long long _t265;
				void* _t267;
				signed long long _t280;
				void* _t283;
				signed char* _t290;
				long long _t295;
				long long _t297;
				signed long long _t298;
				void* _t300;
				signed long long _t301;
				char* _t305;
				void* _t313;
				signed long long _t316;
				signed long long _t319;
				void* _t320;
				signed long long _t323;
				int _t325;
				intOrPtr* _t326;

				_t295 = __rsi;
				_t283 = __rdx;
				_t253 = __rbx;
				_t313 = _t300;
				 *((long long*)(_t313 + 0x10)) = __rbx;
				 *((long long*)(_t313 + 0x18)) = _t297;
				 *((long long*)(_t313 + 0x20)) = __rsi;
				_t301 = _t300 - 0xa0;
				_t238 =  *0x80098010; // 0x6aeceb4fd839
				_t239 = _t238 ^ _t301;
				 *(_t301 + 0x98) = _t239;
				 *((long long*)(_t313 - 0x58)) = __rcx;
				 *((long long*)(_t313 - 0x50)) = __rbx;
				r13d = 0;
				r14d = 0;
				r12d = 0;
				if ( *((intOrPtr*)(__rcx + 0x138)) == 0) goto 0x80032e07;
				_t326 = __rcx + 0xc;
				 *(_t301 + 0x58) = __rbx;
				_t10 = _t253 + 1; // 0x1
				_t200 = _t10;
				if ( *_t326 != 0) goto 0x800328ac;
				 *((long long*)(_t301 + 0x20)) = _t326;
				r9d = 0x1004;
				if (E0000000118003D23C(_t173, 0, _t313 - 0x58,  *((intOrPtr*)(__rcx + 0x138))) != 0) goto 0x80032dd7;
				_t257 = __rsi;
				E00000001180028498(_t120, __rsi, _t283);
				 *(_t301 + 0x58) = _t239;
				E00000001180028498(E00000001180028028(_t239, __rsi), __rsi, _t283);
				_t319 = _t239;
				E00000001180028498(E00000001180028028(_t239, __rsi), _t257, __rsi);
				_t323 = _t239;
				E00000001180028498(E00000001180028028(_t239, _t257), _t257, __rsi);
				_t298 = _t239;
				E00000001180028498(E00000001180028028(_t239, _t257), _t257, __rsi);
				_t316 = _t239;
				E00000001180028028(_t239, _t257);
				if ( *(_t301 + 0x58) == __rbx) goto 0x80032dd7;
				if (_t319 == 0) goto 0x80032dd7;
				if (_t316 == 0) goto 0x80032dd7;
				if (_t323 == 0) goto 0x80032dd7;
				if (_t298 == 0) goto 0x80032dd7;
				 *_t316 = 0;
				if (0 + _t200 - 0x100 < 0) goto 0x80032953;
				if (GetCPInfo(_t325) == 0) goto 0x80032dd7;
				if ( *(_t301 + 0x80) - 5 > 0) goto 0x80032dd7;
				_t134 =  *(_t301 + 0x80) & 0x0000ffff;
				 *(_t301 + 0x50) = _t134;
				if (_t134 - _t200 <= 0) goto 0x800329f3;
				if ( *_t326 != 0xfde9) goto 0x800329b8;
				_t19 = _t316 + 0x80; // 0x80
				r8d = 0x80;
				E00000001180005C10(_t134, 0x20, _t19, _t301 + 0x80,  *((intOrPtr*)(__rcx + 0x138)));
				goto 0x800329f3;
				_t261 = _t301 + 0x86;
				if ( *((intOrPtr*)(_t301 + 0x86)) == 0) goto 0x800329f3;
				if (_t261[1] == 0) goto 0x800329f3;
				_t195 =  *_t261 & 0x000000ff;
				if (_t195 - (_t261[1] & 0x000000ff) > 0) goto 0x800329eb;
				_t240 = _t195;
				 *((char*)(_t240 + _t316)) = 0x20;
				if (_t195 + _t200 - (_t261[1] & 0x000000ff) <= 0) goto 0x800329d9;
				if (_t261[2] != 0) goto 0x800329c9;
				_t26 = _t323 + 0x81; // 0x81
				_t28 = _t316 + 1; // 0x1
				 *((intOrPtr*)(_t301 + 0x40)) = 0;
				 *((intOrPtr*)(_t301 + 0x38)) =  *_t326;
				 *((intOrPtr*)(_t301 + 0x30)) = 0xff;
				 *((long long*)(_t301 + 0x28)) = _t26;
				 *((intOrPtr*)(_t301 + 0x20)) = 0xff;
				_t34 = _t240 + 1; // 0x100
				r8d = _t34;
				if (E00000001180036824(0, 0, _t195 + _t200, _t261[2], _t240, __rbx, _t26,  *((intOrPtr*)(__rcx + 0x138)), __rsi, _t28) == 0) goto 0x80032dd7;
				_t35 = _t298 + 0x81; // 0x81
				_t37 = _t316 + 1; // 0x1
				 *((intOrPtr*)(_t301 + 0x40)) = 0;
				r8d = 0x200;
				 *((intOrPtr*)(_t301 + 0x38)) =  *_t326;
				 *((intOrPtr*)(_t301 + 0x30)) = 0xff;
				 *((long long*)(_t301 + 0x28)) = _t35;
				 *((intOrPtr*)(_t301 + 0x20)) = 0xff;
				if (E00000001180036824(0, 0, _t195 + _t200, E00000001180036824(0, 0, _t195 + _t200, _t261[2], _t240, __rbx, _t26,  *((intOrPtr*)(__rcx + 0x138)), __rsi, _t28), _t240, _t253, _t35,  *((intOrPtr*)(__rcx + 0x138)), _t295, _t37) == 0) goto 0x80032dd7;
				_t43 = _t319 + 0x100; // 0x100
				_t265 = _t43;
				 *((intOrPtr*)(_t301 + 0x30)) = 0;
				r9d = 0x100;
				 *((intOrPtr*)(_t301 + 0x28)) =  *_t326;
				 *((long long*)(_t301 + 0x60)) = _t265;
				 *((long long*)(_t301 + 0x20)) = _t265;
				if (E00000001180032198(_t200, E00000001180036824(0, 0, _t195 + _t200, E00000001180036824(0, 0, _t195 + _t200, _t261[2], _t240, __rbx, _t26,  *((intOrPtr*)(__rcx + 0x138)), __rsi, _t28), _t240, _t253, _t35,  *((intOrPtr*)(__rcx + 0x138)), _t295, _t37), _t253, _t265, __rcx, _t295, _t316) == 0) goto 0x80032dd7;
				_t48 = _t319 + 0xfe; // 0xfe
				_t241 = _t48;
				 *_t241 = 0;
				 *((char*)(_t323 + 0x7f)) = 0;
				 *((char*)(_t298 + 0x7f)) = 0;
				 *((char*)(_t323 + 0x80)) = 0;
				 *((char*)(_t298 + 0x80)) = 0;
				 *((long long*)(_t301 + 0x68)) = _t241;
				if ( *(_t301 + 0x50) - _t200 <= 0) goto 0x80032b88;
				if ( *_t326 != 0xfde9) goto 0x80032b34;
				_t55 = _t298 + 0x100; // 0x100
				_t305 = _t55;
				_t56 = _t319 + 0x200; // 0x200
				r11d = 0x8000;
				_t188 =  >  ? 0 : r11d;
				 *_t56 =  >  ? 0 : r11d;
				 *((char*)(_t323 - _t298 + _t305)) = 0x20;
				 *_t305 = 0x80;
				if (0x80 + _t200 - 0xff <= 0) goto 0x80032b06;
				goto 0x80032b88;
				_t290 = _t301 + 0x86;
				if ( *((intOrPtr*)(_t301 + 0x86)) == 0) goto 0x80032b88;
				r11d = 0x8000;
				if (_t290[1] == 0) goto 0x80032b88;
				_t189 =  *_t290 & 0x000000ff;
				if (_t189 - (_t290[1] & 0x000000ff) > 0) goto 0x80032b80;
				_t242 = _t189;
				 *((intOrPtr*)(_t319 + 0x100 + _t242 * 2)) = r11w;
				 *(_t242 + _t323 + 0x80) = _t189;
				 *(_t242 + _t298 + 0x80) = _t189;
				if (_t189 + _t200 - (_t290[1] & 0x000000ff) <= 0) goto 0x80032b5b;
				if (_t290[2] != 0) goto 0x80032b4b;
				_t72 = _t319 + 0x200; // 0x200
				asm("movups xmm0, [ecx]");
				asm("movups xmm1, [ecx+0x10]");
				_t267 = _t72 + 0x80;
				asm("inc ecx");
				_t243 =  *((intOrPtr*)(_t267 + 0x70));
				asm("inc ecx");
				asm("movups xmm0, [ecx-0x60]");
				asm("movups xmm1, [ecx-0x50]");
				asm("inc ecx");
				asm("inc ecx");
				asm("movups xmm0, [ecx-0x40]");
				asm("movups xmm1, [ecx-0x30]");
				asm("inc ecx");
				asm("inc ecx");
				asm("movups xmm0, [ecx-0x20]");
				asm("movups xmm1, [ecx-0x10]");
				asm("inc ecx");
				_t320 = _t319 - 0xffffff80;
				asm("movups xmm0, [ecx]");
				asm("inc ecx");
				asm("movups xmm1, [ecx+0x10]");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x20]");
				asm("inc ecx");
				asm("movups xmm1, [ecx+0x30]");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x40]");
				asm("inc ecx");
				asm("movups xmm1, [ecx+0x50]");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x60]");
				asm("inc ecx");
				asm("inc ecx");
				 *((long long*)(_t320 + 0x70)) =  *((intOrPtr*)(_t267 + 0x70));
				 *((intOrPtr*)(_t320 + 0x78)) =  *((intOrPtr*)(_t267 + 0x78));
				 *((short*)(_t320 + 0x7c)) =  *(_t267 + 0x7c) & 0x0000ffff;
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("repne inc ecx");
				asm("inc ecx");
				asm("repne inc ecx");
				 *((intOrPtr*)(_t323 + 0x78)) =  *((intOrPtr*)(_t323 + 0x178));
				 *((short*)(_t323 + 0x7c)) =  *(_t323 + 0x17c) & 0x0000ffff;
				 *((char*)(_t323 + 0x7e)) =  *((intOrPtr*)(_t323 + 0x17e));
				asm("movups xmm0, [ebp+0x100]");
				asm("movups xmm1, [ebp+0x110]");
				asm("movups [ebp], xmm0");
				asm("movups xmm0, [ebp+0x120]");
				asm("movups [ebp+0x10], xmm1");
				asm("movups xmm1, [ebp+0x130]");
				asm("movups [ebp+0x20], xmm0");
				asm("movups xmm0, [ebp+0x140]");
				asm("movups [ebp+0x30], xmm1");
				asm("movups xmm1, [ebp+0x150]");
				asm("movups [ebp+0x40], xmm0");
				asm("movups xmm0, [ebp+0x160]");
				asm("movups [ebp+0x50], xmm1");
				asm("movsd xmm1, [ebp+0x170]");
				asm("movups [ebp+0x60], xmm0");
				asm("movsd [ebp+0x70], xmm1");
				 *((intOrPtr*)(_t298 + 0x78)) =  *((intOrPtr*)(_t298 + 0x178));
				 *((short*)(_t298 + 0x7c)) =  *(_t298 + 0x17c) & 0x0000ffff;
				_t156 =  *((intOrPtr*)(_t298 + 0x17e));
				 *(_t298 + 0x7e) = _t156;
				if ( *((intOrPtr*)(__rcx + 0x100)) == 0) goto 0x80032d90;
				asm("lock xadd [ecx], eax");
				if ((_t156 | 0xffffffff) != _t200) goto 0x80032d90;
				E00000001180028028( *((intOrPtr*)(_t267 + 0x70)),  *((intOrPtr*)(__rcx + 0x108)) - 0xfe);
				E00000001180028028( *((intOrPtr*)(_t267 + 0x70)),  *((intOrPtr*)(__rcx + 0x110)) + 0xffffff80);
				E00000001180028028( *((intOrPtr*)(_t267 + 0x70)),  *((intOrPtr*)(__rcx + 0x118)) + 0xffffff80);
				E00000001180028028(_t243,  *((intOrPtr*)(__rcx + 0x100)));
				_t244 =  *(_t301 + 0x58);
				 *_t244 = _t200;
				 *((long long*)(__rcx + 0x100)) = _t244;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(_t301 + 0x60));
				 *((long long*)(__rcx + 0x108)) =  *((intOrPtr*)(_t301 + 0x68));
				_t102 = _t323 + 0x80; // 0x80
				 *((long long*)(__rcx + 0x110)) = _t102;
				_t104 = _t298 + 0x80; // 0x80
				_t248 = _t104;
				 *((long long*)(__rcx + 0x118)) = _t104;
				 *(__rcx + 8) =  *(_t301 + 0x50);
				goto 0x80032dfb;
				E00000001180028028(_t104,  *(_t301 + 0x58));
				E00000001180028028(_t104, _t320);
				E00000001180028028(_t104, _t323);
				E00000001180028028(_t248, _t298);
				_t280 = _t316;
				E00000001180028028(_t248, _t280);
				goto 0x80032e54;
				if ( *((intOrPtr*)(_t280 + 0x100)) == 0) goto 0x80032e16;
				asm("lock dec dword [eax]");
				 *((long long*)(_t280 + 0x100)) = _t253;
				 *_t280 = 0x8004ecd0;
				 *((long long*)(_t280 + 0x108)) = _t253;
				 *((long long*)(_t280 + 0x110)) = 0x8004ef50;
				 *((long long*)(_t280 + 0x118)) = 0x8004f0d0;
				 *((intOrPtr*)(_t280 + 8)) = 1;
				return E00000001180002630(0, _t189 + _t200,  *(_t301 + 0x98) ^ _t301);
			}

0x180032824
0x180032824
0x180032824
0x180032824
0x180032827
0x18003282b
0x18003282f
0x18003283c
0x180032843
0x18003284a
0x18003284d
0x18003285e
0x180032865
0x180032869
0x18003286c
0x180032871
0x180032877
0x18003287d
0x180032881
0x180032886
0x180032886
0x18003288c
0x180032890
0x180032895
0x1800328a6
0x1800328b1
0x1800328b4
0x1800328bb
0x1800328d1
0x1800328d8
0x1800328e5
0x1800328ec
0x1800328f9
0x180032900
0x180032910
0x180032917
0x18003291a
0x180032924
0x18003292d
0x180032936
0x18003293f
0x180032948
0x180032953
0x18003295f
0x180032974
0x180032982
0x180032988
0x180032990
0x180032996
0x18003299f
0x1800329a1
0x1800329a9
0x1800329b1
0x1800329b6
0x1800329b8
0x1800329c7
0x1800329cc
0x1800329ce
0x1800329d7
0x1800329d9
0x1800329de
0x1800329e9
0x1800329f1
0x1800329f6
0x180032a04
0x180032a09
0x180032a0d
0x180032a16
0x180032a1a
0x180032a21
0x180032a25
0x180032a25
0x180032a30
0x180032a39
0x180032a47
0x180032a4c
0x180032a50
0x180032a56
0x180032a5f
0x180032a63
0x180032a6a
0x180032a75
0x180032a7e
0x180032a7e
0x180032a85
0x180032a89
0x180032a8f
0x180032a96
0x180032a9d
0x180032aab
0x180032ab1
0x180032ab1
0x180032ab8
0x180032abb
0x180032abf
0x180032ac2
0x180032ac9
0x180032acf
0x180032ad8
0x180032ae5
0x180032aea
0x180032aea
0x180032af4
0x180032b00
0x180032b12
0x180032b16
0x180032b1e
0x180032b22
0x180032b30
0x180032b32
0x180032b34
0x180032b43
0x180032b45
0x180032b4e
0x180032b50
0x180032b59
0x180032b5b
0x180032b5e
0x180032b67
0x180032b6f
0x180032b7e
0x180032b86
0x180032b88
0x180032b8f
0x180032b92
0x180032b96
0x180032b9d
0x180032ba2
0x180032ba6
0x180032bab
0x180032baf
0x180032bb3
0x180032bb8
0x180032bbd
0x180032bc1
0x180032bc5
0x180032bca
0x180032bcf
0x180032bd3
0x180032bd7
0x180032bdc
0x180032be0
0x180032be3
0x180032be8
0x180032bec
0x180032bf1
0x180032bf5
0x180032bfa
0x180032bfe
0x180032c03
0x180032c07
0x180032c0c
0x180032c10
0x180032c15
0x180032c19
0x180032c1e
0x180032c23
0x180032c2a
0x180032c32
0x180032c3e
0x180032c46
0x180032c4e
0x180032c52
0x180032c5a
0x180032c5f
0x180032c67
0x180032c6c
0x180032c74
0x180032c79
0x180032c81
0x180032c86
0x180032c8e
0x180032c93
0x180032c9c
0x180032ca1
0x180032ca7
0x180032cb3
0x180032cbf
0x180032cc3
0x180032cd0
0x180032cd7
0x180032cdb
0x180032ce2
0x180032ce6
0x180032ced
0x180032cf1
0x180032cf8
0x180032cfc
0x180032d03
0x180032d07
0x180032d0e
0x180032d12
0x180032d1a
0x180032d1e
0x180032d23
0x180032d2d
0x180032d31
0x180032d37
0x180032d44
0x180032d49
0x180032d4f
0x180032d5f
0x180032d6f
0x180032d7f
0x180032d8b
0x180032d90
0x180032d95
0x180032d97
0x180032da3
0x180032dab
0x180032db2
0x180032db9
0x180032dc0
0x180032dc0
0x180032dc7
0x180032dd2
0x180032dd5
0x180032ddc
0x180032de4
0x180032dec
0x180032df4
0x180032dfb
0x180032dfe
0x180032e05
0x180032e11
0x180032e13
0x180032e1d
0x180032e24
0x180032e33
0x180032e3a
0x180032e48
0x180032e51
0x180032e84

APIs

GetCPInfo.KERNEL32 ref: 000000018003296C

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: fad75753f072903de560bc2a8d6b83a4f8fa677077dba55b16db9013260e40e0
Instruction ID: 9259f2ea66690e7d8694f1ddc0b2e21b9ee1395c7b5b6a717c49514dc6b9d48a
Opcode Fuzzy Hash: fad75753f072903de560bc2a8d6b83a4f8fa677077dba55b16db9013260e40e0
Instruction Fuzzy Hash: 5F127D32A08BC886E792CF2894457EE73A4FB5D788F46D215EF8882656DF35D689C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180032F94 Relevance: 1.8, APIs: 1, Instructions: 336
COMMONCrypto

Download Yara Rule

C-Code - Quality: 68%

			E00000001180032F94(intOrPtr* __rax, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, long long _a8, long long _a16, long long _a24) {
				void* _v40;
				signed int _v48;
				char _v56;
				long long _v72;
				void* _t113;
				void* _t119;
				signed int _t151;
				char _t181;
				char _t182;
				long long _t212;
				intOrPtr* _t223;
				intOrPtr* _t241;
				char* _t296;
				char* _t297;
				char* _t329;
				void* _t331;
				long long _t333;
				void* _t334;
				intOrPtr* _t335;
				long long _t337;
				signed long long _t338;
				long long _t339;

				_t331 = __r9;
				_t223 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				r15d = 0;
				_v56 = __rcx;
				_v48 = _v48 & _t338;
				if ( *((intOrPtr*)(__rcx + 0x140)) != _t338) goto 0x80032fe2;
				if ( *((intOrPtr*)(__rcx + 0x148)) != _t338) goto 0x80032fe2;
				r12d = 0;
				goto 0x80033453;
				r13d = 1;
				E00000001180028498(_t113, __rcx, __rdx);
				_t337 = _t223;
				E00000001180028028(_t223, __rcx);
				if (_t337 != 0) goto 0x8003300c;
				goto 0x800334a9;
				E00000001180028498(r13d, _t334, __rdx);
				_t333 = _t223;
				E00000001180028028(_t223, _t334);
				if (_t333 != 0) goto 0x80033034;
				_t119 = E00000001180028028(_t223, _t337);
				goto 0x80033004;
				if ( *((intOrPtr*)(__rcx + 0x140)) == _t338) goto 0x80033390;
				E00000001180028498(_t119, _t334, __rbx);
				_t339 = _t223;
				E00000001180028028(_t223, _t334);
				_t212 = _t339;
				if (_t212 != 0) goto 0x80033068;
				E00000001180028028(_t223, _t337);
				goto 0x8003302d;
				_t299 =  *((intOrPtr*)(__rcx + 0x140));
				_t11 = _t337 + 0x18; // 0x18
				_v72 = _t11;
				r9d = 0x15;
				_t13 =  &_v56; // -15
				E0000000118003D23C(0, r13d, _t13,  *((intOrPtr*)(__rcx + 0x140)));
				_t14 = _t337 + 0x20; // 0x20
				r9d = 0x14;
				_v72 = _t14;
				_t16 =  &_v56; // -15
				E0000000118003D23C(0, r13d, _t16,  *((intOrPtr*)(__rcx + 0x140)));
				_t17 = _t337 + 0x28; // 0x28
				r9d = 0x16;
				_v72 = _t17;
				_t19 =  &_v56; // -15
				E0000000118003D23C(0, r13d, _t19,  *((intOrPtr*)(__rcx + 0x140)));
				_t20 =  &_v56; // -15
				_t21 = _t337 + 0x30; // 0x30
				r9d = 0x17;
				_v72 = _t21;
				E0000000118003D23C(0, r13d, _t20, _t299);
				r9d = 0x18;
				_t23 = _t337 + 0x38; // 0x38
				_t335 = _t23;
				_v72 = _t335;
				_t25 =  &_v56; // -15
				E0000000118003D23C(0, _t331 - 0x17, _t25, _t299);
				r9d = 0x50;
				_t27 =  &_v56; // -15
				_t28 = _t337 + 0x40; // 0x40
				_v72 = _t28;
				E0000000118003D23C(0, _t331 - 0x4f, _t27, _t299);
				r9d = 0x51;
				_t31 =  &_v56; // -15
				_t32 = _t337 + 0x48; // 0x48
				_v72 = _t32;
				E0000000118003D23C(0, _t331 - 0x50, _t31, _t299);
				_t35 =  &_v56; // -15
				_t36 = _t337 + 0x50; // 0x50
				r9d = 0x1a;
				_v72 = _t36;
				E0000000118003D23C(0, 0, _t35, _t299);
				_t38 =  &_v56; // -15
				_t39 = _t337 + 0x51; // 0x51
				r9d = 0x19;
				_v72 = _t39;
				E0000000118003D23C(0, 0, _t38, _t299);
				_t41 =  &_v56; // -15
				_t42 = _t337 + 0x52; // 0x52
				r9d = 0x54;
				_v72 = _t42;
				E0000000118003D23C(0, 0, _t41, _t299);
				_t44 = _t337 + 0x53; // 0x53
				r9d = 0x55;
				_v72 = _t44;
				_t46 =  &_v56; // -15
				E0000000118003D23C(0, 0, _t46, _t299);
				_t47 =  &_v56; // -15
				_t48 = _t337 + 0x54; // 0x54
				r9d = 0x56;
				_v72 = _t48;
				E0000000118003D23C(0, 0, _t47, _t299);
				_t50 =  &_v56; // -15
				_t51 = _t337 + 0x55; // 0x55
				r9d = 0x57;
				_v72 = _t51;
				E0000000118003D23C(0, 0, _t50, _t299);
				_t53 =  &_v56; // -15
				_t54 = _t337 + 0x56; // 0x56
				r9d = 0x52;
				_v72 = _t54;
				E0000000118003D23C(0, 0, _t53, _t299);
				_t56 =  &_v56; // -15
				_t57 = _t337 + 0x57; // 0x57
				r9d = 0x53;
				_v72 = _t57;
				E0000000118003D23C(0, 0, _t56, _t299);
				r9d = 0x15;
				_t59 =  &_v56; // -15
				_t60 = _t337 + 0x68; // 0x68
				_v72 = _t60;
				E0000000118003D23C(0, _t331 - 0x13, _t59, _t299);
				r9d = 0x14;
				_t63 =  &_v56; // -15
				_t64 = _t337 + 0x70; // 0x70
				_v72 = _t64;
				E0000000118003D23C(0, _t331 - 0x12, _t63, _t299);
				r9d = 0x16;
				_t67 =  &_v56; // -15
				_t68 = _t337 + 0x78; // 0x78
				_v72 = _t68;
				E0000000118003D23C(0, _t331 - 0x14, _t67, _t299);
				r9d = 0x17;
				_t71 =  &_v56; // -15
				_t72 = _t337 + 0x80; // 0x80
				_v72 = _t72;
				E0000000118003D23C(0, _t331 - 0x15, _t71, _t299);
				r9d = 0x50;
				_t75 =  &_v56; // -15
				_t76 = _t337 + 0x88; // 0x88
				_v72 = _t76;
				E0000000118003D23C(0, _t331 - 0x4e, _t75, _t299);
				_t79 = _t337 + 0x90; // 0x90
				_t241 = _t79;
				r9d = 0x51;
				_v72 = _t241;
				_t81 =  &_v56; // -15
				E0000000118003D23C(0, _t331 - 0x4f, _t81, _t299);
				if (_t212 == 0) goto 0x80033345;
				E00000001180032E88(_t337);
				E00000001180028028(_t241, _t337);
				E00000001180028028(_t241, _t333);
				E00000001180028028(_t241, _t339);
				goto 0x800334a9;
				_t296 =  *_t335;
				if ( *_t296 == 0) goto 0x800333f8;
				_t83 = _t241 - 0x30; // -48
				_t181 = _t83;
				if (_t181 - 9 > 0) goto 0x80033371;
				 *_t296 = _t181;
				r13d = 1;
				_t297 = _t296 + _t335;
				_t151 =  *_t297;
				if (_t151 != 0) goto 0x80033353;
				goto 0x800333fe;
				if (_t151 != 0x3b) goto 0x8003335d;
				_t329 = _t297;
				_t182 =  *((intOrPtr*)(_t329 + 1));
				 *_t329 = _t182;
				if (_t182 != 0) goto 0x80033378;
				r13d = 1;
				goto 0x80033366;
				asm("movups xmm0, [eax]");
				asm("inc ecx");
				asm("movups xmm1, [eax+0x10]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x20]");
				asm("inc ecx");
				asm("movups xmm1, [eax+0x30]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x40]");
				asm("inc ecx");
				asm("movups xmm1, [eax+0x50]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x60]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x70]");
				asm("inc ecx");
				asm("movups xmm1, [eax+edx]");
				asm("inc ecx");
				 *((long long*)(_t337 + _t297 + 0x10)) =  *((intOrPtr*)(0x800988b0 + _t297 + 0x10));
				goto 0x800333fe;
				r13d = 1;
				 *_t337 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0xf8))));
				 *((long long*)(_t337 + 8)) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0xf8)) + 8));
				 *((long long*)(_t337 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0xf8)) + 0x10));
				 *((long long*)(_t337 + 0x58)) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0xf8)) + 0x58));
				 *((long long*)(_t337 + 0x60)) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0xf8)) + 0x60));
				 *_t333 = r13d;
				if (_t339 == 0) goto 0x80033453;
				 *_t339 = r13d;
				if ( *((intOrPtr*)(__rcx + 0xf0)) == 0) goto 0x80033462;
				asm("lock dec dword [eax]");
				if ( *((intOrPtr*)(__rcx + 0xe0)) == 0) goto 0x80033492;
				asm("lock xadd [ecx], eax");
				if ((_t151 | 0xffffffff) != 1) goto 0x80033492;
				E00000001180028028( *((intOrPtr*)(__rcx + 0xf0)),  *((intOrPtr*)(__rcx + 0xf8)));
				E00000001180028028( *((intOrPtr*)(__rcx + 0xf0)),  *((intOrPtr*)(__rcx + 0xe0)));
				 *((long long*)(__rcx + 0xf0)) = _t339;
				 *((long long*)(__rcx + 0xe0)) = _t333;
				 *((long long*)(__rcx + 0xf8)) = _t337;
				return 0;
			}

0x180032f94
0x180032f94
0x180032f94
0x180032f99
0x180032f9e
0x180032fb3
0x180032fb6
0x180032fba
0x180032fc8
0x180032fd1
0x180032fd3
0x180032fdd
0x180032fe2
0x180032ff0
0x180032ff7
0x180032ffa
0x180033002
0x180033007
0x180033016
0x18003301d
0x180033020
0x180033028
0x18003302d
0x180033032
0x18003303b
0x180033047
0x18003304e
0x180033051
0x180033056
0x180033059
0x18003305e
0x180033066
0x180033068
0x18003306f
0x180033076
0x18003307b
0x180033081
0x180033088
0x18003308d
0x180033091
0x180033097
0x18003309f
0x1800330a8
0x1800330ad
0x1800330b1
0x1800330b7
0x1800330bf
0x1800330c8
0x1800330cf
0x1800330d3
0x1800330d7
0x1800330e0
0x1800330e8
0x1800330ed
0x1800330f3
0x1800330f3
0x1800330fa
0x1800330ff
0x180033109
0x18003310e
0x180033114
0x18003311d
0x180033121
0x18003312a
0x18003312f
0x180033135
0x18003313e
0x180033142
0x18003314b
0x180033152
0x180033156
0x18003315a
0x180033163
0x18003316a
0x180033171
0x180033175
0x180033179
0x180033182
0x180033189
0x180033190
0x180033194
0x180033198
0x1800331a1
0x1800331a8
0x1800331af
0x1800331b3
0x1800331bc
0x1800331c3
0x1800331c7
0x1800331ce
0x1800331d2
0x1800331d6
0x1800331df
0x1800331e6
0x1800331ed
0x1800331f1
0x1800331f5
0x1800331fe
0x180033205
0x18003320c
0x180033210
0x180033214
0x18003321d
0x180033224
0x18003322b
0x18003322f
0x180033233
0x18003323c
0x180033243
0x180033248
0x18003324e
0x180033257
0x18003325b
0x180033264
0x180033269
0x18003326f
0x180033278
0x18003327c
0x180033285
0x18003328a
0x180033290
0x180033299
0x18003329d
0x1800332a6
0x1800332ab
0x1800332b1
0x1800332ba
0x1800332c1
0x1800332ca
0x1800332cf
0x1800332d5
0x1800332de
0x1800332e5
0x1800332ee
0x1800332f5
0x1800332f5
0x1800332fc
0x180033302
0x18003330a
0x180033312
0x180033319
0x18003331e
0x180033326
0x18003332e
0x180033336
0x180033340
0x180033345
0x18003334d
0x180033353
0x180033353
0x180033359
0x18003335b
0x18003335d
0x180033363
0x180033366
0x18003336a
0x18003336c
0x180033373
0x180033375
0x18003337c
0x18003337e
0x180033386
0x180033388
0x18003338e
0x18003339c
0x18003339f
0x1800333a3
0x1800333a7
0x1800333ac
0x1800333b0
0x1800333b5
0x1800333b9
0x1800333be
0x1800333c2
0x1800333c7
0x1800333cb
0x1800333d0
0x1800333d4
0x1800333d9
0x1800333dd
0x1800333e3
0x1800333e7
0x1800333f1
0x1800333f6
0x1800333f8
0x180033408
0x180033416
0x180033425
0x180033434
0x180033443
0x180033447
0x18003344e
0x180033450
0x18003345d
0x18003345f
0x18003346c
0x180033471
0x180033478
0x180033481
0x18003348d
0x180033492
0x18003349b
0x1800334a2
0x1800334c6

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f87e7e06c869cb7feed296d06e9c908f6a87db8b25f9ae510d58f040a8cc9241
Instruction ID: 7eb1e09eab8819abc534569e5e8ef487488e9934f373966a29af77df6cdfb92c
Opcode Fuzzy Hash: f87e7e06c869cb7feed296d06e9c908f6a87db8b25f9ae510d58f040a8cc9241
Instruction Fuzzy Hash: 54E16D36700B8885E762DB61E4817EE37A4F7987C4F428626AE9D53796EF38C349D300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180029290 Relevance: 1.6, APIs: 1, Instructions: 148
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00000001180029290(long long __rbx, void* __rcx, void* __rdx, long long __rsi, signed int __r8, void* __r9) {
				signed long long _t24;
				signed long long _t26;
				void* _t29;

				 *((long long*)(_t29 + 8)) = __rbx;
				 *(_t29 + 0x10) = _t24;
				 *((long long*)(_t29 + 0x18)) = __rsi;
				_t26 = (_t24 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rcx + _t26 * 2)) != 0) goto 0x800292be;
				if (_t26 + 1 -  !__r8 <= 0) goto 0x800292f7;
				return 0xc;
			}

0x180029290
0x180029295
0x18002929a
0x1800292be
0x1800292c5
0x1800292d3
0x1800292f6

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b66abab141f3d0dfaad7e96785fadba5e4bdd71e5490af135a3072728d5f9c
Instruction ID: b97baebb1193eb4cf41c75fdee8fba1bfc9a431fc9d837e48146f2c809d877db
Opcode Fuzzy Hash: 34b66abab141f3d0dfaad7e96785fadba5e4bdd71e5490af135a3072728d5f9c
Instruction Fuzzy Hash: 3651D332705A9484F7A29BB2E9047DE7BE5B748BD8F548215BE9847F99CF38C209C700

Uniqueness

Uniqueness Score: -1.00%

Function 00C4A1D4 Relevance: 1.6, Strings: 1, Instructions: 350COMMON

Download Yara Rule

Strings

m1, xrefs: 00C4A283

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: m1
API String ID: 0-128121454
Opcode ID: 16691c6ba2deddaf6de1f0e0d1ff2ca3acd048d37c77c35f5dce586baf0938cf
Instruction ID: 2ce6aff671bc6a12446bab9cd4fefb7cc8f88b6f6acf1a0641063050ec4b7128
Opcode Fuzzy Hash: 16691c6ba2deddaf6de1f0e0d1ff2ca3acd048d37c77c35f5dce586baf0938cf
Instruction Fuzzy Hash: 12F12770A04709EFDB58DF68C08A59EBBF2FB48304F40816DE84AEB360D3759A59DB45

Uniqueness

Uniqueness Score: -1.00%

Function 00C4A734 Relevance: 1.6, Strings: 1, Instructions: 343COMMON

Download Yara Rule

Strings

7s, xrefs: 00C4AB55

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 7s
API String ID: 0-1359173241
Opcode ID: c3a57ae48d23b59515346257547aa727b2d15ec4c2b1e011d86899241bc59301
Instruction ID: 13a6f9627d9267e785fd0eeb6d5207bd4ec5b98f0c1576f42ded45901cfe0561
Opcode Fuzzy Hash: c3a57ae48d23b59515346257547aa727b2d15ec4c2b1e011d86899241bc59301
Instruction Fuzzy Hash: A30266B5A0070DCFDB58CF28C59A59D3BA9FB49308F00412DFD0E9A2A4E7B4E915CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00C50310 Relevance: 1.6, Strings: 1, Instructions: 337COMMON

Download Yara Rule

Strings

0% E, xrefs: 00C5081C

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 0% E
API String ID: 0-2094739979
Opcode ID: fbf25035978568d4367fdb2795cf05a7893d79d110a623251b08c664a1ec8ff4
Instruction ID: 529f62df5beedd9f7cb04bb2a744abc4225108f8373b8a37adc0c44b01dd9fe1
Opcode Fuzzy Hash: fbf25035978568d4367fdb2795cf05a7893d79d110a623251b08c664a1ec8ff4
Instruction Fuzzy Hash: 6EF106B1A0570CDFDB68CFA8D58A58DBBF2FF44344F104119EC0AA72A0D7B8951ADB49

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180035364 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E00000001180035364(void* __ecx, void* __edx, long long __rbx, long long __rcx, signed int __rdx, long long __rsi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				char _v264;
				unsigned int _t22;
				signed int _t23;
				void* _t25;
				unsigned int _t33;
				intOrPtr _t38;
				signed long long _t53;
				signed long long _t54;
				long long _t56;
				unsigned int* _t67;
				signed long long _t69;
				void* _t71;

				_t64 = __rdx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t53 =  *0x80098010; // 0x6aeceb4fd839
				_t54 = _t53 ^ _t71 - 0x00000120;
				_v24 = _t54;
				_t56 = __rcx;
				E00000001180025B68(_t54, __rcx, __rdx, __rsi);
				_t69 = _t54;
				E00000001180025B68(_t54, _t56, _t64, _t69);
				_t67 =  *((intOrPtr*)(_t54 + 0x3a0));
				_t22 = E0000000118003546C(_t56, _t64);
				r9d = 0x78;
				_t33 = _t22;
				asm("sbb edx, edx");
				_t23 = GetLocaleInfoW(??, ??, ??, ??);
				if (_t23 != 0) goto 0x800353df;
				 *_t67 =  *_t67 & _t23;
				goto 0x80035447;
				_t25 = E0000000118003DBBC(_t54,  *((intOrPtr*)(_t69 + 0x98)));
				_t38 =  *((intOrPtr*)(_t69 + 0xb0));
				if (_t25 != 0) goto 0x80035403;
				if (_t38 != 0) goto 0x80035434;
				goto 0x80035426;
				if (_t38 != 0) goto 0x8003543d;
				if ( *((intOrPtr*)(_t69 + 0xac)) == _t38) goto 0x8003543d;
				if (E0000000118003DBBC(_t54,  *((intOrPtr*)(_t69 + 0x98))) != 0) goto 0x8003543d;
				if (E00000001180035590(_t33, 0, _t54, _t56,  *((intOrPtr*)(_t69 + 0x98)),  &_v264, _t69) == 0) goto 0x8003543d;
				 *_t67 =  *_t67 | 0x00000004;
				_t67[1] = _t33;
				_t67[2] = _t33;
				return E00000001180002630( !( *_t67 >> 2) & 0x00000001, _t33, _v24 ^ _t71 - 0x00000120);
			}

0x180035364
0x180035364
0x180035369
0x180035376
0x18003537d
0x180035380
0x180035388
0x18003538b
0x180035390
0x180035393
0x18003539b
0x1800353a2
0x1800353b4
0x1800353bc
0x1800353be
0x1800353cc
0x1800353d4
0x1800353d6
0x1800353dd
0x1800353eb
0x1800353f0
0x1800353f8
0x1800353fc
0x180035401
0x180035405
0x18003540d
0x180035422
0x180035432
0x180035434
0x180035437
0x18003543a
0x18003546b

APIs

Part of subcall function 0000000180025B68: GetLastError.KERNEL32 ref: 0000000180025B77
Part of subcall function 0000000180025B68: SetLastError.KERNEL32 ref: 0000000180025C15

GetLocaleInfoW.KERNEL32 ref: 00000001800353CC

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: d2e7560ee3cfe0c39984cd3ef4f7f5aa398ce51fb362fc5826b7642a7d371068
Instruction ID: 2af7afe89eb2aed619503b2af43d83845a0b559ec13fd80767221211aeae01cd
Opcode Fuzzy Hash: d2e7560ee3cfe0c39984cd3ef4f7f5aa398ce51fb362fc5826b7642a7d371068
Instruction Fuzzy Hash: C731653230468986EBABCB21E4413DF73A1F78C7C6F45C125BA99877A5DF38D6598700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180034F88 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E00000001180034F88(void* __ecx, void* __edx, signed long long __rax, long long __rbx, long long __rcx, signed int __rdx, signed int __r8, long long _a8) {
				signed int _t35;
				signed char _t36;
				signed char _t37;
				signed int _t52;
				signed long long _t54;
				signed int* _t58;
				signed short** _t65;
				long long _t66;
				signed long long _t71;
				signed long long _t72;
				signed long long _t74;

				_t54 = __rax;
				_a8 = __rbx;
				_t58 = __rcx;
				E00000001180025B68(__rax, __rcx, __rdx, _t66);
				_t71 = __r8 | 0xffffffff;
				_t2 = _t54 + 0x98; // 0x98
				_t65 = _t2;
				_t74 = _t71 + 1;
				if (( *_t65)[_t74] != 0) goto 0x80034fad;
				_t65[3] = 0 | _t74 == 0x00000003;
				_t72 = _t71 + 1;
				if (_t65[1][_t72] != 0) goto 0x80034fc7;
				r8d = 2;
				_t65[3] = 0 | _t72 == 0x00000003;
				_t58[1] = 0;
				if (_t65[3] != 0) goto 0x80035016;
				r10d = 0;
				r9d =  *( *_t65) & 0x0000ffff;
				_t16 = _t74 - 0x41; // 0x58
				if (_t16 - 0x19 <= 0) goto 0x8003500e;
				r9w = r9w - 0x61;
				if (r9w - 0x19 > 0) goto 0x80035013;
				r10d =  &(r10d[0]);
				goto 0x80034ff1;
				r8d = r10d;
				_t65[2] = r8d;
				_t35 = EnumSystemLocalesW(??, ??);
				_t52 =  *_t58 & 0x00000007;
				asm("bt ecx, 0x9");
				_t36 = _t35 & 0xffffff00 | _t52 > 0x00000000;
				asm("bt ecx, 0x8");
				_t37 = _t36 & 0xffffff00 | _t52 > 0x00000000;
				if ((_t37 & (0 | _t52 != 0x00000000) & _t36) != 0) goto 0x8003504a;
				 *_t58 = 0;
				return _t37;
			}

0x180034f88
0x180034f88
0x180034f92
0x180034f95
0x180034f9a
0x180034fa3
0x180034fa3
0x180034fad
0x180034fb5
0x180034fc0
0x180034fc7
0x180034fcf
0x180034fd7
0x180034fe0
0x180034fe3
0x180034fe9
0x180034fee
0x180034ff1
0x180034ff8
0x180035000
0x180035002
0x18003500c
0x18003500e
0x180035011
0x180035013
0x180035016
0x180035026
0x18003502e
0x180035034
0x180035038
0x18003503d
0x180035041
0x180035046
0x180035048
0x180035054

APIs

Part of subcall function 0000000180025B68: GetLastError.KERNEL32 ref: 0000000180025B77
Part of subcall function 0000000180025B68: SetLastError.KERNEL32 ref: 0000000180025C15

EnumSystemLocalesW.KERNEL32(?,?,?,00000001800357BF,?,00000000,00000092,?,?,00000000,?,0000000180026BBD), ref: 0000000180035026

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: c2772fdc3093dd917c2fd717a18f08c5cbcfc49aa1d941b90627c2ea7b39a8f3
Instruction ID: 484cf4dedb5477baad747ccaa47760fb997838feb24999539a52acce4ab407e4
Opcode Fuzzy Hash: c2772fdc3093dd917c2fd717a18f08c5cbcfc49aa1d941b90627c2ea7b39a8f3
Instruction Fuzzy Hash: A9112473A14A488AEB978F25D0803DD37A0E388BE1F45C115E665473D0CE35CBD9C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180035590 Relevance: 1.6, APIs: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 19%

			E00000001180035590(signed int __ecx, void* __edx, signed long long __rax, long long __rbx, void* __rcx, signed int __rdx, long long __rsi, intOrPtr _a8, long long _a16, long long _a24) {
				int _t13;
				signed int _t17;
				void* _t26;
				signed int _t43;
				signed short* _t51;

				_t43 = __rdx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t26 = __edx;
				_t17 = __ecx;
				E00000001180025B68(__rax, __rbx, __rdx, __rsi);
				r9d = 2;
				asm("bts ecx, 0xa");
				_t13 = GetLocaleInfoW(??, ??, ??, ??);
				r10d = 0;
				if (_t13 == 0) goto 0x80035629;
				if (_t17 == _a8) goto 0x80035622;
				if (_t26 == 0) goto 0x80035622;
				_t51 =  *((intOrPtr*)(__rax + 0x98));
				r8d = r10d;
				if (_t43 - 0x41 - 0x19 <= 0) goto 0x80035603;
				if (( *_t51 & 0x0000ffff) - 0x61 - 0x19 > 0) goto 0x8003560f;
				r8d = r8d + 1;
				goto 0x800355f0;
				if (_t51[( &(_t51[2]) | 0xffffffff) + 1] != r10w) goto 0x80035613;
				if (r8d == (_t17 & 0x000003ff)) goto 0x80035629;
				goto 0x8003562b;
				return 0;
			}

0x180035590
0x180035590
0x180035595
0x18003559f
0x1800355a1
0x1800355a3
0x1800355b5
0x1800355bb
0x1800355c7
0x1800355cd
0x1800355d2
0x1800355d8
0x1800355dc
0x1800355de
0x1800355e5
0x1800355f7
0x180035601
0x180035606
0x18003560d
0x18003561b
0x180035620
0x180035627
0x18003563a

APIs

Part of subcall function 0000000180025B68: GetLastError.KERNEL32 ref: 0000000180025B77
Part of subcall function 0000000180025B68: SetLastError.KERNEL32 ref: 0000000180025C15

GetLocaleInfoW.KERNEL32(?,?,?,0000000180035315), ref: 00000001800355C7

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 2f442e36d5b4b46c6ca9f5ea44414ebacb203de74c0e4597c2027ecee34cb7ee
Instruction ID: 5f7b32c06f298487e3afee27356d012ef78a3d2c8844023b62dc03690cf0de4e
Opcode Fuzzy Hash: 2f442e36d5b4b46c6ca9f5ea44414ebacb203de74c0e4597c2027ecee34cb7ee
Instruction Fuzzy Hash: 9A11593271855882EBE79B12E0117EF23A1E3887E1F959225FAA6036D4CE34CAC58700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180035058 Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00000001180035058(void* __ecx, void* __edx, signed long long __rax, long long __rbx, long long __rcx, signed int __rdx, signed int __r8, long long _a8) {
				int _t17;
				void* _t25;
				signed char* _t31;
				signed short* _t36;
				long long _t38;
				signed long long _t44;

				_a8 = __rbx;
				_t31 = __rcx;
				E00000001180025B68(__rax, __rcx, __rdx, _t38);
				_t36 =  *((intOrPtr*)(__rax + 0x98));
				_t44 = (__r8 | 0xffffffff) + 1;
				if (_t36[_t44] != 0) goto 0x8003507a;
				_t25 = _t44 - 3;
				 *(__rax + 0xb0) = 0 | _t25 == 0x00000000;
				if (_t25 == 0) goto 0x800350c3;
				r9d = 0;
				r8d =  *_t36 & 0x0000ffff;
				if (_t44 - 0x41 - 0x19 <= 0) goto 0x800350bb;
				r8w = r8w - 0x61;
				if (r8w - 0x19 > 0) goto 0x800350c0;
				r9d = r9d + 1;
				goto 0x8003509e;
				 *((intOrPtr*)(__rax + 0xac)) = r9d;
				_t17 = EnumSystemLocalesW(??, ??);
				if (( *_t31 & 0x00000004) != 0) goto 0x800350e3;
				 *_t31 = 0;
				return _t17;
			}

0x180035058
0x180035062
0x180035065
0x180035073
0x18003507a
0x180035082
0x180035086
0x180035092
0x180035099
0x18003509b
0x18003509e
0x1800350ad
0x1800350af
0x1800350b9
0x1800350bb
0x1800350be
0x1800350c3
0x1800350d6
0x1800350df
0x1800350e1
0x1800350ed

APIs

Part of subcall function 0000000180025B68: GetLastError.KERNEL32 ref: 0000000180025B77
Part of subcall function 0000000180025B68: SetLastError.KERNEL32 ref: 0000000180025C15

EnumSystemLocalesW.KERNEL32(?,?,?,000000018003577B,?,00000000,00000092,?,?,00000000,?,0000000180026BBD), ref: 00000001800350D6

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 4ec873c9cf25c3fe818aa6ec014e382c06d2d1561b13d0da6a6599c5654f8ce9
Instruction ID: 76f01326b328f9177dbff4fd8dfa70e63093e8621bf02d9db7ff3d04195a1258
Opcode Fuzzy Hash: 4ec873c9cf25c3fe818aa6ec014e382c06d2d1561b13d0da6a6599c5654f8ce9
Instruction Fuzzy Hash: D501FC72B0424886E7974F25E480BDA77E1E748BE6F46C321F6A4472E4CF768688C744

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002C360 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,000000018002D199,?,?,?,?,?,?,?,?,00000000,00000001800344A8), ref: 000000018002C3AF

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: cda287aec45b195b6c8416b94c5a839e6c1bb20190e424ccefbe9dd3917d1599
Instruction ID: 035d8dbfb8bb3f72c452d23a79efed441735d1616d64a6eff4890192e0584a92
Opcode Fuzzy Hash: cda287aec45b195b6c8416b94c5a839e6c1bb20190e424ccefbe9dd3917d1599
Instruction Fuzzy Hash: C2F08772304B4882E782CB29E8817D93365FB9CBC0F04C025FA4983364CF38C669D340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180034F04 Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00000001180034F04(void* __edx, signed long long __rax, long long __rbx, long long __rcx, signed long long __rdx, long long _a8) {
				int _t15;
				signed char* _t25;
				signed long long _t29;
				signed long long _t31;
				long long _t32;

				_t29 = __rdx;
				_a8 = __rbx;
				_t25 = __rcx;
				E00000001180025B68(__rax, __rcx, __rdx, _t32);
				_t31 = (_t29 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rax + 0xa0)) + _t31 * 2)) != 0) goto 0x80034f26;
				 *(__rax + 0xb4) = 0 | _t31 == 0x00000003;
				_t15 = EnumSystemLocalesW(??, ??);
				if (( *_t25 & 0x00000004) != 0) goto 0x80034f58;
				 *_t25 = 0;
				return _t15;
			}

0x180034f04
0x180034f04
0x180034f0e
0x180034f11
0x180034f26
0x180034f2d
0x180034f44
0x180034f4b
0x180034f54
0x180034f56
0x180034f62

APIs

Part of subcall function 0000000180025B68: GetLastError.KERNEL32 ref: 0000000180025B77
Part of subcall function 0000000180025B68: SetLastError.KERNEL32 ref: 0000000180025C15

EnumSystemLocalesW.KERNEL32 ref: 0000000180034F4B

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: a573968c90b1b420c864e35f953ac32617621b89dd605c263242e0659a6d70be
Instruction ID: 786e3d4f2ac9576d49fb14848e75e62933f68d7c980ff0a256fb571f82c5cf68
Opcode Fuzzy Hash: a573968c90b1b420c864e35f953ac32617621b89dd605c263242e0659a6d70be
Instruction Fuzzy Hash: B0F0B47360078845EB524B25E440399A7E1E754BF0F09C221A674472D5CE7885948300

Uniqueness

Uniqueness Score: -1.00%

Function 00C52244 Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

>, xrefs: 00C526FC

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-4048615937
Opcode ID: 35f082249332f6d240efb6a3c148916e58dc78f6fac7b8448015639dc79bfce0
Instruction ID: 8ae7d436d72b7cc189f3703f9cbf26124cab7595deb82491a59c35804cd85c8f
Opcode Fuzzy Hash: 35f082249332f6d240efb6a3c148916e58dc78f6fac7b8448015639dc79bfce0
Instruction Fuzzy Hash: E0D12C755047888FDBB8CF24C88A7D977E1FB85314F50861DEC8ECA291DB749689CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00C58778 Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

w, xrefs: 00C58AFF

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: w
API String ID: 0-4210951952
Opcode ID: 450a975b33d67058faa5ef23269fdb7d474cb1b00904f6db6eeb6156179070ce
Instruction ID: 47ec915804beb41d5379c34153af8bff38c0e1b0dcb74c262337a24c7c134635
Opcode Fuzzy Hash: 450a975b33d67058faa5ef23269fdb7d474cb1b00904f6db6eeb6156179070ce
Instruction Fuzzy Hash: C1D1F07550670DCBEB68CF28C98A59E3BE5FF44304F10012DFC1A962A1D7B4E928CB49

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002C40C Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32 ref: 000000018002C446

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 0e7173a647ae72627e76f239b7ff1d73fc029f5bb466aee3ea6f0cf90b940358
Instruction ID: 4b18a1115c67f6063322a764d8c342aa92df3a1d1ab9bd44e0ecc5364aecd301
Opcode Fuzzy Hash: 0e7173a647ae72627e76f239b7ff1d73fc029f5bb466aee3ea6f0cf90b940358
Instruction Fuzzy Hash: D4E0E5B5215A0881EB85DB55EC953993361A79DBD0F80D816E91D87324DE2CC25D9341

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002C488 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32 ref: 000000018002C4BC

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: e8503f45766abbb406e06ff334c8341b6a44a773e1dbac438a421b8e9db4b672
Instruction ID: d5df9ae71604906492ae3fe9845cf913eabfdf31ef928a0ea5736cfe8b340841
Opcode Fuzzy Hash: e8503f45766abbb406e06ff334c8341b6a44a773e1dbac438a421b8e9db4b672
Instruction Fuzzy Hash: 65E04670616A4481E2869B81EC957E82321ABEDBD1F808915BC09473209E3C836D9301

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800204D0 Relevance: 1.5, Strings: 1, Instructions: 213
COMMONCrypto

Download Yara Rule

C-Code - Quality: 58%

			E000000011800204D0(long long __rbx, signed short* __rcx, long long __rsi, long long __rbp, void* __r10, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v48;
				short _v52;
				short _v56;
				long long _v72;
				void* __rdi;
				signed int _t73;
				void* _t75;
				void* _t98;
				void* _t107;
				void* _t108;
				unsigned int _t109;
				signed short _t110;
				signed char _t118;
				signed short _t126;
				void* _t129;
				void* _t130;
				signed long long _t170;
				void* _t185;
				void* _t187;
				signed long long _t188;
				void* _t195;
				signed long long _t196;
				void* _t198;
				void* _t204;
				signed long long _t207;

				_t193 = __rbp;
				_t190 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t196 = _t195 - 0x40;
				_t170 =  *0x80098010; // 0x6aeceb4fd839
				_v48 = _t170 ^ _t196;
				_t73 =  *(__rcx + 0x42) & 0x0000ffff;
				_t6 = _t190 - 0x20; // 0x58
				_t126 = _t6;
				_t7 = _t190 - 0x77; // 0x1
				r15d = _t7;
				_t130 = _t73 - 0x64;
				if (_t130 > 0) goto 0x80020579;
				if (_t130 == 0) goto 0x800205f7;
				if (_t73 == 0x41) goto 0x8002060a;
				if (_t73 == 0x43) goto 0x80020563;
				if (_t73 - 0x44 <= 0) goto 0x80020613;
				if (_t73 - 0x47 <= 0) goto 0x8002060a;
				if (_t73 == 0x53) goto 0x800205b3;
				if (_t73 == _t126) goto 0x800205c8;
				if (_t73 == 0x5a) goto 0x8002056f;
				if (_t73 == 0x61) goto 0x8002060a;
				if (_t73 != 0x63) goto 0x80020613;
				E00000001180021898(__rcx, __rcx, __rsi);
				goto 0x8002060f;
				_t75 = E00000001180020BB4(_t108, __rcx, __rcx, _t190, __r10);
				goto 0x8002060f;
				if (_t75 - 0x67 <= 0) goto 0x8002060a;
				if (_t75 == 0x69) goto 0x800205f7;
				if (_t75 == 0x6e) goto 0x800205f0;
				if (_t75 == 0x6f) goto 0x800205d2;
				if (_t75 == 0x70) goto 0x800205ba;
				if (_t75 == 0x73) goto 0x800205b3;
				if (_t75 == 0x75) goto 0x800205fb;
				if (_t75 != 0x78) goto 0x80020613;
				goto 0x80020600;
				E00000001180022720(_t108, __rcx, __rcx, _t190, __rbp);
				goto 0x8002060f;
				 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				goto 0x80020603;
				_t109 =  *(__rcx + 0x30);
				if ((r15b & _t109 >> 0x00000005) == 0) goto 0x800205e6;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = _t109;
				goto 0x80020600;
				E00000001180022324(_t170 ^ _t196, __rcx, __rcx);
				goto 0x8002060f;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				r8d = 0;
				E00000001180021F3C(_t107, 0xa, 0x78, __rcx, __rcx, _t185, _t193, _t198, _t204);
				goto 0x8002060f;
				if (E0000000118002139C(0xa, 0x78, __rcx, __rcx, _t187, _t190, _t193) != 0) goto 0x8002061a;
				goto 0x80020785;
				if ( *((intOrPtr*)(__rcx + 0x47c)) != 2) goto 0x80020630;
				if ( *((intOrPtr*)(__rcx + 0x478)) == r15d) goto 0x80020782;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0x80020782;
				_t118 =  *(__rcx + 0x30);
				_v56 = 0;
				_v52 = 0;
				_t22 = _t187 + 0x20; // 0x20
				r13d = _t22;
				if ((r15b & 0) == 0) goto 0x8002068a;
				if ((r15b & 0) == 0) goto 0x8002066c;
				_t27 = _t187 + 0x2d; // 0x2d
				_v56 = _t27;
				goto 0x80020687;
				if ((r15b & _t118) == 0) goto 0x80020678;
				goto 0x80020665;
				if ((r15b & 0) == 0) goto 0x8002068a;
				_v56 = r13w;
				_t188 = _t207;
				_t110 =  *(__rcx + 0x42) & 0x0000ffff;
				r9d = 0xffdf;
				if ((r9w & (_t110 & 0x0000ffff) - _t126) != 0) goto 0x800206af;
				if ((r15b & 0) == 0) goto 0x800206af;
				r8b = r15b;
				goto 0x800206b2;
				r8b = 0;
				r12d = 0x30;
				if (r8b != 0) goto 0x800206cb;
				if (0 == 0) goto 0x800206e8;
				 *((intOrPtr*)(_t196 + 0x30 + _t188 * 2)) = r12w;
				if (_t110 == _t126) goto 0x800206dc;
				if (_t110 != 0x41) goto 0x800206df;
				 *((short*)(_t196 + 0x32 + _t188 * 2)) = _t126 & 0x0000ffff;
				_t191 = __rcx + 0x468;
				_t129 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50));
				if ((_t118 & 0x0000000c) != 0) goto 0x80020711;
				r8d = _t129;
				_t98 = E0000000118001AD64(r13b, __rcx, __rcx + 0x468, _t188 + 2, __rcx + 0x28, __r10);
				r8d = 0;
				_v72 = __rcx + 0x10;
				E00000001180023954(_t98, _t126 & 0x0000ffff, __rcx, __rcx + 0x468, __rcx + 0x468, _t193, __rcx + 0x28);
				if ((r15b & 0) == 0) goto 0x80020753;
				if ((r15b &  *(__rcx + 0x30) >> 0x00000002) != 0) goto 0x80020753;
				r8d = _t129;
				E0000000118001AD64(r12b, __rcx, __rcx + 0x468, _t188 + 2, __rcx + 0x28, __r10);
				E0000000118002377C(__rcx, __rcx, _t191, _t193);
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x80020782;
				r10d =  *(__rcx + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0x80020782;
				r8d = _t129;
				E0000000118001AD64(r13b, __rcx, _t191, _t188 + 2, __rcx + 0x28, __r10);
				return E00000001180002630(r15b,  *(__rcx + 0x30) >> 2, _v48 ^ _t196);
			}

0x1800204d0
0x1800204d0
0x1800204d0
0x1800204d5
0x1800204da
0x1800204e8
0x1800204ec
0x1800204f6
0x1800204fb
0x180020507
0x180020507
0x18002050a
0x18002050a
0x18002050e
0x180020512
0x180020514
0x18002051e
0x180020528
0x18002052e
0x180020538
0x180020542
0x180020547
0x18002054d
0x180020553
0x18002055d
0x180020565
0x18002056a
0x18002056f
0x180020574
0x18002057d
0x180020587
0x18002058d
0x180020593
0x180020599
0x18002059f
0x1800205a5
0x1800205aa
0x1800205b1
0x1800205b3
0x1800205b8
0x1800205ba
0x1800205c1
0x1800205c8
0x1800205d0
0x1800205d2
0x1800205dd
0x1800205df
0x1800205e3
0x1800205ee
0x1800205f0
0x1800205f5
0x1800205f7
0x180020600
0x180020603
0x180020608
0x180020611
0x180020615
0x180020621
0x18002062a
0x180020634
0x18002063a
0x18002063f
0x180020645
0x18002064f
0x18002064f
0x180020656
0x180020660
0x180020662
0x180020665
0x18002066a
0x18002066f
0x180020676
0x18002067f
0x180020681
0x180020687
0x18002068a
0x18002068e
0x18002069e
0x1800206a8
0x1800206aa
0x1800206ad
0x1800206af
0x1800206b5
0x1800206c5
0x1800206c9
0x1800206cb
0x1800206d4
0x1800206da
0x1800206df
0x1800206f2
0x1800206f9
0x1800206fe
0x180020703
0x18002070c
0x180020718
0x18002071b
0x180020728
0x180020738
0x180020740
0x180020745
0x18002074e
0x180020758
0x180020765
0x180020767
0x18002076b
0x180020772
0x180020774
0x18002077d
0x1800207af

Strings

0, xrefs: 00000001800206B5

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ad9a7d52a73910b5cf7619b4335dc1c5c8a07fdcc1ea491b216e9c01c1fadea6
Instruction ID: 01efc4b1009863abf08a31c975c29c585349a56e1be83d7c15a635b7e7ae6ecf
Opcode Fuzzy Hash: ad9a7d52a73910b5cf7619b4335dc1c5c8a07fdcc1ea491b216e9c01c1fadea6
Instruction Fuzzy Hash: 9881F63521470D86FBFB9A1580487EA23A1E78C7C4FA4D112BD851769BCF39CA5F8B05

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001F4B0 Relevance: 1.5, Strings: 1, Instructions: 210
COMMONCrypto

Download Yara Rule

C-Code - Quality: 55%

			E0000000118001F4B0(long long __rbx, signed short* __rcx, void* __rdx, long long __rsi, long long __rbp, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				intOrPtr _t69;
				void* _t71;
				void* _t101;
				unsigned int _t102;
				intOrPtr _t103;
				unsigned int _t106;
				signed char _t115;
				void* _t121;
				void* _t124;
				void* _t125;
				intOrPtr* _t166;
				void* _t180;
				void* _t182;
				intOrPtr* _t185;
				void* _t189;
				void* _t190;
				void* _t192;
				void* _t193;
				void* _t198;
				void* _t199;
				intOrPtr* _t200;
				void* _t201;

				_t187 = __rbp;
				_t184 = __rsi;
				_t180 = __rdx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t190 = _t189 - 0x30;
				_t69 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t125 = _t69 - 0x64;
				if (_t125 > 0) goto 0x8001f537;
				if (_t125 == 0) goto 0x8001f5a3;
				if (_t69 == r14b) goto 0x8001f5b6;
				if (_t69 == 0x43) goto 0x8001f521;
				if (_t69 - 0x44 <= 0) goto 0x8001f5bf;
				if (_t69 - 0x47 <= 0) goto 0x8001f5b6;
				if (_t69 == 0x53) goto 0x8001f55f;
				if (_t69 == bpl) goto 0x8001f574;
				if (_t69 == 0x5a) goto 0x8001f52d;
				if (_t69 == 0x61) goto 0x8001f5b6;
				if (_t69 != 0x63) goto 0x8001f5bf;
				E000000011800216F0(_t69 - 0x63, __rcx, __rcx);
				goto 0x8001f5bb;
				_t71 = E000000011800209E0(_t101, __rcx, __rcx, _t193, _t198);
				goto 0x8001f5bb;
				if (_t71 - 0x67 <= 0) goto 0x8001f5b6;
				if (_t71 == 0x69) goto 0x8001f5a3;
				if (_t71 == 0x6e) goto 0x8001f59c;
				if (_t71 == 0x6f) goto 0x8001f57e;
				if (_t71 == 0x70) goto 0x8001f566;
				if (_t71 == 0x73) goto 0x8001f55f;
				if (_t71 == 0x75) goto 0x8001f5a7;
				if (_t71 != sil) goto 0x8001f5bf;
				goto 0x8001f5ac;
				E000000011800225A0(__rcx, __rcx);
				goto 0x8001f5bb;
				 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				goto 0x8001f5af;
				_t102 =  *(__rcx + 0x30);
				if ((r15b & _t102 >> 0x00000005) == 0) goto 0x8001f592;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = _t102;
				goto 0x8001f5ac;
				E00000001180022220(_t166, __rcx, __rcx);
				goto 0x8001f5bb;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				r8d = 0;
				E00000001180021B6C(_t101, 0xa, _t121, __rcx, __rcx, _t180, __rbp, _t192, _t199);
				goto 0x8001f5bb;
				if (E00000001180020F0C(0xa, _t121, __rcx, __rcx, __rsi, _t187) != 0) goto 0x8001f5c6;
				goto 0x8001f731;
				if ( *((intOrPtr*)(__rcx + 0x47c)) != 2) goto 0x8001f5dc;
				if ( *((intOrPtr*)(__rcx + 0x478)) == r15d) goto 0x8001f72e;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0x8001f72e;
				_t115 =  *(__rcx + 0x30);
				_a8 = 0;
				_a10 = 0;
				if ((r15b & 0) == 0) goto 0x8001f62e;
				if ((r15b & 0) == 0) goto 0x8001f611;
				_a8 = 0x2d;
				goto 0x8001f62b;
				if ((r15b & _t115) == 0) goto 0x8001f61d;
				_a8 = 0x2b;
				goto 0x8001f62b;
				if ((r15b & 0) == 0) goto 0x8001f62e;
				_a8 = 0x20;
				_t182 = _t201;
				_t103 =  *((intOrPtr*)(__rcx + 0x41));
				if ((_t103 - bpl & 0x000000df) != 0) goto 0x8001f649;
				if ((r15b & _t115 >> 0x00000005) == 0) goto 0x8001f649;
				r8b = r15b;
				goto 0x8001f64c;
				r8b = 0;
				_t91 = _t103 - r14b;
				if (r8b != 0) goto 0x8001f65f;
				if ((_t103 - r14b & 0xffffff00 | (_t91 & 0x000000df) == 0x00000000) == 0) goto 0x8001f67a;
				 *((char*)(_t190 + _t182 + 0x50)) = 0x30;
				if (_t103 == bpl) goto 0x8001f66e;
				if (_t103 != r14b) goto 0x8001f671;
				sil = bpl;
				 *((intOrPtr*)(_t190 + _t182 + 0x51)) = sil;
				_t183 = _t182 + 2;
				_t124 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50));
				if ((_t115 & 0x0000000c) != 0) goto 0x8001f69c;
				r8d = _t124;
				E0000000118001ABCC(0x20, __rcx, __rcx + 0x468, _t182 + 2, _t184, _t187, __rcx + 0x28);
				_t200 = __rcx + 0x468;
				_t185 = __rcx + 0x28;
				if ((r15b &  *( *_t200 + 0x14) >> 0x0000000c) == 0) goto 0x8001f6c3;
				if ( *((long long*)( *_t200 + 8)) != 0) goto 0x8001f6c3;
				 *_t185 =  *_t185;
				goto 0x8001f6df;
				r8d = 0;
				_v40 = __rcx + 0x10;
				E000000011800239FC(__rcx, _t200,  &_a8, _t182 + 2, _t185, _t187, _t185);
				_t106 =  *(__rcx + 0x30);
				if ((r15b & _t106 >> 0x00000003) == 0) goto 0x8001f704;
				if ((r15b & _t106 >> 0x00000002) != 0) goto 0x8001f704;
				r8d = _t124;
				E0000000118001ABCC(0x30, __rcx, _t200, _t182 + 2, _t185, _t187, _t185);
				E00000001180023478(__rcx, __rcx, _t185);
				if ( *_t185 < 0) goto 0x8001f72e;
				if ((r15b &  *(__rcx + 0x30) >> 0x00000002) == 0) goto 0x8001f72e;
				r8d = _t124;
				E0000000118001ABCC(0x20, __rcx, _t200, _t183, _t185, _t187, _t185);
				return r15b;
			}

0x18001f4b0
0x18001f4b0
0x18001f4b0
0x18001f4b0
0x18001f4b5
0x18001f4ba
0x18001f4c4
0x18001f4c8
0x18001f4ce
0x18001f4d4
0x18001f4d7
0x18001f4da
0x18001f4dd
0x18001f4df
0x18001f4e1
0x18001f4ea
0x18001f4f2
0x18001f4f6
0x18001f4fe
0x18001f506
0x18001f50b
0x18001f50f
0x18001f513
0x18001f51b
0x18001f523
0x18001f528
0x18001f52d
0x18001f532
0x18001f539
0x18001f53d
0x18001f541
0x18001f545
0x18001f549
0x18001f54d
0x18001f551
0x18001f556
0x18001f55d
0x18001f55f
0x18001f564
0x18001f566
0x18001f56d
0x18001f574
0x18001f57c
0x18001f57e
0x18001f589
0x18001f58b
0x18001f58f
0x18001f59a
0x18001f59c
0x18001f5a1
0x18001f5a3
0x18001f5ac
0x18001f5af
0x18001f5b4
0x18001f5bd
0x18001f5c1
0x18001f5cd
0x18001f5d6
0x18001f5e0
0x18001f5e6
0x18001f5eb
0x18001f5f2
0x18001f5fe
0x18001f608
0x18001f60a
0x18001f60f
0x18001f614
0x18001f616
0x18001f61b
0x18001f624
0x18001f626
0x18001f62b
0x18001f62e
0x18001f638
0x18001f642
0x18001f644
0x18001f647
0x18001f649
0x18001f64e
0x18001f659
0x18001f65d
0x18001f65f
0x18001f667
0x18001f66c
0x18001f66e
0x18001f671
0x18001f676
0x18001f680
0x18001f685
0x18001f68b
0x18001f697
0x18001f69c
0x18001f6a6
0x18001f6b3
0x18001f6bd
0x18001f6bf
0x18001f6c1
0x18001f6ca
0x18001f6cd
0x18001f6da
0x18001f6df
0x18001f6ea
0x18001f6f2
0x18001f6f7
0x18001f6ff
0x18001f709
0x18001f711
0x18001f71c
0x18001f721
0x18001f729
0x18001f749

Strings

0, xrefs: 000000018001F65F

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9e36e303467e06fff9a74dc1539a1b21d4305ff9a4e57dbeb97b3f8a1438717d
Instruction ID: b48c4368fdfcd1d44c7a45cf058f4bd24bbd710c2cbf49beae9272ef8982b349
Opcode Fuzzy Hash: 9e36e303467e06fff9a74dc1539a1b21d4305ff9a4e57dbeb97b3f8a1438717d
Instruction Fuzzy Hash: 5E719276208E4C46FBFB9E2990003FA6793A7497C8F549115FE81477EACE65CA4F8701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020204 Relevance: 1.5, Strings: 1, Instructions: 209
COMMONCrypto

Download Yara Rule

C-Code - Quality: 59%

			E00000001180020204(long long __rbx, long long __rcx, long long __rsi, long long __rbp, void* __r10, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v48;
				short _v52;
				short _v56;
				long long _v72;
				void* __rdi;
				signed int _t71;
				void* _t73;
				void* _t96;
				void* _t105;
				void* _t106;
				unsigned int _t107;
				signed short _t108;
				signed char _t116;
				signed short _t124;
				void* _t127;
				void* _t128;
				signed long long _t166;
				void* _t181;
				void* _t183;
				signed long long _t184;
				void* _t191;
				signed long long _t192;
				void* _t194;
				void* _t200;
				signed long long _t203;

				_t189 = __rbp;
				_t186 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t192 = _t191 - 0x40;
				_t166 =  *0x80098010; // 0x6aeceb4fd839
				_v48 = _t166 ^ _t192;
				_t71 =  *(__rcx + 0x42) & 0x0000ffff;
				_t6 = _t186 - 0x20; // 0x58
				_t124 = _t6;
				_t7 = _t186 - 0x77; // 0x1
				r15d = _t7;
				_t128 = _t71 - 0x64;
				if (_t128 > 0) goto 0x800202ad;
				if (_t128 == 0) goto 0x8002032b;
				if (_t71 == 0x41) goto 0x8002033e;
				if (_t71 == 0x43) goto 0x80020297;
				if (_t71 - 0x44 <= 0) goto 0x80020347;
				if (_t71 - 0x47 <= 0) goto 0x8002033e;
				if (_t71 == 0x53) goto 0x800202e7;
				if (_t71 == _t124) goto 0x800202fc;
				if (_t71 == 0x5a) goto 0x800202a3;
				if (_t71 == 0x61) goto 0x8002033e;
				if (_t71 != 0x63) goto 0x80020347;
				E000000011800217F0(_t71 - 0x63, __rcx, __rcx, __rsi);
				goto 0x80020343;
				_t73 = E00000001180020B38(_t106, __rcx, __rcx, _t186);
				goto 0x80020343;
				if (_t73 - 0x67 <= 0) goto 0x8002033e;
				if (_t73 == 0x69) goto 0x8002032b;
				if (_t73 == 0x6e) goto 0x80020324;
				if (_t73 == 0x6f) goto 0x80020306;
				if (_t73 == 0x70) goto 0x800202ee;
				if (_t73 == 0x73) goto 0x800202e7;
				if (_t73 == 0x75) goto 0x8002032f;
				if (_t73 != 0x78) goto 0x80020347;
				goto 0x80020334;
				E00000001180022658(__rcx, __rcx, _t186);
				goto 0x80020343;
				 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				goto 0x80020337;
				_t107 =  *(__rcx + 0x30);
				if ((r15b & _t107 >> 0x00000005) == 0) goto 0x8002031a;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = _t107;
				goto 0x80020334;
				E00000001180022144(__rcx, __rcx, _t181, _t186);
				goto 0x80020343;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				r8d = 0;
				E00000001180021D70(_t105, 0xa, __rcx, __rcx, _t181, _t186, __rbp, _t200);
				goto 0x80020343;
				if (E00000001180021160(0xa, 0x78, __rcx, __rcx, _t183, _t186, _t189, _t194) != 0) goto 0x8002034e;
				goto 0x800204a3;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0x800204a0;
				_t116 =  *(__rcx + 0x30);
				_v56 = 0;
				_v52 = 0;
				_t20 = _t183 + 0x20; // 0x20
				r13d = _t20;
				if ((r15b & 0) == 0) goto 0x800203a8;
				if ((r15b & 0) == 0) goto 0x8002038a;
				_t25 = _t183 + 0x2d; // 0x2d
				_v56 = _t25;
				goto 0x800203a5;
				if ((r15b & _t116) == 0) goto 0x80020396;
				goto 0x80020383;
				if ((r15b & 0) == 0) goto 0x800203a8;
				_v56 = r13w;
				_t184 = _t203;
				_t108 =  *(__rcx + 0x42) & 0x0000ffff;
				r9d = 0xffdf;
				if ((r9w & (_t108 & 0x0000ffff) - _t124) != 0) goto 0x800203cd;
				if ((r15b & 0) == 0) goto 0x800203cd;
				r8b = r15b;
				goto 0x800203d0;
				r8b = 0;
				r12d = 0x30;
				if (r8b != 0) goto 0x800203e9;
				if (0 == 0) goto 0x80020406;
				 *((intOrPtr*)(_t192 + 0x30 + _t184 * 2)) = r12w;
				if (_t108 == _t124) goto 0x800203fa;
				if (_t108 != 0x41) goto 0x800203fd;
				 *((short*)(_t192 + 0x32 + _t184 * 2)) = _t124 & 0x0000ffff;
				_t187 = __rcx + 0x468;
				_t127 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50));
				if ((_t116 & 0x0000000c) != 0) goto 0x8002042f;
				r8d = _t127;
				_t96 = E0000000118001AD64(r13b, __rcx, __rcx + 0x468, _t184 + 2, __rcx + 0x28, __r10);
				r8d = 0;
				_v72 = __rcx + 0x10;
				E00000001180023954(_t96, _t124 & 0x0000ffff, __rcx, __rcx + 0x468, __rcx + 0x468, _t189, __rcx + 0x28);
				if ((r15b & 0) == 0) goto 0x80020471;
				if ((r15b &  *(__rcx + 0x30) >> 0x00000002) != 0) goto 0x80020471;
				r8d = _t127;
				E0000000118001AD64(r12b, __rcx, __rcx + 0x468, _t184 + 2, __rcx + 0x28, __r10);
				E0000000118002377C(__rcx, __rcx, _t187, _t189);
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x800204a0;
				r10d =  *(__rcx + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0x800204a0;
				r8d = _t127;
				E0000000118001AD64(r13b, __rcx, _t187, _t184 + 2, __rcx + 0x28, __r10);
				return E00000001180002630(r15b,  *(__rcx + 0x30) >> 2, _v48 ^ _t192);
			}

0x180020204
0x180020204
0x180020204
0x180020209
0x18002020e
0x18002021c
0x180020220
0x18002022a
0x18002022f
0x18002023b
0x18002023b
0x18002023e
0x18002023e
0x180020242
0x180020246
0x180020248
0x180020252
0x18002025c
0x180020262
0x18002026c
0x180020276
0x18002027b
0x180020281
0x180020287
0x180020291
0x180020299
0x18002029e
0x1800202a3
0x1800202a8
0x1800202b1
0x1800202bb
0x1800202c1
0x1800202c7
0x1800202cd
0x1800202d3
0x1800202d9
0x1800202de
0x1800202e5
0x1800202e7
0x1800202ec
0x1800202ee
0x1800202f5
0x1800202fc
0x180020304
0x180020306
0x180020311
0x180020313
0x180020317
0x180020322
0x180020324
0x180020329
0x18002032b
0x180020334
0x180020337
0x18002033c
0x180020345
0x180020349
0x180020352
0x180020358
0x18002035d
0x180020363
0x18002036d
0x18002036d
0x180020374
0x18002037e
0x180020380
0x180020383
0x180020388
0x18002038d
0x180020394
0x18002039d
0x18002039f
0x1800203a5
0x1800203a8
0x1800203ac
0x1800203bc
0x1800203c6
0x1800203c8
0x1800203cb
0x1800203cd
0x1800203d3
0x1800203e3
0x1800203e7
0x1800203e9
0x1800203f2
0x1800203f8
0x1800203fd
0x180020410
0x180020417
0x18002041c
0x180020421
0x18002042a
0x180020436
0x180020439
0x180020446
0x180020456
0x18002045e
0x180020463
0x18002046c
0x180020476
0x180020483
0x180020485
0x180020489
0x180020490
0x180020492
0x18002049b
0x1800204cd

Strings

0, xrefs: 00000001800203D3

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 2c4c32dc825c085f4e9af962da5b15852f38539518fc6b687cf5cc19f0c5b780
Instruction ID: f1f64132dbbec4d1c42ae41f8e0563c954c034a985725969a547a52e76643e6a
Opcode Fuzzy Hash: 2c4c32dc825c085f4e9af962da5b15852f38539518fc6b687cf5cc19f0c5b780
Instruction Fuzzy Hash: CA71D13521430987FBEBEA1990507EE23A5E7487C4FA4D112BE854769ACF29CB4FC345

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001F22C Relevance: 1.5, Strings: 1, Instructions: 206
COMMONCrypto

Download Yara Rule

C-Code - Quality: 58%

			E0000000118001F22C(long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __rbp, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				intOrPtr _t67;
				void* _t69;
				void* _t99;
				unsigned int _t100;
				intOrPtr _t101;
				unsigned int _t104;
				signed char _t113;
				void* _t119;
				void* _t122;
				void* _t123;
				void* _t175;
				void* _t177;
				intOrPtr* _t180;
				void* _t184;
				void* _t185;
				void* _t187;
				void* _t192;
				intOrPtr* _t193;
				void* _t194;

				_t182 = __rbp;
				_t179 = __rsi;
				_t175 = __rdx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t185 = _t184 - 0x30;
				_t67 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t123 = _t67 - 0x64;
				if (_t123 > 0) goto 0x8001f2b3;
				if (_t123 == 0) goto 0x8001f31f;
				if (_t67 == r14b) goto 0x8001f332;
				if (_t67 == 0x43) goto 0x8001f29d;
				if (_t67 - 0x44 <= 0) goto 0x8001f33b;
				if (_t67 - 0x47 <= 0) goto 0x8001f332;
				if (_t67 == 0x53) goto 0x8001f2db;
				if (_t67 == bpl) goto 0x8001f2f0;
				if (_t67 == 0x5a) goto 0x8001f2a9;
				if (_t67 == 0x61) goto 0x8001f332;
				if (_t67 != 0x63) goto 0x8001f33b;
				E00000001180021634(_t67 - 0x63, __rcx);
				goto 0x8001f337;
				_t69 = E0000000118002096C(__rcx);
				goto 0x8001f337;
				if (_t69 - 0x67 <= 0) goto 0x8001f332;
				if (_t69 == 0x69) goto 0x8001f31f;
				if (_t69 == 0x6e) goto 0x8001f318;
				if (_t69 == 0x6f) goto 0x8001f2fa;
				if (_t69 == 0x70) goto 0x8001f2e2;
				if (_t69 == 0x73) goto 0x8001f2db;
				if (_t69 == 0x75) goto 0x8001f323;
				if (_t69 != sil) goto 0x8001f33b;
				goto 0x8001f328;
				E00000001180022508(__rcx);
				goto 0x8001f337;
				 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				goto 0x8001f32b;
				_t100 =  *(__rcx + 0x30);
				if ((r15b & _t100 >> 0x00000005) == 0) goto 0x8001f30e;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = _t100;
				goto 0x8001f328;
				E00000001180022144(__rcx, __rcx, _t175, __rsi);
				goto 0x8001f337;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				r8d = 0;
				E000000011800219A4(_t99, 0xa, __rcx, __rcx, _t175, _t179, __rbp, _t192);
				goto 0x8001f337;
				if (E00000001180020CF4(0xa, _t119, __rcx, __rcx, _t179, _t182, _t187) != 0) goto 0x8001f342;
				goto 0x8001f497;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0x8001f494;
				_t113 =  *(__rcx + 0x30);
				_a8 = 0;
				_a10 = 0;
				if ((r15b & 0) == 0) goto 0x8001f394;
				if ((r15b & 0) == 0) goto 0x8001f377;
				_a8 = 0x2d;
				goto 0x8001f391;
				if ((r15b & _t113) == 0) goto 0x8001f383;
				_a8 = 0x2b;
				goto 0x8001f391;
				if ((r15b & 0) == 0) goto 0x8001f394;
				_a8 = 0x20;
				_t177 = _t194;
				_t101 =  *((intOrPtr*)(__rcx + 0x41));
				if ((_t101 - bpl & 0x000000df) != 0) goto 0x8001f3af;
				if ((r15b & _t113 >> 0x00000005) == 0) goto 0x8001f3af;
				r8b = r15b;
				goto 0x8001f3b2;
				r8b = 0;
				_t89 = _t101 - r14b;
				if (r8b != 0) goto 0x8001f3c5;
				if ((_t101 - r14b & 0xffffff00 | (_t89 & 0x000000df) == 0x00000000) == 0) goto 0x8001f3e0;
				 *((char*)(_t185 + _t177 + 0x50)) = 0x30;
				if (_t101 == bpl) goto 0x8001f3d4;
				if (_t101 != r14b) goto 0x8001f3d7;
				sil = bpl;
				 *((intOrPtr*)(_t185 + _t177 + 0x51)) = sil;
				_t178 = _t177 + 2;
				_t122 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50));
				if ((_t113 & 0x0000000c) != 0) goto 0x8001f402;
				r8d = _t122;
				E0000000118001ABCC(0x20, __rcx, __rcx + 0x468, _t177 + 2, _t179, _t182, __rcx + 0x28);
				_t193 = __rcx + 0x468;
				_t180 = __rcx + 0x28;
				if ((r15b &  *( *_t193 + 0x14) >> 0x0000000c) == 0) goto 0x8001f429;
				if ( *((long long*)( *_t193 + 8)) != 0) goto 0x8001f429;
				 *_t180 =  *_t180;
				goto 0x8001f445;
				r8d = 0;
				_v40 = __rcx + 0x10;
				E000000011800239FC(__rcx, _t193,  &_a8, _t177 + 2, _t180, _t182, _t180);
				_t104 =  *(__rcx + 0x30);
				if ((r15b & _t104 >> 0x00000003) == 0) goto 0x8001f46a;
				if ((r15b & _t104 >> 0x00000002) != 0) goto 0x8001f46a;
				r8d = _t122;
				E0000000118001ABCC(0x30, __rcx, _t193, _t177 + 2, _t180, _t182, _t180);
				E00000001180023478(__rcx, __rcx, _t180);
				if ( *_t180 < 0) goto 0x8001f494;
				if ((r15b &  *(__rcx + 0x30) >> 0x00000002) == 0) goto 0x8001f494;
				r8d = _t122;
				E0000000118001ABCC(0x20, __rcx, _t193, _t178, _t180, _t182, _t180);
				return r15b;
			}

0x18001f22c
0x18001f22c
0x18001f22c
0x18001f22c
0x18001f231
0x18001f236
0x18001f240
0x18001f244
0x18001f24a
0x18001f250
0x18001f253
0x18001f256
0x18001f259
0x18001f25b
0x18001f25d
0x18001f266
0x18001f26e
0x18001f272
0x18001f27a
0x18001f282
0x18001f287
0x18001f28b
0x18001f28f
0x18001f297
0x18001f29f
0x18001f2a4
0x18001f2a9
0x18001f2ae
0x18001f2b5
0x18001f2b9
0x18001f2bd
0x18001f2c1
0x18001f2c5
0x18001f2c9
0x18001f2cd
0x18001f2d2
0x18001f2d9
0x18001f2db
0x18001f2e0
0x18001f2e2
0x18001f2e9
0x18001f2f0
0x18001f2f8
0x18001f2fa
0x18001f305
0x18001f307
0x18001f30b
0x18001f316
0x18001f318
0x18001f31d
0x18001f31f
0x18001f328
0x18001f32b
0x18001f330
0x18001f339
0x18001f33d
0x18001f346
0x18001f34c
0x18001f351
0x18001f358
0x18001f364
0x18001f36e
0x18001f370
0x18001f375
0x18001f37a
0x18001f37c
0x18001f381
0x18001f38a
0x18001f38c
0x18001f391
0x18001f394
0x18001f39e
0x18001f3a8
0x18001f3aa
0x18001f3ad
0x18001f3af
0x18001f3b4
0x18001f3bf
0x18001f3c3
0x18001f3c5
0x18001f3cd
0x18001f3d2
0x18001f3d4
0x18001f3d7
0x18001f3dc
0x18001f3e6
0x18001f3eb
0x18001f3f1
0x18001f3fd
0x18001f402
0x18001f40c
0x18001f419
0x18001f423
0x18001f425
0x18001f427
0x18001f430
0x18001f433
0x18001f440
0x18001f445
0x18001f450
0x18001f458
0x18001f45d
0x18001f465
0x18001f46f
0x18001f477
0x18001f482
0x18001f487
0x18001f48f
0x18001f4af

Strings

0, xrefs: 000000018001F3C5

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 3f057562860860f72f20611e575c8a3d8df453222147532b42446027b640afcb
Instruction ID: 65e223ee4ca85767d9843da3e1485e5b9e91f08e7c531d8d6529d0899e79ad0f
Opcode Fuzzy Hash: 3f057562860860f72f20611e575c8a3d8df453222147532b42446027b640afcb
Instruction Fuzzy Hash: B3719235204A4C86FBFB8A2990103FE6792A74ABC8F589115FD91477DACF65CB4BC701

Uniqueness

Uniqueness Score: -1.00%

Function 00C57BF8 Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

k |P, xrefs: 00C57C97

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: k |P
API String ID: 0-500141808
Opcode ID: 1aac0f1d3442458b59664808ae9574f9abf7ab878da11c77e58f892187b88b3f
Instruction ID: 64ef30112d78ec4a2a607ff1695ced876875caa0d8f7a5d9e15e4fa1e7c05476
Opcode Fuzzy Hash: 1aac0f1d3442458b59664808ae9574f9abf7ab878da11c77e58f892187b88b3f
Instruction Fuzzy Hash: FB912970D0471DDBDF28DFA9E88949DBBB1FB44304F40822DE812A72A0DB74998ACF45

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001F9B4 Relevance: 1.4, Strings: 1, Instructions: 200
COMMONCrypto

Download Yara Rule

C-Code - Quality: 62%

			E0000000118001F9B4(long long __rbx, signed short* __rcx, long long __rsi, long long __rbp, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				intOrPtr _t63;
				void* _t65;
				void* _t87;
				void* _t95;
				unsigned int _t96;
				intOrPtr _t97;
				unsigned int _t98;
				signed char _t105;
				void* _t111;
				void* _t114;
				void* _t115;
				intOrPtr* _t154;
				void* _t166;
				void* _t168;
				intOrPtr* _t173;
				void* _t175;
				void* _t176;
				void* _t178;
				void* _t179;
				void* _t184;
				void* _t185;
				void* _t187;

				_t172 = __rbp;
				_t170 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t176 = _t175 - 0x30;
				_t63 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t115 = _t63 - 0x64;
				if (_t115 > 0) goto 0x8001fa3b;
				if (_t115 == 0) goto 0x8001faa7;
				if (_t63 == r14b) goto 0x8001faba;
				if (_t63 == 0x43) goto 0x8001fa25;
				if (_t63 - 0x44 <= 0) goto 0x8001fac3;
				if (_t63 - 0x47 <= 0) goto 0x8001faba;
				if (_t63 == 0x53) goto 0x8001fa63;
				if (_t63 == bpl) goto 0x8001fa78;
				if (_t63 == 0x5a) goto 0x8001fa31;
				if (_t63 == 0x61) goto 0x8001faba;
				if (_t63 != 0x63) goto 0x8001fac3;
				E000000011800216F0(_t63 - 0x63, __rcx, __rcx);
				goto 0x8001fabf;
				_t65 = E000000011800209E0(_t95, __rcx, __rcx, _t179, _t184);
				goto 0x8001fabf;
				if (_t65 - 0x67 <= 0) goto 0x8001faba;
				if (_t65 == 0x69) goto 0x8001faa7;
				if (_t65 == 0x6e) goto 0x8001faa0;
				if (_t65 == 0x6f) goto 0x8001fa82;
				if (_t65 == 0x70) goto 0x8001fa6a;
				if (_t65 == 0x73) goto 0x8001fa63;
				if (_t65 == 0x75) goto 0x8001faab;
				if (_t65 != sil) goto 0x8001fac3;
				goto 0x8001fab0;
				E000000011800225A0(__rcx, __rcx);
				goto 0x8001fabf;
				 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				goto 0x8001fab3;
				_t96 =  *(__rcx + 0x30);
				if ((r15b & _t96 >> 0x00000005) == 0) goto 0x8001fa96;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = _t96;
				goto 0x8001fab0;
				E00000001180022220(_t154, __rcx, __rcx);
				goto 0x8001fabf;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				r8d = 0;
				E00000001180021B6C(_t95, 0xa, _t111, __rcx, __rcx, _t166, __rbp, _t178, _t185);
				goto 0x8001fabf;
				if (E00000001180020F0C(0xa, _t111, __rcx, __rcx, __rsi, _t172) != 0) goto 0x8001faca;
				goto 0x8001fc17;
				if ( *((intOrPtr*)(__rcx + 0x47c)) != 2) goto 0x8001fae0;
				if ( *((intOrPtr*)(__rcx + 0x478)) == r15d) goto 0x8001fc14;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0x8001fc14;
				_t105 =  *(__rcx + 0x30);
				_a8 = 0;
				_a10 = 0;
				if ((r15b & 0) == 0) goto 0x8001fb32;
				if ((r15b & 0) == 0) goto 0x8001fb15;
				_a8 = 0x2d;
				goto 0x8001fb2f;
				if ((r15b & _t105) == 0) goto 0x8001fb21;
				_a8 = 0x2b;
				goto 0x8001fb2f;
				if ((r15b & 0) == 0) goto 0x8001fb32;
				_a8 = 0x20;
				_t168 = _t187;
				_t97 =  *((intOrPtr*)(__rcx + 0x41));
				if ((_t97 - bpl & 0x000000df) != 0) goto 0x8001fb4d;
				if ((r15b & _t105 >> 0x00000005) == 0) goto 0x8001fb4d;
				r8b = r15b;
				goto 0x8001fb50;
				r8b = 0;
				_t85 = _t97 - r14b;
				if (r8b != 0) goto 0x8001fb63;
				if ((_t97 - r14b & 0xffffff00 | (_t85 & 0x000000df) == 0x00000000) == 0) goto 0x8001fb7e;
				 *((char*)(_t176 + _t168 + 0x50)) = 0x30;
				if (_t97 == bpl) goto 0x8001fb72;
				if (_t97 != r14b) goto 0x8001fb75;
				sil = bpl;
				 *((intOrPtr*)(_t176 + _t168 + 0x51)) = sil;
				_t169 = _t168 + 2;
				_t173 = __rcx + 0x28;
				_t186 = __rcx + 0x468;
				_t114 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50));
				if ((_t105 & 0x0000000c) != 0) goto 0x8001fba6;
				r8d = _t114;
				_t87 = E0000000118001ACEC(0x20, __rcx, __rcx + 0x468, _t168 + 2, _t173, _t184);
				r8d = 0;
				_v40 = __rcx + 0x10;
				E000000011800238B0(_t87, 0, _t114, __rcx, __rcx + 0x468, _t168 + 2, _t170, _t173, _t173);
				_t98 =  *(__rcx + 0x30);
				if ((r15b & _t98 >> 0x00000003) == 0) goto 0x8001fbe7;
				if ((r15b & _t98 >> 0x00000002) != 0) goto 0x8001fbe7;
				r8d = _t114;
				E0000000118001ACEC(0x30, __rcx, _t186, _t168 + 2, _t173, _t184);
				E0000000118002359C(__rcx, __rcx, _t170);
				if ( *_t173 < 0) goto 0x8001fc14;
				r10d =  *(__rcx + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0x8001fc14;
				r8d = _t114;
				E0000000118001ACEC(0x20, __rcx, _t186, _t169, _t173, _t184);
				return r15b;
			}

0x18001f9b4
0x18001f9b4
0x18001f9b4
0x18001f9b9
0x18001f9be
0x18001f9c8
0x18001f9cc
0x18001f9d2
0x18001f9d8
0x18001f9db
0x18001f9de
0x18001f9e1
0x18001f9e3
0x18001f9e5
0x18001f9ee
0x18001f9f6
0x18001f9fa
0x18001fa02
0x18001fa0a
0x18001fa0f
0x18001fa13
0x18001fa17
0x18001fa1f
0x18001fa27
0x18001fa2c
0x18001fa31
0x18001fa36
0x18001fa3d
0x18001fa41
0x18001fa45
0x18001fa49
0x18001fa4d
0x18001fa51
0x18001fa55
0x18001fa5a
0x18001fa61
0x18001fa63
0x18001fa68
0x18001fa6a
0x18001fa71
0x18001fa78
0x18001fa80
0x18001fa82
0x18001fa8d
0x18001fa8f
0x18001fa93
0x18001fa9e
0x18001faa0
0x18001faa5
0x18001faa7
0x18001fab0
0x18001fab3
0x18001fab8
0x18001fac1
0x18001fac5
0x18001fad1
0x18001fada
0x18001fae4
0x18001faea
0x18001faef
0x18001faf6
0x18001fb02
0x18001fb0c
0x18001fb0e
0x18001fb13
0x18001fb18
0x18001fb1a
0x18001fb1f
0x18001fb28
0x18001fb2a
0x18001fb2f
0x18001fb32
0x18001fb3c
0x18001fb46
0x18001fb48
0x18001fb4b
0x18001fb4d
0x18001fb52
0x18001fb5d
0x18001fb61
0x18001fb63
0x18001fb6b
0x18001fb70
0x18001fb72
0x18001fb75
0x18001fb7a
0x18001fb81
0x18001fb88
0x18001fb8f
0x18001fb94
0x18001fb99
0x18001fba1
0x18001fbad
0x18001fbb0
0x18001fbbd
0x18001fbc2
0x18001fbcd
0x18001fbd5
0x18001fbda
0x18001fbe2
0x18001fbec
0x18001fbf5
0x18001fbf7
0x18001fbfb
0x18001fc02
0x18001fc07
0x18001fc0f
0x18001fc2f

Strings

0, xrefs: 000000018001FB63

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 4865a89ffa2a8b71cce2b91037c26db5a1bed7ac5277cc9a02a189fecd80445b
Instruction ID: 6c561e489d73617d7dc68b807343af8b210d0dfd59f3419eabd8b96685754431
Opcode Fuzzy Hash: 4865a89ffa2a8b71cce2b91037c26db5a1bed7ac5277cc9a02a189fecd80445b
Instruction Fuzzy Hash: A771E772208A4C46FBF74A2990503FA6792AB4D7C8F98D101FD85077DACF29CA4F8742

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001F74C Relevance: 1.4, Strings: 1, Instructions: 196
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 65%

			E0000000118001F74C(long long __rbx, long long __rcx, long long __rsi, long long __rbp, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				intOrPtr _t61;
				void* _t63;
				void* _t85;
				void* _t93;
				unsigned int _t94;
				intOrPtr _t95;
				unsigned int _t96;
				signed char _t103;
				void* _t109;
				void* _t112;
				void* _t113;
				void* _t161;
				void* _t163;
				intOrPtr* _t168;
				void* _t170;
				void* _t171;
				void* _t173;
				void* _t178;
				void* _t179;
				void* _t181;

				_t167 = __rbp;
				_t165 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t171 = _t170 - 0x30;
				_t61 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t113 = _t61 - 0x64;
				if (_t113 > 0) goto 0x8001f7d3;
				if (_t113 == 0) goto 0x8001f83f;
				if (_t61 == r14b) goto 0x8001f852;
				if (_t61 == 0x43) goto 0x8001f7bd;
				if (_t61 - 0x44 <= 0) goto 0x8001f85b;
				if (_t61 - 0x47 <= 0) goto 0x8001f852;
				if (_t61 == 0x53) goto 0x8001f7fb;
				if (_t61 == bpl) goto 0x8001f810;
				if (_t61 == 0x5a) goto 0x8001f7c9;
				if (_t61 == 0x61) goto 0x8001f852;
				if (_t61 != 0x63) goto 0x8001f85b;
				E00000001180021634(_t61 - 0x63, __rcx);
				goto 0x8001f857;
				_t63 = E0000000118002096C(__rcx);
				goto 0x8001f857;
				if (_t63 - 0x67 <= 0) goto 0x8001f852;
				if (_t63 == 0x69) goto 0x8001f83f;
				if (_t63 == 0x6e) goto 0x8001f838;
				if (_t63 == 0x6f) goto 0x8001f81a;
				if (_t63 == 0x70) goto 0x8001f802;
				if (_t63 == 0x73) goto 0x8001f7fb;
				if (_t63 == 0x75) goto 0x8001f843;
				if (_t63 != sil) goto 0x8001f85b;
				goto 0x8001f848;
				E00000001180022508(__rcx);
				goto 0x8001f857;
				 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				goto 0x8001f84b;
				_t94 =  *(__rcx + 0x30);
				if ((r15b & _t94 >> 0x00000005) == 0) goto 0x8001f82e;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = _t94;
				goto 0x8001f848;
				E00000001180022144(__rcx, __rcx, _t161, __rsi);
				goto 0x8001f857;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				r8d = 0;
				E000000011800219A4(_t93, 0xa, __rcx, __rcx, _t161, _t165, __rbp, _t179);
				goto 0x8001f857;
				if (E00000001180020CF4(0xa, _t109, __rcx, __rcx, _t165, _t167, _t173) != 0) goto 0x8001f862;
				goto 0x8001f999;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0x8001f996;
				_t103 =  *(__rcx + 0x30);
				_a8 = 0;
				_a10 = 0;
				if ((r15b & 0) == 0) goto 0x8001f8b4;
				if ((r15b & 0) == 0) goto 0x8001f897;
				_a8 = 0x2d;
				goto 0x8001f8b1;
				if ((r15b & _t103) == 0) goto 0x8001f8a3;
				_a8 = 0x2b;
				goto 0x8001f8b1;
				if ((r15b & 0) == 0) goto 0x8001f8b4;
				_a8 = 0x20;
				_t163 = _t181;
				_t95 =  *((intOrPtr*)(__rcx + 0x41));
				if ((_t95 - bpl & 0x000000df) != 0) goto 0x8001f8cf;
				if ((r15b & _t103 >> 0x00000005) == 0) goto 0x8001f8cf;
				r8b = r15b;
				goto 0x8001f8d2;
				r8b = 0;
				_t83 = _t95 - r14b;
				if (r8b != 0) goto 0x8001f8e5;
				if ((_t95 - r14b & 0xffffff00 | (_t83 & 0x000000df) == 0x00000000) == 0) goto 0x8001f900;
				 *((char*)(_t171 + _t163 + 0x50)) = 0x30;
				if (_t95 == bpl) goto 0x8001f8f4;
				if (_t95 != r14b) goto 0x8001f8f7;
				sil = bpl;
				 *((intOrPtr*)(_t171 + _t163 + 0x51)) = sil;
				_t164 = _t163 + 2;
				_t168 = __rcx + 0x28;
				_t180 = __rcx + 0x468;
				_t112 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50));
				if ((_t103 & 0x0000000c) != 0) goto 0x8001f928;
				r8d = _t112;
				_t85 = E0000000118001ACEC(0x20, __rcx, __rcx + 0x468, _t163 + 2, _t168, _t178);
				r8d = 0;
				_v40 = __rcx + 0x10;
				E000000011800238B0(_t85, 0, _t112, __rcx, __rcx + 0x468, _t163 + 2, _t165, _t168, _t168);
				_t96 =  *(__rcx + 0x30);
				if ((r15b & _t96 >> 0x00000003) == 0) goto 0x8001f969;
				if ((r15b & _t96 >> 0x00000002) != 0) goto 0x8001f969;
				r8d = _t112;
				E0000000118001ACEC(0x30, __rcx, _t180, _t163 + 2, _t168, _t178);
				E0000000118002359C(__rcx, __rcx, _t165);
				if ( *_t168 < 0) goto 0x8001f996;
				r10d =  *(__rcx + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0x8001f996;
				r8d = _t112;
				E0000000118001ACEC(0x20, __rcx, _t180, _t164, _t168, _t178);
				return r15b;
			}

0x18001f74c
0x18001f74c
0x18001f74c
0x18001f751
0x18001f756
0x18001f760
0x18001f764
0x18001f76a
0x18001f770
0x18001f773
0x18001f776
0x18001f779
0x18001f77b
0x18001f77d
0x18001f786
0x18001f78e
0x18001f792
0x18001f79a
0x18001f7a2
0x18001f7a7
0x18001f7ab
0x18001f7af
0x18001f7b7
0x18001f7bf
0x18001f7c4
0x18001f7c9
0x18001f7ce
0x18001f7d5
0x18001f7d9
0x18001f7dd
0x18001f7e1
0x18001f7e5
0x18001f7e9
0x18001f7ed
0x18001f7f2
0x18001f7f9
0x18001f7fb
0x18001f800
0x18001f802
0x18001f809
0x18001f810
0x18001f818
0x18001f81a
0x18001f825
0x18001f827
0x18001f82b
0x18001f836
0x18001f838
0x18001f83d
0x18001f83f
0x18001f848
0x18001f84b
0x18001f850
0x18001f859
0x18001f85d
0x18001f866
0x18001f86c
0x18001f871
0x18001f878
0x18001f884
0x18001f88e
0x18001f890
0x18001f895
0x18001f89a
0x18001f89c
0x18001f8a1
0x18001f8aa
0x18001f8ac
0x18001f8b1
0x18001f8b4
0x18001f8be
0x18001f8c8
0x18001f8ca
0x18001f8cd
0x18001f8cf
0x18001f8d4
0x18001f8df
0x18001f8e3
0x18001f8e5
0x18001f8ed
0x18001f8f2
0x18001f8f4
0x18001f8f7
0x18001f8fc
0x18001f903
0x18001f90a
0x18001f911
0x18001f916
0x18001f91b
0x18001f923
0x18001f92f
0x18001f932
0x18001f93f
0x18001f944
0x18001f94f
0x18001f957
0x18001f95c
0x18001f964
0x18001f96e
0x18001f977
0x18001f979
0x18001f97d
0x18001f984
0x18001f989
0x18001f991
0x18001f9b1

Strings

0, xrefs: 000000018001F8E5

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 15641c75e858e4dcbe0e13415e9d675e7af82a7193e8cc9152f2f277ec579920
Instruction ID: f302e4fe9034d07fbce8199ae9eedc6778ed811d5e370dba0b498e09dbfb710c
Opcode Fuzzy Hash: 15641c75e858e4dcbe0e13415e9d675e7af82a7193e8cc9152f2f277ec579920
Instruction Fuzzy Hash: 7461E132208A8C46FBFB9A2950003FA5792A749BC8F58D505FD811B7EACF75CA4F8741

Uniqueness

Uniqueness Score: -1.00%

Function 00C59230 Relevance: 1.4, Strings: 1, Instructions: 196COMMON

Download Yara Rule

Strings

{?, xrefs: 00C594A9

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: {?
API String ID: 0-3906500937
Opcode ID: 2d540e23551ce5f958f4764bec98e9519d494356363efa56796c0522d6c48830
Instruction ID: b8c86c7526c698407fa7974f51f36239225f8aba59e5bec8d27ec0274fdcea8a
Opcode Fuzzy Hash: 2d540e23551ce5f958f4764bec98e9519d494356363efa56796c0522d6c48830
Instruction Fuzzy Hash: B0B157B590070DCFDB98CF68C18A99D3BA9FF15318F404129FC0E96290D7B9E919CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00C4871C Relevance: 1.4, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

Rg, xrefs: 00C489A3

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Rg
API String ID: 0-444783058
Opcode ID: 062f6907516fb83770376f4ae06b90337ece7bd6ef9ef592e7bb1771c5ef6bb2
Instruction ID: 4b1db3da999df1a9f3c6c13440df839d8ed144fcd66320be94c3718b456711bb
Opcode Fuzzy Hash: 062f6907516fb83770376f4ae06b90337ece7bd6ef9ef592e7bb1771c5ef6bb2
Instruction Fuzzy Hash: AF9107715007498FDF48CF28C88A4DE3FB0FB58358F255219E84AA62A0D778D694CFD9

Uniqueness

Uniqueness Score: -1.00%

Function 00C5D32C Relevance: 1.4, Strings: 1, Instructions: 182COMMON

Download Yara Rule

Strings

RC/, xrefs: 00C5D40F

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: RC/
API String ID: 0-1672839029
Opcode ID: cd45515637f1f2b16c20ca83177dd82b64ca54d483ea71e032997c7aebad3db9
Instruction ID: 7e53ccf8179b619c42f22db9d6720085cab9b801ae7b4a96fca6827a94ba2870
Opcode Fuzzy Hash: cd45515637f1f2b16c20ca83177dd82b64ca54d483ea71e032997c7aebad3db9
Instruction Fuzzy Hash: 5C91F87450478DABDBB9CF28CC9A6D93BA0FB48304F908119DD1E8E290DF745B89DB45

Uniqueness

Uniqueness Score: -1.00%

Function 00C4AE84 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

XU, xrefs: 00C4AFE4

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: XU
API String ID: 0-683303128
Opcode ID: e071b3a0d50c9461b57229d15226e783a6e60c7e98d42caa5a907250e51fd640
Instruction ID: 87cd7954fc4728757a1df85b647fc0912a1ddf3a088a5a93d17fcf94633286aa
Opcode Fuzzy Hash: e071b3a0d50c9461b57229d15226e783a6e60c7e98d42caa5a907250e51fd640
Instruction Fuzzy Hash: 76614970D14608DBDF5CDFA9E88949DBBB1FF44308F10412DE826A72A0DB749945CF42

Uniqueness

Uniqueness Score: -1.00%

Function 00C49298 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

F'K, xrefs: 00C494BB

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: F'K
API String ID: 0-2963079709
Opcode ID: 713e8163358f3e4ccf3a322240c7036fe92718bea1a19a215dd26039f06aebda
Instruction ID: 33d778912a4da9658f1f31603ff72de227590c886487f90f31f0ac9d12c29cd3
Opcode Fuzzy Hash: 713e8163358f3e4ccf3a322240c7036fe92718bea1a19a215dd26039f06aebda
Instruction Fuzzy Hash: 6081B775904388CBDBB9DF68C8896DDBBB0FB44348F20421EDC5AAB291DBB45685CF41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018003D23C Relevance: 1.4, APIs: 1, Instructions: 137
COMMONCrypto

Download Yara Rule

C-Code - Quality: 83%

			E0000000118003D23C(void* __ecx, void* __edx, void* __rcx, void* __r8, signed long long* _a40) {
				signed int _v72;
				char _v200;
				signed int _v216;
				intOrPtr _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				long long _t14;
				intOrPtr _t41;
				intOrPtr _t45;
				signed long long _t60;
				signed long long _t61;
				signed long long _t62;
				void* _t63;
				long long _t64;
				signed long long _t65;
				signed long long _t85;
				signed long long* _t86;
				void* _t87;
				signed long long _t88;
				void* _t97;

				_t60 =  *0x80098010; // 0x6aeceb4fd839
				_t61 = _t60 ^ _t88;
				_v72 = _t61;
				_t86 = _a40;
				_t45 = r9d;
				_t97 = __r8;
				 *_t86 = _t85;
				if (__edx != 1) goto 0x8003d359;
				_v232 = 0x80;
				r8d = _t45;
				_t14 = E0000000118003D0C0(__ecx, __edx - 1, _t63, __rcx, __r8, _t85, _t86, __r8,  &_v200, __rcx);
				_t64 = _t14;
				if (_t14 == 0) goto 0x8003d2e1;
				E00000001180028498(_t14, _t64, __r8);
				 *_t86 = _t61;
				E00000001180028028(_t61, _t64);
				if ( *_t86 == _t85) goto 0x8003d3ca;
				_t6 = _t64 - 1; // -1
				if (E00000001180035F18(_t61, _t64,  *_t86, _t64,  &_v200, _t6) != 0) goto 0x8003d3ef;
				goto 0x8003d3cd;
				if (GetLastError() != 0x7a) goto 0x8003d3ca;
				r9d = 0;
				_v232 = 0;
				r8d = _t45;
				if (E0000000118003D0C0(0, GetLastError() - 0x7a, _t64, __rcx, _t97, _t85, _t86,  &_v200, _t6, __rcx) == 0) goto 0x8003d3ca;
				E00000001180028498(_t21, _t21, _t97);
				_t65 = _t61;
				if (_t61 == 0) goto 0x8003d34a;
				_v232 = r15d;
				r8d = _t45;
				if (E0000000118003D0C0(0, _t61, _t65, __rcx, _t97, _t85, _t86,  &_v200, _t61, __rcx) == 0) goto 0x8003d34a;
				_t62 = _t65;
				 *_t86 = _t62;
				goto 0x8003d34d;
				E00000001180028028(_t62, _t85);
				goto 0x8003d3cd;
				if (1 != 2) goto 0x8003d39d;
				r9d = 0;
				r8d = 0;
				if (E0000000118002D3CC(_t45, 1 - 2, _t62, _t85, _t97, _t86, _t87,  &_v200) == 0) goto 0x8003d3ca;
				E00000001180028498(_t26, _t26, _t97);
				if (_t62 == 0) goto 0x8003d34a;
				r9d = r15d;
				_t41 = _t45;
				E0000000118002D3CC(_t41, _t62, _t62, _t62, _t97, _t86, _t87, _t62);
				goto 0x8003d33b;
				if (_t41 != 0) goto 0x8003d3ca;
				asm("bts ebp, 0x1d");
				_v216 = 0xffffffff;
				r9d = 2;
				if (E0000000118002D3CC(_t45, _t41, _t62, _t62, _t97, _t86, _t87,  &_v216) == 0) goto 0x8003d3ca;
				 *_t86 = _v216;
				goto 0x8003d2da;
				return E00000001180002630(_v216 | 0xffffffff, 0, _v72 ^ _t88);
			}

0x18003d24e
0x18003d255
0x18003d258
0x18003d260
0x18003d26a
0x18003d26d
0x18003d273
0x18003d279
0x18003d284
0x18003d28c
0x18003d292
0x18003d297
0x18003d29c
0x18003d2a4
0x18003d2ab
0x18003d2ae
0x18003d2b6
0x18003d2bf
0x18003d2d4
0x18003d2dc
0x18003d2ea
0x18003d2f0
0x18003d2f3
0x18003d2f7
0x18003d30a
0x18003d318
0x18003d31d
0x18003d323
0x18003d328
0x18003d32d
0x18003d33d
0x18003d33f
0x18003d345
0x18003d348
0x18003d350
0x18003d357
0x18003d360
0x18003d362
0x18003d365
0x18003d377
0x18003d37e
0x18003d389
0x18003d38b
0x18003d391
0x18003d396
0x18003d39b
0x18003d39f
0x18003d3a1
0x18003d3a5
0x18003d3b0
0x18003d3bd
0x18003d3c3
0x18003d3c5
0x18003d3ee

APIs

GetLastError.KERNEL32 ref: 000000018003D2E1

Part of subcall function 0000000180028498: RtlAllocateHeap.NTDLL(?,?,00000000,0000000180025D41,?,?,00006AECEB4FD839,000000018002522D,?,?,?,?,0000000180036D3E,?,?,00000000), ref: 00000001800284ED

Part of subcall function 0000000180028028: RtlReleasePrivilege.NTDLL(?,?,00000000,00000001800338B0,?,?,?,0000000180033CAB,?,?,00006AECEB4FD839,000000018003259C,?,?,?,00000001800324CF), ref: 000000018002803E
Part of subcall function 0000000180028028: GetLastError.KERNEL32(?,?,00000000,00000001800338B0,?,?,?,0000000180033CAB,?,?,00006AECEB4FD839,000000018003259C,?,?,?,00000001800324CF), ref: 0000000180028050

Part of subcall function 0000000180035F18: _invalid_parameter_noinfo.LIBCMT ref: 0000000180035F46

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLast$AllocateHeapPrivilegeRelease_invalid_parameter_noinfo
String ID:
API String ID: 1202329670-0
Opcode ID: 7ca126ee973e86c38998be4360a090ecf7d3203439f20f6caf94eea2ec0ce4bc
Instruction ID: 61758891885034458a0daadd6eeff4556fbc6213a046421200e7725f762fc181
Opcode Fuzzy Hash: 7ca126ee973e86c38998be4360a090ecf7d3203439f20f6caf94eea2ec0ce4bc
Instruction Fuzzy Hash: 0141D23131164E42FAF39A2678517EBA390BB8DBC0F45D526BE4957785DE3CCB098701

Uniqueness

Uniqueness Score: -1.00%

Function 00C5C974 Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

Gh, xrefs: 00C5CB06

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Gh
API String ID: 0-277699601
Opcode ID: 7940fb094068dd5baf5e4535b0b949c1577390b24490b32456d4c9773adc2951
Instruction ID: 2aeb46206dc126ebb3254af6f9072b905f63f36cf680256a7338816a3d1ca59f
Opcode Fuzzy Hash: 7940fb094068dd5baf5e4535b0b949c1577390b24490b32456d4c9773adc2951
Instruction Fuzzy Hash: 4C510670614748ABDB89DF28C4C649D3FE1FB443A9FA0612CFC4786295D7B494C6CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00C41660 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

KdW, xrefs: 00C4170C

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: KdW
API String ID: 0-1553299040
Opcode ID: 3dbde57a559d0e97d3426f0fe397d2413bb4c768266781bd1ea48c4852796dec
Instruction ID: 0a7411bebdb30db89dd495a0b0b59bdc0dec69b7ea4506f5866a9c7fe05cd24e
Opcode Fuzzy Hash: 3dbde57a559d0e97d3426f0fe397d2413bb4c768266781bd1ea48c4852796dec
Instruction Fuzzy Hash: 98619EB090074A8BDF48CF28C49A59E7FB1FB68398F60421DFC5696290D374DAA5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C41364 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

5, xrefs: 00C414BD

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 5
API String ID: 0-2458008916
Opcode ID: 3e00d75dc5af6ed95834cd7e36aa8dd6f7dfadaf5872006e22b3d5cd376261b0
Instruction ID: 9e74f580c3d9d16bc16d0f3dce1e15d4693a7b179712dfad9d8428960b8b658b
Opcode Fuzzy Hash: 3e00d75dc5af6ed95834cd7e36aa8dd6f7dfadaf5872006e22b3d5cd376261b0
Instruction Fuzzy Hash: 9151BFB090074E8BDB48CF64C88B5DE7FB0FB68398F20421DEC5696254D3B496A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 00C64098 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

>, xrefs: 00C6413F

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-260571596
Opcode ID: 52da228a42332ba98b714843feb8a4ffa7a865caa0d47f3da51bcc1adbe3605a
Instruction ID: b97c8c1382050333ff21d37b3e5b687dd8d02c2dd92d775a12c94670f25a69bb
Opcode Fuzzy Hash: 52da228a42332ba98b714843feb8a4ffa7a865caa0d47f3da51bcc1adbe3605a
Instruction Fuzzy Hash: E751077090070E8FCF48DF69C48A4DE7FB1FB58398F255219E81AA6260C3789695CFD9

Uniqueness

Uniqueness Score: -1.00%

Function 00C58D0C Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

e#y, xrefs: 00C58DF8

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: e#y
API String ID: 0-1553523250
Opcode ID: 7cfc1742122b5da270b1305c98699770b0d8300b0d29b437b0f5bbbb71ff1cdb
Instruction ID: 3845714427de890c1c0c92461bbdd3d165f1afcd330b71a3bf78791287bc2447
Opcode Fuzzy Hash: 7cfc1742122b5da270b1305c98699770b0d8300b0d29b437b0f5bbbb71ff1cdb
Instruction Fuzzy Hash: E451C0B090074A8BDB48DF24C49A4DE7FB1BB68384F60461DEC16AA290D37896A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 00C6748C Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

;Qe+, xrefs: 00C67515

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ;Qe+
API String ID: 0-3743842969
Opcode ID: abc73cde212dc252b0e5d03e266be842b85d1299fa2b3d615a0caa319cbc98b6
Instruction ID: a060a1de2d07ab48ba29f89ce9df370445e4221c35d5ef18dcf8e23166614bb2
Opcode Fuzzy Hash: abc73cde212dc252b0e5d03e266be842b85d1299fa2b3d615a0caa319cbc98b6
Instruction Fuzzy Hash: 6651C2B190074A8BDF48CF68C49A5DE7FB0FB68398F114229EC5696350D3B4DAA5CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00C469C0 Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

,', xrefs: 00C46AFA

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ,'
API String ID: 0-3722628154
Opcode ID: fb5c24a2de7b785ef7d1522db3a7cd1fc0c6d32909dcdfd4e7ef4007326c169e
Instruction ID: 09d34a811d9728f6e5d30120dc7fc2404842f1585cccf24036dbcb47880e3924
Opcode Fuzzy Hash: fb5c24a2de7b785ef7d1522db3a7cd1fc0c6d32909dcdfd4e7ef4007326c169e
Instruction Fuzzy Hash: 9E51E3B091074A8FDB48CF68C9864DE7FB0FB68398F10461DEC5AA6290D37496A5CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C4F174 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

;qct, xrefs: 00C4F2B3

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ;qct
API String ID: 0-1256533914
Opcode ID: 7e5896647748426d00c93f1e327efcd977346de81977c4c15da4b7b9c787c365
Instruction ID: 73e0f19f3bfc8b32b10ab9e615d260e0aec8d69ad1c2e1978824312e2448feed
Opcode Fuzzy Hash: 7e5896647748426d00c93f1e327efcd977346de81977c4c15da4b7b9c787c365
Instruction Fuzzy Hash: 2741E27051078D8BDB48CF68C88A4DE7BA0FB4835CF155619FC8AA6260D3B8D585CF89

Uniqueness

Uniqueness Score: -1.00%

Function 00C49BEC Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

%[, xrefs: 00C49CD2

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: %[
API String ID: 0-3862537531
Opcode ID: f1dc08e8e3e3301475fb70ff4cfa84bb86d735aa649ff25d3a10773117e6cde7
Instruction ID: 6a4ad4b0db03769040014b30bff45f2a66b5b8118bf8a9f7d20fa3eb207c29ac
Opcode Fuzzy Hash: f1dc08e8e3e3301475fb70ff4cfa84bb86d735aa649ff25d3a10773117e6cde7
Instruction Fuzzy Hash: 6E31D6B150478A8BDB4CDF68D8565AE3BB1FB48304F004A2DFD26DB390D7B49624CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00C6629C Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

Wn, xrefs: 00C663A2

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: Wn
API String ID: 0-506041651
Opcode ID: 571cac09fbe3685261a59c499fbd8c80fdf8cf6d47964e918e1805a2c447958a
Instruction ID: 41c5d7c19e7df5dc44fdeda967d703c42a1d4766b80f6e20453b3eb81d5c6786
Opcode Fuzzy Hash: 571cac09fbe3685261a59c499fbd8c80fdf8cf6d47964e918e1805a2c447958a
Instruction Fuzzy Hash: 5D41D4B050078A8FDF48CF68D89A5DE7BB1FB48348F104A2CEC6696290D3B4D664CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C42834 Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

"p, xrefs: 00C428A3

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: "p
API String ID: 0-3060671971
Opcode ID: ae29b2ab0911a73132ecede333d1ad00ec6016c3b77c06c2e3197b8238caa4ac
Instruction ID: 6d64e93883db61d95f36b7a5a375b7ada03e85890cb65b9286afd9a0e7997e4a
Opcode Fuzzy Hash: ae29b2ab0911a73132ecede333d1ad00ec6016c3b77c06c2e3197b8238caa4ac
Instruction Fuzzy Hash: 42317EB190438E8FDB48DF68D85A5AE3BA0FB48344F014A1DEC269B354D7B4D664CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 00C47694 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

3k^), xrefs: 00C476E9

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 3k^)
API String ID: 0-3788653604
Opcode ID: bb4a256fcbfa579ec56a1ee2ed7beb19ee26f98eb9724182ed08b84c2a93462e
Instruction ID: 7685cde0d780c3b4dee5d89a75bd10a25f9de9dc49cfe106dec41b24ab016d8d
Opcode Fuzzy Hash: bb4a256fcbfa579ec56a1ee2ed7beb19ee26f98eb9724182ed08b84c2a93462e
Instruction Fuzzy Hash: 99417EB090074E8BDB44CF64C88A5CE7FB0FB68398F200619F859A6250D3B8D6A5CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 00C478B6 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

L>, xrefs: 00C478C4

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: L>
API String ID: 0-3698593629
Opcode ID: 4505467bed29688f524a608710bc2007b6739dbdf074f8a934cd9a0936b0c64f
Instruction ID: d89d460aa873d83448a17f0a74045e6cf2e1d6238d53f49acea812bb04bd12ae
Opcode Fuzzy Hash: 4505467bed29688f524a608710bc2007b6739dbdf074f8a934cd9a0936b0c64f
Instruction Fuzzy Hash: C23193716183818BD748DF28D45652ABBE1FB8D30CF504B2DF8CAA7255D738D605CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00C58ECC Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

4s, xrefs: 00C58F49

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 4s
API String ID: 0-872399246
Opcode ID: 6d87eca2fd37755a10645a04d53ddd8ccaa51cb07cf26575bdb0066d7b11df8f
Instruction ID: 0e1f6e46ee3617cbd28025a866625c360dab4d3487d29af241001cef151c447d
Opcode Fuzzy Hash: 6d87eca2fd37755a10645a04d53ddd8ccaa51cb07cf26575bdb0066d7b11df8f
Instruction Fuzzy Hash: 1C4171B490474A8FDB48CF64D48A5DF7FB0FB68398F200519E859A62A0D378D6A4CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C4BD00 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

&', xrefs: 00C4BDEC

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: &'
API String ID: 0-655172784
Opcode ID: 350a21f38a3fdb5f3133185a05ab1b6e8489f4d150297426f8e9146ad85da26a
Instruction ID: e60b1eca4cd057e5464165fc71d6e00ca11e6494182570a2c7a3ee484fb5e5db
Opcode Fuzzy Hash: 350a21f38a3fdb5f3133185a05ab1b6e8489f4d150297426f8e9146ad85da26a
Instruction Fuzzy Hash: DE3179755083818BD348DF28C55641ABBE1BBCC35CF805B2DE4CAAB3A4D778D605CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00C45590 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

`, xrefs: 00C45640

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: `
API String ID: 0-1850852036
Opcode ID: 1919c1110502d15319449504d6e91b7fa88324414ab81abcf7b1c29e64ecc28d
Instruction ID: 87de51fed89f3840d84eb389c8ae6933e3dbebc32b388026625bd503079f8993
Opcode Fuzzy Hash: 1919c1110502d15319449504d6e91b7fa88324414ab81abcf7b1c29e64ecc28d
Instruction Fuzzy Hash: B621257065DB44AFE388DF29C48951BBAE1FBD8340F906A2EF889C2360C734D845CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00C4C364 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

BsL, xrefs: 00C4C40D

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: BsL
API String ID: 0-590970710
Opcode ID: 4c7ca18370d47a9c2cceab002f43e00c4595808ca112b21f17e8f3d7773031d4
Instruction ID: bf3e705d0a3e127a6b239d821588e89859f67f6db20862a07d3c8d6d25b0e04a
Opcode Fuzzy Hash: 4c7ca18370d47a9c2cceab002f43e00c4595808ca112b21f17e8f3d7773031d4
Instruction Fuzzy Hash: 41317DB1529780AFD3C8DF28C48691BBBE0FB89314F816A2DF9C586260D374D455CF02

Uniqueness

Uniqueness Score: -1.00%

Function 00C41CCC Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

ZR, xrefs: 00C41DEC

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ZR
API String ID: 0-4130514108
Opcode ID: 6cbb8a842fd3cc15b819203d482a3a3b46369313eab12406f6265ee7f7ea0382
Instruction ID: b13af9977396cc860318babd94d7947ade869d3bdb5f1587fd609083ec60b6d4
Opcode Fuzzy Hash: 6cbb8a842fd3cc15b819203d482a3a3b46369313eab12406f6265ee7f7ea0382
Instruction Fuzzy Hash: 0B316EB052D780AFD388DF28C49691ABBE1FBC5315F806A1DF9968B350D774D445CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00C45478 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

%F, xrefs: 00C45566

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: %F
API String ID: 0-915744445
Opcode ID: cf4e8b82da0d821891615694ed2d7715b09984878493b04af082e458cdddcb63
Instruction ID: f3632c01bd7492b9d648e83c8b8289f5be8476ad9f7b0aa526bfe9f17a615d29
Opcode Fuzzy Hash: cf4e8b82da0d821891615694ed2d7715b09984878493b04af082e458cdddcb63
Instruction Fuzzy Hash: A1317AB15087809BD348DF28D44A45ABBE1BB9C31CF414B1DF4CAAB254D3B9D608CF0A

Uniqueness

Uniqueness Score: -1.00%

Function 00C4E708 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

>, xrefs: 00C4E80A

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-1166260821
Opcode ID: 7fdb2c55224cd27c72bb618ee64ca03bed07baaed02b8a8707ebf8ca8fbe557d
Instruction ID: a3d582c264d7a48cbd0e974e941d71c0af5034fa157bb054186120ff964f1b5c
Opcode Fuzzy Hash: 7fdb2c55224cd27c72bb618ee64ca03bed07baaed02b8a8707ebf8ca8fbe557d
Instruction Fuzzy Hash: 4F316BB55083808FD788DF28D45941ABBE0BB9C358F404B2DF4CAA72A1D778DA45CF0A

Uniqueness

Uniqueness Score: -1.00%

Function 00C58560 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

9D, xrefs: 00C585F7

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: 9D
API String ID: 0-1055660748
Opcode ID: 7e3a213964b2efcfd3778a88dd8b399f98e251b5205d52f3c39e35f889fd4133
Instruction ID: 2b980fabc4745c60efad4018d3cdf33bc582eba9e1b676cceb4e0857b73aa84d
Opcode Fuzzy Hash: 7e3a213964b2efcfd3778a88dd8b399f98e251b5205d52f3c39e35f889fd4133
Instruction Fuzzy Hash: 6C2179B450C3858BD348DF28D14A51ABBE0BB9C70CF400B5DF8CAAB254D778D644CB0A

Uniqueness

Uniqueness Score: -1.00%

Function 00C49D24 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

-, xrefs: 00C49D48

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: -
API String ID: 0-524432557
Opcode ID: ab6574b7591fa644ef4a174e0089e3a7f2dde0b4bdacdeb17973816cbe5b2230
Instruction ID: 2743ae798d84361f3c47c0844efe4056bc1e573d44da25ce9fa5af028cbcbbd6
Opcode Fuzzy Hash: ab6574b7591fa644ef4a174e0089e3a7f2dde0b4bdacdeb17973816cbe5b2230
Instruction Fuzzy Hash: E22160B152D780AFD388DF29D18991BBBE0BB85344F806E1DF8C68B250D7B5D845CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00C62A84 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

]i, xrefs: 00C62A88

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: ]i
API String ID: 0-2057496602
Opcode ID: 986d758f6ca8ef85e847a0378ae5df520f089d8d24386f824cd21791a7bd6731
Instruction ID: 4a116e0a0ac8943674a44645b40dd0a83197eee35043817acb7aa81aadce2f0a
Opcode Fuzzy Hash: 986d758f6ca8ef85e847a0378ae5df520f089d8d24386f824cd21791a7bd6731
Instruction Fuzzy Hash: 492154B45087858BD398DF28D48A50AFBE0BB9C318F400B1DF4C9A62A4D77DDA45CB0A

Uniqueness

Uniqueness Score: -1.00%

Function 00C41B5C Relevance: 1.3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

Strings

x{, xrefs: 00C41BB9

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: x{
API String ID: 0-1642613173
Opcode ID: 63a3ae9201259adcdbe27aaae2969a84c8f8b5356c3378407a4e6cf7a642a0a4
Instruction ID: cfab1a828be9d4f11d62def22584f191cf8c0c6105b21f987aeed96694dfa2d1
Opcode Fuzzy Hash: 63a3ae9201259adcdbe27aaae2969a84c8f8b5356c3378407a4e6cf7a642a0a4
Instruction Fuzzy Hash: 992126B55097849BE348DF28C08A51BBBE1BB9C31CF810B1DF4CAA7254D378D649CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002DE88 Relevance: 1.3, APIs: 1, Instructions: 7
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0000000118002DE88(long long __rax) {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x80099d38 = __rax;
				return _t3 & 0xffffff00 | __rax != 0x00000000;
			}

0x18002de8c
0x18002de95
0x18002dea3

APIs

GetProcessHeap.KERNEL32 ref: 000000018002DE8C

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 52acf93220e55fc56549072b2a4d969220ffa14f6018b2874e2455264676baf6
Instruction ID: d70cfdaf3130771749e5f8e6c7c2128289915fc070967fd52751739cc6ad2c78
Opcode Fuzzy Hash: 52acf93220e55fc56549072b2a4d969220ffa14f6018b2874e2455264676baf6
Instruction Fuzzy Hash: 84B09230A03B08C6EA8A2B556CC238422A47B9C759F958018900D41320DE2C02A98702

Uniqueness

Uniqueness Score: -1.00%

Function 000000018003AE50 Relevance: .4, Instructions: 368COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a5df25a0636f848b10b91f4cc6642a4135b0e7585f99ac35e4699231815763c
Instruction ID: 86ec60b039e70aa4d2c8ad23a28164c18b12f89a7df79125487e8e38e27327eb
Opcode Fuzzy Hash: 1a5df25a0636f848b10b91f4cc6642a4135b0e7585f99ac35e4699231815763c
Instruction Fuzzy Hash: 08E1AF722042898BEBA6CF15D554BEE77A0F34DBC8F519125EB4987B84DB39CB09CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180026A0C Relevance: .4, Instructions: 355
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00000001180026A0C(void* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t12;
				signed long long _t15;
				void* _t25;
				void* _t26;
				signed long long _t27;

				_t25 = _t26 - 0x168;
				_t27 = _t26 - 0x268;
				_t15 =  *0x80098010; // 0x6aeceb4fd839
				 *(_t25 + 0x150) = _t15 ^ _t27;
				r15d = 0;
				 *((long long*)(_t27 + 0x70)) = __r8;
				 *((long long*)(_t27 + 0x78)) = __rdx;
				 *((long long*)(_t27 + 0x30)) =  *((intOrPtr*)(_t25 + 0x1d0));
				 *((long long*)(_t27 + 0x68)) =  *((intOrPtr*)(_t25 + 0x1d8));
				if (__rcx != 0) goto 0x80026a94;
				return E00000001180002630(0, _t12,  *(_t25 + 0x150) ^ _t27);
			}

0x180026a19
0x180026a21
0x180026a28
0x180026a32
0x180026a40
0x180026a4d
0x180026a55
0x180026a5d
0x180026a65
0x180026a6d
0x180026a93

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLastNameTranslatetry_get_function$CodePageValid_invalid_parameter_noinfo
String ID:
API String ID: 3827717455-0
Opcode ID: 4daee566c14645bc55a2c1d0c21ebcd2169949c39c469921f4fc881571b83fe0
Instruction ID: 77f1fd119722e44954056f9921f50cd3c4b3bf2903aadd2a40b1e69bf9a2329b
Opcode Fuzzy Hash: 4daee566c14645bc55a2c1d0c21ebcd2169949c39c469921f4fc881571b83fe0
Instruction Fuzzy Hash: 65E1D336B0468885FBE39B21D4107EA67A4F788BC9F50C026FE89976E5DF38C649C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018003459C Relevance: .3, Instructions: 272
COMMONCrypto

Download Yara Rule

C-Code - Quality: 68%

			E0000000118003459C(void* __ecx, signed int __edx, void* __eflags, long long __rbx, long long __rcx, signed int __rdx, long long __rbp, void* __r9, long long _a16, long long _a24) {
				void* _v24;
				signed int _v40;
				char _v168;
				void* __rsi;
				void* _t70;
				unsigned int _t83;
				unsigned int _t86;
				signed char _t97;
				signed int _t99;
				void* _t110;
				signed long long _t145;
				signed long long _t146;
				long long _t150;
				void* _t178;
				signed long long _t180;
				signed long long _t181;
				signed long long _t182;
				signed long long _t183;
				long long _t185;
				void* _t188;
				signed short* _t205;
				void* _t208;

				_t186 = __rbp;
				_t110 = __eflags;
				_t99 = __edx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t145 =  *0x80098010; // 0x6aeceb4fd839
				_t146 = _t145 ^ _t188 - 0x000000c0;
				_v40 = _t146;
				_t185 = __rcx;
				E00000001180025B68(_t146, __rbx, __rdx, __rcx);
				r9d = 0x40;
				_t5 = _t146 + 0x98; // 0x98
				_t150 = _t5;
				asm("sbb edx, edx");
				if (E0000000118002D3CC((_t99 & 0xfffff005) + 0x1002, _t110, _t146, _t150, _t185, _t185, __rbp,  &_v168) != 0) goto 0x8003460b;
				 *(_t150 + 0x10) = 0;
				goto 0x80034849;
				_t70 = E0000000118003DBBC(_t146,  *((intOrPtr*)(_t150 + 8)));
				_t181 = _t180 | 0xffffffff;
				r13d = _t181 + 0x56;
				if (_t70 != 0) goto 0x800346d2;
				r9d = _t181 + 0x41;
				asm("sbb edx, edx");
				if (E0000000118002D3CC(((_t99 & 0xfffff005) + 0x00001002 & 0xfffff002) + 0x1001, _t70, _t146, _t150, _t185, _t185, _t186,  &_v168) == 0) goto 0x800345fe;
				if (E0000000118003DBBC(_t146,  *_t150) != 0) goto 0x8003467d;
				_t97 =  *(_t150 + 0x10) | 0x00000304;
				 *(_t150 + 0x10) = _t97;
				if ( *((intOrPtr*)(_t185 + (_t181 + 1) * 2)) != 0) goto 0x80034671;
				goto 0x800346b5;
				if ((_t97 & 0x00000002) != 0) goto 0x800346d2;
				if ( *((intOrPtr*)(_t150 + 0x14)) == 0) goto 0x8003475b;
				if (E0000000118003DD78(_t146,  *_t150) != 0) goto 0x8003475b;
				 *(_t150 + 0x10) =  *(_t150 + 0x10) | 0x00000002;
				if ( *((intOrPtr*)(_t185 + (_t181 + 1) * 2)) != 0) goto 0x800346ab;
				_t28 = _t150 + 0x258; // 0x2f0
				if (E00000001180034204(_t146, _t150, _t28, _t208, _t185, _t181 + 2) != 0) goto 0x80034871;
				if (( *(_t150 + 0x10) & 0x00000300) == 0x300) goto 0x8003483e;
				r9d = 0x40;
				asm("sbb edx, edx");
				if (E0000000118002D3CC((((_t99 & 0xfffff005) + 0x00001002 & 0xfffff002) + 0x00001001 & 0xfffff002) + 0x1001, ( *(_t150 + 0x10) & 0x00000300) - 0x300, _t146, _t150, _t185, _t185, _t186,  &_v168) == 0) goto 0x800345fe;
				if (E0000000118003DBBC(_t146,  *_t150) != 0) goto 0x8003483e;
				_t83 =  *(_t150 + 0x10);
				asm("bts eax, 0x9");
				 *(_t150 + 0x10) = _t83;
				if ( *((intOrPtr*)(_t150 + 0x18)) == 0) goto 0x8003478b;
				asm("bts eax, 0x8");
				_t36 = _t150 + 0x258; // 0x2f0
				 *(_t150 + 0x10) = _t83;
				if ( *_t36 != 0) goto 0x8003483e;
				_t182 = _t181 + 1;
				if ( *((intOrPtr*)(_t185 + _t182 * 2)) != 0) goto 0x8003474d;
				goto 0x8003482b;
				if (( *(_t150 + 0x10) & 0x00000001) != 0) goto 0x800346d2;
				if (E00000001180034A40(0x300,  *(_t150 + 0x10) & 0x00000001, _t185,  &_v168, _t185, _t186, _t181 + 2) == 0) goto 0x800346d2;
				 *(_t150 + 0x10) =  *(_t150 + 0x10) | 0x00000001;
				if ( *((intOrPtr*)(_t185 + (_t182 + 1) * 2)) != 0) goto 0x8003477c;
				goto 0x800346b5;
				if ( *((intOrPtr*)(_t150 + 0x14)) == 0) goto 0x8003480f;
				_t178 =  *_t150;
				if ( *((intOrPtr*)(_t178 + (_t182 + 1) * 2)) != 0) goto 0x80034796;
				if (0x300 !=  *((intOrPtr*)(_t150 + 0x14))) goto 0x8003480f;
				if (E00000001180034A40(0x300, 0x300 -  *((intOrPtr*)(_t150 + 0x14)), _t185, _t178, _t185, _t186, _t182 + 1) != 0) goto 0x800347f3;
				_t205 =  *_t150;
				r8d = 0;
				if (_t205 == 0) goto 0x800347e1;
				_t86 = _t178 - 0x41;
				if (_t86 - 0x19 <= 0) goto 0x800347d9;
				if (( *_t205 & 0x0000ffff) - 0x61 - 0x19 > 0) goto 0x800347e1;
				r8d = r8d + 1;
				goto 0x800347c2;
				if (_t205[_t182 + 1] != 0) goto 0x800347e4;
				if (r8d == _t86) goto 0x8003483e;
				asm("bts dword [ebx+0x10], 0x8");
				_t54 = _t150 + 0x258; // 0x2f0
				if ( *_t54 != 0) goto 0x8003483e;
				_t183 = _t182 + 1;
				if ( *((intOrPtr*)(_t185 + _t183 * 2)) != 0) goto 0x80034804;
				goto 0x8003482b;
				asm("bts eax, 0x8");
				_t57 = _t150 + 0x258; // 0x2f0
				 *(_t150 + 0x10) = _t86;
				if ( *_t57 != 0) goto 0x8003483e;
				if ( *((intOrPtr*)(_t185 + (_t183 + 1) * 2)) != 0) goto 0x80034822;
				if (E00000001180034204(_t182 + 1, _t150, _t57, _t208, _t185, _t183 + 2) != 0) goto 0x80034871;
				return E00000001180002630( !( *(_t150 + 0x10) >> 2) & 0x00000001, 0x300, _v40 ^ _t188 - 0x000000c0);
			}

0x18003459c
0x18003459c
0x18003459c
0x18003459c
0x1800345a1
0x1800345b1
0x1800345b8
0x1800345bb
0x1800345c3
0x1800345c6
0x1800345cb
0x1800345d6
0x1800345d6
0x1800345e5
0x1800345fc
0x1800345fe
0x180034606
0x180034614
0x180034619
0x18003461d
0x180034623
0x18003462c
0x18003463a
0x18003464f
0x180034663
0x180034665
0x18003466e
0x180034679
0x18003467b
0x180034680
0x180034685
0x18003469e
0x1800346a4
0x1800346b3
0x1800346b5
0x1800346cc
0x1800346de
0x1800346ee
0x1800346f7
0x18003470c
0x180034721
0x180034727
0x18003472a
0x18003472e
0x180034734
0x180034736
0x18003473a
0x180034741
0x180034747
0x18003474d
0x180034754
0x180034756
0x18003475f
0x18003476f
0x180034775
0x180034784
0x180034786
0x18003478e
0x180034790
0x18003479d
0x1800347a2
0x1800347ae
0x1800347b0
0x1800347b3
0x1800347bc
0x1800347c6
0x1800347cd
0x1800347d7
0x1800347dc
0x1800347df
0x1800347ec
0x1800347f1
0x1800347f3
0x1800347f8
0x180034802
0x180034804
0x18003480b
0x18003480d
0x18003480f
0x180034813
0x18003481a
0x180034820
0x180034829
0x18003483c
0x180034870

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLast$CurrentFeatureInfoLocalePresentProcessProcessortry_get_function
String ID:
API String ID: 959782435-0
Opcode ID: 04eb6978c7b4d733dd15b5c28d8de4efeb836e3c35f756f896cff7ba7a7e6e09
Instruction ID: 2cf095a025f24e0a7aebfbb666973e3c246041985d27f5d1836ce6a6f7011db0
Opcode Fuzzy Hash: 04eb6978c7b4d733dd15b5c28d8de4efeb836e3c35f756f896cff7ba7a7e6e09
Instruction Fuzzy Hash: 2BB19D3361468C82EBA7DF21D4117EA33A1F788BC8F418216AA568F6C9DF78D659C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000018003A9A0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03652258a620dd05c58a42444fbffe9e06707945ecbfbd2e6f893147f582d21b
Instruction ID: 7fe4a267177e2f426c147ac2a5d0de55863153ca0bbcdf4b2d4021ad690e9f4d
Opcode Fuzzy Hash: 03652258a620dd05c58a42444fbffe9e06707945ecbfbd2e6f893147f582d21b
Instruction Fuzzy Hash: 39A1B4B26182C48BE7BB8F55A940BEA7791F36E7C8F51D115EB4657B44CB38CA48C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001FF10 Relevance: .2, Instructions: 221
COMMONCrypto

Download Yara Rule

C-Code - Quality: 53%

			E0000000118001FF10(long long __rbx, signed short* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* _v40;
				signed int _v48;
				short _v52;
				char _v56;
				long long _v72;
				void* __rdi;
				void* __rsi;
				signed int _t76;
				void* _t78;
				void* _t110;
				void* _t111;
				unsigned int _t112;
				signed char _t113;
				signed short _t125;
				void* _t135;
				signed short _t136;
				void* _t137;
				signed long long _t179;
				signed short* _t185;
				void* _t196;
				void* _t198;
				signed long long _t199;
				void* _t201;
				intOrPtr* _t203;
				void* _t205;
				signed long long _t206;
				void* _t208;
				void* _t213;
				void* _t214;
				intOrPtr* _t216;
				signed long long _t217;

				_t202 = __rbp;
				_t196 = __rdx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t206 = _t205 - 0x40;
				_t179 =  *0x80098010; // 0x6aeceb4fd839
				_v48 = _t179 ^ _t206;
				_t76 =  *(__rcx + 0x42) & 0x0000ffff;
				_t185 = __rcx;
				_t5 = _t201 - 0x20; // 0x58
				_t136 = _t5;
				_t6 = _t201 - 0x77; // 0x1
				r15d = _t6;
				_t137 = _t76 - 0x64;
				if (_t137 > 0) goto 0x8001ffb3;
				if (_t137 == 0) goto 0x80020031;
				if (_t76 == 0x41) goto 0x80020044;
				if (_t76 == 0x43) goto 0x8001ff9d;
				if (_t76 - 0x44 <= 0) goto 0x8002004d;
				if (_t76 - 0x47 <= 0) goto 0x80020044;
				if (_t76 == 0x53) goto 0x8001ffed;
				if (_t76 == _t136) goto 0x80020002;
				if (_t76 == 0x5a) goto 0x8001ffa9;
				if (_t76 == 0x61) goto 0x80020044;
				if (_t76 != 0x63) goto 0x8002004d;
				E00000001180021898(__rcx, __rcx, _t201);
				goto 0x80020049;
				_t78 = E00000001180020BB4(_t111, __rcx, __rcx, _t201, _t213);
				goto 0x80020049;
				if (_t78 - 0x67 <= 0) goto 0x80020044;
				if (_t78 == 0x69) goto 0x80020031;
				if (_t78 == 0x6e) goto 0x8002002a;
				if (_t78 == 0x6f) goto 0x8002000c;
				if (_t78 == 0x70) goto 0x8001fff4;
				if (_t78 == 0x73) goto 0x8001ffed;
				if (_t78 == 0x75) goto 0x80020035;
				if (_t78 != 0x78) goto 0x8002004d;
				goto 0x8002003a;
				E00000001180022720(_t111, __rcx, __rcx, _t201, __rbp);
				goto 0x80020049;
				 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				goto 0x8002003d;
				_t112 =  *(__rcx + 0x30);
				if ((r15b & _t112 >> 0x00000005) == 0) goto 0x80020020;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = _t112;
				goto 0x8002003a;
				E00000001180022324(_t179 ^ _t206, __rcx, __rcx);
				goto 0x80020049;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				r8d = 0;
				E00000001180021F3C(_t110, 0xa, 0x78, __rcx, __rcx, _t196, _t202, _t208, _t214);
				goto 0x80020049;
				if (E0000000118002139C(0xa, 0x78, __rcx, __rcx, _t198, _t201, _t202) != 0) goto 0x80020054;
				goto 0x800201dd;
				if ( *((intOrPtr*)(__rcx + 0x47c)) != 2) goto 0x8002006a;
				if ( *((intOrPtr*)(__rcx + 0x478)) == r15d) goto 0x800201da;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0x800201da;
				_t113 =  *(__rcx + 0x30);
				_v56 = 0;
				_v52 = 0;
				_t21 = _t198 + 0x20; // 0x20
				r13d = _t21;
				if ((r15b & 0) == 0) goto 0x800200c4;
				if ((r15b & 0) == 0) goto 0x800200a6;
				_t26 = _t198 + 0x2d; // 0x2d
				_v56 = _t26;
				goto 0x800200c1;
				if ((r15b & _t113) == 0) goto 0x800200b2;
				goto 0x8002009f;
				if ((r15b & 0) == 0) goto 0x800200c4;
				_v56 = r13w;
				_t199 = _t217;
				_t125 =  *(__rcx + 0x42) & 0x0000ffff;
				r9d = 0xffdf;
				if ((r9w & (_t125 & 0x0000ffff) - _t136) != 0) goto 0x800200e9;
				if ((r15b & 0) == 0) goto 0x800200e9;
				r8b = r15b;
				goto 0x800200ec;
				r8b = 0;
				r9d = 0x30;
				if (r8b != 0) goto 0x80020105;
				if (0 == 0) goto 0x80020122;
				 *(_t206 + 0x30 + _t199 * 2) = r9w;
				if (_t125 == _t136) goto 0x80020116;
				if (_t125 != 0x41) goto 0x80020119;
				 *((short*)(_t206 + 0x32 + _t199 * 2)) = _t136 & 0x0000ffff;
				_t135 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50));
				if ((_t113 & 0x0000000c) != 0) goto 0x80020145;
				r8d = _t135;
				E0000000118001AC58(r13b, __rcx, __rcx + 0x468, _t199 + 2, _t201, _t202, __rcx + 0x28);
				_t216 = __rcx + 0x468;
				_t203 = __rcx + 0x28;
				if ((r15b &  *( *_t216 + 0x14) >> 0x0000000c) == 0) goto 0x8002016d;
				if ( *((long long*)( *_t216 + 8)) != 0) goto 0x8002016d;
				 *_t203 =  *_t203;
				goto 0x80020189;
				r8d = 0;
				_v72 = __rcx + 0x10;
				_t63 =  &_v56; // 0x20
				E00000001180023AF4(__rcx, _t216, _t63, _t199 + 2, _t201, _t203, _t203);
				if ((r15b & 0) == 0) goto 0x800201ae;
				if ((r15b &  *(_t185 + 0x30) >> 0x00000002) != 0) goto 0x800201ae;
				r8d = _t135;
				E0000000118001AC58(0x30, _t185, _t216, _t199 + 2, _t201, _t203, _t203);
				E00000001180023674(_t185, _t185, _t203);
				if ( *_t203 < 0) goto 0x800201da;
				if ((r15b &  *(_t185 + 0x30) >> 0x00000002) == 0) goto 0x800201da;
				r8d = _t135;
				E0000000118001AC58(r13b, _t185, _t216, _t199 + 2, _t201, _t203, _t203);
				return E00000001180002630(r15b,  *(_t185 + 0x30) >> 2, _v48 ^ _t206);
			}

0x18001ff10
0x18001ff10
0x18001ff10
0x18001ff15
0x18001ff22
0x18001ff26
0x18001ff30
0x18001ff35
0x18001ff3e
0x18001ff41
0x18001ff41
0x18001ff44
0x18001ff44
0x18001ff48
0x18001ff4c
0x18001ff4e
0x18001ff58
0x18001ff62
0x18001ff68
0x18001ff72
0x18001ff7c
0x18001ff81
0x18001ff87
0x18001ff8d
0x18001ff97
0x18001ff9f
0x18001ffa4
0x18001ffa9
0x18001ffae
0x18001ffb7
0x18001ffc1
0x18001ffc7
0x18001ffcd
0x18001ffd3
0x18001ffd9
0x18001ffdf
0x18001ffe4
0x18001ffeb
0x18001ffed
0x18001fff2
0x18001fff4
0x18001fffb
0x180020002
0x18002000a
0x18002000c
0x180020017
0x180020019
0x18002001d
0x180020028
0x18002002a
0x18002002f
0x180020031
0x18002003a
0x18002003d
0x180020042
0x18002004b
0x18002004f
0x18002005b
0x180020064
0x18002006e
0x180020074
0x180020079
0x18002007f
0x180020089
0x180020089
0x180020090
0x18002009a
0x18002009c
0x18002009f
0x1800200a4
0x1800200a9
0x1800200b0
0x1800200b9
0x1800200bb
0x1800200c1
0x1800200c4
0x1800200c8
0x1800200d8
0x1800200e2
0x1800200e4
0x1800200e7
0x1800200e9
0x1800200f3
0x1800200ff
0x180020103
0x180020105
0x18002010e
0x180020114
0x180020119
0x180020128
0x18002012d
0x180020133
0x180020140
0x180020145
0x18002014f
0x18002015c
0x180020166
0x180020168
0x18002016b
0x180020174
0x180020177
0x18002017c
0x180020184
0x180020194
0x18002019c
0x1800201a1
0x1800201a9
0x1800201b3
0x1800201bc
0x1800201c7
0x1800201cc
0x1800201d5
0x180020202

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb27f6b3d000236ae5617ac20bee89b9110eee160fc5f91e98e0a46794d1ee2
Instruction ID: 2edc110825398c4f2bdd3f8282a81259d5b29961da801309a0ca2fa9849ac956
Opcode Fuzzy Hash: fcb27f6b3d000236ae5617ac20bee89b9110eee160fc5f91e98e0a46794d1ee2
Instruction Fuzzy Hash: F281D43661030986FBFB9A1980807E923A1E74D7C4FA4D126BE45576DACF39CA4EC705

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001FC30 Relevance: .2, Instructions: 217
COMMONCrypto

Download Yara Rule

C-Code - Quality: 54%

			E0000000118001FC30(long long __rbx, long long __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* _v40;
				signed int _v48;
				short _v52;
				char _v56;
				long long _v72;
				void* __rdi;
				void* __rsi;
				signed int _t74;
				void* _t76;
				void* _t108;
				void* _t109;
				unsigned int _t110;
				signed char _t111;
				signed short _t123;
				void* _t133;
				signed short _t134;
				void* _t135;
				signed long long _t175;
				long long _t181;
				void* _t192;
				void* _t194;
				signed long long _t195;
				long long _t197;
				intOrPtr* _t199;
				void* _t201;
				signed long long _t202;
				void* _t204;
				void* _t209;
				intOrPtr* _t211;
				signed long long _t212;

				_t198 = __rbp;
				_t192 = __rdx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t202 = _t201 - 0x40;
				_t175 =  *0x80098010; // 0x6aeceb4fd839
				_v48 = _t175 ^ _t202;
				_t74 =  *(__rcx + 0x42) & 0x0000ffff;
				_t181 = __rcx;
				_t5 = _t197 - 0x20; // 0x58
				_t134 = _t5;
				_t6 = _t197 - 0x77; // 0x1
				r15d = _t6;
				_t135 = _t74 - 0x64;
				if (_t135 > 0) goto 0x8001fcd3;
				if (_t135 == 0) goto 0x8001fd51;
				if (_t74 == 0x41) goto 0x8001fd64;
				if (_t74 == 0x43) goto 0x8001fcbd;
				if (_t74 - 0x44 <= 0) goto 0x8001fd6d;
				if (_t74 - 0x47 <= 0) goto 0x8001fd64;
				if (_t74 == 0x53) goto 0x8001fd0d;
				if (_t74 == _t134) goto 0x8001fd22;
				if (_t74 == 0x5a) goto 0x8001fcc9;
				if (_t74 == 0x61) goto 0x8001fd64;
				if (_t74 != 0x63) goto 0x8001fd6d;
				E000000011800217F0(_t74 - 0x63, __rcx, __rcx, _t197);
				goto 0x8001fd69;
				_t76 = E00000001180020B38(_t109, __rcx, __rcx, _t197);
				goto 0x8001fd69;
				if (_t76 - 0x67 <= 0) goto 0x8001fd64;
				if (_t76 == 0x69) goto 0x8001fd51;
				if (_t76 == 0x6e) goto 0x8001fd4a;
				if (_t76 == 0x6f) goto 0x8001fd2c;
				if (_t76 == 0x70) goto 0x8001fd14;
				if (_t76 == 0x73) goto 0x8001fd0d;
				if (_t76 == 0x75) goto 0x8001fd55;
				if (_t76 != 0x78) goto 0x8001fd6d;
				goto 0x8001fd5a;
				E00000001180022658(__rcx, __rcx, _t197);
				goto 0x8001fd69;
				 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				goto 0x8001fd5d;
				_t110 =  *(__rcx + 0x30);
				if ((r15b & _t110 >> 0x00000005) == 0) goto 0x8001fd40;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = _t110;
				goto 0x8001fd5a;
				E00000001180022144(__rcx, __rcx, _t192, _t197);
				goto 0x8001fd69;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				r8d = 0;
				E00000001180021D70(_t108, 0xa, __rcx, __rcx, _t192, _t197, __rbp, _t209);
				goto 0x8001fd69;
				if (E00000001180021160(0xa, 0x78, __rcx, __rcx, _t194, _t197, _t198, _t204) != 0) goto 0x8001fd74;
				goto 0x8001fee7;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0x8001fee4;
				_t111 =  *(__rcx + 0x30);
				_v56 = 0;
				_v52 = 0;
				_t19 = _t194 + 0x20; // 0x20
				r13d = _t19;
				if ((r15b & 0) == 0) goto 0x8001fdce;
				if ((r15b & 0) == 0) goto 0x8001fdb0;
				_t24 = _t194 + 0x2d; // 0x2d
				_v56 = _t24;
				goto 0x8001fdcb;
				if ((r15b & _t111) == 0) goto 0x8001fdbc;
				goto 0x8001fda9;
				if ((r15b & 0) == 0) goto 0x8001fdce;
				_v56 = r13w;
				_t195 = _t212;
				_t123 =  *(__rcx + 0x42) & 0x0000ffff;
				r9d = 0xffdf;
				if ((r9w & (_t123 & 0x0000ffff) - _t134) != 0) goto 0x8001fdf3;
				if ((r15b & 0) == 0) goto 0x8001fdf3;
				r8b = r15b;
				goto 0x8001fdf6;
				r8b = 0;
				r9d = 0x30;
				if (r8b != 0) goto 0x8001fe0f;
				if (0 == 0) goto 0x8001fe2c;
				 *(_t202 + 0x30 + _t195 * 2) = r9w;
				if (_t123 == _t134) goto 0x8001fe20;
				if (_t123 != 0x41) goto 0x8001fe23;
				 *((short*)(_t202 + 0x32 + _t195 * 2)) = _t134 & 0x0000ffff;
				_t133 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50));
				if ((_t111 & 0x0000000c) != 0) goto 0x8001fe4f;
				r8d = _t133;
				E0000000118001AC58(r13b, __rcx, __rcx + 0x468, _t195 + 2, _t197, _t198, __rcx + 0x28);
				_t211 = __rcx + 0x468;
				_t199 = __rcx + 0x28;
				if ((r15b &  *( *_t211 + 0x14) >> 0x0000000c) == 0) goto 0x8001fe77;
				if ( *((long long*)( *_t211 + 8)) != 0) goto 0x8001fe77;
				 *_t199 =  *_t199;
				goto 0x8001fe93;
				r8d = 0;
				_v72 = __rcx + 0x10;
				E00000001180023AF4(__rcx, _t211,  &_v56, _t195 + 2, _t197, _t199, _t199);
				if ((r15b & 0) == 0) goto 0x8001feb8;
				if ((r15b &  *(_t181 + 0x30) >> 0x00000002) != 0) goto 0x8001feb8;
				r8d = _t133;
				E0000000118001AC58(0x30, _t181, _t211, _t195 + 2, _t197, _t199, _t199);
				E00000001180023674(_t181, _t181, _t199);
				if ( *_t199 < 0) goto 0x8001fee4;
				if ((r15b &  *(_t181 + 0x30) >> 0x00000002) == 0) goto 0x8001fee4;
				r8d = _t133;
				E0000000118001AC58(r13b, _t181, _t211, _t195 + 2, _t197, _t199, _t199);
				return E00000001180002630(r15b,  *(_t181 + 0x30) >> 2, _v48 ^ _t202);
			}

0x18001fc30
0x18001fc30
0x18001fc30
0x18001fc35
0x18001fc42
0x18001fc46
0x18001fc50
0x18001fc55
0x18001fc5e
0x18001fc61
0x18001fc61
0x18001fc64
0x18001fc64
0x18001fc68
0x18001fc6c
0x18001fc6e
0x18001fc78
0x18001fc82
0x18001fc88
0x18001fc92
0x18001fc9c
0x18001fca1
0x18001fca7
0x18001fcad
0x18001fcb7
0x18001fcbf
0x18001fcc4
0x18001fcc9
0x18001fcce
0x18001fcd7
0x18001fce1
0x18001fce7
0x18001fced
0x18001fcf3
0x18001fcf9
0x18001fcff
0x18001fd04
0x18001fd0b
0x18001fd0d
0x18001fd12
0x18001fd14
0x18001fd1b
0x18001fd22
0x18001fd2a
0x18001fd2c
0x18001fd37
0x18001fd39
0x18001fd3d
0x18001fd48
0x18001fd4a
0x18001fd4f
0x18001fd51
0x18001fd5a
0x18001fd5d
0x18001fd62
0x18001fd6b
0x18001fd6f
0x18001fd78
0x18001fd7e
0x18001fd83
0x18001fd89
0x18001fd93
0x18001fd93
0x18001fd9a
0x18001fda4
0x18001fda6
0x18001fda9
0x18001fdae
0x18001fdb3
0x18001fdba
0x18001fdc3
0x18001fdc5
0x18001fdcb
0x18001fdce
0x18001fdd2
0x18001fde2
0x18001fdec
0x18001fdee
0x18001fdf1
0x18001fdf3
0x18001fdfd
0x18001fe09
0x18001fe0d
0x18001fe0f
0x18001fe18
0x18001fe1e
0x18001fe23
0x18001fe32
0x18001fe37
0x18001fe3d
0x18001fe4a
0x18001fe4f
0x18001fe59
0x18001fe66
0x18001fe70
0x18001fe72
0x18001fe75
0x18001fe7e
0x18001fe81
0x18001fe8e
0x18001fe9e
0x18001fea6
0x18001feab
0x18001feb3
0x18001febd
0x18001fec6
0x18001fed1
0x18001fed6
0x18001fedf
0x18001ff0c

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f63abd86d5a67e2cfa24d2a86ed6f179343f48fe2785f1839301eadc6df4ddf8
Instruction ID: 6ff3aa38866676e9ad4ffa6e5e5946495a37e64f13fa87a327f244cb3f9afd49
Opcode Fuzzy Hash: f63abd86d5a67e2cfa24d2a86ed6f179343f48fe2785f1839301eadc6df4ddf8
Instruction Fuzzy Hash: BE81D336210A4886EBFB9A29A0007FA27A2E74DBC4F84D116BD45477E9CF35CA4ED741

Uniqueness

Uniqueness Score: -1.00%

Function 00C55694 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 242dba147a3b42ea0af5cfec930ece5e83433d0fba20fb6d2f2fe3008541b1f6
Instruction ID: bc30c0a82301eb178de97468c125a9e6c24e93e52cb48a754c055205dda2a229
Opcode Fuzzy Hash: 242dba147a3b42ea0af5cfec930ece5e83433d0fba20fb6d2f2fe3008541b1f6
Instruction Fuzzy Hash: 66913B70908708AFDF58DF68C04A99EBBF2FB44304F4081ADE809EB650D775DA59CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00C5B2F0 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ff37af258a23db5c01797c23f2434de8658ec910b62f667d3e0b084e4f6255
Instruction ID: 080f9e7e40b06bd1cb40bdce1ab3f6f5a1cf1ca730789657adc6d85d49b60500
Opcode Fuzzy Hash: f4ff37af258a23db5c01797c23f2434de8658ec910b62f667d3e0b084e4f6255
Instruction Fuzzy Hash: E261137161460C8BDB2CDF38D4965A93BE1FB58700F24613DEC66872B2DB74E94ACB44

Uniqueness

Uniqueness Score: -1.00%

Function 00C4741C Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 411371247076829a3ed050940fe1e65d63f7276580b25cd8f2de86b758f4f241
Instruction ID: 62bb23cc1fd0ee9c64191108a479a6a72229d24563a83750600166bf4ceeef98
Opcode Fuzzy Hash: 411371247076829a3ed050940fe1e65d63f7276580b25cd8f2de86b758f4f241
Instruction Fuzzy Hash: B381CF718047188FEB64DFB8C48958DBFF0FB58348F20462EE865A7262DB749985CF81

Uniqueness

Uniqueness Score: -1.00%

Function 00C5629C Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dac85506b1f04058cb15554c85bbceb8ebb7a831f5bd702a5d02e9f92134646
Instruction ID: bd676ac56977be5096b93cf19b1e762986931c3567e46ce79c0fd3264f619b4a
Opcode Fuzzy Hash: 9dac85506b1f04058cb15554c85bbceb8ebb7a831f5bd702a5d02e9f92134646
Instruction Fuzzy Hash: 54517B75124B88AFDB8CCF28D8C69993BA0FB55305F90622DFC46C72A2C774D886CB45

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024460 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 808483c38131ccb4499abe0c4b6fc68f47203a3758f04bce25fec6a08e85c124
Instruction ID: ebf49ea18bd04d8e298a65ce1cad22c05dfc078dbdabdbf7c7eaa78d3a08d5a6
Opcode Fuzzy Hash: 808483c38131ccb4499abe0c4b6fc68f47203a3758f04bce25fec6a08e85c124
Instruction Fuzzy Hash: A0414962F65FD947FE439A7A58137B00A00AFA77C0E41E322FD0B77B41EB2845468200

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180017604 Relevance: .1, Instructions: 126
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 56%

			E00000001180017604(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t24;
				int _t26;
				signed int _t51;
				void* _t52;
				signed long long _t66;
				signed int* _t73;
				signed long long _t75;
				signed long long _t77;
				signed long long _t78;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;
				signed long long _t104;
				long long _t115;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long*** _t132;

				_t52 = __edi;
				_t51 = __edx;
				 *((long long*)(_t117 + 0x10)) = __rbx;
				 *((long long*)(_t117 + 0x18)) = _t115;
				 *((long long*)(_t117 + 0x20)) = __rsi;
				_t66 =  *((intOrPtr*)(__rcx));
				_t132 = __rcx;
				_t73 =  *_t66;
				if (_t73 == 0) goto 0x80017798;
				_t124 =  *0x80098010; // 0x6aeceb4fd839
				_t111 = _t124 ^  *_t73;
				_t75 = _t73[4] ^ _t124;
				asm("dec eax");
				asm("dec eax");
				asm("dec ecx");
				if ((_t73[2] ^ _t124) != _t75) goto 0x8001770a;
				_t77 = _t75 - (_t124 ^  *_t73) >> 3;
				_t101 =  >  ? _t66 : _t77;
				_t6 = _t115 + 0x20; // 0x20
				_t102 = ( >  ? _t66 : _t77) + _t77;
				_t103 =  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77;
				if (( ==  ? _t66 : ( >  ? _t66 : _t77) + _t77) - _t77 < 0) goto 0x800176a6;
				_t7 = _t115 + 8; // 0x8
				r8d = _t7;
				E0000000118002C2A0(_t6, _t77, _t111,  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77, _t111, _t115, _t120);
				_t24 = E00000001180028028(_t66, _t111);
				if (_t66 != 0) goto 0x800176ce;
				_t104 = _t77 + 4;
				r8d = 8;
				E0000000118002C2A0(_t24, _t77, _t111, _t104, _t111, _t115, _t120);
				_t129 = _t66;
				_t26 = E00000001180028028(_t66, _t111);
				if (_t129 == 0) goto 0x80017798;
				_t123 = _t129 + _t77 * 8;
				_t78 = _t129 + _t104 * 8;
				_t88 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				_t64 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				if (( >  ? _t115 : _t78 - _t123 + 7 >> 3) == 0) goto 0x8001770a;
				memset(_t52, _t26, 0 << 0);
				_t126 =  *0x80098010; // 0x6aeceb4fd839
				r8d = 0x40;
				_t14 =  &(_t123[1]); // 0x180001024
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t95 =  *0x80098010; // 0x6aeceb4fd839
				asm("dec eax");
				 *( *( *_t132)) = _t129 ^ _t95;
				_t96 =  *0x80098010; // 0x6aeceb4fd839
				asm("dec eax");
				( *( *_t132))[1] = _t14 ^ _t96;
				_t98 =  *0x80098010; // 0x6aeceb4fd839
				r8d = r8d - (_t51 & 0x0000003f);
				asm("dec eax");
				( *( *_t132))[2] = _t78 ^ _t98;
				goto 0x8001779b;
				return 0xffffffff;
			}

0x180017604
0x180017604
0x180017604
0x180017609
0x18001760e
0x18001761c
0x180017621
0x180017624
0x18001762a
0x180017630
0x18001763e
0x18001764e
0x180017651
0x180017654
0x180017657
0x18001765d
0x18001766b
0x180017675
0x180017679
0x18001767c
0x18001767f
0x180017686
0x180017688
0x180017688
0x180017692
0x18001769c
0x1800176a4
0x1800176a6
0x1800176aa
0x1800176b6
0x1800176bd
0x1800176c0
0x1800176c8
0x1800176d5
0x1800176d9
0x1800176f1
0x1800176f5
0x1800176f8
0x180017700
0x180017703
0x18001770a
0x180017710
0x180017729
0x18001772f
0x180017732
0x180017745
0x18001774e
0x180017754
0x180017765
0x18001776e
0x180017772
0x18001777e
0x180017787
0x180017792
0x180017796
0x1800177b3

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: cca36e6920e8db9dce7bc11a013358f2a9da43f9e27bd54016be0a8e2f6ab453
Instruction ID: 52cc0551fc063719bd66b21902b14603b63bb5ff80ba13dd75c1d85da6318796
Opcode Fuzzy Hash: cca36e6920e8db9dce7bc11a013358f2a9da43f9e27bd54016be0a8e2f6ab453
Instruction Fuzzy Hash: 1B41C232314A5882EF95CF2AD91479973A1B78CFD4F49D426EE4D97B58DE3CC24A9300

Uniqueness

Uniqueness Score: -1.00%

Function 00C53698 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fd7e54c2e3c2eb2f4057fbf02f2f3a8737c251e610f5f48a5c25456a3c2a7c7
Instruction ID: fae7063807d6392efc7d918ec9f4d79cf9b8fa4fc28ce93f55b6b0311d7e47ad
Opcode Fuzzy Hash: 0fd7e54c2e3c2eb2f4057fbf02f2f3a8737c251e610f5f48a5c25456a3c2a7c7
Instruction Fuzzy Hash: 4261C17154878DDBEBBACF24DC896D93BB0FB48318F904219D84E8E290DB74578ACB45

Uniqueness

Uniqueness Score: -1.00%

Function 00C51DAC Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a779fa67324b10137dca71439002aac2bbc9acba917943a89a2440558f265d6
Instruction ID: 312a046b848f7f117ef51e9bd9e28111636f070692b2ce47d6dda9e4d678398c
Opcode Fuzzy Hash: 8a779fa67324b10137dca71439002aac2bbc9acba917943a89a2440558f265d6
Instruction Fuzzy Hash: 1751C27051478C8BEBBACF28DC9A6DB3BB1FB48704F50421DD84E8E2A0DB765A45CB45

Uniqueness

Uniqueness Score: -1.00%

Function 00C4D1AC Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de15e4835354da21c21c581afa9e1e49ad56d5e721c00a56a2a0f9a367a7b1e2
Instruction ID: fe5e6fa5b5707a9d764ecaa6a1b9735d38e9a80cf116a56cfa1d69f26adca63c
Opcode Fuzzy Hash: de15e4835354da21c21c581afa9e1e49ad56d5e721c00a56a2a0f9a367a7b1e2
Instruction Fuzzy Hash: 63513771918349CBDF2CDF68D88A4ADBBB0FF08344F00021DEA56A6290D7799985CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00C60930 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1891d7c6e5579f1ddf716b9efe699b55b9d074dc8e7dc217c6cd483ac21faf1f
Instruction ID: 9f74eb46646eea3bd088f857434ad21cdb1dff9ba00ee94347d5fa746830d2bb
Opcode Fuzzy Hash: 1891d7c6e5579f1ddf716b9efe699b55b9d074dc8e7dc217c6cd483ac21faf1f
Instruction Fuzzy Hash: B5517CB590034A8FDB88CF64C58A4DF7FB0BB68398F204619F856962A0D374D6A5CFD1

Uniqueness

Uniqueness Score: -1.00%

Function 00C4E570 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0947fb190b259f2f036e8e13266f38e419df21044a1d34d71fc6672665701d99
Instruction ID: 8e432f7f1cbdcb20bcac984d7953c05e599d97836e5d3904600e0fa378ab5d53
Opcode Fuzzy Hash: 0947fb190b259f2f036e8e13266f38e419df21044a1d34d71fc6672665701d99
Instruction Fuzzy Hash: 6241C3B050034E8BDB48DF64D88A4DE7FF0FB68398F214619F859A6250D378D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C53524 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e6112c03750f4c0630cdb5a18b98eee8cc7382c4e8c9e1a176535c4f274712
Instruction ID: bed48bae55f1d375189cd301d6fcf3322da75b94f17af734dc6258250efc4240
Opcode Fuzzy Hash: 95e6112c03750f4c0630cdb5a18b98eee8cc7382c4e8c9e1a176535c4f274712
Instruction Fuzzy Hash: 8041E2B090074E8FDB48CF64C98A5DE7FB1FBA8394F204219EC4AA6250D374D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C55508 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8348d3cd7f29255d4884c11fe93a9125b21d4f4a43616c69afa397f7f63962af
Instruction ID: d25f7f93da0e4dffb485940bf340e44c546d28c87bc29f1d000f716225cc038f
Opcode Fuzzy Hash: 8348d3cd7f29255d4884c11fe93a9125b21d4f4a43616c69afa397f7f63962af
Instruction Fuzzy Hash: BE41AFB181038E8FDF48CF64C88A4DE7BB0FB58348F104A19E86696264D3B9D664CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 00C57198 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c4ca00263a0247c4b651e916fb7a83a9bfa1ce2ae173780690b90c0a27bb6f5
Instruction ID: c0f9cc888c8a3d4060d21a88cff734a42a210060f4f9b8cc1c453977f88febf7
Opcode Fuzzy Hash: 6c4ca00263a0247c4b651e916fb7a83a9bfa1ce2ae173780690b90c0a27bb6f5
Instruction Fuzzy Hash: 2F41B2B090478E8BDF48CF68D88A5DE7BB0FB58348F104A1DEC6696294D3B4D664CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 00C5E614 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2ddded83ff06c7b56f3b031172a418f339d67288712c2ef59fbdfb7de3fa65
Instruction ID: 6120302d5706694eb0986df01d03b43132c602b29bfa6ba5156215f4d13f0e40
Opcode Fuzzy Hash: 6f2ddded83ff06c7b56f3b031172a418f339d67288712c2ef59fbdfb7de3fa65
Instruction Fuzzy Hash: 6641E6B090074A8BDF48DF68C88A4DE7FB1FB58358F10461DF85AA6390D37896A5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C53B88 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a747ab3829d035c160e30ca67f218d8c010ef4ce6a01bc2123f51e37c39b15
Instruction ID: 11f368b289856f8f854d18941f20019831a76f0dfc173d6e7354bc1192e4eca5
Opcode Fuzzy Hash: e9a747ab3829d035c160e30ca67f218d8c010ef4ce6a01bc2123f51e37c39b15
Instruction Fuzzy Hash: 2841D5B190074E8BDF48CF64C48A4DE7FB0FB68358F214618E855A6250D3B8D6A5CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C4BE34 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a31af1c88a1e6ab448c518336f099c9e743a345a8116ccbb9bcacf6df5466d
Instruction ID: d4d2d028e3668faf6aa4ef0679fd0584d8f9092d8702eced13fa9d3d2992b24e
Opcode Fuzzy Hash: d4a31af1c88a1e6ab448c518336f099c9e743a345a8116ccbb9bcacf6df5466d
Instruction Fuzzy Hash: 7031F5B090074A8BDB4CDF68C89A4DE3FA1BB58398F10461DFC5A9A354D3B4D9A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C52110 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69f1bd5eb2f0ebfb53ff7e4ae7896f851b8bbd9ae22bdf3f2cf4232ccd8f10e8
Instruction ID: 8f5d51aba00c4f23d52c296157a313ffc4782a84c6f71662d1847f1d9af8e599
Opcode Fuzzy Hash: 69f1bd5eb2f0ebfb53ff7e4ae7896f851b8bbd9ae22bdf3f2cf4232ccd8f10e8
Instruction Fuzzy Hash: E431ADB55187818BC348DF28C54A51ABBE1FB8C308F504B2EF8CAA6294D778D6058B4A

Uniqueness

Uniqueness Score: -1.00%

Function 00C597AC Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1cb5be32486d082a1004d5cd3269ee3ed63ecfe90488e34a48b9d161af83a4e
Instruction ID: 2d58ce3fde36396ecb80e803f933cd541e39c574f558d268ada5d851062e103f
Opcode Fuzzy Hash: a1cb5be32486d082a1004d5cd3269ee3ed63ecfe90488e34a48b9d161af83a4e
Instruction Fuzzy Hash: 4631C6B190474A8BDB48DF24C88A4DE7FF0FB58388F10461CE85A97250D3B4D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C60D54 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 403423f91ab6d2efc18bb9c6fca72d8179c469d66eb0a9203399f0508270c383
Instruction ID: f7e907a5a4d268517ac5d39fb781b2abcac55db7633d781cedf7f9941ca353e5
Opcode Fuzzy Hash: 403423f91ab6d2efc18bb9c6fca72d8179c469d66eb0a9203399f0508270c383
Instruction Fuzzy Hash: 8F21A0B152C781AFD388DF28C19981ABBE1FB88304F806A1DF98687350D374D844CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00C4E828 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd384b18a8f018deb1ae8c02f50e3dfc83e34399570a2e179077375e0c66cc5
Instruction ID: e563aa27f56e2ecce816434c0e114442c931e28e35474e2e86562d3eaff730a2
Opcode Fuzzy Hash: 7bd384b18a8f018deb1ae8c02f50e3dfc83e34399570a2e179077375e0c66cc5
Instruction Fuzzy Hash: 8931707552D784AFC788DF28D48991EBBF0FB98345F906A1DF88686264E374D445CB02

Uniqueness

Uniqueness Score: -1.00%

Function 00C62B8C Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa0a547024bc87cfc42133694cef77c279f754c0bf310b00985741a0ad6876d3
Instruction ID: cfe9eacf390d468c13f16f556d0757c07c704974f4e6988c0e8e4883957bcd26
Opcode Fuzzy Hash: fa0a547024bc87cfc42133694cef77c279f754c0bf310b00985741a0ad6876d3
Instruction Fuzzy Hash: 95316174529380AFD398DF28D48A81BBBF0FB99314F806E1DF9C68A2A0D774D405CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00C4E368 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f840c702cc6db683c56574f5bbeabe7a5e8170610e02f4bacfea2193c17d021
Instruction ID: 01acab3d5976729f0279e13078dfb0be9a7eaad56c1a841d40bd72aa82e69343
Opcode Fuzzy Hash: 0f840c702cc6db683c56574f5bbeabe7a5e8170610e02f4bacfea2193c17d021
Instruction Fuzzy Hash: 8F31D17090438E8BDB48CF64D8864DFBFB0FB48358F114A19EC5AA6254D7B89664CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 00C55400 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258012521.0000000000C41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c41000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3589b8c10d41c6a6d8f55a96a52859424ad6790b55d32d6910364891c60a7e75
Instruction ID: aca377b28207093ad69189230e20808a2953a665cdfbd0516b7c3ce528793aa5
Opcode Fuzzy Hash: 3589b8c10d41c6a6d8f55a96a52859424ad6790b55d32d6910364891c60a7e75
Instruction Fuzzy Hash: 7F2168B15187808BD348DF28D54951ABBE1BB8C30CF400B2DF8CAAA2A1D778D604CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800243D0 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E000000011800243D0(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0x800998c0 = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0x80024431;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0x800998c0; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0x800998c0 = r8d;
				 *0x800998c4 = r8d;
				return 0;
			}

0x1800243d0
0x1800243d6
0x1800243db
0x1800243e2
0x1800243e2
0x1800243e9
0x1800243eb
0x1800243f3
0x1800243f9
0x1800243fd
0x180024403
0x180024407
0x180024411
0x18002441b
0x180024426
0x18002442a
0x180024431
0x18002443f

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cdcf348cc5694c4f5b0e5d0bdddd02b62d207cfc36638633f978353f304b637
Instruction ID: 8e5f205028e83b9b9d0e5caee0f97c10ec2b5eb3179d69d030deb44cb7e56510
Opcode Fuzzy Hash: 3cdcf348cc5694c4f5b0e5d0bdddd02b62d207cfc36638633f978353f304b637
Instruction Fuzzy Hash: 72F062727252988ADBE69F6CA80275A77E0F30C3C0F90C05DE6C983B04DA3C81648F14

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180003648 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97a3f1b490d90bc78da9bcff4e284e801b429a104edd62e73b7daa1e82b824e5
Instruction ID: 92e892b303c2034cc0877d67f8c8a8df24e2d78c59705c465e8a3db7eb51c731
Opcode Fuzzy Hash: 97a3f1b490d90bc78da9bcff4e284e801b429a104edd62e73b7daa1e82b824e5
Instruction Fuzzy Hash: B8A00236205C48F0F6C7CB01E8957907334E35D394F41C061F049529719F398688C305

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000C14C Relevance: 54.6, APIs: 3, Strings: 28, Instructions: 352
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 67%

			E0000000118000C14C(void* __edi, long long __rbx, long long* __rcx, void* __rdx, long long __rdi, void* __rsi, long long __r14, long long __r15, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed int _v16;
				signed int _v24;
				signed char _v32;
				char _v40;
				signed int _v48;
				signed int _v56;
				signed int _t104;
				signed int _t124;
				signed int _t125;
				signed int _t132;
				signed int _t134;
				void* _t137;
				void* _t141;
				signed char _t148;
				signed char _t160;
				void* _t162;
				void* _t164;
				void* _t165;
				void* _t166;
				void* _t170;
				void* _t171;
				signed int _t172;
				void* _t173;
				void* _t175;
				signed int _t182;
				void* _t191;
				signed char* _t192;
				signed char* _t194;
				long long* _t196;
				long long* _t209;
				long long _t215;
				long long* _t218;
				signed long long* _t252;
				long long* _t269;
				void* _t272;
				void* _t275;
				signed char* _t278;
				signed char* _t280;
				void* _t284;
				long long _t285;

				_t285 = __r14;
				_t271 = __rsi;
				_t162 = __edi;
				_t191 = _t275;
				 *((long long*)(_t191 + 8)) = __rbx;
				 *((long long*)(_t191 + 0x10)) = __rdi;
				 *((long long*)(_t191 + 0x18)) = __r14;
				 *((long long*)(_t191 + 0x20)) = __r15;
				_t192 =  *0x80099490; // 0x0
				_t208 = __rdx;
				_t269 = __rcx;
				r14d =  *_t192 & 0x000000ff;
				if (r14b == 0) goto 0x8000c6be;
				_v56 = _v56 & 0x00000000;
				_t7 =  &(_t192[1]); // 0x1
				_t278 = _t7;
				_v48 = _v48 & 0x00000000;
				r15b = 0;
				 *0x80099490 = _t278;
				_t125 = r14d;
				_t164 = r14d - 0x58;
				if (_t164 > 0) goto 0x8000c2ba;
				if (_t164 == 0) goto 0x8000c2a8;
				_t165 = _t125 - 0x4b;
				if (_t165 > 0) goto 0x8000c226;
				if (_t165 == 0) goto 0x8000c1de;
				if (_t165 == 0) goto 0x8000c214;
				if (_t165 == 0) goto 0x8000c214;
				if (_t165 == 0) goto 0x8000c214;
				if (_t165 == 0) goto 0x8000c202;
				if (_t165 == 0) goto 0x8000c202;
				if (_t165 == 0) goto 0x8000c1f0;
				_t132 = _t125 - 0x3d;
				if (_t165 == 0) goto 0x8000c1f0;
				_t166 = _t132 - 1;
				if (_t166 != 0) goto 0x8000c2bf;
				r8d = 4;
				goto 0x8000c5f5;
				r8d = 3;
				goto 0x8000c5f5;
				r8d = 5;
				goto 0x8000c5f5;
				r8d = 4;
				goto 0x8000c5f5;
				if (_t166 == 0) goto 0x8000c296;
				if (_t166 == 0) goto 0x8000c269;
				if (_t166 == 0) goto 0x8000c253;
				if (_t166 == 0) goto 0x8000c24b;
				if (_t166 == 0) goto 0x8000c24b;
				if (_t166 == 0) goto 0x8000c24b;
				if (_t132 - 0x48 != 1) goto 0x8000c2bf;
				goto 0x8000c478;
				r8d = 5;
				E00000001180009D60(_t192, __rdx,  &_v56, "long ", __rcx, __rsi);
				_v16 = 6;
				_v24 = "double";
				asm("movaps xmm0, [ebp-0x10]");
				asm("movdqa [ebp-0x10], xmm0");
				E0000000118000A578(_t132 - 0x48, _t162, "double", __rdx,  &_v56,  &_v24, _t271);
				goto 0x8000c5fe;
				r8d = 5;
				goto 0x8000c5f5;
				r8d = 4;
				goto 0x8000c5f5;
				if ((_t132 & 0x00000003) == 0x5f) goto 0x8000c2f4;
				_t15 = _t278 - 1; // 0x0
				_t194 = _t15;
				 *0x80099490 = _t194;
				E0000000118000D7F8(_t132 & 0x00000003, _t132 - 0x48, _t208,  &_v24, _t269, _t278, _t284);
				_t215 =  *_t194;
				_t160 = _t194[8];
				_v56 = _t215;
				_v48 = _t160;
				if (_t215 != 0) goto 0x8000c5fe;
				 *_t269 = _t215;
				 *(_t269 + 8) = _t160;
				goto 0x8000c6dc;
				r15d =  *_t278 & 0x000000ff;
				_t21 =  &(_t278[1]); // 0x2
				 *0x80099490 = _t21;
				_t134 = r15d;
				_t170 = r15d - 0x4d;
				if (_t170 > 0) goto 0x8000c40f;
				if (_t170 == 0) goto 0x8000c3d9;
				_t171 = _t134 - 0x47;
				if (_t171 > 0) goto 0x8000c3bc;
				if (_t171 == 0) goto 0x8000c33e;
				_t172 = r15b;
				if (_t172 == 0) goto 0x8000c39e;
				if (_t172 == 0) goto 0x8000c362;
				if (_t172 == 0) goto 0x8000c350;
				_t137 = _t134 - 3;
				if (_t172 == 0) goto 0x8000c350;
				_t173 = _t137 - 1;
				if (_t173 != 0) goto 0x8000c5af;
				r8d = 7;
				goto 0x8000c5f5;
				r8d = 6;
				goto 0x8000c5f5;
				_t196 = "__w64 ";
				_v16 = 6;
				_v24 = _t196;
				asm("movaps xmm0, [ebp-0x10]");
				asm("movdqa [ebp-0x10], xmm0");
				E0000000118000C14C(_t162, _t208,  &_v40, "__int8", _t269, _t271, __r14, __r15);
				_t209 = _t196;
				E00000001180009F6C(_t196,  &_v56,  &_v24);
				_t218 = _t196;
				goto 0x8000c6d1;
				 *0x80099490 = _t278;
				_v56 = 0x8004e150;
				_v48 = 1;
				goto 0x8000c5fe;
				if (_t173 == 0) goto 0x8000c3fd;
				if (_t173 == 0) goto 0x8000c3fd;
				if (_t173 == 0) goto 0x8000c3eb;
				_t141 = _t137 - 0x45;
				if (_t173 == 0) goto 0x8000c3eb;
				if (_t141 != 1) goto 0x8000c5af;
				r8d = 8;
				goto 0x8000c5f5;
				r8d = 7;
				goto 0x8000c5f5;
				r8d = 7;
				goto 0x8000c5f5;
				_t175 = _t141 - 0x53;
				if (_t175 > 0) goto 0x8000c596;
				if (_t175 == 0) goto 0x8000c587;
				if (_t175 == 0) goto 0x8000c578;
				if (_t175 == 0) goto 0x8000c473;
				if (_t175 == 0) goto 0x8000c461;
				if (_t175 == 0) goto 0x8000c44f;
				if (_t141 - 0x4b != 1) goto 0x8000c5af;
				_t29 = _t218 + 8; // -73
				r8d = _t29;
				goto 0x8000c5f5;
				r8d = 7;
				goto 0x8000c5f5;
				r8d = 4;
				goto 0x8000c5f5;
				_v56 = _v56 & 0x00000000;
				_v48 = _v48 & 0x00000000;
				_t104 =  *(_t209 + 8);
				_v24 =  *_t209;
				_v16 = _t104;
				if (0xfffffffe != 0xfffffffe) goto 0x8000c4f2;
				r9d = 0;
				_v16 = _t104 | 0x00000800;
				E0000000118000F704(_t160, _t162, _t209,  &_v40,  &_v56, _t269, _t271,  &_v24, _t272);
				if ((0x00000800 & _v32) != 0) goto 0x8000c4e3;
				_v16 = 2;
				_v24 = 0x8004d4e0;
				_t252 =  &_v24;
				asm("movaps xmm0, [ebp-0x10]");
				asm("movdqa [ebp-0x10], xmm0");
				E0000000118000A578(_t160, _t162, 0x8004d4e0, _t209,  &_v40, _t252, _t271);
				_t148 = _v32;
				 *_t269 = _v40;
				 *(_t269 + 8) = _t148;
				goto 0x8000c6dc;
				if (_t252 != 0) goto 0x8000c55d;
				_t124 = _t148 & 0x00000002;
				if ((_t148 & 0x00000001) == 0) goto 0x8000c543;
				_t53 = _t252 + 5; // 0x5
				r8d = _t53;
				E00000001180009D60(_v40, _t209,  &_v56, "const", _t269, _t271);
				if (_t124 == 0) goto 0x8000c55d;
				_v32 = 9;
				_v40 = " volatile";
				asm("movaps xmm0, [ebp-0x20]");
				asm("movdqa [ebp-0x20], xmm0");
				E0000000118000A578(_t160, _t162, " volatile", _t209,  &_v56,  &_v40, _t271);
				goto 0x8000c55d;
				_t182 = _t124;
				if (_t182 == 0) goto 0x8000c55d;
				r8d = 8;
				E00000001180009D60(" volatile", _t209,  &_v56, "volatile", _t269, _t271);
				r9d = 1;
				_t280 =  &_v24;
				E0000000118000F704(_t160, _t162, _t209, _t269,  &_v56, _t269, _t271, _t280);
				goto 0x8000c6dc;
				r8d = 4;
				goto 0x8000c5f5;
				r8d = 8;
				goto 0x8000c5f5;
				if (_t182 == 0) goto 0x8000c5e8;
				if (_t182 == 0) goto 0x8000c5d9;
				if (_t182 == 0) goto 0x8000c5ca;
				if (_t182 == 0) goto 0x8000c5be;
				if (_t148 - 0x50 == 1) goto 0x8000c5be;
				r8d = 7;
				goto 0x8000c5f5;
				 *0x80099490 = _t280;
				goto 0x8000c2ca;
				r8d = 7;
				goto 0x8000c5f5;
				r8d = 8;
				goto 0x8000c5f5;
				r8d = 0xe;
				E00000001180009D60(" volatile", _t209,  &_v56, "decltype(auto)", _t269, _t271);
				if (r14b == 0x43) goto 0x8000c632;
				_t63 = _t285 - 0x45; // -69
				if ((_t63 & 0x000000f9) == 0) goto 0x8000c622;
				if (r14b != 0x5f) goto 0x8000c678;
				r15b = r15b - 0x45;
				if (r15b - 8 > 0) goto 0x8000c678;
				if ((r15b & 0x00000001) != 0) goto 0x8000c678;
				_v16 = 9;
				goto 0x8000c640;
				_v16 = 7;
				_v24 = "signed ";
				asm("movaps xmm0, [ebp-0x10]");
				asm("movdqa [ebp-0x10], xmm0");
				E00000001180009F6C("signed ",  &_v40,  &_v24);
				E0000000118000A4B0("signed ",  &_v24,  &_v56);
				_v56 = _v24;
				_v48 = _v16;
				if ( *_t209 == 0) goto 0x8000c6af;
				_v24 = _v24 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				E0000000118000B87C(0x20, _v24, _t209,  &_v24);
				E0000000118000A4B0( &_v24,  &_v40, _t209);
				E0000000118000A5F8(_t148 - 0x50,  &_v56,  &_v40, _t209);
				 *_t269 = _v56;
				 *(_t269 + 8) = _v48;
				goto 0x8000c6dc;
				_v16 = _v16 & 0x00000000;
				_v24 = 0x8004e150;
				return E0000000118000A4B0( &_v24, _t269, _t209);
			}

0x18000c14c
0x18000c14c
0x18000c14c
0x18000c14c
0x18000c14f
0x18000c153
0x18000c157
0x18000c15b
0x18000c167
0x18000c16e
0x18000c171
0x18000c174
0x18000c17b
0x18000c181
0x18000c186
0x18000c186
0x18000c18a
0x18000c18e
0x18000c191
0x18000c198
0x18000c19b
0x18000c19f
0x18000c1a5
0x18000c1ab
0x18000c1ae
0x18000c1b0
0x18000c1b5
0x18000c1ba
0x18000c1bf
0x18000c1c4
0x18000c1c9
0x18000c1ce
0x18000c1d0
0x18000c1d3
0x18000c1d5
0x18000c1d8
0x18000c1de
0x18000c1eb
0x18000c1f0
0x18000c1fd
0x18000c202
0x18000c20f
0x18000c214
0x18000c221
0x18000c22b
0x18000c230
0x18000c235
0x18000c23a
0x18000c23f
0x18000c244
0x18000c249
0x18000c24e
0x18000c253
0x18000c264
0x18000c269
0x18000c277
0x18000c27f
0x18000c287
0x18000c28c
0x18000c291
0x18000c296
0x18000c2a3
0x18000c2a8
0x18000c2b5
0x18000c2bd
0x18000c2bf
0x18000c2bf
0x18000c2c3
0x18000c2ce
0x18000c2d3
0x18000c2d6
0x18000c2d9
0x18000c2dd
0x18000c2e3
0x18000c2e9
0x18000c2ec
0x18000c2ef
0x18000c2f4
0x18000c2f8
0x18000c2fc
0x18000c303
0x18000c306
0x18000c30a
0x18000c310
0x18000c316
0x18000c319
0x18000c31f
0x18000c321
0x18000c324
0x18000c329
0x18000c32e
0x18000c330
0x18000c333
0x18000c335
0x18000c338
0x18000c33e
0x18000c34b
0x18000c350
0x18000c35d
0x18000c362
0x18000c369
0x18000c370
0x18000c378
0x18000c37c
0x18000c381
0x18000c38a
0x18000c391
0x18000c396
0x18000c399
0x18000c3a5
0x18000c3ac
0x18000c3b0
0x18000c3b7
0x18000c3bf
0x18000c3c4
0x18000c3c9
0x18000c3cb
0x18000c3ce
0x18000c3d3
0x18000c3d9
0x18000c3e6
0x18000c3eb
0x18000c3f8
0x18000c3fd
0x18000c40a
0x18000c40f
0x18000c412
0x18000c418
0x18000c421
0x18000c42a
0x18000c42f
0x18000c434
0x18000c439
0x18000c43f
0x18000c43f
0x18000c44a
0x18000c44f
0x18000c45c
0x18000c461
0x18000c46e
0x18000c478
0x18000c47d
0x18000c484
0x18000c487
0x18000c48b
0x18000c491
0x18000c4a2
0x18000c4a5
0x18000c4ac
0x18000c4b6
0x18000c4b8
0x18000c4c6
0x18000c4ca
0x18000c4ce
0x18000c4d6
0x18000c4db
0x18000c4e0
0x18000c4e7
0x18000c4ea
0x18000c4ed
0x18000c4f5
0x18000c4f9
0x18000c4ff
0x18000c501
0x18000c501
0x18000c510
0x18000c517
0x18000c519
0x18000c527
0x18000c52f
0x18000c537
0x18000c53c
0x18000c541
0x18000c543
0x18000c545
0x18000c547
0x18000c558
0x18000c55d
0x18000c563
0x18000c56e
0x18000c573
0x18000c578
0x18000c585
0x18000c587
0x18000c594
0x18000c599
0x18000c59e
0x18000c5a3
0x18000c5a8
0x18000c5ad
0x18000c5af
0x18000c5bc
0x18000c5be
0x18000c5c5
0x18000c5ca
0x18000c5d7
0x18000c5d9
0x18000c5e6
0x18000c5e8
0x18000c5f9
0x18000c602
0x18000c604
0x18000c60a
0x18000c610
0x18000c612
0x18000c61a
0x18000c620
0x18000c629
0x18000c630
0x18000c639
0x18000c640
0x18000c648
0x18000c650
0x18000c655
0x18000c665
0x18000c66e
0x18000c675
0x18000c67c
0x18000c67e
0x18000c687
0x18000c68d
0x18000c69d
0x18000c6aa
0x18000c6b3
0x18000c6b9
0x18000c6bc
0x18000c6be
0x18000c6c9
0x18000c6f8

APIs

DName::operator+.LIBVCRUNTIME ref: 000000018000C665
DName::operator+.LIBVCRUNTIME ref: 000000018000C69D
DName::operator+.LIBVCRUNTIME ref: 000000018000C6D7

Strings

__int16, xrefs: 000000018000C344
int, xrefs: 000000018000C1F6
void, xrefs: 000000018000C2AE
volatile, xrefs: 000000018000C520
const, xrefs: 000000018000C505
short, xrefs: 000000018000C208
__int64, xrefs: 000000018000C3F1
__int128, xrefs: 000000018000C3DF
bool, xrefs: 000000018000C57E
char, xrefs: 000000018000C21A
wchar_t, xrefs: 000000018000C5D0
decltype(auto), xrefs: 000000018000C5EE
double, xrefs: 000000018000C270
volatile, xrefs: 000000018000C54D
signed , xrefs: 000000018000C632
long , xrefs: 000000018000C259
char32_t, xrefs: 000000018000C5DF
__int32, xrefs: 000000018000C403
long, xrefs: 000000018000C1E4
__w64 , xrefs: 000000018000C362
__int8, xrefs: 000000018000C356
auto, xrefs: 000000018000C467
char8_t, xrefs: 000000018000C455
char16_t, xrefs: 000000018000C58D
float, xrefs: 000000018000C29C
<unknown>, xrefs: 000000018000C443
unsigned , xrefs: 000000018000C622
UNKNOWN, xrefs: 000000018000C5B5

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+
String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
API String ID: 2943138195-1388207849
Opcode ID: f2dee6405a8fbe506fca8709fb8829a74b47c266673f36c7dc1db984f52b3443
Instruction ID: 228d74c552e96301e98dbae7ca0582fb17e9f1cd6e6f1b5b99026aa6fb121f78
Opcode Fuzzy Hash: f2dee6405a8fbe506fca8709fb8829a74b47c266673f36c7dc1db984f52b3443
Instruction Fuzzy Hash: 48F16072710A1899F7A6CB68D994BEC3770B30D7C8F44C51AEA0916AA8DF75C74DC342

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002DB74 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0000000118002DB74() {
				void* _t30;
				void* _t32;
				void* _t49;

				E0000000118002CA30(0, _t32, "AreFileApisANSI", _t49, 0x80050308, 0x8005030c);
				E0000000118002CA30(1, _t32, "CompareStringEx", _t49, 0x80050320, "CompareStringEx");
				E0000000118002CA30(2, _t32, "EnumSystemLocalesEx", _t49, 0x80050338, "EnumSystemLocalesEx");
				E0000000118002CA30(8, _t32, "GetDateFormatEx", _t49, 0x80050390, "GetDateFormatEx");
				E0000000118002CA30(0xb, _t32, "GetLocaleInfoEx", _t49, 0x800503f0, "GetLocaleInfoEx");
				E0000000118002CA30(0xe, _t32, "GetTimeFormatEx", _t49, 0x80050450, "GetTimeFormatEx");
				E0000000118002CA30(0xf, _t32, "GetUserDefaultLocaleName", _t49, 0x80050468, "GetUserDefaultLocaleName");
				E0000000118002CA30(0x13, _t32, "IsValidLocaleName", _t49, 0x800504e0, "IsValidLocaleName");
				E0000000118002CA30(0x14, _t32, "LCMapStringEx", _t49, 0x80050500, "LCMapStringEx");
				E0000000118002CA30(0x15, _t32, "LCIDToLocaleName", _t49, 0x80050518, "LCIDToLocaleName");
				goto E0000000118002CA30;
				asm("int3");
				asm("int3");
				E0000000118002CA30(7, _t32, "GetActiveWindow", _t49, 0x80050378, "GetActiveWindow");
				if (_t30 == 0) goto 0x8002dd40;
				 *0x8004c3c0(_t32);
				if (_t30 == 0) goto 0x8002dd40;
				E0000000118002CA30(0xa, _t30, "GetLastActivePopup", _t49, "\r", "GetLastActivePopup");
				if (_t30 != 0) goto 0x8002dd31;
				goto 0x8002dd42;
				goto ( *0x8004c3c0);
			}

0x18002db8f
0x18002dbae
0x18002dbcd
0x18002dbec
0x18002dc0b
0x18002dc2a
0x18002dc49
0x18002dc68
0x18002dc87
0x18002dca6
0x18002dcc9
0x18002dcce
0x18002dccf
0x18002dcf0
0x18002dcf8
0x18002dcfa
0x18002dd06
0x18002dd22
0x18002dd2a
0x18002dd2f
0x18002dd39

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002DB8F
try_get_function.LIBVCRUNTIME ref: 000000018002DBAE

Part of subcall function 000000018002CA30: GetProcAddress.KERNEL32(?,?,FFFFFFFF,000000018002D2B2,?,?,00006AECEB4FD839,0000000180025D2E,?,?,00006AECEB4FD839,000000018002522D), ref: 000000018002CB88

try_get_function.LIBVCRUNTIME ref: 000000018002DBCD

Part of subcall function 000000018002CA30: LoadLibraryExW.KERNEL32(?,?,FFFFFFFF,000000018002D2B2,?,?,00006AECEB4FD839,0000000180025D2E,?,?,00006AECEB4FD839,000000018002522D), ref: 000000018002CAD3
Part of subcall function 000000018002CA30: GetLastError.KERNEL32(?,?,FFFFFFFF,000000018002D2B2,?,?,00006AECEB4FD839,0000000180025D2E,?,?,00006AECEB4FD839,000000018002522D), ref: 000000018002CAE1
Part of subcall function 000000018002CA30: LoadLibraryExW.KERNEL32(?,?,FFFFFFFF,000000018002D2B2,?,?,00006AECEB4FD839,0000000180025D2E,?,?,00006AECEB4FD839,000000018002522D), ref: 000000018002CB23

try_get_function.LIBVCRUNTIME ref: 000000018002DBEC

Part of subcall function 000000018002CA30: FreeLibrary.KERNEL32(?,?,FFFFFFFF,000000018002D2B2,?,?,00006AECEB4FD839,0000000180025D2E,?,?,00006AECEB4FD839,000000018002522D), ref: 000000018002CB5C

try_get_function.LIBVCRUNTIME ref: 000000018002DC0B
try_get_function.LIBVCRUNTIME ref: 000000018002DC2A
try_get_function.LIBVCRUNTIME ref: 000000018002DC49
try_get_function.LIBVCRUNTIME ref: 000000018002DC68
try_get_function.LIBVCRUNTIME ref: 000000018002DC87
try_get_function.LIBVCRUNTIME ref: 000000018002DCA6

Strings

GetTimeFormatEx, xrefs: 000000018002DC10, 000000018002DC23
LocaleNameToLCID, xrefs: 000000018002DCAB, 000000018002DCBE
GetLocaleInfoEx, xrefs: 000000018002DBF1, 000000018002DC04
LCIDToLocaleName, xrefs: 000000018002DC8C, 000000018002DC9F
CompareStringEx, xrefs: 000000018002DB94, 000000018002DBA7
GetUserDefaultLocaleName, xrefs: 000000018002DC2F, 000000018002DC42
GetDateFormatEx, xrefs: 000000018002DBD2, 000000018002DBE5
LCMapStringEx, xrefs: 000000018002DC6D, 000000018002DC80
IsValidLocaleName, xrefs: 000000018002DC4E, 000000018002DC61
AreFileApisANSI, xrefs: 000000018002DB88
EnumSystemLocalesEx, xrefs: 000000018002DBB3, 000000018002DBC6

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
API String ID: 3255926029-3252031757
Opcode ID: ebe9825e9a67a146f886f87e402b543a585e229b1c9db0dd702bc23dce440bb7
Instruction ID: b0b00ee6c208c31e3e2118b6d668efca23c52db64e620e0af69ee94f9cb6e8d2
Opcode Fuzzy Hash: ebe9825e9a67a146f886f87e402b543a585e229b1c9db0dd702bc23dce440bb7
Instruction Fuzzy Hash: 903165B4510A8EE2EBC7DB54E8617D82325E74C3C8FE0D057B10A671A19F7A874DC792

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000FAF4 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 288
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 87%

			E0000000118000FAF4(void* __edi, long long __rbx, long long* __rcx, long long __rdi, long long __rsi, void* __r10, void* __r11, void* __r12) {
				void* __r14;
				intOrPtr _t148;
				void* _t149;
				void* _t166;
				void* _t167;
				void* _t170;
				void* _t184;
				signed char* _t185;
				char* _t188;
				intOrPtr _t189;
				intOrPtr* _t190;
				intOrPtr* _t192;
				char* _t193;
				intOrPtr* _t196;
				char* _t197;
				long long _t201;
				intOrPtr* _t233;
				char* _t244;
				void* _t245;
				void* _t249;
				void* _t251;
				void* _t259;
				long long* _t265;
				void* _t270;
				void* _t272;
				void* _t273;
				void* _t291;
				long long _t292;
				long long _t294;

				_t290 = __r12;
				_t288 = __r11;
				_t287 = __r10;
				_t267 = __rsi;
				_t200 = __rbx;
				_t184 = _t272;
				 *((long long*)(_t184 + 8)) = __rbx;
				 *((long long*)(_t184 + 0x10)) = __rsi;
				 *((long long*)(_t184 + 0x18)) = __rdi;
				_t270 = _t184 - 0x158;
				_t273 = _t272 - 0x240;
				r14d = 0;
				_t292 = "::";
				 *__rcx = _t294;
				sil = r14b;
				 *((intOrPtr*)(__rcx + 8)) = r14d;
				_t265 = __rcx;
				_t185 =  *0x80099490; // 0x0
				if (( *_t185 & 0x000000bf) == 0) goto 0x8000ff02;
				_t166 =  *0x800994a4 - r14b; // 0x0
				if (_t166 == 0) goto 0x8000fb53;
				_t167 =  *0x800994a5 - r14b; // 0x0
				if (_t167 == 0) goto 0x8000ff87;
				if ( *((intOrPtr*)(__rcx)) == _t294) goto 0x8000fbd3;
				 *((long long*)(_t270 - 0x60)) = _t292;
				 *((intOrPtr*)(_t270 - 0x58)) = 2;
				asm("movaps xmm0, [ebp-0x60]");
				asm("movdqa [esp+0x40], xmm0");
				E00000001180009F6C(_t185, _t270 + 0x30, _t273 + 0x40);
				E0000000118000A4B0(_t185, _t270 - 0x50, __rcx);
				 *_t265 =  *((intOrPtr*)(_t270 - 0x50));
				 *((intOrPtr*)(_t265 + 8)) =  *((intOrPtr*)(_t270 - 0x48));
				if (sil == 0) goto 0x8000fbd3;
				 *((long long*)(_t273 + 0x50)) = _t294;
				 *((intOrPtr*)(_t273 + 0x58)) = r14d;
				E0000000118000B87C(0x5b,  *((intOrPtr*)(_t270 - 0x50)), __rbx, _t273 + 0x50);
				E0000000118000A4B0(_t273 + 0x50, _t270 - 0x40, _t265);
				sil = r14b;
				 *_t265 =  *((intOrPtr*)(_t270 - 0x40));
				 *((intOrPtr*)(_t265 + 8)) =  *((intOrPtr*)(_t270 - 0x38));
				_t188 =  *0x80099490; // 0x0
				_t170 =  *_t188 - 0x3f;
				if (_t170 != 0) goto 0x8000fecf;
				_t24 = _t188 + 1; // 0x1
				_t244 = _t24;
				 *0x80099490 = _t244;
				if (_t170 == 0) goto 0x8000feaa;
				if (_t170 == 0) goto 0x8000fe34;
				if (_t170 == 0) goto 0x8000fd81;
				if (_t170 == 0) goto 0x8000fe34;
				if (_t170 == 0) goto 0x8000fd3c;
				if ( *_t244 - 0xffffffffffffffff == 8) goto 0x8000fc38;
				E0000000118000E4E8( *_t244 - 0xffffffffffffffff - 8, _t188, _t200, _t270 + 0x40, _t244, __rsi, _t265, __r10, __r11, _t294);
				_t245 = _t270 + 0x130;
				goto 0x8000fee1;
				_t201 = _t294;
				 *((intOrPtr*)(_t273 + 0x28)) = r14d;
				_t28 = _t245 + 1; // 0x2
				_t189 = _t28;
				 *((long long*)(_t273 + 0x20)) = _t201;
				 *0x80099490 = _t189;
				r8d = 0;
				E00000001180011B98(_t149,  *_t244 - 0xffffffffffffffff, 1, __edi, _t201, _t273 + 0x60, _t265, __rsi, _t265, __r10, __r11);
				if ( *((intOrPtr*)(_t273 + 0x68)) != 0) goto 0x8000fcbb;
				if (_t201 == 0) goto 0x8000fcb4;
				 *((long long*)(_t270 - 0x30)) = _t292;
				 *((intOrPtr*)(_t270 - 0x28)) = 2;
				asm("movaps xmm0, [ebp-0x30]");
				asm("movdqa [esp+0x40], xmm0");
				E0000000118000A484(_t273 + 0x60, _t270 + 0x120, _t273 + 0x40);
				E0000000118000A4B0(_t189, _t270 + 0x50, _t273 + 0x20);
				 *((intOrPtr*)(_t273 + 0x28)) =  *((intOrPtr*)(_t189 + 8));
				goto 0x8000fcc6;
				goto 0x8000fcae;
				 *((intOrPtr*)(_t273 + 0x28)) = 2;
				 *((long long*)(_t273 + 0x20)) = _t294;
				if ( *((intOrPtr*)(_t273 + 0x28)) != r14b) goto 0x8000fd2c;
				_t190 =  *0x80099490; // 0x0
				if ( *_t190 != 0x40) goto 0x8000fc50;
				 *((long long*)(_t273 + 0x70)) = _t294;
				 *((intOrPtr*)(_t273 + 0x78)) = r14d;
				E0000000118000B87C(0x5b, _t190, _t294, _t273 + 0x70);
				E0000000118000A4B0(_t273 + 0x70, _t270 - 0x10, _t273 + 0x20);
				r8b = 0x5d;
				_t249 = _t270 + 0x60;
				E0000000118000A4DC(_t270 - 0x10, _t249);
				 *_t265 =  *_t190;
				 *((intOrPtr*)(_t265 + 8)) =  *((intOrPtr*)(_t190 + 8));
				goto 0x8000fdd7;
				 *((intOrPtr*)(_t265 + 8)) = r14d;
				 *((char*)(_t265 + 8)) = 2;
				 *_t265 = _t294;
				goto 0x8000fef8;
				_t57 = _t249 + 1; // 0x2
				r8d = 0;
				 *0x80099490 = _t57;
				E00000001180011B98(_t149,  *_t244 - 0xffffffffffffffff, 1, __edi, _t294, _t270 + 0x70, _t265, _t267, _t273 + 0x20, __r10, __r11);
				r8b = 0x5d;
				E0000000118000A4DC(_t57, _t270 + 0x80);
				_t251 = _t270 + 0x90;
				E0000000118000A4B0(_t57, _t251, _t265);
				sil = 1;
				goto 0x8000feec;
				if ( *((char*)(_t251 + 1)) != 0x5f) goto 0x8000fde3;
				if ( *((char*)(_t251 + 2)) != 0x3f) goto 0x8000fde3;
				_t63 = _t251 + 1; // 0x2
				_t192 = _t63;
				r8d = 0;
				 *0x80099490 = _t192;
				E0000000118000E75C( *_t244 - 0xffffffffffffffff, 0, __edi, _t294, _t270 + 0xa0, _t265, _t267, _t265, __r12);
				E0000000118000A4B0(_t192, _t270 + 0xb0, _t265);
				 *_t265 =  *_t192;
				 *((intOrPtr*)(_t265 + 8)) =  *((intOrPtr*)(_t192 + 8));
				_t193 =  *0x80099490; // 0x0
				if ( *_t193 != 0x40) goto 0x8000fef8;
				 *0x80099490 =  *0x80099490 + 1;
				goto 0x8000fef8;
				E0000000118000D360(__edi,  *_t193 - 0x40, _t193, _t294, _t270 + 0xc0, _t270 + 0xb0, _t265, _t267, _t265, _t290, _t294);
				 *((long long*)(_t270 - 0x80)) = _t294;
				 *((intOrPtr*)(_t270 - 0x78)) = r14d;
				E0000000118000B87C(0x60, _t193, _t193, _t270 - 0x80);
				E0000000118000A4B0(_t270 - 0x80, _t270, _t193);
				r8b = 0x27;
				E0000000118000A4DC(_t270, _t270 + 0xd0);
				goto 0x8000fee1;
				r8b = 0x40;
				E00000001180009EBC(_t193, _t193, _t270 - 0x70, 0x80099490, _t267, _t291);
				 *((intOrPtr*)(_t270 - 0x18)) = 0x15;
				 *((long long*)(_t270 - 0x20)) = "`anonymous namespace\'";
				asm("movaps xmm0, [ebp-0x20]");
				asm("movdqa [esp+0x40], xmm0");
				E00000001180009F6C("`anonymous namespace\'", _t270 + 0xf0, _t273 + 0x40);
				E0000000118000A4B0("`anonymous namespace\'", _t273 + 0x30, _t265);
				 *_t265 =  *((intOrPtr*)(_t273 + 0x30));
				 *((intOrPtr*)(_t265 + 8)) =  *((intOrPtr*)(_t273 + 0x38));
				_t233 =  *0x80099480; // 0x0
				if ( *_t233 == 9) goto 0x8000fef8;
				_t259 = _t270 - 0x70;
				E0000000118000A818( *((intOrPtr*)(_t273 + 0x30)), _t193, _t233, _t259);
				goto 0x8000fef8;
				_t85 = _t259 - 1; // 0x0
				_t196 = _t85;
				r8d = 0;
				 *0x80099490 = _t196;
				E00000001180011B98(_t149,  *_t244 - 0xffffffffffffffff, 1, __edi, _t193, _t270 + 0x100, _t265, _t267, _t265, _t287, _t288);
				goto 0x8000fee1;
				r8d = 0;
				E00000001180011B98(_t149,  *_t244 - 0xffffffffffffffff, 1, __edi, _t193, _t270 + 0x20, _t265, _t267, _t265, _t287, _t288);
				E0000000118000A4B0(_t196, _t270 + 0x10, _t265);
				 *_t265 =  *_t196;
				 *((intOrPtr*)(_t265 + 8)) =  *((intOrPtr*)(_t196 + 8));
				if ( *((intOrPtr*)(_t265 + 8)) == r14b) goto 0x8000fb2d;
				_t197 =  *0x80099490; // 0x0
				if ( *_t197 == r14b) goto 0x8000ff20;
				if ( *_t197 == 0x40) goto 0x8000ff87;
				 *((intOrPtr*)(_t265 + 8)) = r14d;
				 *((char*)(_t265 + 8)) = 2;
				 *_t265 = _t294;
				goto 0x8000ff87;
				if ( *_t265 != _t294) goto 0x8000ff39;
				 *((intOrPtr*)(_t265 + 8)) = r14d;
				 *((char*)(_t265 + 8)) = 1;
				 *_t265 = 0x8004e150;
				goto 0x8000ff87;
				 *((long long*)(_t273 + 0x30)) = _t292;
				 *((intOrPtr*)(_t273 + 0x38)) = 2;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [ebp-0x70], xmm0");
				 *((intOrPtr*)(_t273 + 0x38)) = r14d;
				 *((long long*)(_t273 + 0x30)) = 0x8004e150;
				E0000000118000A484(_t273 + 0x30, _t270 + 0x10, _t270 - 0x70);
				E0000000118000A4B0(0x8004e150, _t270 + 0x20, _t265);
				 *_t265 =  *0x8004e150;
				_t148 =  *0x18004E158;
				 *((intOrPtr*)(_t265 + 8)) = _t148;
				return _t148;
			}

0x18000faf4
0x18000faf4
0x18000faf4
0x18000faf4
0x18000faf4
0x18000faf4
0x18000faf7
0x18000fafb
0x18000faff
0x18000fb08
0x18000fb0f
0x18000fb16
0x18000fb19
0x18000fb20
0x18000fb23
0x18000fb26
0x18000fb2a
0x18000fb2d
0x18000fb37
0x18000fb3d
0x18000fb44
0x18000fb46
0x18000fb4d
0x18000fb56
0x18000fb58
0x18000fb61
0x18000fb6c
0x18000fb70
0x18000fb76
0x18000fb85
0x18000fb8e
0x18000fb94
0x18000fb9a
0x18000fb9e
0x18000fba8
0x18000fbad
0x18000fbbe
0x18000fbc7
0x18000fbca
0x18000fbd0
0x18000fbd3
0x18000fbda
0x18000fbdd
0x18000fbe3
0x18000fbe3
0x18000fbe7
0x18000fbf4
0x18000fbfd
0x18000fc06
0x18000fc0f
0x18000fc18
0x18000fc21
0x18000fc27
0x18000fc2c
0x18000fc33
0x18000fc38
0x18000fc3b
0x18000fc40
0x18000fc40
0x18000fc44
0x18000fc49
0x18000fc50
0x18000fc5a
0x18000fc65
0x18000fc6a
0x18000fc6c
0x18000fc75
0x18000fc83
0x18000fc8c
0x18000fc92
0x18000fca3
0x18000fcae
0x18000fcb2
0x18000fcb9
0x18000fcbb
0x18000fcc6
0x18000fcd0
0x18000fcd2
0x18000fcdc
0x18000fce4
0x18000fcee
0x18000fcf3
0x18000fd06
0x18000fd0b
0x18000fd0e
0x18000fd16
0x18000fd1e
0x18000fd24
0x18000fd27
0x18000fd2c
0x18000fd30
0x18000fd34
0x18000fd37
0x18000fd3c
0x18000fd40
0x18000fd45
0x18000fd50
0x18000fd55
0x18000fd62
0x18000fd6a
0x18000fd74
0x18000fd79
0x18000fd7c
0x18000fd85
0x18000fd8b
0x18000fd8d
0x18000fd8d
0x18000fd91
0x18000fd96
0x18000fda4
0x18000fdb6
0x18000fdbe
0x18000fdc4
0x18000fdc7
0x18000fdd1
0x18000fdd7
0x18000fdde
0x18000fdea
0x18000fdf1
0x18000fdf9
0x18000fe00
0x18000fe10
0x18000fe15
0x18000fe23
0x18000fe2f
0x18000fe34
0x18000fe42
0x18000fe4e
0x18000fe55
0x18000fe5e
0x18000fe69
0x18000fe6f
0x18000fe7f
0x18000fe89
0x18000fe90
0x18000fe93
0x18000fe9d
0x18000fe9f
0x18000fea3
0x18000fea8
0x18000feaa
0x18000feaa
0x18000feae
0x18000feb3
0x18000fec1
0x18000fecd
0x18000fecf
0x18000fed8
0x18000fee7
0x18000feef
0x18000fef5
0x18000fefc
0x18000ff02
0x18000ff0c
0x18000ff11
0x18000ff13
0x18000ff17
0x18000ff1b
0x18000ff1e
0x18000ff2a
0x18000ff2c
0x18000ff30
0x18000ff34
0x18000ff37
0x18000ff39
0x18000ff42
0x18000ff4e
0x18000ff58
0x18000ff5d
0x18000ff62
0x18000ff67
0x18000ff76
0x18000ff7e
0x18000ff81
0x18000ff84
0x18000ffa6

APIs

DName::operator+.LIBVCRUNTIME ref: 000000018000FB85
DName::operator+.LIBVCRUNTIME ref: 000000018000FBBE
DName::operator+.LIBVCRUNTIME ref: 000000018000FC92
DName::operator+.LIBVCRUNTIME ref: 000000018000FCA3
DName::operator+.LIBVCRUNTIME ref: 000000018000FD06
DName::operator+.LIBVCRUNTIME ref: 000000018000FD16
DName::operator+.LIBVCRUNTIME ref: 000000018000FD62
DName::operator+.LIBVCRUNTIME ref: 000000018000FD74
DName::operator+.LIBVCRUNTIME ref: 000000018000FEE7

Part of subcall function 0000000180011B98: Replicator::operator[].LIBVCRUNTIME ref: 0000000180011BF7

DName::operator+.LIBVCRUNTIME ref: 000000018000FF67
DName::operator+.LIBVCRUNTIME ref: 000000018000FF76

Strings

`anonymous namespace', xrefs: 000000018000FE47

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+$Replicator::operator[]
String ID: `anonymous namespace'
API String ID: 3863519203-3062148218
Opcode ID: 88ce95bbc35d447809d642dbe0dfd50a07c4b214e98193c3bc6fd90093e7eafb
Instruction ID: da7365a20f07bb69f5a2787ee2fa556a44203f1a609c4f3eea5d8cf2eb506ae2
Opcode Fuzzy Hash: 88ce95bbc35d447809d642dbe0dfd50a07c4b214e98193c3bc6fd90093e7eafb
Instruction Fuzzy Hash: F2E15C72605B8899EBA2CF64E4803ED77A0F3897C8F548026FB4957B69DF78C659C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180044180 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 249COMMON

Download Yara Rule

APIs

GetGestureInfo.USER32 ref: 00000001800441B0
CloseGestureInfoHandle.USER32 ref: 0000000180044662

Strings

8, xrefs: 000000018004419B

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: GestureInfo$CloseHandle
String ID: 8
API String ID: 372500805-4194326291
Opcode ID: 24fcc5b68633da0f8f8be4f1cbd902bc8ebf2f633c3c7b64af52fa33afd8483d
Instruction ID: 160fc98423218cc6eb835f1e26365e7bf7566a9f20ebab038b044a1e3f977e49
Opcode Fuzzy Hash: 24fcc5b68633da0f8f8be4f1cbd902bc8ebf2f633c3c7b64af52fa33afd8483d
Instruction Fuzzy Hash: 09D10F36308B888AD7A5CF19E49039EB7A0F7C9BC5F518116EA8E87768DF38C545CB05

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000DF10 Relevance: 22.9, APIs: 15, Instructions: 358
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 88%

			E0000000118000DF10(void* __ecx, void* __edi, long long __rbx, long long* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi) {
				void* __r12;
				signed int _t169;
				unsigned int _t173;
				unsigned int _t184;
				unsigned int _t212;
				signed int _t225;
				void* _t228;
				signed int _t229;
				unsigned int _t230;
				signed int _t250;
				void* _t259;
				void* _t285;
				intOrPtr* _t289;
				char* _t292;
				long long* _t294;
				long long _t296;
				intOrPtr* _t304;
				char* _t305;
				char* _t306;
				char* _t347;
				void* _t353;
				long long* _t370;
				long long* _t374;
				void* _t376;
				void* _t377;
				void* _t379;
				void* _t395;
				void* _t396;
				void* _t398;
				long long _t400;
				void* _t402;
				void* _t406;
				intOrPtr* _t407;

				_t372 = __rsi;
				_t245 = __edi;
				_t228 = __ecx;
				_t285 = _t379;
				 *((long long*)(_t285 + 8)) = __rbx;
				 *((long long*)(_t285 + 0x10)) = __rsi;
				 *((long long*)(_t285 + 0x18)) = __rdi;
				_t377 = _t285 - 0x5f;
				_t370 = __rcx;
				r13d = 0;
				_t304 =  *0x80099490; // 0x0
				_t407 = __rdx;
				if ( *_t304 != r13b) goto 0x8000df6b;
				 *(_t377 - 0x11) = r13d;
				 *((long long*)(_t377 - 0x19)) = 0x8004e150;
				_t305 = _t377 - 0x19;
				E0000000118000A4B0(_t305, __rcx, __rdx);
				goto 0x8000e421;
				if ( *_t305 - 0x36 - 3 <= 0) goto 0x8000df7c;
				if ( *_t305 != 0x5f) goto 0x8000e416;
				r8d = r8d | 0xffffffff;
				_t306 = _t305 + 1;
				 *0x80099490 = _t306;
				if ( *_t305 - 0x36 != 0x29) goto 0x8000dfba;
				if ( *_t306 == r13b) goto 0x8000df48;
				_t8 = _t306 + 1; // 0x2
				_t347 = _t8;
				 *0x80099490 = _t347;
				_t250 =  >  ? r8d :  *_t306 - 0x3d;
				goto 0x8000dfce;
				if (_t250 < 0) goto 0x8000e416;
				if (_t250 - 3 > 0) goto 0x8000e416;
				_t259 = _t250 - r8d;
				if (_t259 == 0) goto 0x8000e416;
				r12d = _t250;
				 *((long long*)(_t377 - 0x29)) = _t400;
				 *(_t377 - 0x21) = r13d;
				 *((long long*)(_t377 - 0x39)) =  *_t407;
				 *(_t377 - 0x31) =  *(_t407 + 8);
				r12d = r12d & 0x00000002;
				if (_t259 == 0) goto 0x8000e14a;
				if ( *_t347 == 0x40) goto 0x8000e0d8;
				 *(_t377 - 0x11) = 2;
				 *((long long*)(_t377 - 0x19)) = "::";
				asm("movaps xmm0, [ebp-0x19]");
				asm("movdqa [ebp+0x7], xmm0");
				E00000001180009F6C("::", _t377 - 9, _t377 + 7);
				E0000000118000A4B0("::", _t377 - 0x19, _t377 - 0x39);
				 *((long long*)(_t377 - 0x39)) =  *((intOrPtr*)(_t377 - 0x19));
				 *(_t377 - 0x31) =  *(_t377 - 0x11);
				_t289 =  *0x80099490; // 0x0
				if ( *_t289 == r13b) goto 0x8000e0a8;
				E0000000118000FAF4(__edi, __rbx, _t377 - 9, _t370, __rsi, _t395, _t396, _t398);
				 *((long long*)(_t377 - 0x19)) = _t400;
				 *(_t377 - 0x11) = r13d;
				E0000000118000B87C(0x20, _t289, _t289, _t377 - 0x19);
				E0000000118000A4B0(_t377 - 0x19, _t377 + 7, _t289);
				E0000000118000A4B0(_t377 + 7, _t377 + 0x27, _t377 - 0x39);
				 *((long long*)(_t377 - 0x39)) =  *_t289;
				goto 0x8000e0cc;
				 *(_t377 - 0x11) = r13d;
				_t353 = _t377 - 9;
				 *((long long*)(_t377 - 0x19)) = 0x8004e150;
				E0000000118000A4B0(_t377 - 0x19, _t353, _t377 - 0x39);
				 *((long long*)(_t377 - 0x39)) =  *((intOrPtr*)(_t377 - 9));
				 *(_t377 - 0x31) =  *(_t377 - 1);
				goto 0x8000e0e3;
				_t45 = _t353 + 1; // 0x2
				_t292 = _t45;
				 *0x80099490 = _t292;
				if ( *_t292 == r13b) goto 0x8000e1e4;
				if ( *_t292 != 0x40) goto 0x8000e416;
				 *((long long*)(_t377 - 9)) = _t400;
				 *0x80099490 = _t292 + 1;
				r8d = 0;
				_t169 =  *0x800994a0; // 0x0
				 *(_t377 - 1) = r13d;
				 *((intOrPtr*)(_t379 - 0xa0 + 0x20)) = 1;
				if ((_t169 & 0x00000060) == 0x60) goto 0x8000e1b8;
				 *((long long*)(_t377 - 0x19)) = _t400;
				 *(_t377 - 0x11) = r13d;
				E0000000118000C978(__edi, _t289, _t377 + 7, _t377 - 0x19, _t370, _t372, _t377 - 9);
				_t294 =  *((intOrPtr*)(_t377 + 7));
				 *((long long*)(_t377 - 0x29)) = _t294;
				 *(_t377 - 0x21) =  *(_t377 + 0xf);
				r14d = 0xffffff00;
				if ((sil & 0x00000004) == 0) goto 0x8000e216;
				_t173 =  *0x800994a0; // 0x0
				if (( !(_t173 >> 1) & 0x00000001) == 0) goto 0x8000e1f9;
				E0000000118000C054(_t228, __edi,  !(_t173 >> 1) & 0x00000001, _t294, _t289, _t377 + 0x27, _t372, _t377 - 0x39, _t406);
				 *((long long*)(_t377 - 0x19)) = _t400;
				 *(_t377 - 0x11) = r13d;
				_t300 = _t294;
				E0000000118000B87C(0x20, _t294, _t294, _t377 - 0x19);
				E0000000118000A4B0(_t377 - 0x19, _t377 + 7, _t294);
				E0000000118000A4B0(_t377 + 7, _t377 - 9, _t377 - 0x39);
				 *((long long*)(_t377 - 0x39)) =  *_t294;
				goto 0x8000e213;
				 *((long long*)(_t377 + 7)) = _t400;
				 *(_t377 + 0xf) = r13d;
				E0000000118000C978(__edi, _t294, _t377 - 0x19, _t377 - 9, _t370, _t372, _t377 + 7);
				if ( *(_t377 - 0x11) - 1 <= 0) goto 0x8000e14a;
				goto 0x8000e147;
				 *(_t377 + 0xf) = r13d;
				 *((long long*)(_t377 + 7)) = 0x8004e150;
				goto 0x8000df5e;
				E0000000118000C054(_t228, __edi,  *(_t377 - 0x11) - 1, _t294, _t294, _t377 + 7, _t372, _t377 - 0x39, _t402);
				if ( *(_t377 - 0x31) == 3) goto 0x8000e216;
				if ( *(_t294 + 8) - 1 <= 0) goto 0x8000e216;
				_t225 =  *(_t294 + 8) & r14d |  *(_t294 + 8) & 0x000000ff;
				 *(_t377 - 0x31) = _t225;
				_t184 =  *0x800994a0; // 0x0
				if (( !(_t184 >> 1) & 0x00000001) == 0) goto 0x8000e24c;
				E0000000118000C838(_t294, _t377 + 0x27, _t370, _t372, _t400, _t398);
				E0000000118000A4B0(_t294, _t377 + 7, _t377 - 0x39);
				 *((long long*)(_t377 - 0x39)) =  *_t294;
				 *(_t377 - 0x31) =  *(_t294 + 8);
				goto 0x8000e269;
				E0000000118000C838(_t294,  *_t294, _t370, _t372);
				if ( *(_t377 - 0x31) == 3) goto 0x8000e269;
				if ( *(_t294 + 8) - 1 <= 0) goto 0x8000e269;
				 *(_t377 - 0x31) = _t225 & r14d |  *(_t294 + 8) & 0x000000ff;
				if ( *_t407 == _t400) goto 0x8000e2af;
				 *((long long*)(_t377 - 0x19)) = _t400;
				 *(_t377 - 0x11) = r13d;
				E0000000118000B87C(0x28, _t294, _t300, _t377 - 0x19);
				E0000000118000A4B0(_t377 - 0x19, _t377 + 7, _t377 - 0x39);
				r8b = 0x29;
				E0000000118000A4DC(_t377 + 7, _t377 + 0x27);
				 *((long long*)(_t377 - 0x39)) =  *_t294;
				 *(_t377 - 0x31) =  *(_t294 + 8);
				E0000000118000E5E0(_t294, _t300, 0x800994b8, _t377 + 0x27, _t372, _t376);
				if (_t294 == 0) goto 0x8000e2d1;
				 *_t294 = _t400;
				 *(_t294 + 8) = r13d;
				goto 0x8000e2d4;
				_t374 = _t400;
				E0000000118000FAC0(_t245, _t377 + 0x17, _t370);
				E0000000118000BB4C(_t300, _t377 + 0x27, _t374, _t374, _t377 - 0x39);
				 *((long long*)(_t377 - 0x19)) = _t400;
				 *(_t377 - 0x11) = r13d;
				_t301 = _t294;
				E0000000118000B87C(0x28, _t294, _t294, _t377 - 0x19);
				E0000000118000A4B0(_t377 - 0x19, _t377 + 7, _t301);
				r8b = 0x29;
				E0000000118000A4DC(_t377 + 7, _t377 - 9);
				E0000000118000A5F8(_t228, _t377 - 0x39, _t294, _t301);
				_t229 =  *0x800994a0; // 0x0
				if ((_t229 & 0x00000060) == 0x60) goto 0x8000e352;
				if (r12d == 0) goto 0x8000e352;
				E0000000118000A5F8(_t229, _t377 - 0x39, _t377 - 0x29, _t301);
				_t230 =  *0x800994a0; // 0x0
				if (( !(_t230 >> 0x13) & 0x00000001) == 0) goto 0x8000e373;
				E0000000118000F8F4(_t225 & r14d |  *(_t294 + 8) & 0x000000ff,  !(_t230 >> 0x13), _t245, _t301, _t377 + 0x27, _t370, _t374);
				E0000000118000A5F8( !(_t230 >> 0x13), _t377 - 0x39, _t294, _t301);
				goto 0x8000e393;
				E0000000118000F8F4(_t225 & r14d |  *(_t294 + 8) & 0x000000ff,  !(_t230 >> 0x13), _t245, _t301, _t377 - 0x39, _t370, _t374);
				if ( *(_t377 - 0x31) == 3) goto 0x8000e393;
				if ( *(_t294 + 8) - 1 <= 0) goto 0x8000e393;
				 *(_t377 - 0x31) =  *(_t377 - 0x31) & r14d |  *(_t294 + 8) & 0x000000ff;
				E0000000118000E684(_t377 + 0x27);
				E0000000118000A5F8( *(_t377 - 0x31) & r14d |  *(_t294 + 8) & 0x000000ff, _t377 - 0x39, _t294, _t301);
				_t212 =  *0x800994a0; // 0x0
				if (( !(_t212 >> 8) & 0x00000001) == 0) goto 0x8000e3ed;
				E000000011800110D8(_t377 + 0x27);
				E0000000118000A5F8( *(_t377 - 0x31) & r14d |  *(_t294 + 8) & 0x000000ff, _t377 - 0x39, _t294, _t301);
				if (_t374 == 0) goto 0x8000e40c;
				 *_t374 =  *((intOrPtr*)(_t377 - 0x39));
				 *(_t374 + 8) =  *(_t377 - 0x31);
				_t296 =  *((intOrPtr*)(_t377 + 0x17));
				 *_t370 = _t296;
				 *(_t370 + 8) =  *(_t377 + 0x1f);
				goto 0x8000e421;
				E000000011800110D8(_t377 - 0x39);
				if ( *(_t377 - 0x31) == 3) goto 0x8000e3cc;
				if ( *(_t296 + 8) - 1 <= 0) goto 0x8000e3cc;
				goto 0x8000e3cf;
				 *(_t370 + 8) = r13d;
				 *(_t370 + 8) = 3;
				goto 0x8000e41e;
				 *(_t370 + 8) = r13d;
				 *(_t370 + 8) = 2;
				 *_t370 = _t400;
				return  *(_t296 + 8) & 0x000000ff;
			}

0x18000df10
0x18000df10
0x18000df10
0x18000df10
0x18000df13
0x18000df17
0x18000df1b
0x18000df28
0x18000df33
0x18000df36
0x18000df39
0x18000df40
0x18000df46
0x18000df4f
0x18000df53
0x18000df57
0x18000df61
0x18000df66
0x18000df71
0x18000df76
0x18000df7f
0x18000df86
0x18000df89
0x18000df93
0x18000df98
0x18000df9d
0x18000df9d
0x18000dfa4
0x18000dfb4
0x18000dfb8
0x18000dfbc
0x18000dfc8
0x18000dfce
0x18000dfd1
0x18000dfda
0x18000dfe1
0x18000dfe5
0x18000dfe9
0x18000dfed
0x18000dff0
0x18000dff4
0x18000e004
0x18000e011
0x18000e018
0x18000e020
0x18000e028
0x18000e02d
0x18000e03d
0x18000e046
0x18000e04d
0x18000e050
0x18000e05a
0x18000e060
0x18000e067
0x18000e06f
0x18000e076
0x18000e086
0x18000e097
0x18000e0a2
0x18000e0a6
0x18000e0ac
0x18000e0b0
0x18000e0b4
0x18000e0bc
0x18000e0c8
0x18000e0d3
0x18000e0d6
0x18000e0d8
0x18000e0d8
0x18000e0dc
0x18000e0e6
0x18000e0ef
0x18000e0f8
0x18000e0fc
0x18000e103
0x18000e106
0x18000e10f
0x18000e113
0x18000e11d
0x18000e127
0x18000e12f
0x18000e137
0x18000e13c
0x18000e140
0x18000e147
0x18000e14a
0x18000e154
0x18000e15a
0x18000e16a
0x18000e170
0x18000e177
0x18000e17f
0x18000e183
0x18000e186
0x18000e196
0x18000e1a7
0x18000e1b2
0x18000e1b6
0x18000e1bc
0x18000e1c4
0x18000e1cc
0x18000e1d5
0x18000e1df
0x18000e1e4
0x18000e1ec
0x18000e1f4
0x18000e1f9
0x18000e202
0x18000e208
0x18000e211
0x18000e213
0x18000e216
0x18000e226
0x18000e228
0x18000e238
0x18000e243
0x18000e247
0x18000e24a
0x18000e24c
0x18000e255
0x18000e25b
0x18000e266
0x18000e26c
0x18000e270
0x18000e278
0x18000e27c
0x18000e28d
0x18000e292
0x18000e29d
0x18000e2a8
0x18000e2ac
0x18000e2bb
0x18000e2c6
0x18000e2c8
0x18000e2cb
0x18000e2cf
0x18000e2d1
0x18000e2db
0x18000e2e4
0x18000e2eb
0x18000e2f3
0x18000e2f7
0x18000e2fa
0x18000e30a
0x18000e30f
0x18000e31a
0x18000e326
0x18000e32b
0x18000e338
0x18000e33d
0x18000e347
0x18000e34c
0x18000e35e
0x18000e360
0x18000e36c
0x18000e371
0x18000e373
0x18000e37c
0x18000e382
0x18000e390
0x18000e397
0x18000e3a3
0x18000e3a8
0x18000e3b9
0x18000e3bb
0x18000e3c7
0x18000e3d2
0x18000e3d8
0x18000e3db
0x18000e3de
0x18000e3e2
0x18000e3e8
0x18000e3eb
0x18000e3ed
0x18000e3f6
0x18000e3fc
0x18000e40a
0x18000e40c
0x18000e410
0x18000e414
0x18000e416
0x18000e41a
0x18000e41e
0x18000e444

APIs

DName::operator+.LIBVCRUNTIME ref: 000000018000DF61
DName::operator+.LIBVCRUNTIME ref: 000000018000E03D
DName::operator+.LIBVCRUNTIME ref: 000000018000E086
DName::operator+.LIBVCRUNTIME ref: 000000018000E097

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 2303ee9f5042ad339646e11ae424a54e3832718655c27d91436b124b379cc77c
Instruction ID: 2b6749b48131f4fbcc3a3b31c7d9a1ad8ba32d3f8567fe3edfaf18983e85ef0c
Opcode Fuzzy Hash: 2303ee9f5042ad339646e11ae424a54e3832718655c27d91436b124b379cc77c
Instruction Fuzzy Hash: 29F14576B04A889EFB92DFA4E4903ED37B1E34978CF448016EA4967B99DF34C659C340

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800109FC Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 349
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 74%

			E000000011800109FC(void* __edx, void* __edi, long long __rbx, long long* __rcx, long long __rdi, long long __rsi, void* __r8, void* __r10, void* __r11, void* __r12, long long _a16, long long _a24, long long _a32) {
				void* _v24;
				signed int _v40;
				void* _v41;
				char _v48;
				char _v56;
				char _v72;
				intOrPtr _v80;
				char _v88;
				char _v96;
				char _v104;
				void* __r14;
				void* __r15;
				signed int _t117;
				char _t129;
				void* _t134;
				void* _t142;
				void* _t149;
				void* _t162;
				void* _t166;
				void* _t170;
				void* _t171;
				char _t172;
				void* _t174;
				void* _t176;
				void* _t178;
				long long* _t182;
				long long* _t189;
				intOrPtr _t194;
				signed long long _t197;
				char* _t199;
				long long _t201;
				long long* _t204;
				long long* _t205;
				long long* _t206;
				intOrPtr _t210;
				long long _t215;
				intOrPtr* _t254;
				char* _t264;
				long long* _t266;
				long long* _t284;
				void* _t289;
				void* _t297;
				long long _t302;
				void* _t303;

				_t301 = __r12;
				_t299 = __r11;
				_t298 = __r10;
				_t286 = __rsi;
				_t215 = __rbx;
				_t157 = __edi;
				_t149 = __edx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t197 =  *0x80098010; // 0x6aeceb4fd839
				_v40 = _t197 ^ _t289 - 0x00000070;
				_t199 =  *0x80099490; // 0x0
				_t284 = __rcx;
				r14d = 0;
				_t129 =  *_t199;
				_t5 = _t199 + 1; // 0x1
				_t264 = _t5;
				 *0x80099490 = _t264;
				_t170 = _t129 - 0x46;
				if (_t170 > 0) goto 0x80010bb9;
				if (_t170 == 0) goto 0x80010c1d;
				_t171 = _t129 - 0x36;
				if (_t171 > 0) goto 0x80010b54;
				if (_t171 == 0) goto 0x80010b47;
				_t172 = _t129;
				if (_t172 == 0) goto 0x80010b29;
				if (_t172 == 0) goto 0x80010b1c;
				if (_t172 == 0) goto 0x80010ab0;
				if (_t172 == 0) goto 0x80010aa3;
				_t162 = _t129 - 0x2c;
				if (_t172 == 0) goto 0x80010a96;
				if (_t162 != 1) goto 0x80010e99;
				E0000000118000B928(_t129, __rcx, __r8);
				goto 0x80010f06;
				E00000001180010440(_t284);
				goto 0x80010f06;
				E000000011800117A4(_t129, _t149, __edi, __rbx, _t284, _t264, _t284, __rsi, __r8, __r10, __r11, __r12, _t302, _t303);
				goto 0x80010f06;
				_t174 =  *_t264 - 0x40;
				if (_t174 != 0) goto 0x80010aec;
				_t6 = _t264 + 1; // 0x2
				_v80 = 4;
				 *0x80099490 = _t6;
				_t201 = "NULL";
				_v88 = _t201;
				asm("movaps xmm0, [ebp-0x40]");
				asm("movdqa [ebp-0x50], xmm0");
				E00000001180009F6C(_t201, _t284,  &_v104);
				goto 0x80010f06;
				_v56 = _t302;
				_v48 = r14d;
				E0000000118000B87C(0x26, _t201, _t215,  &_v56);
				E0000000118000D360(__edi, _t174, _t201, _t215,  &_v104,  &_v104, _t284, __rsi, __r8, __r12);
				_t293 = _t201;
				_t266 = _t284;
				E0000000118000A4B0( &_v56, _t266, _t201);
				goto 0x80010f06;
				E000000011800100E4(_t215, _t284, _t266, _t286, _t201, __r10, _t299, _t302);
				goto 0x80010f06;
				_t15 = _t266 - 1; // 0x0
				 *0x80099490 = _t15;
				 *_t284 = 0x8004e150;
				 *((intOrPtr*)(_t284 + 8)) = r14d;
				goto 0x80010f06;
				E0000000118000E54C(_t129, _t284, _t266, _t201);
				goto 0x80010f06;
				if (_t174 == 0) goto 0x80010bac;
				if (_t174 == 0) goto 0x80010b9f;
				if (_t174 == 0) goto 0x80010b90;
				if (_t174 == 0) goto 0x80010b90;
				_t134 = _t129 - 0x2b;
				if (_t174 == 0) goto 0x80010b83;
				if (_t134 != 2) goto 0x80010e99;
				E0000000118000D360(__edi, _t134 - 2, 0x8004e150, _t215, _t284, _t266, _t284, _t286, _t201, _t301);
				goto 0x80010f06;
				E0000000118000BCA8(_t134, _t284, _t266, _t201);
				goto 0x80010f06;
				E0000000118000DDE8(_t162, _t215, _t284, _t286, __r10);
				goto 0x80010f06;
				E0000000118000F150(_t134, _t157, _t215, _t284, _t286, _t293);
				goto 0x80010f06;
				E000000011800115E0(_t134, _t162, _t157, _t284, _t284, _t286, _t293, __r10, _t299, _t301, _t302, _t303);
				goto 0x80010f06;
				_t176 = _t162 - 0x51;
				if (_t176 > 0) goto 0x80010db5;
				if (_t176 == 0) goto 0x80010e99;
				if (_t176 == 0) goto 0x80010c1d;
				if (_t176 == 0) goto 0x80010c1d;
				if (_t176 == 0) goto 0x80010c1d;
				if (_t176 == 0) goto 0x80010c1d;
				if (_t176 == 0) goto 0x80010bfd;
				if (_t134 - 0x41 != 1) goto 0x80010e99;
				_t204 = "nullptr";
				_v80 = 7;
				goto 0x80010ace;
				E00000001180010F30(_t162, _t157, _t215,  &_v104, _t284, _t286, _t293, __r10, _t299, _t302, _t303);
				_t178 = _v96 - 1;
				if (_t178 > 0) goto 0x80010e99;
				E000000011800109FC(_t162, _t157, _t215, _t284, _t284, _t286, _t293, _t298, _t299, _t301);
				goto 0x80010f06;
				_v56 = _t302;
				_v48 = r14d;
				E0000000118000B87C(0x7b, _t204, _t215,  &_v56);
				if (_t178 == 0) goto 0x80010c4d;
				_t142 = _t162 - 0x47;
				if (_t178 == 0) goto 0x80010c4d;
				if (_t142 != 1) goto 0x80010caf;
				E0000000118000D360(_t157, _t142 - 1, _t204, _t215,  &_v104, _t266, _t284, _t286, _t293, _t301);
				E0000000118000A5F8(_t142,  &_v56, _t204, _t293);
				if (_v48 - 1 > 0) goto 0x80010caf;
				if (_v56 != _t302) goto 0x80010c83;
				_v56 = _t302;
				_v48 = r14d;
				E0000000118000B87C(0x2c, _t204, _t215,  &_v56);
				goto 0x80010caf;
				E0000000118000E5E0(_t204, _t215, 0x800994b8, _t215, _t286);
				_t182 = _t204;
				if (_t182 == 0) goto 0x80010ca0;
				 *_t204 = 0x8004df68;
				 *((char*)(_t204 + 8)) = 0x2c;
				goto 0x80010ca3;
				_t205 = _t302;
				E00000001180009CFC(_t205, _t215,  &_v56, _t205);
				if (_t182 == 0) goto 0x80010d32;
				if (_t182 == 0) goto 0x80010cd0;
				if (_t182 == 0) goto 0x80010d94;
				_t166 = _t162 - 0x43;
				if (_t182 == 0) goto 0x80010d32;
				if (_t166 != 1) goto 0x80010da9;
				E000000011800100E4(_t215,  &_v104, _t205, _t286, _t293, _t298, _t299, _t302);
				E0000000118000A5F8(_t142,  &_v56, _t205, _t293);
				if (_v48 - 1 > 0) goto 0x80010d32;
				if (_v56 != _t302) goto 0x80010d06;
				_v56 = _t302;
				_v48 = r14d;
				E0000000118000B87C(0x2c, _t205, _t215,  &_v56);
				goto 0x80010d32;
				E0000000118000E5E0(_t205, _t215, 0x800994b8, _t215, _t286);
				if (_t205 == 0) goto 0x80010d23;
				 *_t205 = 0x8004df68;
				 *((char*)(_t205 + 8)) = 0x2c;
				goto 0x80010d26;
				_t206 = _t302;
				E00000001180009CFC(_t206, _t215,  &_v56, _t206);
				E000000011800100E4(_t215,  &_v104, _t206, _t286, _t293, _t298, _t299, _t302);
				E0000000118000A5F8(_t142,  &_v56, _t206, _t293);
				if (_v48 - 1 > 0) goto 0x80010d94;
				if (_v56 != _t302) goto 0x80010d68;
				_v56 = _t302;
				_v48 = r14d;
				E0000000118000B87C(0x2c, _t206, _t215,  &_v56);
				goto 0x80010d94;
				E0000000118000E5E0(_t206, _t215, 0x800994b8, _t215, _t286);
				_t189 = _t206;
				if (_t189 == 0) goto 0x80010d85;
				 *_t206 = 0x8004df68;
				 *((char*)(_t206 + 8)) = 0x2c;
				goto 0x80010d88;
				_t207 = _t302;
				E00000001180009CFC(_t302, _t215,  &_v56, _t302);
				E000000011800100E4(_t215,  &_v104, _t302, _t286, _t293, _t298, _t299, _t302);
				E0000000118000A5F8(_t142,  &_v56, _t207, _t293);
				r8b = 0x7d;
				goto 0x80010efe;
				if (_t189 == 0) goto 0x80010dd2;
				if (_t189 == 0) goto 0x80010dfe;
				if (_t189 == 0) goto 0x80010dd2;
				if (_t189 == 0) goto 0x80010dd2;
				if (_t142 - 0x4f != 1) goto 0x80010e99;
				E000000011800100E4(_t215,  &_v104, _t207, _t286, _t293, _t298, _t299, _t302);
				_t254 = _v104;
				if (_t254 == 0) goto 0x80010e0a;
				 *0x8004c3c0();
				 *((intOrPtr*)( *((intOrPtr*)( *_t254 + 0x18)))) = r14b;
				goto 0x80010e0e;
				 *_t284 = _t302;
				 *((intOrPtr*)(_t284 + 8)) = r14d;
				goto 0x80010f06;
				_v56 = r14b;
				_t117 = E00000001180015530( &_v56);
				r15d = 0xfff;
				if (( *0x800994a0 & 0x00004000) == 0) goto 0x80010e5a;
				_t210 =  *0x800994a8; // 0x0
				if (_t210 == 0) goto 0x80010e5a;
				 *0x8004c3c0();
				_t194 = _t210;
				if (_t194 == 0) goto 0x80010e5a;
				r8b = r14b;
				E00000001180009C28(_t284, _t210);
				goto 0x80010f06;
				r9d = _t117 & r15d;
				E00000001180012358(_t117 & r15d, _t210,  &_v56, _t210, "%d", _t297);
				r8b = r14b;
				E00000001180009C28( &_v88,  &_v56);
				if (_t194 == 0) goto 0x80010ebf;
				if (_t194 == 0) goto 0x80010ebf;
				if (_t194 == 0) goto 0x80010eb6;
				if (_t166 - 0x4f == 1) goto 0x80010ea6;
				 *((intOrPtr*)(_t284 + 8)) = r14d;
				 *((char*)(_t284 + 8)) = 2;
				 *_t284 = _t302;
				goto 0x80010f06;
				_v96 = 0x1a;
				goto 0x80010ecd;
				goto 0x80010ec6;
				_v96 = 0x19;
				_v104 = "`template-type-parameter-";
				asm("movaps xmm0, [ebp-0x50]");
				asm("movdqa [ebp-0x50], xmm0");
				E00000001180009F6C("`template-type-parameter-",  &_v72,  &_v104);
				E0000000118000A4B0("`template-type-parameter-",  &_v104,  &_v88);
				r8b = 0x27;
				return E00000001180002630(E0000000118000A4DC( &_v104, _t284), _t117 & r15d, _v40 ^ _t289 - 0x00000070);
			}

0x1800109fc
0x1800109fc
0x1800109fc
0x1800109fc
0x1800109fc
0x1800109fc
0x1800109fc
0x1800109fc
0x180010a01
0x180010a06
0x180010a17
0x180010a21
0x180010a25
0x180010a2c
0x180010a2f
0x180010a32
0x180010a35
0x180010a35
0x180010a39
0x180010a42
0x180010a45
0x180010a4b
0x180010a51
0x180010a54
0x180010a5a
0x180010a60
0x180010a62
0x180010a6b
0x180010a74
0x180010a79
0x180010a7b
0x180010a7e
0x180010a83
0x180010a8c
0x180010a91
0x180010a99
0x180010a9e
0x180010aa6
0x180010aab
0x180010ab0
0x180010ab3
0x180010ab5
0x180010ab9
0x180010ac0
0x180010ac7
0x180010ace
0x180010ad6
0x180010add
0x180010ae2
0x180010ae7
0x180010aee
0x180010af6
0x180010afa
0x180010b03
0x180010b08
0x180010b0f
0x180010b12
0x180010b17
0x180010b1f
0x180010b24
0x180010b29
0x180010b2d
0x180010b3b
0x180010b3e
0x180010b42
0x180010b4a
0x180010b4f
0x180010b57
0x180010b5c
0x180010b61
0x180010b66
0x180010b68
0x180010b6b
0x180010b70
0x180010b79
0x180010b7e
0x180010b86
0x180010b8b
0x180010b95
0x180010b9a
0x180010ba2
0x180010ba7
0x180010baf
0x180010bb4
0x180010bb9
0x180010bbc
0x180010bc2
0x180010bcb
0x180010bd0
0x180010bd5
0x180010bda
0x180010bdf
0x180010be4
0x180010bea
0x180010bf1
0x180010bf8
0x180010c01
0x180010c06
0x180010c0a
0x180010c13
0x180010c18
0x180010c1f
0x180010c27
0x180010c2b
0x180010c41
0x180010c43
0x180010c46
0x180010c4b
0x180010c51
0x180010c5d
0x180010c66
0x180010c6c
0x180010c70
0x180010c78
0x180010c7c
0x180010c81
0x180010c8d
0x180010c92
0x180010c95
0x180010c97
0x180010c9a
0x180010c9e
0x180010ca0
0x180010caa
0x180010cb2
0x180010cb7
0x180010cbc
0x180010cc2
0x180010cc5
0x180010cca
0x180010cd4
0x180010ce0
0x180010ce9
0x180010cef
0x180010cf3
0x180010cfb
0x180010cff
0x180010d04
0x180010d10
0x180010d18
0x180010d1a
0x180010d1d
0x180010d21
0x180010d23
0x180010d2d
0x180010d36
0x180010d42
0x180010d4b
0x180010d51
0x180010d55
0x180010d5d
0x180010d61
0x180010d66
0x180010d72
0x180010d77
0x180010d7a
0x180010d7c
0x180010d7f
0x180010d83
0x180010d85
0x180010d8f
0x180010d98
0x180010da4
0x180010da9
0x180010db0
0x180010db8
0x180010dbd
0x180010dc2
0x180010dc7
0x180010dcc
0x180010dd6
0x180010ddb
0x180010de2
0x180010df3
0x180010df9
0x180010dfc
0x180010dfe
0x180010e01
0x180010e05
0x180010e0a
0x180010e12
0x180010e23
0x180010e29
0x180010e2b
0x180010e35
0x180010e3c
0x180010e42
0x180010e45
0x180010e47
0x180010e50
0x180010e55
0x180010e64
0x180010e70
0x180010e75
0x180010e80
0x180010e88
0x180010e8d
0x180010e92
0x180010e97
0x180010e99
0x180010e9d
0x180010ea1
0x180010ea4
0x180010ead
0x180010eb4
0x180010ebd
0x180010ec6
0x180010ecd
0x180010ed5
0x180010edd
0x180010ee2
0x180010ef2
0x180010ef7
0x180010f2e

APIs

DName::operator+.LIBVCRUNTIME ref: 0000000180010F01

Strings

`generic-class-parameter-, xrefs: 0000000180010EB6
`template-type-parameter-, xrefs: 0000000180010EBF
NULL, xrefs: 0000000180010AC7
`generic-method-parameter-, xrefs: 0000000180010EA6
nullptr, xrefs: 0000000180010BEA

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+
String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$nullptr
API String ID: 2943138195-2309034085
Opcode ID: 35584c62505f479b6e0959111138fe982974a5eaf479640b2a7b04bb8f9f0b48
Instruction ID: 3ae4da7f97cc9e0ab85b6e733d45b9eb92a0f7a9a7723a2ee05aebbdfd304c69
Opcode Fuzzy Hash: 35584c62505f479b6e0959111138fe982974a5eaf479640b2a7b04bb8f9f0b48
Instruction Fuzzy Hash: 70E19132604E0884FB979BA4D5953EC27A1B74C7C8F64C526FE8927A9ADFB4874DC340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180011B98 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 196
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E00000001180011B98(void* __ebx, void* __ecx, void* __edx, void* __edi, long long __rbx, long long* __rcx, long long __rdi, long long __rsi, void* __r8, void* __r10, void* __r11) {
				void* __r14;
				void* _t62;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr _t82;
				void* _t88;
				void* _t91;
				void* _t104;
				signed long long _t105;
				intOrPtr* _t107;
				long long _t108;
				intOrPtr* _t110;
				intOrPtr* _t113;
				long long _t118;
				intOrPtr _t124;
				long long _t125;
				long long _t127;
				intOrPtr _t130;
				intOrPtr* _t132;
				intOrPtr* _t134;
				intOrPtr* _t137;
				signed long long _t159;
				intOrPtr* _t163;
				void* _t165;
				void* _t166;
				void* _t168;
				void* _t171;
				char* _t175;
				intOrPtr* _t176;
				intOrPtr* _t177;
				char* _t178;
				void* _t181;
				void* _t183;
				long long* _t184;
				void* _t186;

				_t181 = __r11;
				_t171 = __r8;
				_t162 = __rsi;
				_t104 = _t168;
				 *((long long*)(_t104 + 0x10)) = __rbx;
				 *((long long*)(_t104 + 0x18)) = __rsi;
				 *((long long*)(_t104 + 0x20)) = __rdi;
				_t166 = _t104 - 0x5f;
				_t105 =  *0x80098010; // 0x6aeceb4fd839
				 *(_t166 + 0x37) = _t105 ^ _t168 - 0x00000090;
				_t175 =  *0x80099490; // 0x0
				r10b = r8b;
				sil = __edx;
				_t184 = __rcx;
				r8d =  *_t175;
				r8d = r8d + 0xffffffd0;
				if (r8d - 9 > 0) goto 0x80011c01;
				_t176 = _t175 + 1;
				_t130 =  *0x80099480; // 0x0
				 *0x80099490 = _t176;
				E0000000118000A378(_t130, __rcx);
				goto 0x80011e51;
				r15d = 0;
				if ( *_t176 != 0x3f) goto 0x80011c5f;
				E00000001180010768(__ebx, __ecx, 0, __edi, __rbx, _t166 - 0x29, __rcx, __rdi, __rsi);
				_t107 =  *0x80099490; // 0x0
				_t108 = _t107 + 1;
				 *0x80099490 = _t108;
				if ( *_t107 == 0x40) goto 0x80011e0b;
				 *0x80099490 = _t108 - 1;
				asm("sbb edi, edi");
				_t123 =  !=  ? _t186 : 0x8004e150;
				goto 0x80011e0b;
				_t110 = "template-parameter-";
				_t132 = _t176;
				r8d = 0x12;
				r11d = r11d | 0xffffffff;
				_t74 =  *_t132;
				if (_t74 == 0) goto 0x80011c88;
				_t88 = _t74 -  *_t110;
				if (_t88 != 0) goto 0x80011c88;
				r8d = r8d + r11d;
				if (_t88 != 0) goto 0x80011c73;
				if (( *(_t132 + 1) & 0x000000ff) != ( *(_t110 + 1) & 0x000000ff)) goto 0x80011ca6;
				 *((intOrPtr*)(_t166 - 0x21)) = 0x14;
				_t177 = _t176 + 0x13;
				goto 0x80011ceb;
				_t113 = "generic-type-";
				_t134 = _t177;
				r8d = 0xc;
				_t75 =  *_t134;
				if (_t75 == 0) goto 0x80011ccb;
				_t91 = _t75 -  *_t113;
				if (_t91 != 0) goto 0x80011ccb;
				r8d = r8d + r11d;
				if (_t91 != 0) goto 0x80011cb6;
				if (( *(_t134 + 1) & 0x000000ff) != ( *(_t113 + 1) & 0x000000ff)) goto 0x80011dd5;
				 *((intOrPtr*)(_t166 - 0x21)) = 0xe;
				_t178 = _t177 + 0xd;
				 *((long long*)(_t166 - 0x29)) = "`generic-type-";
				asm("movaps xmm0, [ebp-0x29]");
				asm("movdqa [ebp-0x9], xmm0");
				 *0x80099490 = _t178;
				E000000011800100E4( !=  ? _t186 : 0x8004e150, _t166 - 0x29, __rcx, _t162, _t171, __r10, _t181, __rcx);
				if (( *0x800994a0 & 0x00004000) == 0) goto 0x80011db2;
				_t124 =  *0x800994a8; // 0x0
				if (_t124 == 0) goto 0x80011db2;
				_t137 =  *((intOrPtr*)(_t166 - 0x29));
				if (_t137 == 0) goto 0x80011d52;
				 *0x8004c3c0(_t165);
				 *((intOrPtr*)( *((intOrPtr*)( *_t137 + 0x18)))) = r15b;
				_t125 =  *0x800994a8; // 0x0
				goto 0x80011d56;
				 *((intOrPtr*)(_t166 + 0x27)) = r15b;
				E00000001180015530(_t166 + 0x27);
				_t118 = _t125;
				 *0x8004c3c0();
				if (_t118 == 0) goto 0x80011d83;
				r8b = r15b;
				E00000001180009C28(_t166 - 0x29, _t118);
				goto 0x80011e05;
				E00000001180009F6C(_t118, _t166 + 0x17, _t166 - 9);
				E0000000118000A4B0(_t118, _t166 - 9, _t166 - 0x29);
				r8b = 0x27;
				E0000000118000A4DC(_t166 - 9, _t166 + 7);
				goto 0x80011e05;
				E00000001180009F6C(_t118, _t166 + 7, _t166 - 9);
				E0000000118000A4B0(_t118, _t166 - 9, _t166 - 0x29);
				goto 0x80011da4;
				if (r10b == 0) goto 0x80011df2;
				if ( *_t178 != 0x40) goto 0x80011df2;
				 *0x80099490 = _t178 + 1;
				goto 0x80011e0b;
				r8b = 0x40;
				E00000001180009EBC(_t118, _t186, _t166 + 7, 0x80099490, _t162, _t186);
				_t127 =  *_t118;
				_t82 =  *((intOrPtr*)(_t118 + 8));
				if (sil == 0) goto 0x80011e4a;
				_t163 =  *0x80099480; // 0x0
				if ( *_t163 == 9) goto 0x80011e4a;
				if (_t127 == 0) goto 0x80011e4a;
				_t62 = E0000000118000E5E0(_t118, _t127, 0x800994b8, 0x80099490, _t163, _t183);
				if (_t118 == 0) goto 0x80011e4a;
				 *_t118 = _t127;
				 *((intOrPtr*)(_t118 + 8)) = _t82;
				_t159 =  *_t163;
				 *_t163 = _t159 + 1;
				 *((long long*)(_t163 + 0x10 + _t159 * 8)) = _t118;
				 *_t184 = _t127;
				 *((intOrPtr*)(_t184 + 8)) = _t82;
				return E00000001180002630(_t62, _t159 + 1,  *(_t166 + 0x37) ^ _t168 - 0x00000090);
			}

0x180011b98
0x180011b98
0x180011b98
0x180011b98
0x180011b9b
0x180011b9f
0x180011ba3
0x180011bac
0x180011bb7
0x180011bc1
0x180011bc5
0x180011bcc
0x180011bcf
0x180011bd2
0x180011bd5
0x180011bd9
0x180011be1
0x180011be3
0x180011be9
0x180011bf0
0x180011bf7
0x180011bfc
0x180011c01
0x180011c08
0x180011c10
0x180011c1b
0x180011c24
0x180011c27
0x180011c31
0x180011c41
0x180011c4e
0x180011c56
0x180011c5a
0x180011c5f
0x180011c66
0x180011c69
0x180011c6f
0x180011c73
0x180011c77
0x180011c79
0x180011c7b
0x180011c83
0x180011c86
0x180011c90
0x180011c99
0x180011ca0
0x180011ca4
0x180011ca6
0x180011cad
0x180011cb0
0x180011cb6
0x180011cba
0x180011cbc
0x180011cbe
0x180011cc6
0x180011cc9
0x180011cd3
0x180011ce0
0x180011ce7
0x180011ceb
0x180011cf3
0x180011cf7
0x180011cfc
0x180011d03
0x180011d12
0x180011d18
0x180011d22
0x180011d28
0x180011d2f
0x180011d40
0x180011d46
0x180011d49
0x180011d50
0x180011d52
0x180011d5a
0x180011d61
0x180011d64
0x180011d6d
0x180011d6f
0x180011d79
0x180011d7e
0x180011d8b
0x180011d9b
0x180011da4
0x180011dab
0x180011db0
0x180011dba
0x180011dca
0x180011dd3
0x180011dd8
0x180011dde
0x180011de6
0x180011df0
0x180011df2
0x180011e00
0x180011e05
0x180011e08
0x180011e0e
0x180011e10
0x180011e1a
0x180011e1f
0x180011e2d
0x180011e35
0x180011e37
0x180011e3a
0x180011e3d
0x180011e43
0x180011e45
0x180011e4a
0x180011e4d
0x180011e7c

APIs

Replicator::operator[].LIBVCRUNTIME ref: 0000000180011BF7

Strings

`generic-type-, xrefs: 0000000180011CD9
template-parameter-, xrefs: 0000000180011C5F
`template-parameter-, xrefs: 0000000180011C92
generic-type-, xrefs: 0000000180011CA6

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Replicator::operator[]
String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
API String ID: 3676697650-3207858774
Opcode ID: 00f65852966e66028682306ef163fadf4979c1a50f437c8b564d1cb02aa3d076
Instruction ID: 5a66e9a0efd18693cc52414c46a0a348bf5a0dd202afa7c83e7ae83f05862ebd
Opcode Fuzzy Hash: 00f65852966e66028682306ef163fadf4979c1a50f437c8b564d1cb02aa3d076
Instruction Fuzzy Hash: E8917B32715A8C99FB97CB65E4907E837A1A78DBC9F848112EA4D03795DF38C74AC380

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D7F8 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 120
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 80%

			E0000000118000D7F8(void* __ecx, void* __edx, long long __rbx, long long* __rcx, long long __rdi, void* __r8, long long __r9, long long _a8, long long _a24) {
				void* _v8;
				char _v24;
				char _v56;
				intOrPtr _v64;
				void* _v72;
				intOrPtr _t28;
				void* _t29;
				void* _t31;
				void* _t33;
				char* _t46;
				long long* _t48;
				long long* _t52;
				void* _t54;
				void* _t59;
				void* _t61;
				void* _t62;
				void* _t64;
				void* _t65;

				_t59 = __r8;
				_t38 = __rbx;
				_t29 = __ecx;
				_a8 = __rbx;
				_a24 = __rdi;
				_t46 =  *0x80099490; // 0x0
				r9d = 0;
				_t52 = __rcx;
				r8d =  *_t46;
				if (r8b != 0) goto 0x8000d85b;
				_t35 = "`unknown ecsu\'";
				_v64 = 0xe;
				_v72 = "`unknown ecsu\'";
				asm("movaps xmm0, [ebp-0x40]");
				asm("movdqa [ebp-0x30], xmm0");
				E00000001180009F6C("`unknown ecsu\'",  &_v72,  &_v56);
				r8d = 1;
				_t48 = __rcx;
				E0000000118000A534(_t35, __rcx);
				goto 0x8000d8b5;
				_v72 = __r9;
				_v64 = r9d;
				_t33 = r8b - 0x57;
				if (_t33 != 0) goto 0x8000d8ca;
				if (_t33 != 0) goto 0x8000d8e1;
				 *0x80099490 = _t48 + 1;
				if (r8b != 0x57) goto 0x8000d892;
				E0000000118000D9F0(_t31, __rbx,  &_v24, _t52, _t54);
				E0000000118000FFA8(_t29, _t31, _t35, _t38,  &_v56, _t48 + 1, _t52, _t54, _t59, _t61, _t62, _t64, _t65);
				E0000000118000A5F8(_t29,  &_v72,  &_v56, _t59);
				 *_t52 = _v72;
				_t28 = _v64;
				 *((intOrPtr*)(_t52 + 8)) = _t28;
				return _t28;
			}

0x18000d7f8
0x18000d7f8
0x18000d7f8
0x18000d7f8
0x18000d7fd
0x18000d80a
0x18000d811
0x18000d814
0x18000d817
0x18000d81e
0x18000d820
0x18000d827
0x18000d82e
0x18000d836
0x18000d83e
0x18000d843
0x18000d848
0x18000d84e
0x18000d854
0x18000d859
0x18000d85b
0x18000d85f
0x18000d863
0x18000d867
0x18000d877
0x18000d87c
0x18000d887
0x18000d88d
0x18000d896
0x18000d8a3
0x18000d8ac
0x18000d8af
0x18000d8b2
0x18000d8c9

APIs

DName::operator+.LIBVCRUNTIME ref: 000000018000D854

Part of subcall function 000000018000A534: DName::operator+=.LIBVCRUNTIME ref: 000000018000A54F

DName::operator+.LIBVCRUNTIME ref: 000000018000D981

Strings

enum , xrefs: 000000018000D943
struct , xrefs: 000000018000D9A5
coclass , xrefs: 000000018000D93A
union , xrefs: 000000018000D9AE
`unknown ecsu', xrefs: 000000018000D820
class , xrefs: 000000018000D996
cointerface , xrefs: 000000018000D928

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+$Name::operator+=
String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
API String ID: 179159573-1464470183
Opcode ID: 93d1cf5ca3bc5d6b42a31be750e7ee98b47dd766e5d03b46d44ef4b27d7eadb2
Instruction ID: 9933ee8619a476a51359082165f21a66879cc31c14482fe787c780c04bd61bc1
Opcode Fuzzy Hash: 93d1cf5ca3bc5d6b42a31be750e7ee98b47dd766e5d03b46d44ef4b27d7eadb2
Instruction Fuzzy Hash: AC516E32B11A1C88FB92DBA5E8907EC3770B7197C8F54811AEE4957B99DF74C649C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BE0C Relevance: 15.2, APIs: 10, Instructions: 150
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 76%

			E0000000118000BE0C(void* __ecx, void* __edx, void* __edi, long long __rbx, long long* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {
				void* _v24;
				char _v40;
				char _v56;
				char _v72;
				intOrPtr _v80;
				char _v88;
				intOrPtr _v96;
				char _v104;
				char _v112;
				char _v120;
				void* __r14;
				void* __r15;
				void* _t66;
				void* _t88;
				void* _t90;
				void* _t98;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t146;
				intOrPtr* _t155;
				long long* _t158;
				void* _t169;
				void* _t170;
				void* _t172;
				long long _t173;

				_t112 = __rbx;
				_t90 = __edx;
				_t88 = __ecx;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t106 =  *0x80099490; // 0x0
				r15d = 0;
				_t155 = __rdx;
				_t158 = __rcx;
				if ( *_t106 == r15b) goto 0x8000bf87;
				_t66 = E0000000118000E6E8(__rdx);
				r14d = _t66;
				_t98 = _t66;
				if (_t98 < 0) goto 0x8000bff3;
				if (_t98 == 0) goto 0x8000bff3;
				_v120 = _t173;
				_v112 = r15d;
				if (( *(__rdx + 8) & 0x00000800) == 0) goto 0x8000be94;
				_v96 = 2;
				_v104 = 0x8004d4e0;
				asm("movaps xmm0, [ebp-0x50]");
				asm("movdqa [ebp-0x50], xmm0");
				E0000000118000A578(_t90, __edi, 0x8004d4e0, __rbx,  &_v120,  &_v104, _t158);
				goto 0x8000bef7;
				r14d = r14d - 1;
				if (r14d == 0) goto 0x8000befd;
				_t108 =  *0x80099490; // 0x0
				if ( *_t108 == r15b) goto 0x8000befd;
				E0000000118000D644(0, _t112,  &_v56, _t155, _t158, _t169, _t170, _t172);
				_v104 = _t173;
				_v96 = r15d;
				_t113 = _t108;
				E0000000118000B87C(0x5b, _t108, _t108,  &_v104);
				E0000000118000A4B0( &_v104,  &_v72, _t108);
				r8b = 0x5d;
				E0000000118000A4DC( &_v72,  &_v40);
				E0000000118000A5F8(_t88,  &_v120, _t108, _t113);
				if (_v112 - 1 <= 0) goto 0x8000be94;
				if ( *_t155 == _t173) goto 0x8000bf64;
				if (( *(_t155 + 8) & 0x00000800) == 0) goto 0x8000bf14;
				goto 0x8000bf4e;
				_v104 = _t173;
				_v96 = r15d;
				E0000000118000B87C(0x28, _t108, _t113,  &_v104);
				E0000000118000A4B0( &_v104,  &_v72, _t155);
				r8b = 0x29;
				E0000000118000A4DC( &_v72,  &_v40);
				E0000000118000A4B0(_t108,  &_v56,  &_v120);
				_v120 =  *_t108;
				_v112 =  *((intOrPtr*)(_t108 + 8));
				_t146 =  &_v120;
				E0000000118000F284(0x28, __edi, _t108, _t113,  &_v88, _t146, _t155, _t158,  &_v120, _t172, _t173);
				asm("bts ecx, 0xb");
				 *((intOrPtr*)(_t158 + 8)) = _v80;
				 *_t158 = _v88;
				goto 0x8000c033;
				if ( *_t146 == _t173) goto 0x8000bff3;
				_t110 = ")[";
				_v80 = 2;
				_v88 = ")[";
				asm("movaps xmm0, [ebp-0x40]");
				asm("movdqa [ebp-0x30], xmm0");
				_v104 = _t173;
				_v96 = r15d;
				E0000000118000B87C(0x28, ")[", _t113,  &_v104);
				E0000000118000A4B0( &_v104,  &_v88, _t155);
				E0000000118000A484( &_v88,  &_v40,  &_v72);
				r8d = 1;
				E0000000118000A534(")[",  &_v56);
				goto 0x8000c01d;
				_v104 = _t173;
				_v96 = r15d;
				E0000000118000B87C(0x5b, _t110, _t113,  &_v104);
				r8d = 1;
				E0000000118000A534( &_v104,  &_v40);
				r8b = 0x5d;
				E0000000118000A4DC(_t110,  &_v56);
				return E0000000118000C14C(__edi, _t113, _t158, _t110, _t155, _t158, _t172, _t173);
			}

0x18000be0c
0x18000be0c
0x18000be0c
0x18000be0c
0x18000be11
0x18000be16
0x18000be2a
0x18000be31
0x18000be34
0x18000be37
0x18000be3d
0x18000be43
0x18000be48
0x18000be4b
0x18000be4d
0x18000be53
0x18000be60
0x18000be64
0x18000be68
0x18000be6a
0x18000be78
0x18000be80
0x18000be88
0x18000be8d
0x18000be92
0x18000be97
0x18000be9c
0x18000be9e
0x18000bea8
0x18000beb0
0x18000beb7
0x18000bebf
0x18000bec3
0x18000bec6
0x18000bed6
0x18000bedb
0x18000bee6
0x18000bef2
0x18000befb
0x18000bf00
0x18000bf09
0x18000bf12
0x18000bf16
0x18000bf1e
0x18000bf22
0x18000bf32
0x18000bf37
0x18000bf42
0x18000bf52
0x18000bf5a
0x18000bf61
0x18000bf64
0x18000bf6c
0x18000bf78
0x18000bf7c
0x18000bf7f
0x18000bf82
0x18000bf8a
0x18000bf8c
0x18000bf93
0x18000bf9a
0x18000bfa2
0x18000bfa8
0x18000bfad
0x18000bfb1
0x18000bfb5
0x18000bfc5
0x18000bfd6
0x18000bfdb
0x18000bfe8
0x18000bff1
0x18000bff5
0x18000bffd
0x18000c001
0x18000c006
0x18000c014
0x18000c01d
0x18000c023
0x18000c052

APIs

DName::operator+.LIBVCRUNTIME ref: 000000018000BED6
DName::operator+.LIBVCRUNTIME ref: 000000018000BEE6
DName::operator+.LIBVCRUNTIME ref: 000000018000BF32
DName::operator+.LIBVCRUNTIME ref: 000000018000BF42
DName::operator+.LIBVCRUNTIME ref: 000000018000BF52
DName::operator+.LIBVCRUNTIME ref: 000000018000BFC5
DName::operator+.LIBVCRUNTIME ref: 000000018000BFD6
DName::operator+.LIBVCRUNTIME ref: 000000018000BFE8
DName::operator+.LIBVCRUNTIME ref: 000000018000C014
DName::operator+.LIBVCRUNTIME ref: 000000018000C023

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: fa300a7367b6032b5e4a499aa097e014d8cefba6f40dd6dd7fd4b68bb7630cae
Instruction ID: 3348d4c69619045c93a7bd2e5eb624a9543d4efc0738cbe22be395874273524e
Opcode Fuzzy Hash: fa300a7367b6032b5e4a499aa097e014d8cefba6f40dd6dd7fd4b68bb7630cae
Instruction Fuzzy Hash: 99615D72B10B9998FB52DBA5D8803EC37B5F7487C8F408426EE096BA99DF74C649C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180006E3C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 312
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00000001180006E3C(intOrPtr __ecx, void* __edx, intOrPtr* __rcx, long long __rdx, long long __r8, long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int* _t127;
				void* _t144;
				intOrPtr _t145;
				intOrPtr _t153;
				void* _t172;
				intOrPtr _t175;
				signed int _t176;
				signed int _t177;
				void* _t179;
				void* _t208;
				signed long long _t218;
				signed long long _t219;
				signed long long _t225;
				long long _t227;
				signed int _t234;
				intOrPtr* _t235;
				intOrPtr* _t236;
				long long _t266;
				signed int* _t279;
				long long _t280;
				void* _t281;
				void* _t282;
				signed long long _t283;
				long long _t295;
				signed int _t304;

				_t281 = _t282 - 0x28;
				_t283 = _t282 - 0x128;
				_t218 =  *0x80098010; // 0x6aeceb4fd839
				_t219 = _t218 ^ _t283;
				 *(_t281 + 0x10) = _t219;
				_t279 =  *((intOrPtr*)(_t281 + 0x90));
				_t304 =  *((intOrPtr*)(_t281 + 0xa8));
				 *((long long*)(_t283 + 0x68)) = __r8;
				_t235 = __rcx;
				 *((long long*)(_t281 - 0x80)) = __rdx;
				 *(_t281 - 0x68) = _t304;
				 *((char*)(_t283 + 0x60)) = 0;
				_t280 = __r9;
				_t127 = E0000000118000931C(__ecx, __rcx, __rdx, __r9, __r9, _t281, _t279, __r9);
				r14d = _t127;
				if (_t127 - 0xffffffff < 0) goto 0x800072fb;
				if (_t127 - _t279[1] >= 0) goto 0x800072fb;
				if ( *_t235 != 0xe06d7363) goto 0x80006f87;
				if ( *((intOrPtr*)(_t235 + 0x18)) != 4) goto 0x80006f87;
				if ( *((intOrPtr*)(_t235 + 0x20)) - 0x19930520 - 2 > 0) goto 0x80006f87;
				if ( *((long long*)(_t235 + 0x30)) != 0) goto 0x80006f87;
				E0000000118000635C(_t219);
				if ( *((long long*)(_t219 + 0x20)) == 0) goto 0x80007294;
				E0000000118000635C(_t219);
				_t236 =  *((intOrPtr*)(_t219 + 0x20));
				E0000000118000635C(_t219);
				 *((char*)(_t283 + 0x60)) = 1;
				 *((long long*)(_t283 + 0x68)) =  *((intOrPtr*)(_t219 + 0x28));
				E00000001180004FA8(_t219,  *((intOrPtr*)(_t236 + 0x38)));
				if ( *_t236 != 0xe06d7363) goto 0x80006f3f;
				if ( *((intOrPtr*)(_t236 + 0x18)) != 4) goto 0x80006f3f;
				if ( *((intOrPtr*)(_t236 + 0x20)) - 0x19930520 - 2 > 0) goto 0x80006f3f;
				if ( *((long long*)(_t236 + 0x30)) == 0) goto 0x800072fb;
				E0000000118000635C(_t219);
				if ( *(_t219 + 0x38) == 0) goto 0x80006f87;
				E0000000118000635C(_t219);
				E0000000118000635C(_t219);
				 *(_t219 + 0x38) =  *(_t219 + 0x38) & 0x00000000;
				if (E00000001180009454(_t219, _t236, _t236,  *(_t219 + 0x38), __r9) != 0) goto 0x80006f82;
				if (E00000001180009544(_t219, _t236,  *(_t219 + 0x38), __r9, _t281) == 0) goto 0x800072d8;
				goto 0x800072b4;
				 *((long long*)(_t281 - 0x40)) =  *((intOrPtr*)(__r9 + 8));
				 *(_t281 - 0x48) = _t279;
				if ( *_t236 != 0xe06d7363) goto 0x8000724b;
				if ( *((intOrPtr*)(_t236 + 0x18)) != 4) goto 0x8000724b;
				if ( *((intOrPtr*)(_t236 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8000724b;
				r13d = 0;
				if (_t279[3] - r13d <= 0) goto 0x8000717c;
				 *(_t283 + 0x28) =  *(_t281 + 0xa0);
				 *(_t283 + 0x20) = _t279;
				r8d = r14d;
				_t144 = E000000011800047E8(_t236, _t281 - 0x28, _t281 - 0x48, __r9, _t281, __r9, __r10);
				asm("movups xmm0, [ebp-0x28]");
				asm("movdqu [ebp-0x38], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t144 -  *((intOrPtr*)(_t281 - 0x10)) >= 0) goto 0x8000717c;
				_t295 =  *((intOrPtr*)(_t281 - 0x28));
				r12d =  *((intOrPtr*)(_t281 - 0x30));
				 *((long long*)(_t283 + 0x78)) = _t295;
				_t145 = r12d;
				asm("inc ecx");
				 *((intOrPtr*)(_t281 - 0x50)) = __ecx;
				asm("movd eax, xmm0");
				asm("movups [ebp-0x60], xmm0");
				if (_t145 - r14d > 0) goto 0x8000716b;
				_t225 =  *(_t281 - 0x60) >> 0x20;
				if (r14d - _t145 > 0) goto 0x8000716b;
				_t266 =  *((intOrPtr*)( *((intOrPtr*)( *( *(_t281 - 0x38)) + 0x10)) + ( *( *(_t281 - 0x38)) +  *( *(_t281 - 0x38)) * 4) * 4 +  *((intOrPtr*)(_t295 + 8)) + 0x10)) +  *((intOrPtr*)(__r9 + 8));
				 *((long long*)(_t281 - 0x70)) = _t266;
				if (r15d == 0) goto 0x80007168;
				asm("movups xmm0, [edx+ecx*4]");
				asm("movups [ebp-0x8], xmm0");
				 *((intOrPtr*)(_t281 + 8)) =  *((intOrPtr*)(_t266 + 0x10 + (_t225 + _t225 * 4) * 4));
				E00000001180004F7C(_t225);
				_t227 = _t225 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t236 + 0x30)) + 0xc));
				 *((long long*)(_t283 + 0x70)) = _t227;
				E00000001180004F7C(_t227);
				_t175 =  *((intOrPtr*)(_t227 +  *((intOrPtr*)( *((intOrPtr*)(_t236 + 0x30)) + 0xc))));
				 *((intOrPtr*)(_t283 + 0x64)) = _t175;
				if (_t175 <= 0) goto 0x800070f9;
				E00000001180004F7C(_t227);
				 *((long long*)(_t281 - 0x78)) = _t227 +  *((intOrPtr*)( *((intOrPtr*)(_t283 + 0x70))));
				if (E00000001180007D08(_t179, _t236, _t281 - 8, _t227 +  *((intOrPtr*)( *((intOrPtr*)(_t283 + 0x70)))), _t279, __r9,  *((intOrPtr*)(_t236 + 0x30))) != 0) goto 0x8000710a;
				 *((long long*)(_t283 + 0x70)) =  *((long long*)(_t283 + 0x70)) + 4;
				_t153 =  *((intOrPtr*)(_t283 + 0x64)) - 1;
				 *((intOrPtr*)(_t283 + 0x64)) = _t153;
				if (_t153 > 0) goto 0x800070bd;
				r13d = r13d + 1;
				if (r13d == r15d) goto 0x80007163;
				goto 0x80007076;
				 *((char*)(_t283 + 0x58)) =  *((intOrPtr*)(_t281 + 0x98));
				 *(_t283 + 0x50) =  *((intOrPtr*)(_t283 + 0x60));
				 *((long long*)(_t283 + 0x48)) =  *(_t281 - 0x68);
				 *(_t283 + 0x40) =  *(_t281 + 0xa0);
				 *(_t283 + 0x38) = _t281 - 0x60;
				 *(_t283 + 0x30) =  *((intOrPtr*)(_t281 - 0x78));
				 *(_t283 + 0x28) = _t281 - 8;
				 *(_t283 + 0x20) = _t279;
				E00000001180006C94(_t175, _t236, _t236,  *((intOrPtr*)(_t281 - 0x80)),  *((intOrPtr*)(_t283 + 0x68)), _t280);
				r13d = 0;
				r12d = r12d + 1;
				if (r12d -  *((intOrPtr*)(_t281 - 0x10)) < 0) goto 0x80007011;
				if (( *_t279 & 0x1fffffff) - 0x19930521 < 0) goto 0x80007288;
				_t208 = _t279[8] - r13d;
				if (_t208 == 0) goto 0x800071a2;
				E00000001180004F68(_t281 - 8);
				if (_t208 != 0) goto 0x800071c3;
				if ((_t279[9] >> 0x00000002 & 0x00000001) == 0) goto 0x80007288;
				if (E0000000118000462C(_t279[9] >> 0x00000002 & 0x00000001, _t281 - 8 + _t279[8], _t280, _t279) != 0) goto 0x80007288;
				if ((_t279[9] >> 0x00000002 & 0x00000001) != 0) goto 0x800072de;
				if (_t279[8] == r13d) goto 0x800071e8;
				E00000001180004F68(_t281 - 8 + _t279[8]);
				_t234 = _t279[8];
				goto 0x800071eb;
				if (E00000001180009454(_t234, _t236, _t236, _t304, _t280) != 0) goto 0x80007288;
				E000000011800046F8(_t236,  *((intOrPtr*)(_t281 - 0x80)), _t280, _t281, _t279, _t281 - 0x78);
				_t176 =  *((intOrPtr*)(_t281 + 0x98));
				 *(_t283 + 0x50) = _t176;
				_t177 = _t176 | 0xffffffff;
				 *((long long*)(_t283 + 0x48)) = _t280;
				 *(_t283 + 0x40) = _t304;
				 *(_t283 + 0x38) = _t177;
				 *(_t283 + 0x30) = _t177;
				 *(_t283 + 0x28) = _t279;
				 *(_t283 + 0x20) = _t304;
				E00000001180004AD0( *((intOrPtr*)(_t281 - 0x80)), _t236,  *((intOrPtr*)(_t283 + 0x68)), _t234);
				goto 0x80007288;
				if (_t279[3] <= 0) goto 0x80007288;
				if ( *((char*)(_t281 + 0x98)) != 0) goto 0x800072fb;
				 *(_t283 + 0x38) = _t304;
				 *(_t283 + 0x30) =  *(_t281 + 0xa0);
				 *(_t283 + 0x28) = r14d;
				 *(_t283 + 0x20) = _t279;
				E00000001180007800(_t236, _t236,  *((intOrPtr*)(_t281 - 0x80)),  *(_t281 - 0x58) >> 0x20, _t280);
				_t172 = E0000000118000635C(_t234);
				if ( *((long long*)(_t234 + 0x38)) != 0) goto 0x800072fb;
				return E00000001180002630(_t172, _t177,  *(_t281 + 0x10) ^ _t283);
			}

0x180006e49
0x180006e4e
0x180006e55
0x180006e5c
0x180006e5f
0x180006e63
0x180006e6d
0x180006e77
0x180006e7c
0x180006e7f
0x180006e89
0x180006e90
0x180006e95
0x180006e98
0x180006e9d
0x180006ea3
0x180006eac
0x180006eb8
0x180006ec2
0x180006ed3
0x180006ede
0x180006ee4
0x180006eee
0x180006ef4
0x180006ef9
0x180006efd
0x180006f06
0x180006f0f
0x180006f14
0x180006f1f
0x180006f25
0x180006f32
0x180006f39
0x180006f3f
0x180006f49
0x180006f4b
0x180006f54
0x180006f5f
0x180006f6b
0x180006f77
0x180006f7d
0x180006f8b
0x180006f8f
0x180006f99
0x180006fa3
0x180006fb4
0x180006fba
0x180006fc1
0x180006fd1
0x180006fdc
0x180006fe1
0x180006fe4
0x180006fe9
0x180006fed
0x180006ff2
0x180006ff7
0x180006ffe
0x180007004
0x180007008
0x18000700c
0x18000701c
0x18000702b
0x180007035
0x180007038
0x18000703c
0x180007043
0x18000704d
0x180007054
0x180007061
0x180007069
0x180007070
0x18000707d
0x180007081
0x180007089
0x18000708c
0x18000709d
0x1800070a0
0x1800070a5
0x1800070b2
0x1800070b5
0x1800070bb
0x1800070bd
0x1800070d8
0x1800070e3
0x1800070e9
0x1800070ef
0x1800070f1
0x1800070f7
0x1800070f9
0x1800070ff
0x180007105
0x18000711f
0x180007127
0x18000712f
0x18000713a
0x180007142
0x18000714b
0x180007154
0x180007159
0x18000715e
0x180007168
0x18000716b
0x180007172
0x180007188
0x18000718e
0x180007192
0x180007194
0x1800071a0
0x1800071aa
0x1800071bd
0x1800071cb
0x1800071d5
0x1800071d7
0x1800071df
0x1800071e6
0x1800071f5
0x180007208
0x18000720d
0x18000721e
0x180007222
0x180007225
0x18000722a
0x18000722f
0x180007233
0x18000723a
0x18000723f
0x180007244
0x180007249
0x18000724f
0x180007258
0x180007267
0x18000726f
0x180007276
0x18000727e
0x180007283
0x180007288
0x180007292
0x1800072b3

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 0000000180006E98

Part of subcall function 000000018000931C: _GetEstablisherFrame.LIBVCRUNTIME ref: 0000000180009351
Part of subcall function 000000018000931C: __GetUnwindTryBlock.LIBCMT ref: 000000018000935F
Part of subcall function 000000018000931C: __SetUnwindTryBlock.LIBVCRUNTIME ref: 0000000180009384

Is_bad_exception_allowed.LIBVCRUNTIME ref: 0000000180006F70
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00000001800071B6
_GetEstablisherFrame.LIBVCRUNTIME ref: 0000000180007208
std::bad_alloc::bad_alloc.LIBCMT ref: 00000001800072C2

Strings

csm, xrefs: 0000000180006F93
csm, xrefs: 0000000180006F19
csm, xrefs: 0000000180006EB2

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3606184308-393685449
Opcode ID: f17e7969856c23916760e9668bd4dbe0eb1c8087b70df080c4d529f05b9958ee
Instruction ID: 5785b8a72f4e99d4d20db8fd70e12e16875c740781c9b8f33cb8deddc4054124
Opcode Fuzzy Hash: f17e7969856c23916760e9668bd4dbe0eb1c8087b70df080c4d529f05b9958ee
Instruction Fuzzy Hash: 5BD18A72A04B488AEBA2DB65D4403ED37A0F759BC8F149115FE8D57B96CF38C299C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000F538 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E0000000118000F538(void* __edx, void* __edi, long long __rbx, long long* __rcx, intOrPtr* __rdx, long long __rdi, void* __rsi, void* __r8, void* __r14, void* __r15, long long _a8, long long _a16) {
				char _v24;
				intOrPtr _v32;
				char _v40;
				intOrPtr _v48;
				void* _v56;
				intOrPtr _t49;
				char* _t66;
				char* _t69;
				char* _t70;
				char* _t73;
				long long* _t82;
				intOrPtr* _t94;
				intOrPtr* _t100;

				_t102 = __rsi;
				_a8 = __rbx;
				_a16 = __rdi;
				_t66 =  *0x80099490; // 0x0
				_t82 = __rcx;
				_t100 = __rdx;
				if ( *_t66 == 0) goto 0x8000f6d4;
				if (r8d == 0) goto 0x8000f5f2;
				if ( *_t66 != 0x58) goto 0x8000f5d6;
				 *0x80099490 = _t66 + 1;
				_t94 =  &_v40;
				if ( *__rdx != __rcx) goto 0x8000f5aa;
				_v48 = 4;
				_v56 = "void";
				asm("movaps xmm0, [ebp-0x30]");
				asm("movdqa [ebp-0x20], xmm0");
				E00000001180009F6C("void", __rcx, _t94);
				goto 0x8000f6f1;
				_t69 = "void ";
				_v48 = 5;
				_v56 = _t69;
				asm("movaps xmm0, [ebp-0x30]");
				asm("movdqa [ebp-0x20], xmm0");
				E00000001180009F6C(_t69,  &_v24, _t94);
				goto 0x8000f6e6;
				if ( *_t69 != 0x5f) goto 0x8000f5f2;
				if ( *((char*)(_t69 + 1)) != 0x5f) goto 0x8000f5f2;
				if ( *((char*)(_t69 + 2)) != 0x5a) goto 0x8000f5f2;
				_t70 = _t69 + 3;
				 *0x80099490 = _t70;
				if ( *_t70 != 0x24) goto 0x8000f63d;
				if ( *((char*)(_t70 + 1)) != 0x24) goto 0x8000f659;
				if ( *((char*)(_t70 + 2)) != 0x54) goto 0x8000f659;
				 *0x80099490 = _t70 + 3;
				if ( *_t94 != _t69) goto 0x8000f62a;
				_v48 = 0xe;
				goto 0x8000f590;
				_t73 = "std::nullptr_t ";
				_v48 = 0xf;
				goto 0x8000f5b8;
				if ( *_t73 != 0x59) goto 0x8000f659;
				 *0x80099490 = _t73 + 1;
				E0000000118000BE0C(0, __edx, __edi, __rcx, __rcx,  &_v40, __rdx, __rsi);
				goto 0x8000f6f1;
				E0000000118000C14C(__edi, _t82,  &_v56,  &_v40, _t100, _t102, __r14, __r15);
				if (( *(_t100 + 8) & 0x00004000) == 0) goto 0x8000f6ac;
				_t75 = "cli::array<";
				_v32 = 0xb;
				_v40 = "cli::array<";
				asm("movaps xmm0, [ebp-0x20]");
				asm("movdqa [ebp-0x20], xmm0");
				E00000001180009F6C("cli::array<",  &_v24,  &_v40);
				E0000000118000A4B0(_t75,  &_v40,  &_v56);
				goto 0x8000f6cc;
				if (( *(_t100 + 8) & 0x00002000) == 0) goto 0x8000f6c5;
				_v32 = 0xd;
				goto 0x8000f679;
				_t49 = _v48;
				 *_t82 = _v56;
				 *((intOrPtr*)(_t82 + 8)) = _t49;
				goto 0x8000f6f1;
				_v32 = _t49;
				_v40 = 0x8004e150;
				return E0000000118000A4B0( &_v40, _t82, _t100);
			}

0x18000f538
0x18000f538
0x18000f53d
0x18000f54a
0x18000f551
0x18000f556
0x18000f55b
0x18000f564
0x18000f56d
0x18000f572
0x18000f57c
0x18000f580
0x18000f589
0x18000f590
0x18000f597
0x18000f59b
0x18000f5a0
0x18000f5a5
0x18000f5aa
0x18000f5b1
0x18000f5b8
0x18000f5c0
0x18000f5c4
0x18000f5c9
0x18000f5d1
0x18000f5d9
0x18000f5df
0x18000f5e5
0x18000f5e7
0x18000f5eb
0x18000f5f5
0x18000f5fb
0x18000f601
0x18000f607
0x18000f615
0x18000f61e
0x18000f625
0x18000f62a
0x18000f631
0x18000f638
0x18000f640
0x18000f648
0x18000f64f
0x18000f654
0x18000f65d
0x18000f669
0x18000f66b
0x18000f672
0x18000f679
0x18000f681
0x18000f689
0x18000f68e
0x18000f69e
0x18000f6aa
0x18000f6b3
0x18000f6bc
0x18000f6c3
0x18000f6c5
0x18000f6cc
0x18000f6cf
0x18000f6d2
0x18000f6db
0x18000f6de
0x18000f703

APIs

DName::operator+.LIBVCRUNTIME ref: 000000018000F6EC

Part of subcall function 000000018000C14C: DName::operator+.LIBVCRUNTIME ref: 000000018000C665
Part of subcall function 000000018000C14C: DName::operator+.LIBVCRUNTIME ref: 000000018000C69D

DName::operator+.LIBVCRUNTIME ref: 000000018000F69E

Strings

void , xrefs: 000000018000F5AA
void, xrefs: 000000018000F582
std::nullptr_t , xrefs: 000000018000F62A
cli::pin_ptr<, xrefs: 000000018000F6B5
std::nullptr_t, xrefs: 000000018000F617
cli::array<, xrefs: 000000018000F66B

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+
String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
API String ID: 2943138195-2239912363
Opcode ID: 0b752ad8dc7e5821e992d40b2d186da4dc213c61b4a304242652f39d7be9cf96
Instruction ID: 983ab4da8db4cb662a38f49fc76b9b74df76009315319c02bb5b64352dc4e910
Opcode Fuzzy Hash: 0b752ad8dc7e5821e992d40b2d186da4dc213c61b4a304242652f39d7be9cf96
Instruction Fuzzy Hash: 13513B72A15B5898FBA2CF60E8813ED37B0B74C788F54C126EB4912BA5DF78825CD750

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800446D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100windowCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 0000000180044862
BeginPaint.USER32 ref: 0000000180044879
EndPaint.USER32 ref: 00000001800448A2
PostQuitMessage.USER32 ref: 00000001800448AC
DefWindowProcW.USER32 ref: 00000001800448D3

Strings

i, xrefs: 000000018004482A

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: PaintProcWindow$BeginMessagePostQuit
String ID: i
API String ID: 3181456275-3865851505
Opcode ID: 15b5eb7d8791f7902679dbd3243a5d2550e527befbbf01288b220ed2218d8afc
Instruction ID: 8bb9eab9972261786cf648b3f5f45a17b859ca0da9903874fdd0f81806c5dfe9
Opcode Fuzzy Hash: 15b5eb7d8791f7902679dbd3243a5d2550e527befbbf01288b220ed2218d8afc
Instruction Fuzzy Hash: 53512E72518AC8C6E7F1CF15E0847DEB3A0F7C9789F11C416F68A56A98CF38C6488B05

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180042CF0 Relevance: 13.7, APIs: 9, Instructions: 204COMMON

Download Yara Rule

APIs

CreatePen.GDI32 ref: 0000000180042D2E
SelectObject.GDI32 ref: 0000000180042D46
Polyline.GDI32 ref: 0000000180042FE3
MoveToEx.GDI32 ref: 0000000180043023
LineTo.GDI32 ref: 000000018004304C
MoveToEx.GDI32 ref: 0000000180043078
LineTo.GDI32 ref: 00000001800430A1
SelectObject.GDI32 ref: 00000001800430B4
DeleteObject.GDI32 ref: 00000001800430BF

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Object$LineMoveSelect$CreateDeletePolyline
String ID:
API String ID: 1917832262-0
Opcode ID: 7270ed9f19f9461df9ec4d5b22766a7dcb41c6e1b1c85e5e922f284aafe69107
Instruction ID: 8a583954d60b5f27a5d0b20fb0dcfbc8c9092cb8016ea5010e327fccbb1ab696
Opcode Fuzzy Hash: 7270ed9f19f9461df9ec4d5b22766a7dcb41c6e1b1c85e5e922f284aafe69107
Instruction Fuzzy Hash: DCB13476214B848AD7A5CB38E05135AF7A4F7C9788F158216EACE53B69DF3CC5498F00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180011990 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 87%

			E00000001180011990(void* __edx, void* __edi, long long __rbx, long long* __rcx, intOrPtr* __rdx, long long __rdi, void* __rsi, void* __r8, void* __r10, void* __r11, void* __r12) {
				intOrPtr _t51;
				signed int _t55;
				signed int _t65;
				signed int _t67;
				void* _t68;
				intOrPtr* _t88;
				char* _t89;
				char* _t91;
				char* _t92;
				char* _t93;
				signed long long _t94;
				char* _t95;
				long long* _t128;
				void* _t132;
				void* _t134;
				void* _t143;

				_t143 = __r11;
				_t130 = __rsi;
				_t100 = __rbx;
				_t68 = __edx;
				 *((long long*)(_t134 + 8)) = __rbx;
				 *((long long*)(_t134 + 0x10)) = __rdi;
				_t132 = _t134 - 0x57;
				_t128 = __rcx;
				 *__rcx =  *((intOrPtr*)(__rdx));
				_t51 =  *((intOrPtr*)(__rdx + 8));
				 *((intOrPtr*)(__rcx + 8)) = _t51;
				if (_t51 - 1 > 0) goto 0x80011b7f;
				_t88 =  *0x80099490; // 0x0
				 *(_t132 + 0xf) =  *(_t132 + 0xf) & 0x00000000;
				if ( *_t88 == 0) goto 0x80011b57;
				 *(_t132 - 9) =  *(_t132 - 9) & 0x00000000;
				_t10 = _t132 - 9; // 0x5ff7
				 *(_t132 - 1) =  *(_t132 - 1) & 0x00000000;
				_t13 = _t132 + 7; // 0x6007
				 *(_t132 + 7) =  *(_t132 + 7) & 0x00000000;
				_t16 = _t132 + 0x17; // 0x6017
				 *(_t134 - 0x90 + 0x20) =  *(_t134 - 0x90 + 0x20) & 0x00000000;
				r8d = 0;
				E0000000118000C978(__edi, __rbx, _t16, _t13, __rcx, __rsi, _t10);
				r8b = 0x20;
				_t19 = _t132 + 0x27; // 0x6027
				_t20 = _t132 + 0x17; // 0x6017
				E0000000118000A4DC(_t20, _t19);
				_t21 = _t132 + 0x37; // 0x6037
				E0000000118000A4B0(_t88, _t21, _t128);
				 *_t128 =  *_t88;
				_t55 =  *(_t88 + 8);
				 *(_t128 + 8) = _t55;
				if (_t55 - 1 > 0) goto 0x80011b7f;
				_t89 =  *0x80099490; // 0x0
				if ( *_t89 == 0x40) goto 0x80011b4b;
				 *(_t132 + 0xf) = 5;
				 *(_t132 + 7) = "{for ";
				_t26 = _t132 + 0x17; // 0x6017
				asm("movaps xmm0, [ebp+0x7]");
				asm("movdqa [ebp+0x17], xmm0");
				E0000000118000A578(_t68, __edi, "{for ", _t100, _t128, _t26, _t130);
				_t91 =  *0x80099490; // 0x0
				if ( *(_t128 + 8) - 1 > 0) goto 0x80011b46;
				if ( *_t91 == 0) goto 0x80011b28;
				if ( *_t91 == 0x40) goto 0x80011b1e;
				_t28 = _t132 + 0x37; // 0x6037
				E0000000118000FAF4(__edi, _t100, _t28, _t128, _t130, __r10, _t143, __r12);
				 *(_t132 - 9) =  *(_t132 - 9) & 0x00000000;
				_t31 = _t132 - 9; // 0x5ff7
				 *(_t132 - 1) =  *(_t132 - 1) & 0x00000000;
				_t101 = _t91;
				E0000000118000B87C(0x60, _t91, _t91, _t31);
				_t34 = _t132 + 0x17; // 0x6017
				_t35 = _t132 - 9; // 0x5ff7
				E0000000118000A4B0(_t35, _t34, _t91);
				r8b = 0x27;
				_t36 = _t132 + 0x47; // 0x6047
				_t37 = _t132 + 0x17; // 0x6017
				E0000000118000A4DC(_t37, _t36);
				E0000000118000A5F8( *(_t128 + 8), _t128, _t91, _t91);
				_t92 =  *0x80099490; // 0x0
				if ( *_t92 != 0x40) goto 0x80011ae9;
				_t93 = _t92 + 1;
				 *0x80099490 = _t93;
				_t67 =  *(_t128 + 8);
				if (_t67 - 1 > 0) goto 0x80011b46;
				if ( *_t93 == 0x40) goto 0x80011a6d;
				_t94 = "s ";
				 *(_t132 + 0xf) = 2;
				 *(_t132 + 7) = _t94;
				_t41 = _t132 + 0x27; // 0x6027
				asm("movaps xmm0, [ebp+0x7]");
				asm("movdqa [ebp+0x27], xmm0");
				goto 0x80011a5b;
				if (_t67 - 1 > 0) goto 0x80011b46;
				if ( *_t94 != 0) goto 0x80011b35;
				E0000000118000A7AC(1, _t94, _t128, _t41);
				E0000000118000A6AC(0x7d, _t94, _t101, _t128);
				_t95 =  *0x80099490; // 0x0
				if ( *_t95 != 0x40) goto 0x80011b7f;
				 *0x80099490 = _t95 + 1;
				goto 0x80011b7f;
				_t42 = _t132 - 9; // 0x5ff7
				 *(_t132 + 7) = 0x8004e150;
				_t44 = _t132 + 7; // 0x6007
				E0000000118000A4B0(_t44, _t42, _t128);
				 *_t128 =  *(_t132 - 9);
				_t65 =  *(_t132 - 1);
				 *(_t128 + 8) = _t65;
				return _t65;
			}

0x180011990
0x180011990
0x180011990
0x180011990
0x180011990
0x180011995
0x18001199b
0x1800119aa
0x1800119ad
0x1800119b0
0x1800119b3
0x1800119b8
0x1800119be
0x1800119c5
0x1800119cc
0x1800119d2
0x1800119d7
0x1800119db
0x1800119df
0x1800119e3
0x1800119e8
0x1800119ec
0x1800119f1
0x1800119f4
0x1800119f9
0x1800119fc
0x180011a00
0x180011a04
0x180011a0c
0x180011a13
0x180011a1b
0x180011a1e
0x180011a21
0x180011a26
0x180011a2c
0x180011a36
0x180011a43
0x180011a4a
0x180011a4e
0x180011a52
0x180011a56
0x180011a5e
0x180011a66
0x180011a70
0x180011a79
0x180011a82
0x180011a88
0x180011a8c
0x180011a91
0x180011a96
0x180011a9a
0x180011aa0
0x180011aa3
0x180011aab
0x180011aaf
0x180011ab3
0x180011ab8
0x180011abb
0x180011abf
0x180011ac3
0x180011ace
0x180011ad3
0x180011add
0x180011adf
0x180011ae2
0x180011ae9
0x180011aef
0x180011af4
0x180011afa
0x180011b01
0x180011b08
0x180011b0c
0x180011b10
0x180011b14
0x180011b19
0x180011b21
0x180011b26
0x180011b30
0x180011b3a
0x180011b3f
0x180011b49
0x180011b4e
0x180011b55
0x180011b61
0x180011b65
0x180011b69
0x180011b6d
0x180011b76
0x180011b79
0x180011b7c
0x180011b96

APIs

DName::operator+.LIBVCRUNTIME ref: 0000000180011A04
DName::operator+.LIBVCRUNTIME ref: 0000000180011A13
DName::operator+=.LIBVCRUNTIME ref: 0000000180011B30

Part of subcall function 000000018000FAF4: DName::operator+.LIBVCRUNTIME ref: 000000018000FB85
Part of subcall function 000000018000FAF4: DName::operator+.LIBVCRUNTIME ref: 000000018000FBBE
Part of subcall function 000000018000FAF4: DName::operator+.LIBVCRUNTIME ref: 000000018000FEE7

DName::operator+.LIBVCRUNTIME ref: 0000000180011AB3
DName::operator+.LIBVCRUNTIME ref: 0000000180011AC3
DName::operator+.LIBVCRUNTIME ref: 0000000180011B6D

Strings

{for , xrefs: 0000000180011A3C

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+$Name::operator+=
String ID: {for
API String ID: 179159573-864106941
Opcode ID: c79ff38fa425aed0d7c2e5e880ba81743f4b0331c4dabcbd9aece8bb0416c998
Instruction ID: 504def6aa4d18e8ca56d48d2a0b0b2549736a3383ce6fb8c6449723c528c5069
Opcode Fuzzy Hash: c79ff38fa425aed0d7c2e5e880ba81743f4b0331c4dabcbd9aece8bb0416c998
Instruction Fuzzy Hash: 64515772608A88ADF792DF64D4853ED77A1E349788F80C011EA4D0BB9AEF78C659C340

Uniqueness

Uniqueness Score: -1.00%

Function 000000018003F4D4 Relevance: 10.8, APIs: 7, Instructions: 291
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E0000000118003F4D4(void* __ebx, signed int __ecx, intOrPtr* __rax, long long __rbx, long long __rdx, long long __r9, char _a8, long long _a16, long long _a24, intOrPtr _a32) {
				void* _v72;
				long long _v80;
				signed int _v88;
				long long _v96;
				void* _v104;
				unsigned long long _v120;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed char _t126;
				char _t139;
				void* _t148;
				void* _t152;
				char _t164;
				char _t165;
				signed int _t169;
				void* _t192;
				void* _t193;
				void* _t194;
				unsigned int _t196;
				long long _t204;
				long long _t240;
				signed long long _t247;
				signed short* _t251;
				intOrPtr* _t253;
				char* _t256;
				intOrPtr _t261;
				signed long long _t274;
				void* _t276;
				unsigned long long _t281;
				void* _t282;
				signed long long _t288;
				unsigned long long _t289;
				signed short* _t291;
				signed short* _t297;
				signed short* _t299;
				unsigned long long _t302;
				signed long long _t303;
				char* _t305;
				char* _t306;
				char* _t307;

				_a24 = __rbx;
				_a16 = __rdx;
				r13d = r8d;
				if (r12d != 0xfffffffe) goto 0x8003f515;
				E00000001180025204(__rax);
				 *__rax = 0;
				E00000001180025224(__rax);
				 *__rax = 9;
				goto 0x8003f90f;
				if (__ecx < 0) goto 0x8003f8f8;
				if (r12d -  *0x8009a140 >= 0) goto 0x8003f8f8;
				_t3 = _t281 + 1; // 0x1
				r9d = _t3;
				_v80 = __r9;
				_t287 = __ecx >> 6;
				_v88 = __ecx >> 6;
				_t303 = __ecx + __ecx * 8;
				if ((r9b &  *(0x80099d40 + 0x38 + _t303 * 8)) == 0) goto 0x8003f8f8;
				if (r13d - 0x7fffffff <= 0) goto 0x8003f584;
				E00000001180025204(__ecx);
				 *__ecx = 0;
				_t126 = E00000001180025224(__ecx);
				 *__ecx = 0x16;
				goto 0x8003f90a;
				if (r13d == 0) goto 0x8003f8f4;
				if ((_t126 & 0x00000002) != 0) goto 0x8003f8f4;
				_t204 = __rdx;
				if (_t204 == 0) goto 0x8003f56d;
				r11d =  *((char*)(0x80099d40 + 0x39 + _t303 * 8));
				_t240 =  *((intOrPtr*)(0x80099d40 + 0x28 + _t303 * 8));
				_v96 = _t240;
				_a8 = r11b;
				if (_t204 == 0) goto 0x8003f5ff;
				if (r11d - r9d != r9d) goto 0x8003f5ed;
				if ((r9b &  !r13d) != 0) goto 0x8003f5ed;
				E00000001180025204(_t240);
				 *_t240 = 0;
				E00000001180025224(_t240);
				 *_t240 = 0x16;
				E00000001180015940();
				goto 0x8003f788;
				goto 0x8003f683;
				if ((r9b &  !r13d) == 0) goto 0x8003f5d1;
				_t192 =  <  ? 4 : r13d >> 1;
				E00000001180028068(_t240,  *((intOrPtr*)(0x80099d40 + _t287 * 8)));
				_t256 = _t240;
				E00000001180028028(_t240,  *((intOrPtr*)(0x80099d40 + _t287 * 8)));
				E00000001180028028(_t240,  *((intOrPtr*)(0x80099d40 + _t287 * 8)));
				_t305 = _t256;
				if (_t256 != 0) goto 0x8003f64e;
				E00000001180025224(_t240);
				 *_t240 = 0xc;
				E00000001180025204(_t240);
				 *_t240 = 8;
				goto 0x8003f788;
				r8d = 0x180099d41;
				0x8003ebf4();
				_t288 = _v88;
				r11b = _a8;
				r9d = 1;
				 *((long long*)( *((intOrPtr*)(0x80099d40 + _t288 * 8)) + 0x30 + _t303 * 8)) = _t240;
				_t261 =  *((intOrPtr*)(0x80099d40 + _t288 * 8));
				_v72 = _t305;
				r10d = 0xa;
				if (( *(_t261 + 0x38 + _t303 * 8) & 0x00000048) == 0) goto 0x8003f712;
				_t139 =  *((intOrPtr*)(_t261 + 0x3a + _t303 * 8));
				if (_t139 == r10b) goto 0x8003f712;
				if (_t192 == 0) goto 0x8003f712;
				 *_t305 = _t139;
				_t193 = _t192 - 1;
				_t306 = _t305 + __r9;
				 *((intOrPtr*)( *((intOrPtr*)(0x80099d40 + _t288 * 8)) + 0x3a + _t303 * 8)) = r10b;
				if (r11b == 0) goto 0x8003f712;
				_t164 =  *((intOrPtr*)( *((intOrPtr*)(0x80099d40 + _t288 * 8)) + 0x3b + _t303 * 8));
				if (_t164 == r10b) goto 0x8003f712;
				if (_t193 == 0) goto 0x8003f712;
				 *_t306 = _t164;
				_t307 = _t306 + __r9;
				_t194 = _t193 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x80099d40 + _t288 * 8)) + 0x3b + _t303 * 8)) = r10b;
				if (r11b != r9b) goto 0x8003f712;
				_t165 =  *((intOrPtr*)( *((intOrPtr*)(0x80099d40 + _t288 * 8)) + 0x3c + _t303 * 8));
				if (_t165 == r10b) goto 0x8003f712;
				if (_t194 == 0) goto 0x8003f712;
				 *_t307 = _t165;
				 *((intOrPtr*)( *((intOrPtr*)(0x80099d40 + _t288 * 8)) + 0x3c + _t303 * 8)) = r10b;
				0x800386c0();
				if (_t139 == 0) goto 0x8003f7a6;
				_t247 =  *((intOrPtr*)(0x80099d40 + _v88 * 8));
				if ( *((intOrPtr*)(_t247 + 0x38 + _t303 * 8)) - sil >= 0) goto 0x8003f7a6;
				if (GetConsoleMode(??, ??) == 0) goto 0x8003f7a6;
				if (_a8 != 2) goto 0x8003f7ab;
				_t196 = _t194 - 1 >> 1;
				r8d = _t196;
				_v120 = _t281;
				if (ReadConsoleW(??, ??, ??, ??, ??) != 0) goto 0x8003f79a;
				E000000011800251B4(GetLastError(), _t247, _t256);
				E00000001180028028(_t247, _t256);
				goto 0x8003f912;
				goto 0x8003f7e6;
				_v80 = sil;
				r8d = _t196;
				_v120 = _t281;
				if (ReadFile(??, ??, ??, ??, ??) == 0) goto 0x8003f8be;
				if (_a32 - r13d > 0) goto 0x8003f8be;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x80099d40 + _v88 * 8)) + 0x38 + _t303 * 8)) - sil >= 0) goto 0x8003f78b;
				_t289 = _t276 + _t247 * 2 + _a32;
				if (_a8 == 2) goto 0x8003f82f;
				_t274 = _t307 + __r9;
				_v120 = _t302 >> 1;
				_t148 = E0000000118003F18C(__ebx, r12d, _t276 + _t247 * 2 + _a32, _t196, _a8 - 2, _t256, _t274, _t276, _t281, _t282, _t289, _a16);
				goto 0x8003f78b;
				if (_v80 == sil) goto 0x8003f8ac;
				_t299 = _v72;
				_t251 = _t299;
				_t297 =  &(_t299[_t289 >> 1]);
				if (_t299 - _t297 >= 0) goto 0x8003f89f;
				_t169 =  *_t251 & 0x0000ffff;
				if (_t169 == 0x1a) goto 0x8003f895;
				if (_t169 != 0xd) goto 0x8003f87b;
				_t291 =  &(_t251[1]);
				if (_t291 - _t297 >= 0) goto 0x8003f87b;
				if ( *_t291 != 0xa) goto 0x8003f87b;
				r8d = 4;
				goto 0x8003f881;
				r8d = 2;
				 *_t299 = 0xa;
				if (_t251 + _t291 - _t297 < 0) goto 0x8003f852;
				goto 0x8003f89f;
				_t253 =  *((intOrPtr*)(0x80099d40 + _t274 * 8));
				 *(_t253 + 0x38 + _t303 * 8) =  *(_t253 + 0x38 + _t303 * 8) | 0x00000002;
				goto 0x8003f78b;
				E0000000118003EEA8(_t148, r12d, _v72,  &(_t299[1]), 0x80099d40);
				goto 0x8003f828;
				if (GetLastError() != 5) goto 0x8003f8e4;
				E00000001180025224(_t253);
				 *_t253 = 9;
				_t152 = E00000001180025204(_t253);
				 *_t253 = 5;
				goto 0x8003f788;
				if (_t152 != 0x6d) goto 0x8003f781;
				goto 0x8003f78b;
				goto 0x8003f912;
				E00000001180025204(_t253);
				 *_t253 = 0xa;
				E00000001180025224(_t253);
				 *_t253 = 9;
				return E00000001180015940() | 0xffffffff;
			}

0x18003f4d4
0x18003f4d9
0x18003f4f3
0x18003f4fa
0x18003f4fc
0x18003f503
0x18003f505
0x18003f50a
0x18003f510
0x18003f519
0x18003f526
0x18003f52f
0x18003f52f
0x18003f536
0x18003f545
0x18003f549
0x18003f54e
0x18003f55e
0x18003f56b
0x18003f56d
0x18003f572
0x18003f574
0x18003f579
0x18003f57f
0x18003f587
0x18003f58f
0x18003f595
0x18003f598
0x18003f59a
0x18003f5a3
0x18003f5ab
0x18003f5b5
0x18003f5c0
0x18003f5c5
0x18003f5cf
0x18003f5d1
0x18003f5d6
0x18003f5d8
0x18003f5dd
0x18003f5e3
0x18003f5e8
0x18003f5fa
0x18003f607
0x18003f610
0x18003f615
0x18003f61c
0x18003f61f
0x18003f626
0x18003f62b
0x18003f631
0x18003f633
0x18003f638
0x18003f63e
0x18003f643
0x18003f649
0x18003f653
0x18003f657
0x18003f65c
0x18003f668
0x18003f670
0x18003f67a
0x18003f67f
0x18003f68b
0x18003f690
0x18003f696
0x18003f698
0x18003f6a0
0x18003f6a4
0x18003f6a6
0x18003f6a9
0x18003f6af
0x18003f6b5
0x18003f6bd
0x18003f6c3
0x18003f6cb
0x18003f6cf
0x18003f6d1
0x18003f6dc
0x18003f6df
0x18003f6e1
0x18003f6e9
0x18003f6ef
0x18003f6f7
0x18003f6fb
0x18003f6fd
0x18003f70d
0x18003f715
0x18003f71c
0x18003f72e
0x18003f737
0x18003f74b
0x18003f755
0x18003f764
0x18003f769
0x18003f76c
0x18003f779
0x18003f783
0x18003f78e
0x18003f795
0x18003f7a4
0x18003f7a6
0x18003f7b8
0x18003f7bb
0x18003f7cb
0x18003f7d9
0x18003f7fb
0x18003f805
0x18003f808
0x18003f818
0x18003f81e
0x18003f823
0x18003f82a
0x18003f837
0x18003f839
0x18003f83e
0x18003f844
0x18003f84b
0x18003f852
0x18003f859
0x18003f85f
0x18003f861
0x18003f868
0x18003f86e
0x18003f873
0x18003f879
0x18003f87b
0x18003f884
0x18003f891
0x18003f893
0x18003f895
0x18003f899
0x18003f8a7
0x18003f8b4
0x18003f8b9
0x18003f8c7
0x18003f8c9
0x18003f8ce
0x18003f8d4
0x18003f8d9
0x18003f8df
0x18003f8e7
0x18003f8ef
0x18003f8f6
0x18003f8f8
0x18003f8fd
0x18003f8ff
0x18003f904
0x18003f929

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018003F90A

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 21e25d4d157c297d4a1b26724ad1e3c9ded4b2185c7bcafd07933e745efbe9ce
Instruction ID: 999cabdf98f654d39482799af14681b29fb90efb5b9af8769e7c3a3e4c725eaf
Opcode Fuzzy Hash: 21e25d4d157c297d4a1b26724ad1e3c9ded4b2185c7bcafd07933e745efbe9ce
Instruction Fuzzy Hash: 9DC1C136208B8991EBF79B15A4443EE77A1F789BC0F568101FA8A077D1CE7ACA5DC341

Uniqueness

Uniqueness Score: -1.00%

Function 000000018003E62C Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 94
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E0000000118003E62C(void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r9, long long _a8, long long _a16, long long _a24) {
				void* _t15;
				void* _t45;
				void* _t64;
				void* _t80;

				_t79 = __r9;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t45 = __rcx;
				_t15 = E00000001180040458(3, __rax);
				if (_t15 == 1) goto 0x8003e753;
				if (_t15 != 0) goto 0x8003e66d;
				if ( *0x8009a1d0 == 1) goto 0x8003e753;
				r14d = 0x314;
				if (E0000000118002B498(__rax, 0x8009a1e0, __rdx, L"Runtime Error!\n\nProgram: ") != 0) goto 0x8003e774;
				 *0x8009a41a = 0;
				r8d = 0x104;
				if (GetModuleFileNameW(??, ??, ??) != 0) goto 0x8003e6d4;
				if (E0000000118002B498(__rax, 0x8009a212, 0x8009a212, L"<program name unknown>") != 0) goto 0x8003e774;
				if ( *0x4801CE636 != 0) goto 0x8003e6d8;
				if (0x18009a213 - 0x3c <= 0) goto 0x8003e714;
				r9d = 3;
				if (E00000001180034204(0xffffffffffffffc5, __rcx, 0x18009a19c, _t64 - 0xffffffffffffffc5, L"...", __r9) != 0) goto 0x8003e774;
				if (E00000001180033EB0(0xffffffffffffffc5, 0x8009a1e0, _t80, L"\n\n") != 0) goto 0x8003e774;
				_t78 = __rcx;
				if (E00000001180033EB0(0xffffffffffffffc5, 0x8009a1e0, _t80, __rcx) != 0) goto 0x8003e774;
				r8d = 0x12010;
				E000000011800406C0(0, 0xffffffffffffffc5, __rcx, 0x8009a1e0, L"Microsoft Visual C++ Runtime Library", __rsi, 0x8009a1e0, __rcx, _t79);
				goto 0x8003e75b;
				return E0000000118003E584(_t80 - 0x19, _t45, _t78);
			}

0x18003e62c
0x18003e62c
0x18003e631
0x18003e636
0x18003e644
0x18003e64c
0x18003e654
0x18003e65e
0x18003e667
0x18003e66d
0x18003e68e
0x18003e69b
0x18003e6a5
0x18003e6b9
0x18003e6ce
0x18003e6e0
0x18003e6ea
0x18003e6f0
0x18003e712
0x18003e728
0x18003e72a
0x18003e73a
0x18003e73c
0x18003e74c
0x18003e751
0x18003e773

APIs

_set_error_mode.LIBCMT ref: 000000018003E64C
GetModuleFileNameW.KERNEL32 ref: 000000018003E6AD

Strings

Microsoft Visual C++ Runtime Library, xrefs: 000000018003E742
..., xrefs: 000000018003E704
Runtime Error!Program: , xrefs: 000000018003E67D
<program name unknown>, xrefs: 000000018003E6BB

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: FileModuleName_set_error_mode
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3581924421-4022980321
Opcode ID: 356fff2c92e62a0c821dcfacd00fffd99b7c80219e6d5244e3ba8aa0f6334bb2
Instruction ID: 2c35ae3b6f8b02347fda613d5182bd9c0c7cf5f650539fd0bdada5ac01282602
Opcode Fuzzy Hash: 356fff2c92e62a0c821dcfacd00fffd99b7c80219e6d5244e3ba8aa0f6334bb2
Instruction Fuzzy Hash: B531D231304A8885FAD79B22A8103EB6391B75EBD4F81C621BE59576E5EF38C70DC740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012650 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00000001180012650(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				struct HINSTANCE__* _t81;
				long long _t85;
				void* _t89;
				struct HINSTANCE__* _t94;
				long _t97;
				void* _t100;
				signed long long _t101;
				WCHAR* _t104;

				 *((long long*)(_t89 + 8)) = __rbx;
				 *((long long*)(_t89 + 0x10)) = _t85;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t101 = _t100 | 0xffffffff;
				_t61 =  *((intOrPtr*)(0x180000000 + 0x994f8 + _t81 * 8));
				if (_t61 == _t101) goto 0x8001277f;
				if (_t61 != 0) goto 0x80012781;
				if (__r8 == __r9) goto 0x80012777;
				_t67 =  *((intOrPtr*)(0x180000000 + 0x994e0 + __rsi * 8));
				if (_t67 == 0) goto 0x800126c2;
				if (_t67 != _t101) goto 0x80012759;
				goto 0x8001272d;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t100, _t97);
				_t68 = _t61;
				if (_t61 != 0) goto 0x80012739;
				if (GetLastError() != 0x57) goto 0x8001271b;
				_t14 = _t68 + 7; // 0x7
				r8d = _t14;
				if (E000000011800243A0(__r8) == 0) goto 0x8001271b;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t61 != 0) goto 0x80012739;
				 *((intOrPtr*)(0x180000000 + 0x994e0 + __rsi * 8)) = _t101;
				goto 0x800126a0;
				_t21 = 0x180000000 + 0x994e0 + __rsi * 8;
				_t65 =  *_t21;
				 *_t21 = _t61;
				if (_t65 == 0) goto 0x80012759;
				FreeLibrary(_t94);
				GetProcAddress(_t81);
				if (_t65 == 0) goto 0x80012777;
				 *((intOrPtr*)(0x180000000 + 0x994f8 + _t81 * 8)) = _t65;
				goto 0x80012781;
				 *((intOrPtr*)(0x180000000 + 0x994f8 + _t81 * 8)) = _t101;
				return 0;
			}

0x180012650
0x180012655
0x18001265a
0x180012675
0x180012682
0x18001268e
0x180012697
0x1800126a0
0x1800126a9
0x1800126b5
0x1800126ba
0x1800126c0
0x1800126cf
0x1800126d5
0x1800126db
0x1800126e1
0x1800126ec
0x1800126ee
0x1800126ee
0x180012703
0x180012705
0x18001270d
0x180012719
0x180012725
0x180012734
0x180012743
0x180012743
0x180012743
0x18001274e
0x180012753
0x18001275f
0x180012768
0x18001276d
0x180012775
0x180012777
0x18001279d

APIs

LoadLibraryExW.KERNEL32(?,?,00000000,0000000180012AA3,?,?,?,00000001800063AA,?,?,?,0000000180005DD1), ref: 00000001800126D5
GetLastError.KERNEL32(?,?,00000000,0000000180012AA3,?,?,?,00000001800063AA,?,?,?,0000000180005DD1), ref: 00000001800126E3
LoadLibraryExW.KERNEL32(?,?,00000000,0000000180012AA3,?,?,?,00000001800063AA,?,?,?,0000000180005DD1), ref: 000000018001270D
FreeLibrary.KERNEL32(?,?,00000000,0000000180012AA3,?,?,?,00000001800063AA,?,?,?,0000000180005DD1), ref: 0000000180012753
GetProcAddress.KERNEL32(?,?,00000000,0000000180012AA3,?,?,?,00000001800063AA,?,?,?,0000000180005DD1), ref: 000000018001275F

Strings

api-ms-, xrefs: 00000001800126F5

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: bab63338e6555c8450dd74f7b5140a3c37ea78e70ac36ff11971266466320de5
Instruction ID: 217c8dca0b44db9e00e3fac85571a4830287edff9f7d1efe584ddd4be1f6e54a
Opcode Fuzzy Hash: bab63338e6555c8450dd74f7b5140a3c37ea78e70ac36ff11971266466320de5
Instruction Fuzzy Hash: 3731B231316E4891EF97DB46A840BE66394BB4CBE4F5A8525BD290B3D0FF38C65D8710

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BB4C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 63%

			E0000000118000BB4C(long long __rbx, long long* __rcx, long long __rdx, void* __rsi, void* __r8, long long _a8) {
				char _v24;
				intOrPtr _v32;
				char _v40;
				intOrPtr _v48;
				void* _v56;
				void* __rbp;
				unsigned int _t28;
				unsigned int _t33;
				intOrPtr _t37;
				char* _t48;
				char* _t49;
				intOrPtr* _t52;
				long long _t54;
				long long* _t62;
				long long _t68;
				void* _t74;

				_t68 = __rdx;
				_a8 = __rbx;
				_t48 =  *0x80099490; // 0x0
				_t62 = __rcx;
				if ( *_t48 == 0x58) goto 0x8000bc6c;
				if ( *_t48 == 0x5a) goto 0x8000bc2f;
				E0000000118000B9B8(__rcx,  &_v56, __rsi, _t74, __r8);
				_t37 = _v48;
				if (_t37 != 0) goto 0x8000bc23;
				_t49 =  *0x80099490; // 0x0
				if ( *_t49 == 0) goto 0x8000bc23;
				if ( *_t49 == 0x40) goto 0x8000bc19;
				if ( *_t49 == 0x5a) goto 0x8000bbb3;
				 *((intOrPtr*)(_t62 + 8)) = 0;
				 *((char*)(_t62 + 8)) = 2;
				 *_t62 = _t68;
				goto 0x8000bc9a;
				 *0x80099490 = _t49 + 1;
				_t28 =  *0x800994a0; // 0x0
				if (( !(_t28 >> 0x12) & 0x00000001) == 0) goto 0x8000bbe0;
				_v32 = 4;
				goto 0x8000bbee;
				_t52 = ",<ellipsis>";
				_v32 = 0xb;
				_v40 = _t52;
				asm("movaps xmm0, [ebp-0x20]");
				asm("movdqa [ebp-0x20], xmm0");
				E0000000118000A484( &_v56,  &_v24,  &_v40);
				 *_t62 =  *_t52;
				 *((intOrPtr*)(_t62 + 8)) =  *((intOrPtr*)(_t52 + 8));
				goto 0x8000bc9a;
				 *0x80099490 = _t52 + 1;
				_t54 = _v56;
				 *_t62 = _t54;
				 *((intOrPtr*)(_t62 + 8)) = _t37;
				goto 0x8000bc9a;
				 *0x80099490 = _t54 + 1;
				_t33 =  *0x800994a0; // 0x0
				if (( !(_t33 >> 0x12) & 0x00000001) == 0) goto 0x8000bc5c;
				_v32 = 3;
				goto 0x8000bc88;
				_v32 = 0xa;
				goto 0x8000bc88;
				_v32 = 4;
				 *0x80099490 = "<ellipsis>" + 1;
				_v40 = "void";
				asm("movaps xmm0, [ebp-0x20]");
				asm("movdqa [ebp-0x20], xmm0");
				return E00000001180009F6C("void",  *_t52,  &_v40);
			}

0x18000bb4c
0x18000bb4c
0x18000bb59
0x18000bb60
0x18000bb66
0x18000bb6f
0x18000bb79
0x18000bb7e
0x18000bb85
0x18000bb8b
0x18000bb94
0x18000bb9d
0x18000bba2
0x18000bba4
0x18000bba7
0x18000bbab
0x18000bbae
0x18000bbba
0x18000bbc1
0x18000bbce
0x18000bbd7
0x18000bbde
0x18000bbe0
0x18000bbe7
0x18000bbee
0x18000bbf6
0x18000bbfe
0x18000bc03
0x18000bc0b
0x18000bc11
0x18000bc14
0x18000bc1c
0x18000bc23
0x18000bc27
0x18000bc2a
0x18000bc2d
0x18000bc36
0x18000bc3d
0x18000bc4a
0x18000bc53
0x18000bc5a
0x18000bc63
0x18000bc6a
0x18000bc6f
0x18000bc76
0x18000bc88
0x18000bc8c
0x18000bc90
0x18000bca7

APIs

Part of subcall function 000000018000B9B8: Replicator::operator[].LIBVCRUNTIME ref: 000000018000BA81

DName::operator+.LIBVCRUNTIME ref: 000000018000BC03

Strings

,<ellipsis>, xrefs: 000000018000BBE0
<ellipsis>, xrefs: 000000018000BC5C
void, xrefs: 000000018000BC81
..., xrefs: 000000018000BC4C
,..., xrefs: 000000018000BBD0

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 1405650943-2211150622
Opcode ID: 5fcce2f3bd96bab78226f727d7e8014ccff600c942e32474df968cc59e10dc84
Instruction ID: 38c07f4cd56dd10eeae6d3190c5558b9be0cbb85511c9f0505480d709a8bca13
Opcode Fuzzy Hash: 5fcce2f3bd96bab78226f727d7e8014ccff600c942e32474df968cc59e10dc84
Instruction Fuzzy Hash: 80412972A05B4889FB93CF68D8807EC37B0B34CB88F548116EA8897764DF788649CB50

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D9F0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 69%

			E0000000118000D9F0(void* __edi, long long __rbx, long long __rcx, void* __rdi, void* __rsi, long long _a8) {
				char _v24;
				intOrPtr _v32;
				void* _v40;
				intOrPtr _v48;
				long long _v56;
				intOrPtr _t30;
				intOrPtr _t32;
				char _t42;
				char* _t47;
				intOrPtr* _t48;
				long long* _t55;
				char* _t58;

				_a8 = __rbx;
				_t47 =  *0x80099490; // 0x0
				_t55 = __rcx;
				_v56 = __rcx;
				_v48 = 0;
				_t42 =  *_t47;
				if (_t42 == 0) goto 0x8000db05;
				if (_t42 == 0) goto 0x8000da79;
				if (_t42 == 0) goto 0x8000da79;
				if (_t42 == 0) goto 0x8000da6a;
				if (_t42 == 0) goto 0x8000da6a;
				if (_t42 == 0) goto 0x8000da8f;
				if (_t42 == 0) goto 0x8000da5b;
				if (_t42 == 0) goto 0x8000da52;
				if ( *_t47 - 0x2a == 1) goto 0x8000da52;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				 *((char*)(__rcx + 8)) = 2;
				 *((long long*)(__rcx)) = __rcx;
				goto 0x8000db12;
				goto 0x8000da80;
				r8d = 4;
				goto 0x8000da86;
				r8d = 6;
				goto 0x8000da86;
				r8d = 5;
				_t58 =  &_v56;
				E00000001180009D60(_t47, __rcx, _t58, "char ", __rdi, __rsi);
				_t48 =  *0x80099490; // 0x0
				_t32 =  *_t48;
				 *0x80099490 =  *0x80099490 + 1;
				if ((_t58 - 0x00000031 & 0x000000f9) != 0) goto 0x8000daab;
				if (_t32 != 0x37) goto 0x8000dab0;
				if (_t32 != 0x37) goto 0x8000daf6;
				_v32 = 9;
				_t49 = "unsigned ";
				_v40 = "unsigned ";
				asm("movaps xmm0, [ebp-0x20]");
				asm("movdqa [ebp-0x20], xmm0");
				E00000001180009F6C("unsigned ",  &_v24,  &_v40);
				E0000000118000A4B0(_t49,  &_v40,  &_v56);
				_v56 = _v40;
				_v48 = _v32;
				 *_t55 = _v56;
				_t30 = _v48;
				 *((intOrPtr*)(_t55 + 8)) = _t30;
				goto 0x8000db12;
				 *((intOrPtr*)(_t55 + 8)) = _t32;
				 *_t55 = 0x8004e150;
				return _t30;
			}

0x18000d9f0
0x18000d9fd
0x18000da04
0x18000da09
0x18000da0d
0x18000da10
0x18000da12
0x18000da1e
0x18000da23
0x18000da28
0x18000da2d
0x18000da32
0x18000da37
0x18000da3c
0x18000da41
0x18000da43
0x18000da46
0x18000da4a
0x18000da4d
0x18000da59
0x18000da5b
0x18000da68
0x18000da6a
0x18000da77
0x18000da80
0x18000da86
0x18000da8a
0x18000da8f
0x18000da96
0x18000da98
0x18000daa4
0x18000daa9
0x18000daae
0x18000dab0
0x18000dab7
0x18000dabe
0x18000dac6
0x18000dace
0x18000dad3
0x18000dae3
0x18000daec
0x18000daf3
0x18000dafa
0x18000dafd
0x18000db00
0x18000db03
0x18000db0c
0x18000db0f
0x18000db1f

APIs

DName::operator+.LIBVCRUNTIME ref: 000000018000DAE3

Strings

long , xrefs: 000000018000DA52
int , xrefs: 000000018000DA61
short , xrefs: 000000018000DA70
char , xrefs: 000000018000DA79
unsigned , xrefs: 000000018000DAB7

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+
String ID: char $int $long $short $unsigned
API String ID: 2943138195-3894466517
Opcode ID: 5b854c693081563d9e9ad53117f991563a31957e7157d3f9fad84cbe580cad8b
Instruction ID: 5589f239ca55fcc8c3246942ff0a0d000f5c0efc4c4faad9e4a3fed404d437aa
Opcode Fuzzy Hash: 5b854c693081563d9e9ad53117f991563a31957e7157d3f9fad84cbe580cad8b
Instruction Fuzzy Hash: 7C413872B18A1C88FB93CF68D8843ED37A1B34E788F44C116EA4856B59DF34C648C765

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012884 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E00000001180012884(long long __rbx, void* __rcx, void* __rdx, long long __rdi, signed int __rsi, long long __rbp, void* __r8, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed long long _t38;
				intOrPtr _t42;
				signed long long _t43;
				signed long long _t61;
				long _t65;
				void* _t68;
				WCHAR* _t71;

				_t38 = _t61;
				 *((long long*)(_t38 + 8)) = __rbx;
				 *((long long*)(_t38 + 0x10)) = __rbp;
				 *((long long*)(_t38 + 0x18)) = __rsi;
				 *((long long*)(_t38 + 0x20)) = __rdi;
				if (__rdx == __r8) goto 0x80012948;
				_t42 =  *((intOrPtr*)(0x180000000 + 0x994e0 + __rsi * 8));
				if (_t42 == 0) goto 0x800128d6;
				if (_t42 != 0xffffffff) goto 0x80012982;
				goto 0x8001293b;
				r8d = 0x800;
				LoadLibraryExW(_t71, _t68, _t65);
				_t43 = _t38;
				if (_t38 != 0) goto 0x80012969;
				if (GetLastError() != 0x57) goto 0x8001292f;
				_t12 = _t43 + 7; // 0x7
				r8d = _t12;
				if (E000000011800243A0(__r8) == 0) goto 0x8001292f;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t38 != 0) goto 0x80012969;
				 *((intOrPtr*)(0x180000000 + 0x994e0 + __rsi * 8)) = _t38 | 0xffffffff;
				if (__rdx + 4 != __r8) goto 0x800128ba;
				return 0;
			}

0x180012884
0x180012887
0x18001288b
0x18001288f
0x180012893
0x1800128ad
0x1800128bc
0x1800128c8
0x1800128ce
0x1800128d4
0x1800128e3
0x1800128e9
0x1800128ef
0x1800128f5
0x180012900
0x180012902
0x180012902
0x180012917
0x180012919
0x180012921
0x18001292d
0x180012933
0x180012942
0x180012968

APIs

LoadLibraryExW.KERNEL32 ref: 00000001800128E9
GetLastError.KERNEL32 ref: 00000001800128F7
LoadLibraryExW.KERNEL32 ref: 0000000180012921
FreeLibrary.KERNEL32 ref: 000000018001297C
GetProcAddress.KERNEL32 ref: 0000000180012988

Strings

api-ms-, xrefs: 0000000180012909

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: e7f1a3c745adcc49aa59afbaa1f8322cc4cb371c1bdee19e75c2a66d64113491
Instruction ID: 047aeeb822097670662bca60e6698a04203b65b39353c0538e646a0a5bb5cc59
Opcode Fuzzy Hash: e7f1a3c745adcc49aa59afbaa1f8322cc4cb371c1bdee19e75c2a66d64113491
Instruction Fuzzy Hash: 3C21DC31701E4882EB93DB5AA84479963A0BB4DBF4F198624EE29077E0EF78C659C304

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800408FC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 000000018004092D
GetLastError.KERNEL32 ref: 0000000180040939
CloseHandle.KERNEL32 ref: 0000000180040951
CreateFileW.KERNEL32 ref: 000000018004097C
WriteConsoleW.KERNEL32 ref: 000000018004099B

Strings

CONOUT$, xrefs: 000000018004095D

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 88e75f983f330c267e30a73e830076550dfef25dd7d409377e8983a322b8e35e
Instruction ID: 71ab03b6fdae1dec52454977cc01ebd2bf70cfd367100e19dbd8a1a1df169e18
Opcode Fuzzy Hash: 88e75f983f330c267e30a73e830076550dfef25dd7d409377e8983a322b8e35e
Instruction Fuzzy Hash: A011B231310E4886F7D18B52F89475973A0F78CFE8F158214FA5A87B94DF38CA088749

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180040764 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 0000000180040789
GetLastError.KERNEL32 ref: 0000000180040795
CloseHandle.KERNEL32 ref: 00000001800407AD
CreateFileW.KERNEL32 ref: 00000001800407D8
WriteConsoleW.KERNEL32 ref: 00000001800407F9

Strings

CONOUT$, xrefs: 00000001800407B9

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: f2c822f4ded2dee11bc31c3d3698ee771ba0de58891004fd8dd32b5ff2644779
Instruction ID: b3d80ad62cde43686b7b50c2c3d80438078bf4719a8f736a1ae9addabc9ee149
Opcode Fuzzy Hash: f2c822f4ded2dee11bc31c3d3698ee771ba0de58891004fd8dd32b5ff2644779
Instruction Fuzzy Hash: E2115E32214E4882E7D28F65E4547997360F78CBECF158205FA5A87B98DF38CA488719

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180007304 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 316
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E00000001180007304(void* __ecx, intOrPtr* __rcx, long long __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t157;
				intOrPtr _t158;
				intOrPtr _t160;
				void* _t179;
				intOrPtr _t195;
				intOrPtr _t200;
				void* _t201;
				signed long long _t239;
				signed long long _t240;
				signed char _t241;
				intOrPtr* _t243;
				long long _t245;
				long long _t253;
				intOrPtr* _t255;
				signed char* _t257;
				intOrPtr* _t269;
				void* _t290;
				void* _t291;
				void* _t292;
				void* _t293;
				signed long long _t294;
				long long _t303;
				long long _t304;
				intOrPtr* _t305;
				long long _t313;
				signed char* _t316;
				intOrPtr _t321;

				_t292 = _t293 - 0x88;
				_t294 = _t293 - 0x188;
				_t239 =  *0x80098010; // 0x6aeceb4fd839
				_t240 = _t239 ^ _t294;
				 *(_t292 + 0x70) = _t240;
				_t316 =  *((intOrPtr*)(_t292 + 0xf0));
				 *((long long*)(_t294 + 0x78)) = __rdx;
				_t257 = _t316;
				 *((long long*)(_t292 - 0x60)) =  *((intOrPtr*)(_t292 + 0x108));
				_t291 = __r9;
				 *((char*)(_t294 + 0x60)) = 0;
				E00000001180006598(_t257, __r9, __r9);
				if ( *((intOrPtr*)(__r9 + 0x48)) == 0) goto 0x80007380;
				E0000000118000635C(_t240);
				if ( *((intOrPtr*)(_t240 + 0x78)) != 0xfffffffe) goto 0x800077f9;
				goto 0x8000739f;
				E0000000118000635C(_t240);
				if ( *((intOrPtr*)(_t240 + 0x78)) == 0xfffffffe) goto 0x8000739f;
				E0000000118000635C(_t240);
				_t200 =  *((intOrPtr*)(_t240 + 0x78));
				E0000000118000635C(_t240);
				 *((intOrPtr*)(_t240 + 0x78)) = 0xfffffffe;
				if (_t200 - 0xffffffff < 0) goto 0x800077f9;
				if (_t316[8] == 0) goto 0x800073df;
				_t241 = _t257[0x18004cb48];
				goto 0x800073e1;
				if (_t200 >= 0) goto 0x800077f9;
				if ( *__rcx != 0xe06d7363) goto 0x800074b9;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 4) goto 0x800074b9;
				if ( *((intOrPtr*)(__rcx + 0x20)) - 0x19930520 - 2 > 0) goto 0x800074b9;
				if ( *((long long*)(__rcx + 0x30)) != 0) goto 0x800074b9;
				E0000000118000635C(_t241);
				if ( *((long long*)(_t241 + 0x20)) == 0) goto 0x80007797;
				E0000000118000635C(_t241);
				_t255 =  *((intOrPtr*)(_t241 + 0x20));
				E0000000118000635C(_t241);
				 *((char*)(_t294 + 0x60)) = 1;
				E00000001180004FA8(_t241,  *((intOrPtr*)(_t255 + 0x38)));
				if ( *_t255 != 0xe06d7363) goto 0x80007471;
				if ( *((intOrPtr*)(_t255 + 0x18)) != 4) goto 0x80007471;
				if ( *((intOrPtr*)(_t255 + 0x20)) - 0x19930520 - 2 > 0) goto 0x80007471;
				if ( *((long long*)(_t255 + 0x30)) == 0) goto 0x800077f9;
				E0000000118000635C(_t241);
				if ( *(_t241 + 0x38) == 0) goto 0x800074b9;
				E0000000118000635C(_t241);
				E0000000118000635C(_t241);
				 *(_t241 + 0x38) =  *(_t241 + 0x38) & 0x00000000;
				if (E00000001180009454(_t241, _t255, _t255,  *(_t241 + 0x38), __r9) != 0) goto 0x800074b4;
				if (E00000001180009544(_t241, _t255,  *(_t241 + 0x38), __r9, _t292) == 0) goto 0x800077db;
				goto 0x800077b7;
				E00000001180008500(_t292 - 0x10, _t316,  *((intOrPtr*)(__r9 + 8)));
				if ( *_t255 != 0xe06d7363) goto 0x8000774f;
				if ( *((intOrPtr*)(_t255 + 0x18)) != 4) goto 0x8000774f;
				if ( *((intOrPtr*)(_t255 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8000774f;
				if ( *((intOrPtr*)(_t292 - 0x10)) <= 0) goto 0x80007734;
				 *((intOrPtr*)(_t294 + 0x28)) =  *((intOrPtr*)(_t292 + 0x100));
				 *(_t294 + 0x20) = _t316;
				r8d = _t200;
				_t157 = E00000001180004928(_t255, _t292 - 0x58, _t292 - 0x10, _t290, _t291, _t292);
				asm("movups xmm0, [ebp-0x58]");
				asm("movdqu [ebp-0x78], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t157 -  *((intOrPtr*)(_t292 - 0x40)) >= 0) goto 0x80007734;
				_t158 =  *((intOrPtr*)(_t292 - 0x70));
				 *((long long*)(_t292 - 0x80)) =  *((intOrPtr*)(_t292 - 0x58));
				 *((intOrPtr*)(_t294 + 0x68)) = _t158;
				asm("inc ecx");
				asm("dec ax");
				asm("movups [ebp-0x78], xmm0");
				if (_t158 - _t200 > 0) goto 0x8000768f;
				if (_t200 - _t158 > 0) goto 0x8000768f;
				_t243 =  *((intOrPtr*)(_t291 + 0x10));
				r9d =  *_t243;
				E00000001180008458(_t243, _t292 + 0x20, _t292 - 0x78,  *((intOrPtr*)(_t291 + 8)));
				_t160 =  *((intOrPtr*)(_t292 + 0x20));
				r12d = 0;
				 *((intOrPtr*)(_t294 + 0x64)) = r12d;
				 *((intOrPtr*)(_t294 + 0x6c)) = _t160;
				if (_t160 == 0) goto 0x8000768f;
				asm("movups xmm0, [ebp+0x38]");
				asm("movups xmm1, [ebp+0x48]");
				asm("movups [ebp-0x38], xmm0");
				asm("movsd xmm0, [ebp+0x58]");
				asm("movsd [ebp-0x18], xmm0");
				asm("movups [ebp-0x28], xmm1");
				E00000001180004F7C(_t243);
				_t245 = _t243 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t255 + 0x30)) + 0xc));
				 *((long long*)(_t294 + 0x70)) = _t245;
				E00000001180004F7C(_t245);
				r15d =  *((intOrPtr*)(_t245 +  *((intOrPtr*)( *((intOrPtr*)(_t255 + 0x30)) + 0xc))));
				if (r15d <= 0) goto 0x8000761a;
				E00000001180004F7C(_t245);
				_t313 = _t245 +  *((intOrPtr*)( *((intOrPtr*)(_t294 + 0x70))));
				if (E00000001180007E48(_t201, _t255, _t292 - 0x38, _t313, _t290, _t291,  *((intOrPtr*)(_t255 + 0x30))) != 0) goto 0x80007637;
				 *((long long*)(_t294 + 0x70)) =  *((long long*)(_t294 + 0x70)) + 4;
				r15d = r15d - 1;
				if (r15d > 0) goto 0x800075e0;
				r12d =  *((intOrPtr*)(_t294 + 0x64));
				E00000001180008C68( *((intOrPtr*)(_t294 + 0x70)), _t292 + 0x20);
				r12d = r12d + 1;
				 *((intOrPtr*)(_t294 + 0x64)) = r12d;
				if (r12d ==  *((intOrPtr*)(_t294 + 0x6c))) goto 0x8000768b;
				goto 0x80007597;
				 *((char*)(_t294 + 0x58)) =  *((intOrPtr*)(_t292 + 0xf8));
				_t269 = _t255;
				 *((char*)(_t294 + 0x50)) =  *((intOrPtr*)(_t294 + 0x60));
				 *((long long*)(_t294 + 0x48)) =  *((intOrPtr*)(_t292 - 0x60));
				 *((intOrPtr*)(_t294 + 0x40)) =  *((intOrPtr*)(_t292 + 0x100));
				 *((long long*)(_t294 + 0x38)) = _t292 - 0x78;
				 *((long long*)(_t294 + 0x30)) = _t313;
				 *((long long*)(_t294 + 0x28)) = _t292 - 0x38;
				 *(_t294 + 0x20) = _t316;
				E00000001180006D68(_t257[0x18004cb58], _t255, _t269,  *((intOrPtr*)(_t294 + 0x78)),  *((intOrPtr*)(_t241 + 0x28)), _t291);
				_t321 =  *((intOrPtr*)(_t292 - 0x80));
				_t303 =  *((intOrPtr*)(_t321 + 8)) -  *((char*)(_t269 + 0x18004cb48));
				 *((long long*)(_t321 + 8)) = _t303;
				 *(_t321 + 0x18) =  *(_t303 - 4) >>  *(_t269 + 0x18004cb58);
				_t304 = _t303 -  *((char*)(_t269 + 0x18004cb48));
				 *((long long*)(_t321 + 8)) = _t304;
				 *(_t321 + 0x1c) =  *(_t304 - 4) >>  *(_t269 + 0x18004cb58);
				_t305 = _t304 -  *((char*)(_t269 + 0x18004cb48));
				 *(_t321 + 0x20) =  *(_t305 - 4) >>  *(_t269 + 0x18004cb58);
				_t195 =  *((intOrPtr*)(_t294 + 0x68)) + 1;
				 *((long long*)(_t321 + 8)) = _t305;
				_t116 = _t305 + 4; // 0x4
				_t253 = _t116;
				 *((long long*)(_t321 + 8)) = _t253;
				 *((intOrPtr*)(_t321 + 0x24)) =  *_t305;
				 *((intOrPtr*)(_t294 + 0x68)) = _t195;
				if (_t195 -  *((intOrPtr*)(_t292 - 0x40)) < 0) goto 0x80007546;
				if (( *_t316 & 0x00000040) == 0) goto 0x8000778b;
				if (E00000001180004658(_t316) == 0) goto 0x800077e1;
				goto 0x8000778b;
				if ( *((intOrPtr*)(_t292 - 0x10)) <= 0) goto 0x8000778b;
				if ( *((char*)(_t292 + 0xf8)) != 0) goto 0x800077f9;
				 *((long long*)(_t294 + 0x38)) = _t313;
				 *((intOrPtr*)(_t294 + 0x30)) =  *((intOrPtr*)(_t292 + 0x100));
				 *((intOrPtr*)(_t294 + 0x28)) = _t200;
				 *(_t294 + 0x20) = _t316;
				E00000001180007A18( *_t305, _t255, _t321,  *((intOrPtr*)(_t241 + 0x28)), _t291);
				_t179 = E0000000118000635C(_t253);
				if ( *((long long*)(_t253 + 0x38)) != 0) goto 0x800077f9;
				return E00000001180002630(_t179, _t195,  *(_t292 + 0x70) ^ _t294);
			}

0x180007311
0x180007319
0x180007320
0x180007327
0x18000732a
0x18000732e
0x180007342
0x180007347
0x18000734d
0x180007351
0x180007354
0x18000735c
0x180007367
0x180007369
0x180007372
0x18000737e
0x180007380
0x180007389
0x18000738b
0x180007390
0x180007393
0x180007398
0x1800073a2
0x1800073b4
0x1800073c4
0x1800073dd
0x1800073e3
0x1800073ef
0x1800073f9
0x18000740a
0x180007415
0x18000741b
0x180007425
0x18000742b
0x180007430
0x180007434
0x18000743d
0x180007446
0x180007451
0x180007457
0x180007464
0x18000746b
0x180007471
0x18000747b
0x18000747d
0x180007486
0x180007491
0x18000749d
0x1800074a9
0x1800074af
0x1800074c4
0x1800074cf
0x1800074d9
0x1800074ea
0x1800074f4
0x180007504
0x18000750f
0x180007514
0x180007517
0x18000751c
0x180007520
0x180007525
0x18000752a
0x180007531
0x18000753b
0x18000753e
0x180007542
0x180007546
0x18000754b
0x180007550
0x180007556
0x180007562
0x180007568
0x180007578
0x18000757b
0x180007580
0x180007583
0x180007586
0x18000758b
0x180007591
0x180007597
0x18000759b
0x18000759f
0x1800075a3
0x1800075a8
0x1800075ad
0x1800075b1
0x1800075c2
0x1800075c5
0x1800075ca
0x1800075d7
0x1800075de
0x1800075e0
0x1800075f4
0x180007605
0x180007607
0x18000760d
0x180007613
0x180007615
0x18000761e
0x180007623
0x180007626
0x180007630
0x180007632
0x180007648
0x18000764c
0x180007653
0x18000765b
0x180007666
0x18000766e
0x180007677
0x18000767c
0x180007681
0x180007686
0x18000768b
0x1800076b1
0x1800076ba
0x1800076be
0x1800076d9
0x1800076e2
0x1800076e6
0x180007701
0x18000770e
0x180007712
0x180007714
0x180007718
0x180007718
0x18000771f
0x180007723
0x180007727
0x18000772e
0x180007738
0x180007747
0x18000774d
0x180007753
0x18000775c
0x18000776b
0x180007773
0x18000777a
0x180007781
0x180007786
0x18000778b
0x180007795
0x1800077b6

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00000001800074A2
std::bad_alloc::bad_alloc.LIBCMT ref: 00000001800077C5

Strings

csm, xrefs: 00000001800073E9
csm, xrefs: 000000018000744B
csm, xrefs: 00000001800074C9

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: cddead22bd0838cc37d9df9b026af8edfa14e6ebec97d90a803989f236096aa6
Instruction ID: 8165595842e9381fbba07210e1203a7877e02bb48a22d2fca3c01305fc3de1fa
Opcode Fuzzy Hash: cddead22bd0838cc37d9df9b026af8edfa14e6ebec97d90a803989f236096aa6
Instruction Fuzzy Hash: D3E19F73A04B888AE7A2DF64D4803ED3BA0F7587C8F159115EE9D476A6DF38C689C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000F284 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 61%

			E0000000118000F284(void* __edx, void* __edi, void* __rax, long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rdi, void* __rsi, long long __r8, void* __r14, void* __r15, long long _a8, long long _a16) {
				intOrPtr _v16;
				char _v24;
				intOrPtr _v32;
				char _v40;
				intOrPtr _t21;
				char _t23;
				void* _t26;
				char _t28;
				void* _t33;
				void* _t38;
				char* _t46;
				long long _t50;
				char* _t52;
				intOrPtr* _t55;
				long long _t62;

				_t62 = __r8;
				_t57 = __rsi;
				_t33 = __rax;
				_t27 = __edi;
				_t26 = __edx;
				_a8 = __rbx;
				_a16 = __rdi;
				r8d = 0;
				_t55 = __rdx;
				_t46 =  *0x80099490; // 0x0
				_t38 = __rcx;
				_v40 = __r8;
				_v32 = r8d;
				_t23 =  *_t46;
				_t28 = _t23;
				if (_t28 == 0) goto 0x8000f34b;
				if (_t28 == 0) goto 0x8000f33c;
				if (_t28 == 0) goto 0x8000f309;
				if (_t23 - 7 == 1) goto 0x8000f2d8;
				E0000000118000C14C(__edi, __rcx, __rcx, __rdx, __rdx, __rsi, __r14, __r15);
				goto 0x8000f369;
				if ( *_t55 == _t62) goto 0x8000f2f0;
				r8d = 9;
				goto 0x8000f2fd;
				r8d = 8;
				E00000001180009D60(_t33, _t38,  &_v40, "volatile", _t55, __rsi);
				_t50 =  *0x80099490; // 0x0
				r9d = 2;
				_v24 =  *_t55;
				asm("bts eax, 0x8");
				 *0x80099490 = _t50 + 1;
				_t52 =  &_v40;
				_v16 =  *((intOrPtr*)(_t55 + 8));
				E0000000118000F704(_t26, _t27, _t38, _t38, _t52, _t55, _t57,  &_v24);
				goto 0x8000f369;
				_t21 =  *((intOrPtr*)(_t52 + 1));
				if (_t21 == 0x24) goto 0x8000f37c;
				if (_t21 != 0) goto 0x8000f47a;
				_v16 = r8d;
				_v24 = 0x8004e150;
				return E0000000118000A4B0( &_v24, _t38, _t55);
			}

0x18000f284
0x18000f284
0x18000f284
0x18000f284
0x18000f284
0x18000f284
0x18000f289
0x18000f296
0x18000f299
0x18000f29c
0x18000f2a3
0x18000f2a6
0x18000f2aa
0x18000f2ae
0x18000f2b1
0x18000f2b3
0x18000f2bc
0x18000f2c1
0x18000f2c6
0x18000f2ce
0x18000f2d3
0x18000f2df
0x18000f2e1
0x18000f2ee
0x18000f2f0
0x18000f2fd
0x18000f302
0x18000f309
0x18000f316
0x18000f323
0x18000f327
0x18000f32e
0x18000f332
0x18000f335
0x18000f33a
0x18000f33c
0x18000f341
0x18000f345
0x18000f352
0x18000f356
0x18000f37b

APIs

DName::operator+.LIBVCRUNTIME ref: 000000018000F364

Part of subcall function 000000018000C14C: DName::operator+.LIBVCRUNTIME ref: 000000018000C665
Part of subcall function 000000018000C14C: DName::operator+.LIBVCRUNTIME ref: 000000018000C69D

Strings

std::nullptr_t , xrefs: 000000018000F4D9
volatile, xrefs: 000000018000F2F6, 000000018000F444
volatile , xrefs: 000000018000F2E7, 000000018000F435
std::nullptr_t, xrefs: 000000018000F505

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+
String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
API String ID: 2943138195-757766384
Opcode ID: 525f8cd02e2d1813d410207f75c8156ef0adde104784541a60f181457267ec5e
Instruction ID: eaae630065f26886280b7ca045e214442c974020dd93010584d69c6d532e3b14
Opcode Fuzzy Hash: 525f8cd02e2d1813d410207f75c8156ef0adde104784541a60f181457267ec5e
Instruction Fuzzy Hash: B7713772605B4894EBA6CF69D8503FD77A4B70DBC4F84C526EA4952BA9DF38C358D300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180010F30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 56%

			E00000001180010F30(void* __edx, void* __edi, long long __rbx, void* __rcx, long long __rdi, void* __rsi, void* __r8, void* __r10, void* __r11, void* __r14, void* __r15, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				void* _v25;
				char _v40;
				char _v56;
				intOrPtr _v64;
				char _v72;
				signed int _v80;
				signed long long _v88;
				void* _t35;
				intOrPtr _t43;
				void* _t45;
				signed long long _t54;
				intOrPtr* _t56;
				void* _t65;
				intOrPtr* _t70;
				intOrPtr _t87;
				intOrPtr _t88;
				void* _t92;

				_t45 = __edx;
				_a16 = __rbx;
				_a24 = __rdi;
				_t54 =  *0x80098010; // 0x6aeceb4fd839
				_v24 = _t54 ^ _t92 - 0x00000070;
				_t56 =  *0x80099490; // 0x0
				_t65 = __rcx;
				_t43 =  *_t56;
				if (_t43 != 0x58) goto 0x80010f97;
				_v64 = 4;
				 *0x80099490 = _t56 + 1;
				_v72 = "void";
				asm("movaps xmm0, [ebp-0x40]");
				asm("movdqa [ebp-0x50], xmm0");
				E00000001180009F6C("void", __rcx,  &_v88);
				goto 0x80011076;
				if (_t43 != 0x3f) goto 0x80011061;
				E000000011800100E4(__rcx,  &_v72,  &_v88, __rsi, __r8, __r10, __r11, __r14);
				if (( *0x800994a0 & 0x00004000) == 0) goto 0x80011018;
				_t87 =  *0x800994a8; // 0x0
				if (_t87 == 0) goto 0x80011018;
				_t70 = _v72;
				if (_t70 == 0) goto 0x80010feb;
				 *0x8004c3c0();
				 *((char*)( *((intOrPtr*)( *_t70 + 0x18)))) = 0;
				_t88 =  *0x800994a8; // 0x0
				goto 0x80010fef;
				_v40 = 0;
				_t35 = E00000001180015530( &_v40);
				 *0x8004c3c0();
				if (_t88 == 0) goto 0x80011018;
				r8d = 0;
				E00000001180009C28(_t65, _t88);
				goto 0x80011076;
				_v80 = 0x13;
				_v88 = "`template-parameter";
				asm("movaps xmm0, [ebp-0x50]");
				asm("movdqa [ebp-0x50], xmm0");
				E00000001180009F6C("`template-parameter",  &_v56,  &_v88);
				E0000000118000A4B0("`template-parameter",  &_v88,  &_v72);
				r8b = 0x27;
				E0000000118000A4DC( &_v88, _t65);
				goto 0x80011076;
				_v88 = _v88 & 0x00000000;
				_v80 = _v80 & 0x00000000;
				return E00000001180002630(E0000000118000F284(_t45, __edi, "`template-parameter", _t65, _t65,  &_v88, _t88, __rsi,  &_v72, __r14, __r15), _t35, _v24 ^ _t92 - 0x00000070);
			}

0x180010f30
0x180010f30
0x180010f35
0x180010f42
0x180010f4c
0x180010f50
0x180010f57
0x180010f5a
0x180010f5f
0x180010f64
0x180010f6b
0x180010f80
0x180010f84
0x180010f88
0x180010f8d
0x180010f92
0x180010f9a
0x180010fa4
0x180010fb3
0x180010fb5
0x180010fbf
0x180010fc1
0x180010fc8
0x180010fd9
0x180010fdf
0x180010fe2
0x180010fe9
0x180010feb
0x180010ff3
0x180010ffd
0x180011006
0x180011008
0x180011011
0x180011016
0x180011018
0x180011026
0x18001102e
0x180011036
0x18001103b
0x18001104b
0x180011050
0x18001105a
0x18001105f
0x180011061
0x18001106a
0x180011096

APIs

DName::DName.LIBVCRUNTIME ref: 0000000180011011

Strings

void, xrefs: 0000000180010F76
`template-parameter, xrefs: 000000018001101F

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: NameName::
String ID: `template-parameter$void
API String ID: 1333004437-4057429177
Opcode ID: a928ba4567eb8d0c64f86aec6b0c261487d33853da6ebf85ddc6a98dfdd17925
Instruction ID: 3719e12460ed648322e7b2c3a85f923c8958d405fcb234db023fa4b6c5639b1e
Opcode Fuzzy Hash: a928ba4567eb8d0c64f86aec6b0c261487d33853da6ebf85ddc6a98dfdd17925
Instruction Fuzzy Hash: CF412732B00B5888FB82CBA4D8513ED33B1B74C7C8F958126EE4967B99DF788649C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012558 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 00000001800125B5
GetLastError.KERNEL32 ref: 00000001800125C3
LoadLibraryExW.KERNEL32 ref: 00000001800125ED
FreeLibrary.KERNEL32 ref: 0000000180012642

Strings

api-ms-, xrefs: 00000001800125D5

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Library$Load$ErrorFreeLast
String ID: api-ms-
API String ID: 3813093105-2084034818
Opcode ID: a9eb857b59b656d45c572f6dc82a7a26febb06602821a0b5adcac4b506806784
Instruction ID: 58d171551988a938a011939bc3f76835963e50b1e8251f59b19d1710096823a8
Opcode Fuzzy Hash: a9eb857b59b656d45c572f6dc82a7a26febb06602821a0b5adcac4b506806784
Instruction Fuzzy Hash: B721CF31202E4481EFD7CB56A4807992390BB4CBF4F198324BE39077E0EE78CA698700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800127A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 00000001800127F5
GetLastError.KERNEL32 ref: 0000000180012803
LoadLibraryExW.KERNEL32 ref: 000000018001282D
FreeLibrary.KERNEL32 ref: 000000018001284E

Strings

api-ms-, xrefs: 0000000180012815

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Library$Load$ErrorFreeLast
String ID: api-ms-
API String ID: 3813093105-2084034818
Opcode ID: e8bde709c85ab105de49ab3f207e9f728f86ffca7dfb08d4ba7392f438b86549
Instruction ID: 25810207d8b6e87a310f608e118c8fbd2375708ac5c6ae3741aef722bef61663
Opcode Fuzzy Hash: e8bde709c85ab105de49ab3f207e9f728f86ffca7dfb08d4ba7392f438b86549
Instruction Fuzzy Hash: D4219F31326F5881EB96DB5694407A423A4FB4DFE4F1A8329EE29477D0EF38D61AC740

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002D928 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E0000000118002D928(void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24) {
				void* _t13;

				_t13 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				E0000000118002CA30(0x19, __rbx, "MessageBoxW", __rdx, "\r", "MessageBoxW");
				if (_t13 == 0) goto 0x8002d993;
				return  *0x8004c3c0();
			}

0x18002d928
0x18002d928
0x18002d92d
0x18002d932
0x18002d962
0x18002d96a
0x18002d992

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002D962
try_get_function.LIBVCRUNTIME ref: 000000018002D9BE

Strings

MessageBoxA, xrefs: 000000018002D99C
MessageBoxW, xrefs: 000000018002D945, 000000018002D956
RoInitialize, xrefs: 000000018002D9A4, 000000018002D9B7

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: try_get_function
String ID: MessageBoxA$MessageBoxW$RoInitialize
API String ID: 2742660187-2080375181
Opcode ID: f03f5c0f5526edf798946e29d5a2ac92b843b7e5548656e0d7dba852ebee2590
Instruction ID: df52becb5d3383f3eaacfc10e67e535a66ffb53cc49ac615b81d73fe74c8134f
Opcode Fuzzy Hash: f03f5c0f5526edf798946e29d5a2ac92b843b7e5548656e0d7dba852ebee2590
Instruction Fuzzy Hash: D511A131700A8CD5EB879B81B4413DA6320EB4C7C4F58882ABF4C17B96EE38C789CB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001602C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 0000000180016048
GetProcAddress.KERNEL32 ref: 000000018001605E
FreeLibrary.KERNEL32 ref: 000000018001607B

Strings

CorExitProcess, xrefs: 0000000180016057
mscoree.dll, xrefs: 000000018001603F

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: ad174b5ef245b008337b00a35a358f2825d715ed5e475803c3b497ae66ee2fcb
Instruction ID: 1a0bd55bd2476652c6da3f15a1140812b965f18209fae42019335fa994c36218
Opcode Fuzzy Hash: ad174b5ef245b008337b00a35a358f2825d715ed5e475803c3b497ae66ee2fcb
Instruction Fuzzy Hash: 75F08271711E4882FFC78BA0E8C07E92360AB8C7C9F099415B947461B1DFA8C6CCC304

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000670C Relevance: 7.8, APIs: 5, Instructions: 290
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E0000000118000670C(signed int __ecx, void* __rax, long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, signed char* __r8, signed char* __r9, long long _a8, long long _a16, long long _a24) {
				intOrPtr _v40;
				void* _t39;
				void* _t41;
				void* _t84;
				long long _t88;
				long long _t100;
				long long* _t121;
				signed char* _t131;

				_t84 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t131 = __r9;
				if (__r8[4] == 0) goto 0x80006748;
				E00000001180004F68(__rax);
				goto 0x8000674e;
				r15d = 0;
				if (__rdi == 0) goto 0x800068ce;
				if (r15d == 0) goto 0x8000676d;
				E00000001180004F68(_t84);
				goto 0x80006770;
				if ( *((intOrPtr*)(__rdi + 0x10)) == dil) goto 0x800068ce;
				if (__r8[8] != 0) goto 0x80006787;
				if ( *__r8 >= 0) goto 0x800068ce;
				if ( *__r8 < 0) goto 0x80006795;
				_t121 = __r8[8] +  *__rdx;
				if (( *__r8 & 0x00000080) == 0) goto 0x800067cc;
				if (( *__r9 & 0x00000010) == 0) goto 0x800067cc;
				_t88 =  *0x800993b0; // 0x0
				if (_t88 == 0) goto 0x800067cc;
				_t39 =  *0x8004c3c0();
				if (_t88 == 0) goto 0x800068ea;
				if (_t121 == 0) goto 0x800068ea;
				 *_t121 = _t88;
				goto 0x8000682b;
				if (( *__r8 & 0x00000008) == 0) goto 0x800067ec;
				_t100 =  *((intOrPtr*)(__rcx + 0x28));
				if (_t100 == 0) goto 0x800068ef;
				if (_t121 == 0) goto 0x800068ef;
				 *_t121 = _t100;
				goto 0x8000682b;
				if (( *__r9 & 0x00000001) == 0) goto 0x8000683c;
				if ( *((intOrPtr*)(__rcx + 0x28)) == 0) goto 0x800068f4;
				if (_t121 == 0) goto 0x800068f4;
				E00000001180005560();
				if (__r9[0x14] != 8) goto 0x800068ca;
				if ( *_t121 == __rdi) goto 0x800068ca;
				E0000000118000521C(_t39,  *_t121,  &(__r9[8]));
				 *_t121 = _t88;
				goto 0x800068ca;
				if ( *((intOrPtr*)(_t131 + 0x18)) == 0) goto 0x80006851;
				_t41 = E00000001180004F7C(_t88);
				goto 0x80006856;
				if (__rdi != 0) goto 0x8000688f;
				if ( *((intOrPtr*)(__rcx + 0x28)) == __rdi) goto 0x800068f9;
				if (_t121 == 0) goto 0x800068f9;
				E0000000118000521C(_t41,  *((intOrPtr*)(__rcx + 0x28)), _t131 + 8);
				E00000001180005560();
				goto 0x800068ca;
				if ( *((intOrPtr*)(__rcx + 0x28)) == __rdi) goto 0x800068fe;
				if (_t121 == 0) goto 0x800068fe;
				if (0 == 0) goto 0x800068af;
				E00000001180004F7C(_t88);
				goto 0x800068b2;
				if (__rdi == 0) goto 0x800068fe;
				asm("sbb ecx, ecx");
				_v40 =  ~__ecx + 1;
				goto 0x800068d0;
				return 0;
			}

0x18000670c
0x18000670c
0x180006711
0x180006716
0x180006725
0x180006737
0x18000673d
0x180006746
0x18000674b
0x180006751
0x18000675a
0x18000675c
0x18000676b
0x180006774
0x18000677d
0x180006781
0x180006789
0x180006792
0x180006798
0x18000679e
0x1800067a0
0x1800067aa
0x1800067ac
0x1800067b5
0x1800067be
0x1800067c4
0x1800067ca
0x1800067cf
0x1800067d1
0x1800067d8
0x1800067e1
0x1800067e7
0x1800067ea
0x1800067f0
0x1800067f9
0x180006802
0x18000680f
0x180006819
0x180006822
0x18000682f
0x180006834
0x180006837
0x180006840
0x180006846
0x18000684f
0x180006859
0x18000685f
0x180006868
0x18000687a
0x180006888
0x18000688d
0x180006893
0x180006898
0x18000689c
0x18000689e
0x1800068ad
0x1800068b5
0x1800068be
0x1800068c6
0x1800068cc
0x1800068e9

APIs

__AdjustPointer.LIBCMT ref: 000000018000682F
__AdjustPointer.LIBCMT ref: 000000018000687A

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 154adfcb006d15a0292370b25a1e38a24cfe7002788225c43d66460d76b471d7
Instruction ID: b05124d9eaee6ec6f53a099cab6cd6ad156435019690a16a58b9dd69e04baa31
Opcode Fuzzy Hash: 154adfcb006d15a0292370b25a1e38a24cfe7002788225c43d66460d76b471d7
Instruction Fuzzy Hash: BCB1B332A06B8C81EAE7DF55D4403A973A6EB4CBD4F09C525BE490BBA5DF34C65AC301

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800319A4 Relevance: 7.7, APIs: 5, Instructions: 158
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E000000011800319A4(signed int __ecx, long long __rbx, signed int __rcx, void* __rdx, signed int __r8, char _a8, long long _a16, unsigned int _a32, unsigned int _a36, signed short _a38) {
				void* _t31;
				signed short _t32;
				unsigned int _t35;
				unsigned int _t36;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				void* _t53;
				unsigned int _t54;
				signed int _t68;
				signed int _t69;
				void* _t72;
				signed int _t73;
				void* _t74;
				signed int _t78;
				signed int _t81;
				signed long long _t85;
				void* _t102;
				void* _t103;

				_a16 = __rbx;
				r14d = 0;
				asm("movaps [esp+0x20], xmm6");
				_t41 = __ecx & 0x0000001f;
				r15d = __ecx;
				_t2 = _t103 + 0x10; // 0x10
				r13d = _t2;
				if ((__ecx & 0x00000008) == 0) goto 0x800319ed;
				if (r12b >= 0) goto 0x800319ed;
				E00000001180032118(_t41, __rcx);
				_t42 = _t41 & 0xfffffff7;
				goto 0x80031bcf;
				_t68 = 0x00000004 & r15b;
				if (_t68 == 0) goto 0x80031a0b;
				asm("dec ecx");
				if (_t68 >= 0) goto 0x80031a0b;
				E00000001180032118(_t42, __rcx);
				_t43 = _t42 & 0xfffffffb;
				goto 0x80031bcf;
				_t69 = sil & r15b;
				if (_t69 == 0) goto 0x80031ace;
				asm("dec ecx");
				if (_t69 >= 0) goto 0x80031ace;
				_t31 = E00000001180032118(_t43, __rcx);
				_t85 = __r8 & __rcx;
				if (_t69 == 0) goto 0x80031a99;
				if (_t85 == 0x2000) goto 0x80031a80;
				if (_t85 == 0x4000) goto 0x80031a67;
				_t72 = _t85 - __rcx;
				if (_t72 != 0) goto 0x80031ac6;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x1f075]");
				asm("movsd xmm0, [0x23d7d]");
				if (_t72 > 0) goto 0x80031ac1;
				goto 0x80031aba;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x1f05c]");
				if (_t72 > 0) goto 0x80031aa8;
				asm("movsd xmm0, [0x23d62]");
				goto 0x80031aba;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x1f043]");
				if (_t72 <= 0) goto 0x80031ab2;
				asm("movsd xmm0, [0x23d49]");
				goto 0x80031ac1;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x1f02a]");
				if (_t72 <= 0) goto 0x80031ab2;
				asm("movsd xmm0, [0x23d20]");
				goto 0x80031ac1;
				asm("movsd xmm0, [0x23d16]");
				asm("xorps xmm0, [0x1f01f]");
				asm("movsd [ebp], xmm0");
				_t44 = _t43 & 0xfffffffe;
				goto 0x80031bcf;
				_t73 = r15b & 0x00000002;
				if (_t73 == 0) goto 0x80031bcf;
				asm("dec ecx");
				if (_t73 >= 0) goto 0x80031bcf;
				asm("movsd xmm0, [edx]");
				asm("xorps xmm6, xmm6");
				asm("ucomisd xmm0, xmm6");
				if (_t73 != 0) goto 0x80031b01;
				if (_t73 != 0) goto 0x80031b01;
				goto 0x80031bc0;
				_t32 = E0000000118003CE28(_t31, _t73,  &_a8);
				_t53 = _a8 + 0xfffffa00;
				asm("movsd [esp+0x88], xmm0");
				_t74 = _t53 - 0xfffffbce;
				if (_t74 >= 0) goto 0x80031b31;
				asm("mulsd xmm0, xmm6");
				goto 0x80031bbb;
				r8d = r14d;
				asm("comisd xmm6, xmm0");
				r8b = _t74 > 0;
				_a38 = _t32 & 0x0000000f | r13w;
				if (_t53 - 0xfffffc03 >= 0) goto 0x80031ba6;
				_t35 = _a32;
				_t54 = _a36;
				if ((sil & _t35) == 0) goto 0x80031b7f;
				_t64 =  ==  ? 1 : 1;
				_t36 = _t35 >> 1;
				_a32 = _t36;
				_t78 = sil & _t54;
				if (_t78 == 0) goto 0x80031b98;
				asm("bts eax, 0x1f");
				_a32 = _t36;
				if (_t78 != 0) goto 0x80031b75;
				_a36 = _t54 >> 1;
				asm("movsd xmm0, [esp+0x88]");
				if (r8d == 0) goto 0x80031bbb;
				asm("xorps xmm0, [0x1ef25]");
				asm("movsd [ebp], xmm0");
				_t80 =  ==  ? 1 : 1;
				if (( ==  ? 1 : 1) == 0) goto 0x80031bcc;
				E00000001180032118(_t44, _t102);
				_t45 = _t44 & 0xfffffffd;
				_t81 = r13b & r15b;
				if (_t81 == 0) goto 0x80031be8;
				asm("dec ecx");
				if (_t81 >= 0) goto 0x80031be8;
				E00000001180032118(_t45, _t102);
				asm("movaps xmm6, [esp+0x20]");
				r14b = (_t45 & 0xffffffef) == 0;
				return r14d;
			}

0x1800319a4
0x1800319b8
0x1800319bb
0x1800319c5
0x1800319cb
0x1800319ce
0x1800319ce
0x1800319d5
0x1800319da
0x1800319e0
0x1800319e5
0x1800319e8
0x1800319f2
0x1800319f5
0x1800319f7
0x1800319fc
0x1800319fe
0x180031a03
0x180031a06
0x180031a10
0x180031a13
0x180031a19
0x180031a1e
0x180031a27
0x180031a34
0x180031a37
0x180031a3f
0x180031a47
0x180031a49
0x180031a4c
0x180031a4e
0x180031a53
0x180031a5b
0x180031a63
0x180031a65
0x180031a67
0x180031a6c
0x180031a74
0x180031a76
0x180031a7e
0x180031a80
0x180031a85
0x180031a8d
0x180031a8f
0x180031a97
0x180031a99
0x180031a9e
0x180031aa6
0x180031aa8
0x180031ab0
0x180031ab2
0x180031aba
0x180031ac1
0x180031ac6
0x180031ac9
0x180031ace
0x180031ad2
0x180031ad8
0x180031add
0x180031ae3
0x180031aed
0x180031af2
0x180031af6
0x180031af8
0x180031afc
0x180031b06
0x180031b0f
0x180031b15
0x180031b1e
0x180031b24
0x180031b26
0x180031b2c
0x180031b39
0x180031b3c
0x180031b40
0x180031b50
0x180031b5e
0x180031b60
0x180031b6e
0x180031b78
0x180031b7c
0x180031b7f
0x180031b81
0x180031b88
0x180031b8b
0x180031b8d
0x180031b91
0x180031b9d
0x180031b9f
0x180031ba6
0x180031bb2
0x180031bb4
0x180031bbb
0x180031bc0
0x180031bc2
0x180031bc7
0x180031bcc
0x180031bcf
0x180031bd2
0x180031bd4
0x180031bd9
0x180031be0
0x180031be8
0x180031bf4
0x180031c0a

APIs

_set_statfp.LIBCMT ref: 00000001800319E0
_set_statfp.LIBCMT ref: 00000001800319FE
_set_statfp.LIBCMT ref: 0000000180031A27
_set_statfp.LIBCMT ref: 0000000180031BE0

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 918262eae7c7bee98d31977dd47aa203d22a9e6dac168ea1f2cb40da95b3dc3d
Instruction ID: 2e46f5c90a582ec54c73d343c3d33e19a53b6d0d43a6b4aa6ccf40c75138c48b
Opcode Fuzzy Hash: 918262eae7c7bee98d31977dd47aa203d22a9e6dac168ea1f2cb40da95b3dc3d
Instruction Fuzzy Hash: 7851F737204E4C8AF3E39B34E4503EBA365FB4D3D2F56C205BA56265D4EF3486898740

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D644 Relevance: 7.6, APIs: 5, Instructions: 94
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 93%

			E0000000118000D644(void* __edx, long long __rbx, long long* __rcx, long long __rdi, long long __rsi, void* __r10, void* __r11, long long __r14) {
				void* _v8;
				char _v24;
				char _v40;
				char _v56;
				intOrPtr _v64;
				char _v72;
				void* _t31;
				void* _t34;
				void* _t35;
				signed int _t36;
				signed int _t37;
				void* _t40;
				void* _t54;
				char* _t65;
				char* _t66;
				char _t78;
				long long* _t85;
				void* _t92;

				_t54 = _t92;
				 *((long long*)(_t54 + 8)) = __rbx;
				 *((long long*)(_t54 + 0x10)) = __rsi;
				 *((long long*)(_t54 + 0x18)) = __rdi;
				 *((long long*)(_t54 + 0x20)) = __r14;
				r14d = 0;
				_t85 = __rcx;
				_t65 =  *0x80099490; // 0x0
				sil = __edx;
				if ( *_t65 != 0x51) goto 0x8000d683;
				_t66 = _t65 + 1;
				 *0x80099490 = _t66;
				_t78 =  *_t66;
				if (__edx != 0) goto 0x8000d69e;
				 *((intOrPtr*)(__rcx + 8)) = r14d;
				 *__rcx = 0x8004e150;
				goto 0x8000d771;
				_t6 = _t78 - 0x30; // -48
				if (_t6 - 9 > 0) goto 0x8000d702;
				 *0x80099490 = _t66 + 1;
				if (1 == 0) goto 0x8000d6ea;
				_t7 = _t78 - 0x2f; // -47
				E0000000118000A130(_t7,  &_v56, _t7, __rsi, __r10);
				E00000001180009F6C(0x8004e150,  &_v40, 0x80098040);
				_t31 = E0000000118000A4B0(0x8004e150,  &_v72, 0x8004e150);
				goto 0x8000d6f7;
				E0000000118000A130(_t31,  &_v24,  &_v72 - 0x2f, __rsi, __r10);
				 *_t85 = _v72;
				goto 0x8000d76e;
				_t34 = E00000001180011730(_t40,  &_v72,  &_v72 - 0x2f);
				if (_v64 == r14b) goto 0x8000d74e;
				 *0x80099490 =  *0x80099490 + 1;
				if (sil == 0) goto 0x8000d73b;
				if (1 == 0) goto 0x8000d730;
				_t35 = E0000000118000A088(_t34,  &_v24, _v72, __rsi, __r11);
				goto 0x8000d6c2;
				_t36 = E0000000118000A088(_t35,  &_v56, _v72, __rsi, __r11);
				goto 0x8000d6f7;
				if (1 == 0) goto 0x8000d748;
				goto 0x8000d6bd;
				goto 0x8000d6f2;
				_t59 =  !=  ? __r14 : 0x8004e150;
				 *_t85 =  !=  ? __r14 : 0x8004e150;
				asm("sbb eax, eax");
				_t37 = _t36 & 0x00000002;
				 *(_t85 + 8) = _t37;
				return _t37;
			}

0x18000d644
0x18000d647
0x18000d64b
0x18000d64f
0x18000d653
0x18000d65f
0x18000d662
0x18000d665
0x18000d66c
0x18000d675
0x18000d677
0x18000d67c
0x18000d683
0x18000d689
0x18000d692
0x18000d696
0x18000d699
0x18000d69e
0x18000d6a3
0x18000d6a8
0x18000d6b1
0x18000d6b3
0x18000d6bd
0x18000d6d0
0x18000d6df
0x18000d6e8
0x18000d6f2
0x18000d6fd
0x18000d700
0x18000d706
0x18000d70f
0x18000d711
0x18000d71f
0x18000d723
0x18000d729
0x18000d72e
0x18000d734
0x18000d739
0x18000d73d
0x18000d743
0x18000d74c
0x18000d760
0x18000d766
0x18000d769
0x18000d76b
0x18000d76e
0x18000d78d

APIs

DName::DName.LIBVCRUNTIME ref: 000000018000D6BD
DName::operator+.LIBVCRUNTIME ref: 000000018000D6DF
DName::DName.LIBVCRUNTIME ref: 000000018000D6F2
DName::DName.LIBVCRUNTIME ref: 000000018000D729
DName::DName.LIBVCRUNTIME ref: 000000018000D734

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: NameName::$Name::operator+
String ID:
API String ID: 826178784-0
Opcode ID: 093edc309031aa72dba1e0e1d74180d29823b1eed28b8e27f692b9de3ff7dafb
Instruction ID: ff91e01311a93c065ac93126985b48f162baa81db922d7ea3193700040ec8f31
Opcode Fuzzy Hash: 093edc309031aa72dba1e0e1d74180d29823b1eed28b8e27f692b9de3ff7dafb
Instruction Fuzzy Hash: E9416532315A9C99EB92CB61E8903EC37B8B75DBC4F948022EA8D53395EF35C659C310

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024C28 Relevance: 7.6, APIs: 5, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00000001180024C28(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x80024c5a;
				if (sil >= 0) goto 0x80024c5a;
				E00000001180032118(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x80024cb1;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x80024c75;
				asm("dec eax");
				if (_t42 >= 0) goto 0x80024c75;
				E00000001180032118(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x80024cb1;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x80024c91;
				asm("dec eax");
				if (_t43 >= 0) goto 0x80024c91;
				E00000001180032118(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x80024cb1;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x80024cb1;
				asm("dec eax");
				if (_t44 >= 0) goto 0x80024cb1;
				if ((dil & 0x00000010) == 0) goto 0x80024cae;
				E00000001180032118(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x80024ccb;
				asm("dec eax");
				if (_t46 >= 0) goto 0x80024ccb;
				E00000001180032118(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}

0x180024c28
0x180024c2d
0x180024c3c
0x180024c44
0x180024c49
0x180024c50
0x180024c55
0x180024c58
0x180024c5f
0x180024c62
0x180024c64
0x180024c69
0x180024c6b
0x180024c70
0x180024c73
0x180024c75
0x180024c79
0x180024c7b
0x180024c80
0x180024c87
0x180024c8c
0x180024c8f
0x180024c91
0x180024c95
0x180024c97
0x180024c9c
0x180024ca2
0x180024ca9
0x180024cae
0x180024cb1
0x180024cb5
0x180024cb7
0x180024cbc
0x180024cc3
0x180024ce1

APIs

_set_statfp.LIBCMT ref: 0000000180024C50
_set_statfp.LIBCMT ref: 0000000180024C6B
_set_statfp.LIBCMT ref: 0000000180024C87
_set_statfp.LIBCMT ref: 0000000180024CC3

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: c727d3c36dc1988eb5977ef57bc744b9e3cb53baa47620f50c000476c00819da
Instruction ID: 1f594a2ad207c4ca45db56182570bc3e262f2f607ccb0b3c2d6d202b1311f93b
Opcode Fuzzy Hash: c727d3c36dc1988eb5977ef57bc744b9e3cb53baa47620f50c000476c00819da
Instruction Fuzzy Hash: 8E11E937A51A0C01F7D7122CE5533E91380AB6C3F4F66C624BB771EBD68E688B495300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013B9C Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 488
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E00000001180013B9C(signed short* __rax, long long __rbx, void* __rcx, signed short** __rdx, long long __rbp, void* __r8, long long _a8, void* _a16, long long _a24) {
				void* _v40;
				intOrPtr _v48;
				char _v72;
				void* __rsi;
				signed int _t104;
				signed int _t148;
				signed short _t179;
				signed short _t180;
				signed int _t181;
				signed int _t183;
				void* _t231;
				signed int _t237;
				signed int _t245;
				signed int _t247;
				signed int _t249;
				void* _t345;
				signed short* _t370;
				signed short* _t371;
				signed short* _t372;
				signed short* _t373;
				signed short* _t374;
				signed short* _t377;
				intOrPtr* _t379;
				long long _t380;
				char* _t383;
				signed short* _t384;
				signed short* _t385;
				long long* _t386;
				void* _t394;
				long long* _t395;
				long long* _t396;
				long long* _t397;
				signed short** _t398;
				void* _t399;
				void* _t405;
				void* _t407;

				_t405 = __r8;
				_t380 = __rbx;
				_a8 = __rbx;
				_a24 = __rbp;
				r12d = 0;
				sil = r9b;
				r14d = r8d;
				_t398 = __rdx;
				if ( *((intOrPtr*)(__rdx)) != _t407) goto 0x80013bd8;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				goto 0x80014155;
				if (r14d == 0) goto 0x80013be6;
				_t3 = _t405 - 2; // -2
				if (_t3 - 0x22 > 0) goto 0x80013bc3;
				_t394 = __rcx;
				_t383 =  &_v72;
				E00000001180014D4C(__rax, __rbx, _t383, __rcx, _t399);
				_t247 = r12d;
				_a16 =  *_t398;
				goto 0x80013c12;
				 *_t398 =  &(( *_t398)[1]);
				if (E00000001180024FAC( *( *_t398) & 0xffff, 8, _t380, _t383) != 0) goto 0x80013c08;
				_t104 = sil & 0xffffffff;
				_t244 =  !=  ? _t104 : _t104 | 0x00000002;
				_t7 = _t380 - 0x2b; // -43
				if ((0x0000fffd & _t7) != 0) goto 0x80013c50;
				_t370 =  *_t398;
				_t179 =  *_t370 & 0x0000ffff;
				_t371 =  &(_t370[1]);
				 *_t398 = _t371;
				r10d = r10d | 0xffffffff;
				r11d = 0x30;
				r8d = 0x6f0;
				_t10 = _t371 - 0x80; // 0x670
				r9d = _t10;
				if ((r14d & 0xffffffef) != 0) goto 0x80013ee1;
				if (_t179 - r11w < 0) goto 0x80013e41;
				if (_t179 - 0x3a >= 0) goto 0x80013c9b;
				goto 0x80013e3c;
				if (_t179 - 0xff10 >= 0) goto 0x80013e2b;
				if (_t179 - 0x660 < 0) goto 0x80013e41;
				if (_t179 - 0x66a >= 0) goto 0x80013cc1;
				goto 0x80013e3c;
				if (_t179 - r8w < 0) goto 0x80013e41;
				if (_t179 - 0x6fa >= 0) goto 0x80013ce0;
				goto 0x80013e3c;
				if (_t179 - r9w < 0) goto 0x80013e41;
				if (_t179 - 0x970 >= 0) goto 0x80013cff;
				goto 0x80013e3c;
				if (_t179 - (_t179 & 0x0000ffff) - r9d < 0) goto 0x80013e41;
				if (_t179 - 0x9f0 >= 0) goto 0x80013d1f;
				goto 0x80013e3c;
				if (_t179 - 0xa66 < 0) goto 0x80013e41;
				_t13 = _t383 + 0xa; // 0xa70
				if (_t179 - _t13 >= 0) goto 0x80013d3f;
				goto 0x80013e3c;
				if (_t179 - 0xae6 < 0) goto 0x80013e41;
				_t14 = _t383 + 0xa; // 0xaf0
				if (_t179 - _t14 < 0) goto 0x80013d35;
				_t15 =  &(_t371[0x3b]); // 0xb66
				if (_t179 - _t15 < 0) goto 0x80013e41;
				_t16 = _t383 + 0xa; // 0xb70
				if (_t179 - _t16 < 0) goto 0x80013d35;
				if (_t179 - 0xc66 < 0) goto 0x80013e41;
				_t17 = _t383 + 0xa; // 0xc70
				if (_t179 - _t17 < 0) goto 0x80013d35;
				_t18 =  &(_t371[0x3b]); // 0xce6
				if (_t179 - _t18 < 0) goto 0x80013e41;
				_t19 = _t383 + 0xa; // 0xcf0
				if (_t179 - _t19 < 0) goto 0x80013d35;
				_t20 =  &(_t371[0x3b]); // 0xd66
				if (_t179 - _t20 < 0) goto 0x80013e41;
				_t21 = _t383 + 0xa; // 0xd70
				if (_t179 - _t21 < 0) goto 0x80013d35;
				if (_t179 - 0xe50 < 0) goto 0x80013e41;
				_t22 = _t383 + 0xa; // 0xe5a
				if (_t179 - _t22 < 0) goto 0x80013d35;
				_t23 =  &(_t371[0x3b]); // 0xed0
				if (_t179 - _t23 < 0) goto 0x80013e41;
				_t24 = _t383 + 0xa; // 0xeda
				if (_t179 - _t24 < 0) goto 0x80013d35;
				_t25 =  &(_t371[0x23]); // 0xf20
				if (_t179 - _t25 < 0) goto 0x80013e41;
				_t26 = _t383 + 0xa; // 0xf2a
				if (_t179 - _t26 < 0) goto 0x80013d35;
				if (_t179 - 0x1040 < 0) goto 0x80013e41;
				_t27 = _t383 + 0xa; // 0x104a
				if (_t179 - _t27 < 0) goto 0x80013d35;
				if (_t179 - 0x17e0 < 0) goto 0x80013e41;
				_t28 = _t383 + 0xa; // 0x17ea
				if (_t179 - _t28 < 0) goto 0x80013d35;
				if ((_t179 & 0x0000ffff) - 0x1810 - 9 > 0) goto 0x80013e41;
				goto 0x80013d35;
				if (_t179 - 0xff1a < 0) goto 0x80013d35;
				if (0xffffffff != 0xffffffff) goto 0x80013e65;
				_t29 = _t383 - 0x41; // 0xfecf
				_t30 = _t383 - 0x61; // 0xfeaf
				if (_t29 - 0x19 <= 0) goto 0x80013e59;
				if (_t30 - 0x19 <= 0) goto 0x80013e59;
				goto 0x80013e65;
				_t31 = _t383 - 0x20; // 0xfef0
				_t138 =  >  ? _t179 & 0x0000ffff : _t31;
				_t139 = ( >  ? _t179 & 0x0000ffff : _t31) + 0xffffffc9;
				_t298 = ( >  ? _t179 & 0x0000ffff : _t31) + 0xffffffc9;
				if (( >  ? _t179 & 0x0000ffff : _t31) + 0xffffffc9 == 0) goto 0x80013e70;
				goto 0x80013ed7;
				_t372 =  *_t398;
				r8d = 0xffdf;
				_t237 =  *_t372 & 0x0000ffff;
				_t32 =  &(_t372[1]); // 0xffe1
				_t384 = _t32;
				 *_t398 = _t384;
				_t33 = _t394 - 0x58; // 0xfe57
				if ((r8w & _t33) == 0) goto 0x80013ec8;
				_t143 =  !=  ? r14d : 8;
				_t385 =  &(_t384[0xffffffffffffffff]);
				 *_t398 = _t385;
				r14d =  !=  ? r14d : 8;
				if (_t237 == 0) goto 0x80013ee1;
				if ( *_t385 == _t237) goto 0x80013ee1;
				E00000001180025224(_t372);
				 *_t372 = 0x16;
				E00000001180015940();
				r10d = r10d | 0xffffffff;
				r11d = 0x30;
				goto 0x80013ee1;
				_t180 =  *_t385 & 0x0000ffff;
				_t36 =  &(_t385[1]); // 0xffe3
				_t373 = _t36;
				 *_t398 = _t373;
				_t147 =  !=  ? r14d : 0x10;
				r14d =  !=  ? r14d : 0x10;
				_t148 = r10d;
				r12d = 0xff10;
				r15d = 0x660;
				r9d = _t148 % r14d;
				r8d = _t148 / r14d;
				if (_t180 - r11w < 0) goto 0x800140ad;
				if (_t180 - 0x3a >= 0) goto 0x80013f16;
				goto 0x800140a8;
				if (_t180 - r12w >= 0) goto 0x80014093;
				if (_t180 - r15w < 0) goto 0x800140ad;
				if (_t180 - 0x66a >= 0) goto 0x80013f3f;
				goto 0x800140a8;
				if (_t180 - 0x6f0 < 0) goto 0x800140ad;
				_t41 =  &(_t373[5]); // 0x6fa
				if (_t180 - _t41 >= 0) goto 0x80013f5f;
				goto 0x800140a8;
				if (_t180 - 0x966 < 0) goto 0x800140ad;
				_t42 =  &(_t373[5]); // 0x970
				if (_t180 - _t42 < 0) goto 0x80013f55;
				_t43 =  &(_t385[0x3b]); // 0x9e6
				if (_t180 - _t43 < 0) goto 0x800140ad;
				_t44 =  &(_t373[5]); // 0x9f0
				if (_t180 - _t44 < 0) goto 0x80013f55;
				_t45 =  &(_t385[0x3b]); // 0xa66
				if (_t180 - _t45 < 0) goto 0x800140ad;
				_t46 =  &(_t373[5]); // 0xa70
				if (_t180 - _t46 < 0) goto 0x80013f55;
				_t47 =  &(_t385[0x3b]); // 0xae6
				if (_t180 - _t47 < 0) goto 0x800140ad;
				_t48 =  &(_t373[5]); // 0xaf0
				if (_t180 - _t48 < 0) goto 0x80013f55;
				_t49 =  &(_t385[0x3b]); // 0xb66
				if (_t180 - _t49 < 0) goto 0x800140ad;
				_t50 =  &(_t373[5]); // 0xb70
				if (_t180 - _t50 < 0) goto 0x80013f55;
				if (_t180 - 0xc66 < 0) goto 0x800140ad;
				_t51 =  &(_t373[5]); // 0xc70
				if (_t180 - _t51 < 0) goto 0x80013f55;
				_t52 =  &(_t385[0x3b]); // 0xce6
				if (_t180 - _t52 < 0) goto 0x800140ad;
				_t53 =  &(_t373[5]); // 0xcf0
				if (_t180 - _t53 < 0) goto 0x80013f55;
				_t54 =  &(_t385[0x3b]); // 0xd66
				if (_t180 - _t54 < 0) goto 0x800140ad;
				_t55 =  &(_t373[5]); // 0xd70
				if (_t180 - _t55 < 0) goto 0x80013f55;
				if (_t180 - 0xe50 < 0) goto 0x800140ad;
				_t56 =  &(_t373[5]); // 0xe5a
				if (_t180 - _t56 < 0) goto 0x80013f55;
				_t57 =  &(_t385[0x3b]); // 0xed0
				if (_t180 - _t57 < 0) goto 0x800140ad;
				_t58 =  &(_t373[5]); // 0xeda
				if (_t180 - _t58 < 0) goto 0x80013f55;
				_t59 =  &(_t385[0x23]); // 0xf20
				if (_t180 - _t59 < 0) goto 0x800140ad;
				_t60 =  &(_t373[5]); // 0xf2a
				if (_t180 - _t60 < 0) goto 0x80013f55;
				if (_t180 - 0x1040 < 0) goto 0x800140ad;
				_t61 =  &(_t373[5]); // 0x104a
				if (_t180 - _t61 < 0) goto 0x80013f55;
				if (_t180 - 0x17e0 < 0) goto 0x800140ad;
				_t62 =  &(_t373[5]); // 0x17ea
				if (_t180 - _t62 < 0) goto 0x80013f55;
				_t63 =  &(_t385[0x13]); // 0x1810
				if ((_t180 & 0x0000ffff) - _t63 - 9 > 0) goto 0x800140ad;
				goto 0x800140a8;
				if (_t180 - 0xff1a >= 0) goto 0x800140a5;
				goto 0x800140a8;
				if (((_t180 & 0x0000ffff) - r12d | 0xffffffff) != 0xffffffff) goto 0x800140d1;
				_t64 = _t394 - 0x41; // -65
				_t65 = _t394 - 0x61; // -97
				if (_t64 - 0x19 <= 0) goto 0x800140c5;
				if (_t65 - 0x19 <= 0) goto 0x800140c5;
				goto 0x800140d1;
				_t66 = _t394 - 0x20; // -32
				_t230 =  >  ? _t180 & 0x0000ffff : _t66;
				_t231 = ( >  ? _t180 & 0x0000ffff : _t66) - 0x37;
				if (_t231 == r10d) goto 0x8001410d;
				if (_t231 - r14d >= 0) goto 0x8001410d;
				_t345 = _t247 - r8d;
				if (_t345 < 0) goto 0x800140ee;
				if (_t345 != 0) goto 0x800140e7;
				if (_t231 - r9d <= 0) goto 0x800140ee;
				goto 0x800140f9;
				_t249 = _t247 * r14d + 0xc;
				_t374 =  *_t398;
				_t181 =  *_t374 & 0x0000ffff;
				 *_t398 =  &(_t374[1]);
				_t245 = ( !=  ? _t104 : _t104 | 0x00000002) | 0x00000008;
				goto 0x80013efb;
				r12d = 0;
				_t377 =  &(( *_t398)[0xffffffffffffffff]);
				 *_t398 = _t377;
				if (_t181 == 0) goto 0x80014139;
				if ( *_t377 == _t181) goto 0x80014139;
				E00000001180025224(_t377);
				 *_t377 = 0x16;
				E00000001180015940();
				if ((sil & 0x00000008) != 0) goto 0x8001416b;
				 *_t398 = _a16;
				if (_v48 == r12b) goto 0x80014155;
				 *(_v72 + 0x3a8) =  *(_v72 + 0x3a8) & 0xfffffffd;
				_t386 = _t398[1];
				if (_t386 == 0) goto 0x80014164;
				_t379 =  *_t398;
				 *_t386 = _t379;
				goto 0x8001422b;
				r14d = 0x7fffffff;
				_t183 = _t245 & 0x00000001;
				r15d = 0x80000000;
				if ((sil & 0x00000004) != 0) goto 0x80014191;
				if (_t183 == 0) goto 0x800141d1;
				if ((sil & 0x00000002) == 0) goto 0x800141cc;
				if (_t249 - r15d <= 0) goto 0x800141d1;
				E00000001180025224(_t379);
				 *_t379 = 0x22;
				if (_t183 != 0) goto 0x800141db;
				if (_v48 == r12b) goto 0x800141b9;
				 *(_v72 + 0x3a8) =  *(_v72 + 0x3a8) & 0xfffffffd;
				_t395 = _t398[1];
				if (_t395 == 0) goto 0x800141c8;
				 *_t395 =  *_t398;
				goto 0x8001422b;
				if ((_t249 | 0xffffffff) - r14d > 0) goto 0x80014191;
				if ((sil & 0x00000002) == 0) goto 0x800141a6;
				goto 0x800141a6;
				if ((_t245 & 0x00000002) == 0) goto 0x80014206;
				if (_v48 == r12b) goto 0x800141f2;
				 *(_v72 + 0x3a8) =  *(_v72 + 0x3a8) & 0xfffffffd;
				_t396 = _t398[1];
				if (_t396 == 0) goto 0x80014201;
				 *_t396 =  *_t398;
				goto 0x8001422b;
				if (_v48 == r12b) goto 0x80014219;
				 *(_v72 + 0x3a8) =  *(_v72 + 0x3a8) & 0xfffffffd;
				_t397 = _t398[1];
				if (_t397 == 0) goto 0x80014228;
				 *_t397 =  *_t398;
				return r14d;
			}

0x180013b9c
0x180013b9c
0x180013b9c
0x180013ba1
0x180013bb2
0x180013bb5
0x180013bb8
0x180013bbb
0x180013bc1
0x180013bc3
0x180013bc8
0x180013bce
0x180013bd3
0x180013bdb
0x180013bdd
0x180013be4
0x180013be6
0x180013be9
0x180013bee
0x180013bf6
0x180013bf9
0x180013c06
0x180013c17
0x180013c24
0x180013c26
0x180013c38
0x180013c3b
0x180013c41
0x180013c43
0x180013c46
0x180013c49
0x180013c4d
0x180013c55
0x180013c63
0x180013c69
0x180013c6f
0x180013c6f
0x180013c7a
0x180013c84
0x180013c8e
0x180013c96
0x180013c9e
0x180013ca7
0x180013cb5
0x180013cbc
0x180013cc5
0x180013cd3
0x180013cdb
0x180013ce4
0x180013cf2
0x180013cfa
0x180013d02
0x180013d10
0x180013d1a
0x180013d27
0x180013d2d
0x180013d33
0x180013d3a
0x180013d47
0x180013d4d
0x180013d53
0x180013d55
0x180013d5b
0x180013d61
0x180013d67
0x180013d71
0x180013d77
0x180013d7d
0x180013d7f
0x180013d85
0x180013d8b
0x180013d91
0x180013d93
0x180013d99
0x180013d9f
0x180013da5
0x180013daf
0x180013db5
0x180013dbb
0x180013dc1
0x180013dc7
0x180013dc9
0x180013dcf
0x180013dd5
0x180013ddb
0x180013ddd
0x180013de3
0x180013df1
0x180013df3
0x180013df9
0x180013e07
0x180013e09
0x180013e0f
0x180013e24
0x180013e26
0x180013e33
0x180013e3f
0x180013e44
0x180013e47
0x180013e4d
0x180013e52
0x180013e57
0x180013e5c
0x180013e5f
0x180013e62
0x180013e65
0x180013e67
0x180013e6e
0x180013e70
0x180013e73
0x180013e79
0x180013e7c
0x180013e7c
0x180013e80
0x180013e83
0x180013e8a
0x180013e94
0x180013e98
0x180013e9c
0x180013e9f
0x180013ea5
0x180013eaa
0x180013eac
0x180013eb1
0x180013eb7
0x180013ebc
0x180013ec0
0x180013ec6
0x180013ec8
0x180013ecb
0x180013ecb
0x180013ecf
0x180013eda
0x180013ede
0x180013ee3
0x180013ee9
0x180013eef
0x180013ef5
0x180013ef8
0x180013eff
0x180013f09
0x180013f11
0x180013f1a
0x180013f24
0x180013f32
0x180013f3a
0x180013f47
0x180013f4d
0x180013f53
0x180013f5a
0x180013f67
0x180013f6d
0x180013f73
0x180013f75
0x180013f7b
0x180013f81
0x180013f87
0x180013f89
0x180013f8f
0x180013f95
0x180013f9b
0x180013f9d
0x180013fa3
0x180013fa9
0x180013faf
0x180013fb1
0x180013fb7
0x180013fbd
0x180013fc3
0x180013fcd
0x180013fd3
0x180013fd9
0x180013fdf
0x180013fe5
0x180013feb
0x180013ff1
0x180013ff7
0x180013ffd
0x180014003
0x180014009
0x180014017
0x18001401d
0x180014023
0x180014029
0x18001402f
0x180014031
0x180014037
0x18001403d
0x180014043
0x180014045
0x18001404b
0x180014059
0x18001405b
0x180014061
0x18001406f
0x180014071
0x180014077
0x180014080
0x18001408a
0x180014091
0x18001409b
0x1800140a3
0x1800140ab
0x1800140b0
0x1800140b6
0x1800140b9
0x1800140be
0x1800140c3
0x1800140c8
0x1800140cb
0x1800140ce
0x1800140d4
0x1800140d9
0x1800140db
0x1800140de
0x1800140e0
0x1800140e5
0x1800140ec
0x1800140f2
0x1800140f9
0x1800140fc
0x180014103
0x180014106
0x180014108
0x180014110
0x180014118
0x18001411c
0x180014122
0x180014127
0x180014129
0x18001412e
0x180014134
0x18001413d
0x18001413f
0x180014147
0x18001414e
0x180014155
0x18001415c
0x18001415e
0x180014161
0x180014166
0x18001416d
0x180014173
0x180014176
0x180014180
0x180014184
0x18001418a
0x18001418f
0x180014194
0x180014199
0x1800141a1
0x1800141ab
0x1800141b2
0x1800141b9
0x1800141c0
0x1800141c5
0x1800141ca
0x1800141cf
0x1800141d5
0x1800141d9
0x1800141dd
0x1800141e4
0x1800141eb
0x1800141f2
0x1800141f9
0x1800141fe
0x180014204
0x18001420b
0x180014212
0x180014219
0x180014220
0x180014225
0x180014243

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180013BCE

Strings

-, xrefs: 0000000180013C34

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -
API String ID: 3215553584-2547889144
Opcode ID: 28f95cf2e13ddb4e759dfecf945a9a029bcb324f9c4306a9b37e258b4b88ff34
Instruction ID: e8519c4ae909dc60e1360e78ac95ce9854ce64e6b27cc5e8b6b98fef9737d2c1
Opcode Fuzzy Hash: 28f95cf2e13ddb4e759dfecf945a9a029bcb324f9c4306a9b37e258b4b88ff34
Instruction Fuzzy Hash: 4B120636701A89C5FFA29A19D0553E872D6E75CBE0FD8C126F6968B2D0DF34CB898304

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001D180 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E0000000118001D180(signed int __edi, signed short* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				intOrPtr _t64;
				signed int _t65;
				intOrPtr _t71;
				signed int _t83;
				signed int _t86;
				signed int _t100;
				signed int _t103;
				intOrPtr _t115;
				signed short* _t136;
				signed short* _t137;
				void* _t139;
				void* _t152;
				signed int* _t153;
				void* _t159;
				signed int* _t161;

				_t149 = __rdx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t103 = __edi | 0xffffffff;
				_t139 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == __rbp) goto 0x8001d404;
				if ( *(__rcx + 0x18) != __rbp) goto 0x8001d1c8;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				goto 0x8001d41b;
				r12d = 0x20;
				 *((intOrPtr*)(__rcx + 0x478)) =  *((intOrPtr*)(__rcx + 0x478)) + 1;
				_t64 =  *((intOrPtr*)(__rcx + 0x478));
				if (_t64 == 3) goto 0x8001d418;
				if (_t64 != 2) goto 0x8001d1fc;
				if ( *((intOrPtr*)(__rcx + 0x47c)) == 1) goto 0x8001d418;
				_t136 =  *((intOrPtr*)(__rcx + 0x480));
				_t161 = __rcx + 0x34;
				_t153 = __rcx + 0x38;
				 *((intOrPtr*)(__rcx + 0x47c)) = 0;
				 *(__rcx + 0xde8) = _t103;
				 *(__rcx + 0xdec) = _t103;
				 *_t161 = 0;
				 *_t153 = 0;
				 *(__rcx + 0x18) = _t136;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *(__rcx + 0x2c) = 0;
				_t65 =  *_t136 & 0x0000ffff;
				 *(__rcx + 0x42) = _t65;
				if (_t65 == 0) goto 0x8001d3ee;
				 *(__rcx + 0x18) =  &(( *(__rcx + 0x18))[1]);
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x8001d3f3;
				if (( *(__rcx + 0x42) & 0xffff) - r12w - 0x5a > 0) goto 0x8001d26f;
				asm("lfence");
				goto 0x8001d271;
				 *(__rcx + 0x2c) = ( *(__rcx + 0x8004e740) & 0x000000ff) >> 4;
				if (E00000001180022F14(__rcx, __rdx) == 0) goto 0x8001d414;
				_t71 =  *((intOrPtr*)(_t139 + 0x2c));
				if (_t71 == 8) goto 0x8001d404;
				_t115 = _t71;
				if (_t115 == 0) goto 0x8001d3ce;
				if (_t115 == 0) goto 0x8001d3b9;
				if (_t115 == 0) goto 0x8001d379;
				if (_t115 == 0) goto 0x8001d337;
				if (_t115 == 0) goto 0x8001d330;
				if (_t115 == 0) goto 0x8001d2ee;
				if (_t115 == 0) goto 0x8001d2e1;
				if (_t71 - 0xfffffffffffffffc != 1) goto 0x8001d414;
				E0000000118001FF10(_t139, _t139, _t149, __rbp);
				goto 0x8001d3d6;
				E0000000118001ED64(_t136, _t139);
				goto 0x8001d3d6;
				if ( *(_t139 + 0x42) == 0x2a) goto 0x8001d305;
				E0000000118001C0C0(_t136, _t139, _t139, _t153, _t152, _t153);
				goto 0x8001d3d6;
				if (E00000001180022C30(_t136, _t139, _t139, _t153, _t159) == 0) goto 0x8001d414;
				if ( *((intOrPtr*)(_t139 + 0x478)) != 1) goto 0x8001d328;
				if ( *((intOrPtr*)(_t139 + 0x47c)) != 1) goto 0x8001d3da;
				if ( *_t153 >= 0) goto 0x8001d375;
				 *_t153 = _t103;
				goto 0x8001d375;
				 *_t153 = 0;
				goto 0x8001d3da;
				if ( *(_t139 + 0x42) == 0x2a) goto 0x8001d346;
				goto 0x8001d2fb;
				if (E000000011800229EC(_t136, _t139, _t139, _t153, _t159) == 0) goto 0x8001d414;
				if ( *((intOrPtr*)(_t139 + 0x478)) != 1) goto 0x8001d365;
				if ( *((intOrPtr*)(_t139 + 0x47c)) != 1) goto 0x8001d3da;
				_t83 =  *_t161;
				if (_t83 >= 0) goto 0x8001d375;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000004;
				 *_t161 =  ~_t83;
				goto 0x8001d3d6;
				_t86 =  *(_t139 + 0x42) & 0x0000ffff;
				if (_t86 == r12w) goto 0x8001d3b3;
				if (_t86 == 0x23) goto 0x8001d3ad;
				if (_t86 == 0x2b) goto 0x8001d3a7;
				if (_t86 == 0x2d) goto 0x8001d3a1;
				if (_t86 != 0x30) goto 0x8001d3da;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000008;
				goto 0x8001d3da;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000004;
				goto 0x8001d3da;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000001;
				goto 0x8001d3da;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | r12d;
				goto 0x8001d3da;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000002;
				goto 0x8001d3da;
				 *_t161 = 0;
				 *((intOrPtr*)(_t139 + 0x40)) = bpl;
				 *(_t139 + 0x30) = 0;
				 *_t153 = _t103;
				 *((intOrPtr*)(_t139 + 0x3c)) = 0;
				 *((intOrPtr*)(_t139 + 0x54)) = bpl;
				goto 0x8001d3da;
				E0000000118001E1A4(_t139);
				if (1 == 0) goto 0x8001d414;
				_t137 =  *((intOrPtr*)(_t139 + 0x18));
				_t100 =  *_t137 & 0x0000ffff;
				 *(_t139 + 0x42) = _t100;
				if (_t100 != 0) goto 0x8001d23c;
				 *((long long*)(_t139 + 0x18)) =  *((long long*)(_t139 + 0x18)) + 2;
				if (E00000001180023054(_t137, _t139) == 0) goto 0x8001d414;
				goto 0x8001d1d5;
				E00000001180025224(_t137);
				 *_t137 = 0x16;
				E00000001180015940();
				goto 0x8001d41b;
				return  *((intOrPtr*)(_t139 + 0x28));
			}

0x18001d180
0x18001d180
0x18001d185
0x18001d196
0x18001d19b
0x18001d1a5
0x18001d1af
0x18001d1b1
0x18001d1b6
0x18001d1bc
0x18001d1c3
0x18001d1cf
0x18001d1d5
0x18001d1db
0x18001d1e4
0x18001d1ed
0x18001d1f6
0x18001d1fc
0x18001d203
0x18001d207
0x18001d20b
0x18001d211
0x18001d217
0x18001d21d
0x18001d220
0x18001d222
0x18001d226
0x18001d229
0x18001d22c
0x18001d22f
0x18001d236
0x18001d23c
0x18001d244
0x18001d25c
0x18001d25e
0x18001d26d
0x18001d27e
0x18001d28b
0x18001d291
0x18001d297
0x18001d29d
0x18001d29f
0x18001d2a8
0x18001d2b1
0x18001d2ba
0x18001d2bf
0x18001d2c4
0x18001d2c9
0x18001d2ce
0x18001d2d7
0x18001d2dc
0x18001d2e4
0x18001d2e9
0x18001d2f6
0x18001d2fb
0x18001d300
0x18001d30c
0x18001d319
0x18001d322
0x18001d32a
0x18001d32c
0x18001d32e
0x18001d330
0x18001d332
0x18001d33f
0x18001d344
0x18001d34d
0x18001d35a
0x18001d363
0x18001d365
0x18001d36a
0x18001d36c
0x18001d372
0x18001d377
0x18001d379
0x18001d381
0x18001d387
0x18001d38d
0x18001d393
0x18001d399
0x18001d39b
0x18001d39f
0x18001d3a1
0x18001d3a5
0x18001d3a7
0x18001d3ab
0x18001d3ad
0x18001d3b1
0x18001d3b3
0x18001d3b7
0x18001d3b9
0x18001d3bc
0x18001d3c0
0x18001d3c3
0x18001d3c5
0x18001d3c8
0x18001d3cc
0x18001d3d1
0x18001d3d8
0x18001d3da
0x18001d3de
0x18001d3e1
0x18001d3e8
0x18001d3ee
0x18001d3fd
0x18001d3ff
0x18001d404
0x18001d409
0x18001d40f
0x18001d416
0x18001d431

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001D1BC
_invalid_parameter_noinfo.LIBCMT ref: 000000018001D40F

Strings

*, xrefs: 000000018001D337
, xrefs: 000000018001D1CF

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 4c75b2e1e1467da0e33aa65c9501797efc5cf22c66fc2ceda033971138b62726
Instruction ID: 13d04deb298722f97b13051f6dc7d0e5826e217d2f9773a0716cb3e0d4e7e69e
Opcode Fuzzy Hash: 4c75b2e1e1467da0e33aa65c9501797efc5cf22c66fc2ceda033971138b62726
Instruction Fuzzy Hash: 4581B172104E4CC6EBE69F2981443ED37A0E319BD8F54C027FA9146289DF35D78ACB26

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001C38C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0000000118001C38C(signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a16, long long _a24, long long _a32) {

				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				if ( *((intOrPtr*)(__rcx + 0x468)) != 0) goto 0x8001c3e3;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				return __edi | 0xffffffff;
			}

0x18001c38c
0x18001c391
0x18001c396
0x18001c3b6
0x18001c3b8
0x18001c3bd
0x18001c3c3
0x18001c3e2

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001C3C3
_invalid_parameter_noinfo.LIBCMT ref: 000000018001C3FD

Strings

, xrefs: 000000018001C5CF
*, xrefs: 000000018001C565

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 30dddf8f6e34daa351dfe863848fc64f775935d713c8c68563a23a81e293f5f9
Instruction ID: a72b94b6689bc5c0dc6ee0c3925587df94b217c2a10caebda52a487d0b0f325d
Opcode Fuzzy Hash: 30dddf8f6e34daa351dfe863848fc64f775935d713c8c68563a23a81e293f5f9
Instruction Fuzzy Hash: DC817072004F4886EBE78F2990547EC3BA1E30ABD8F58D116FA9656285CF34D789C71A

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001D928 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E0000000118001D928(signed int __edi, signed short* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				intOrPtr _t64;
				signed int _t65;
				intOrPtr _t71;
				signed int _t83;
				signed int _t86;
				signed int _t100;
				signed int _t103;
				intOrPtr _t115;
				signed short* _t136;
				signed short* _t137;
				void* _t139;
				void* _t152;
				signed int* _t153;
				void* _t159;
				signed int* _t161;

				_a16 = __rbx;
				_a24 = __rbp;
				_t103 = __edi | 0xffffffff;
				_t139 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == __rbp) goto 0x8001dbac;
				if ( *(__rcx + 0x18) != __rbp) goto 0x8001d970;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				goto 0x8001dbc3;
				r12d = 0x20;
				 *((intOrPtr*)(__rcx + 0x478)) =  *((intOrPtr*)(__rcx + 0x478)) + 1;
				_t64 =  *((intOrPtr*)(__rcx + 0x478));
				if (_t64 == 3) goto 0x8001dbc0;
				if (_t64 != 2) goto 0x8001d9a4;
				if ( *((intOrPtr*)(__rcx + 0x47c)) == 1) goto 0x8001dbc0;
				_t136 =  *((intOrPtr*)(__rcx + 0x480));
				_t161 = __rcx + 0x34;
				_t153 = __rcx + 0x38;
				 *((intOrPtr*)(__rcx + 0x47c)) = 0;
				 *(__rcx + 0xde8) = _t103;
				 *(__rcx + 0xdec) = _t103;
				 *_t161 = 0;
				 *_t153 = 0;
				 *(__rcx + 0x18) = _t136;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *(__rcx + 0x2c) = 0;
				_t65 =  *_t136 & 0x0000ffff;
				 *(__rcx + 0x42) = _t65;
				if (_t65 == 0) goto 0x8001db96;
				 *(__rcx + 0x18) =  &(( *(__rcx + 0x18))[1]);
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x8001db9b;
				if (( *(__rcx + 0x42) & 0xffff) - r12w - 0x5a > 0) goto 0x8001da17;
				asm("lfence");
				goto 0x8001da19;
				 *(__rcx + 0x2c) = ( *(__rcx + 0x8004e740) & 0x000000ff) >> 4;
				if (E00000001180022F14(__rcx, __rdx) == 0) goto 0x8001dbbc;
				_t71 =  *((intOrPtr*)(_t139 + 0x2c));
				if (_t71 == 8) goto 0x8001dbac;
				_t115 = _t71;
				if (_t115 == 0) goto 0x8001db76;
				if (_t115 == 0) goto 0x8001db61;
				if (_t115 == 0) goto 0x8001db21;
				if (_t115 == 0) goto 0x8001dadf;
				if (_t115 == 0) goto 0x8001dad8;
				if (_t115 == 0) goto 0x8001da96;
				if (_t115 == 0) goto 0x8001da89;
				if (_t71 - 0xfffffffffffffffc != 1) goto 0x8001dbbc;
				E000000011800204D0(_t139, _t139, _t153, __rbp, _t159);
				goto 0x8001db7e;
				E0000000118001F094(_t136, _t139);
				goto 0x8001db7e;
				if ( *(_t139 + 0x42) == 0x2a) goto 0x8001daad;
				E0000000118001C0C0(_t136, _t139, _t139, _t153, _t152, _t153);
				goto 0x8001db7e;
				if (E00000001180022C30(_t136, _t139, _t139, _t153, _t159) == 0) goto 0x8001dbbc;
				if ( *((intOrPtr*)(_t139 + 0x478)) != 1) goto 0x8001dad0;
				if ( *((intOrPtr*)(_t139 + 0x47c)) != 1) goto 0x8001db82;
				if ( *_t153 >= 0) goto 0x8001db1d;
				 *_t153 = _t103;
				goto 0x8001db1d;
				 *_t153 = 0;
				goto 0x8001db82;
				if ( *(_t139 + 0x42) == 0x2a) goto 0x8001daee;
				goto 0x8001daa3;
				if (E000000011800229EC(_t136, _t139, _t139, _t153, _t159) == 0) goto 0x8001dbbc;
				if ( *((intOrPtr*)(_t139 + 0x478)) != 1) goto 0x8001db0d;
				if ( *((intOrPtr*)(_t139 + 0x47c)) != 1) goto 0x8001db82;
				_t83 =  *_t161;
				if (_t83 >= 0) goto 0x8001db1d;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000004;
				 *_t161 =  ~_t83;
				goto 0x8001db7e;
				_t86 =  *(_t139 + 0x42) & 0x0000ffff;
				if (_t86 == r12w) goto 0x8001db5b;
				if (_t86 == 0x23) goto 0x8001db55;
				if (_t86 == 0x2b) goto 0x8001db4f;
				if (_t86 == 0x2d) goto 0x8001db49;
				if (_t86 != 0x30) goto 0x8001db82;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000008;
				goto 0x8001db82;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000004;
				goto 0x8001db82;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000001;
				goto 0x8001db82;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | r12d;
				goto 0x8001db82;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000002;
				goto 0x8001db82;
				 *_t161 = 0;
				 *((intOrPtr*)(_t139 + 0x40)) = bpl;
				 *(_t139 + 0x30) = 0;
				 *_t153 = _t103;
				 *((intOrPtr*)(_t139 + 0x3c)) = 0;
				 *((intOrPtr*)(_t139 + 0x54)) = bpl;
				goto 0x8001db82;
				E0000000118001E274(_t139);
				if (1 == 0) goto 0x8001dbbc;
				_t137 =  *((intOrPtr*)(_t139 + 0x18));
				_t100 =  *_t137 & 0x0000ffff;
				 *(_t139 + 0x42) = _t100;
				if (_t100 != 0) goto 0x8001d9e4;
				 *((long long*)(_t139 + 0x18)) =  *((long long*)(_t139 + 0x18)) + 2;
				if (E00000001180023054(_t137, _t139) == 0) goto 0x8001dbbc;
				goto 0x8001d97d;
				E00000001180025224(_t137);
				 *_t137 = 0x16;
				E00000001180015940();
				goto 0x8001dbc3;
				return  *((intOrPtr*)(_t139 + 0x28));
			}

0x18001d928
0x18001d92d
0x18001d93e
0x18001d943
0x18001d94d
0x18001d957
0x18001d959
0x18001d95e
0x18001d964
0x18001d96b
0x18001d977
0x18001d97d
0x18001d983
0x18001d98c
0x18001d995
0x18001d99e
0x18001d9a4
0x18001d9ab
0x18001d9af
0x18001d9b3
0x18001d9b9
0x18001d9bf
0x18001d9c5
0x18001d9c8
0x18001d9ca
0x18001d9ce
0x18001d9d1
0x18001d9d4
0x18001d9d7
0x18001d9de
0x18001d9e4
0x18001d9ec
0x18001da04
0x18001da06
0x18001da15
0x18001da26
0x18001da33
0x18001da39
0x18001da3f
0x18001da45
0x18001da47
0x18001da50
0x18001da59
0x18001da62
0x18001da67
0x18001da6c
0x18001da71
0x18001da76
0x18001da7f
0x18001da84
0x18001da8c
0x18001da91
0x18001da9e
0x18001daa3
0x18001daa8
0x18001dab4
0x18001dac1
0x18001daca
0x18001dad2
0x18001dad4
0x18001dad6
0x18001dad8
0x18001dada
0x18001dae7
0x18001daec
0x18001daf5
0x18001db02
0x18001db0b
0x18001db0d
0x18001db12
0x18001db14
0x18001db1a
0x18001db1f
0x18001db21
0x18001db29
0x18001db2f
0x18001db35
0x18001db3b
0x18001db41
0x18001db43
0x18001db47
0x18001db49
0x18001db4d
0x18001db4f
0x18001db53
0x18001db55
0x18001db59
0x18001db5b
0x18001db5f
0x18001db61
0x18001db64
0x18001db68
0x18001db6b
0x18001db6d
0x18001db70
0x18001db74
0x18001db79
0x18001db80
0x18001db82
0x18001db86
0x18001db89
0x18001db90
0x18001db96
0x18001dba5
0x18001dba7
0x18001dbac
0x18001dbb1
0x18001dbb7
0x18001dbbe
0x18001dbd9

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001D964
_invalid_parameter_noinfo.LIBCMT ref: 000000018001DBB7

Strings

*, xrefs: 000000018001DADF
, xrefs: 000000018001D977

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 2d9464a83cd71507e0e7a3575811d6c0d236c131e827ced4e6cfc40092810b6a
Instruction ID: 5c8ee54b6999a4505cac21294a69c76cfca47d2340d4f6af06a26d8823041d24
Opcode Fuzzy Hash: 2d9464a83cd71507e0e7a3575811d6c0d236c131e827ced4e6cfc40092810b6a
Instruction Fuzzy Hash: 31817072008A4CC6EBE6DF2980953EC37A4E709BD8F55C12BEA8247285DF35C749DB15

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180007A18 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 61%

			E00000001180007A18(void* __edx, intOrPtr* __rcx, void* __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t94;
				intOrPtr _t95;
				intOrPtr _t125;
				void* _t136;
				intOrPtr _t137;
				signed long long _t143;
				long long _t145;
				long long _t150;
				void* _t151;
				intOrPtr* _t171;
				long long _t182;
				long long _t183;
				intOrPtr* _t184;
				void* _t185;
				intOrPtr* _t186;
				intOrPtr* _t187;
				void* _t188;
				signed long long _t189;
				intOrPtr _t197;
				void* _t204;
				long long _t205;

				_t187 = _t188 - 0x38;
				_t189 = _t188 - 0x138;
				_t143 =  *0x80098010; // 0x6aeceb4fd839
				 *(_t187 + 0x28) = _t143 ^ _t189;
				_t185 = __r9;
				_t145 =  *((intOrPtr*)(_t187 + 0xb8));
				_t204 = __rdx;
				_t205 =  *((intOrPtr*)(_t187 + 0xa0));
				_t186 = __rcx;
				 *((long long*)(_t189 + 0x70)) = _t145;
				 *((long long*)(_t189 + 0x78)) = __r8;
				if ( *__rcx == 0x80000003) goto 0x80007ce1;
				E0000000118000635C(_t145);
				r12d =  *((intOrPtr*)(_t187 + 0xb0));
				r15d =  *((intOrPtr*)(_t187 + 0xa8));
				if ( *((long long*)(_t145 + 0x10)) == 0) goto 0x80007ae0;
				__imp__EncodePointer();
				_t160 = _t145;
				E0000000118000635C(_t145);
				if ( *((intOrPtr*)(_t145 + 0x10)) == _t145) goto 0x80007ae0;
				if ( *__rcx == 0xe0434f4d) goto 0x80007ae0;
				if ( *__rcx == 0xe0434352) goto 0x80007ae0;
				 *((intOrPtr*)(_t189 + 0x38)) = r15d;
				 *(_t189 + 0x30) =  *((intOrPtr*)(_t189 + 0x70));
				 *((intOrPtr*)(_t189 + 0x28)) = r12d;
				 *((long long*)(_t189 + 0x20)) = _t205;
				if (E000000011800042C8(__rcx, __rdx,  *((intOrPtr*)(_t189 + 0x78)), __r9) != 0) goto 0x80007ce1;
				E00000001180008500(_t187, _t205,  *((intOrPtr*)(__r9 + 8)));
				if ( *_t187 <= 0) goto 0x80007d01;
				 *((intOrPtr*)(_t189 + 0x28)) = r12d;
				 *((long long*)(_t189 + 0x20)) = _t205;
				r8d = r15d;
				_t94 = E00000001180004928(_t145, _t187 - 0x70, _t187, _t185, __rcx, _t187);
				asm("movups xmm0, [ebp-0x70]");
				asm("movdqu [ebp-0x80], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t94 -  *((intOrPtr*)(_t187 - 0x58)) >= 0) goto 0x80007ce1;
				_t95 =  *((intOrPtr*)(_t187 - 0x78));
				 *((long long*)(_t189 + 0x68)) =  *((intOrPtr*)(_t187 - 0x70));
				 *((intOrPtr*)(_t189 + 0x60)) = _t95;
				asm("inc ecx");
				asm("dec ax");
				asm("movups [ebp-0x80], xmm0");
				if (_t95 - r15d > 0) goto 0x80007c47;
				_t136 = r15d - _t95;
				if (_t136 > 0) goto 0x80007c47;
				r9d =  *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x10))));
				E00000001180008458( *((intOrPtr*)(_t185 + 0x10)), _t187 - 0x50, _t187 - 0x80,  *((intOrPtr*)(_t185 + 8)));
				 *((long long*)(_t187 - 0x48)) =  *((intOrPtr*)(_t187 - 0x40));
				E00000001180008C68( *((intOrPtr*)(_t187 - 0x40)), _t187 - 0x50);
				_t150 =  *((intOrPtr*)(_t187 - 0x40));
				 *((long long*)(_t187 - 0x48)) = _t150;
				E00000001180008C68(_t150, _t187 - 0x50);
				if (_t136 == 0) goto 0x80007bbe;
				E00000001180008C68(_t150, _t187 - 0x50);
				if (_t136 != 0) goto 0x80007baf;
				_t137 =  *((intOrPtr*)(_t187 - 0x30));
				if (_t137 == 0) goto 0x80007bec;
				E00000001180004F68(_t150);
				_t151 = _t150 +  *((intOrPtr*)(_t187 - 0x30));
				if (_t137 == 0) goto 0x80007bec;
				if (__edx == 0) goto 0x80007be4;
				E00000001180004F68(_t151);
				goto 0x80007be6;
				if ( *((char*)(_t151 +  *((intOrPtr*)(_t187 - 0x30)) + 0x10)) != 0) goto 0x80007c3b;
				if (( *(_t187 - 0x34) & 0x00000040) != 0) goto 0x80007c3b;
				 *((char*)(_t189 + 0x58)) = 0;
				_t171 = _t186;
				 *((char*)(_t189 + 0x50)) = 1;
				 *((long long*)(_t189 + 0x48)) =  *((intOrPtr*)(_t189 + 0x70));
				 *((intOrPtr*)(_t189 + 0x40)) = r12d;
				 *((long long*)(_t189 + 0x38)) = _t187 - 0x80;
				 *(_t189 + 0x30) =  *(_t189 + 0x30) & 0x00000000;
				 *((long long*)(_t189 + 0x28)) = _t187 - 0x38;
				 *((long long*)(_t189 + 0x20)) = _t205;
				E00000001180006D68(0, _t160 - 1, _t171, _t204,  *((intOrPtr*)(_t189 + 0x78)), _t185);
				_t197 =  *((intOrPtr*)(_t189 + 0x68));
				_t182 =  *((intOrPtr*)(_t197 + 8)) -  *((char*)(_t171 + 0x18004cb48));
				 *((long long*)(_t197 + 8)) = _t182;
				 *(_t197 + 0x18) =  *(_t182 - 4) >>  *(_t171 + 0x18004cb58);
				_t183 = _t182 -  *((char*)(_t171 + 0x18004cb48));
				 *((long long*)(_t197 + 8)) = _t183;
				 *(_t197 + 0x1c) =  *(_t183 - 4) >>  *(_t171 + 0x18004cb58);
				_t184 = _t183 -  *((char*)(_t171 + 0x18004cb48));
				 *(_t197 + 0x20) =  *(_t184 - 4) >>  *(_t171 + 0x18004cb58);
				 *((long long*)(_t197 + 8)) = _t184;
				 *((intOrPtr*)(_t197 + 0x24)) =  *_t184;
				_t125 =  *((intOrPtr*)(_t189 + 0x60)) + 1;
				 *((long long*)(_t197 + 8)) = _t184 + 4;
				 *((intOrPtr*)(_t189 + 0x60)) = _t125;
				if (_t125 -  *((intOrPtr*)(_t187 - 0x58)) < 0) goto 0x80007b49;
				return E00000001180002630( *(_t184 - 4) >>  *(_t171 + 0x18004cb58), _t125,  *(_t187 + 0x28) ^ _t189);
			}

0x180007a25
0x180007a2a
0x180007a31
0x180007a3b
0x180007a45
0x180007a48
0x180007a4f
0x180007a52
0x180007a59
0x180007a5c
0x180007a61
0x180007a66
0x180007a6c
0x180007a71
0x180007a78
0x180007a84
0x180007a88
0x180007a8e
0x180007a91
0x180007a9a
0x180007aa2
0x180007aaa
0x180007abc
0x180007ac4
0x180007ac9
0x180007ace
0x180007ada
0x180007aeb
0x180007af4
0x180007afa
0x180007b06
0x180007b0b
0x180007b12
0x180007b17
0x180007b1b
0x180007b20
0x180007b25
0x180007b2c
0x180007b3d
0x180007b40
0x180007b45
0x180007b49
0x180007b4e
0x180007b53
0x180007b5a
0x180007b64
0x180007b67
0x180007b7d
0x180007b80
0x180007b8d
0x180007b91
0x180007b96
0x180007ba1
0x180007ba5
0x180007bad
0x180007bb3
0x180007bbc
0x180007bbe
0x180007bc2
0x180007bc4
0x180007bcd
0x180007bd0
0x180007bd4
0x180007bd6
0x180007be2
0x180007bea
0x180007bf0
0x180007c02
0x180007c07
0x180007c0a
0x180007c0f
0x180007c18
0x180007c1d
0x180007c26
0x180007c2c
0x180007c31
0x180007c36
0x180007c3b
0x180007c62
0x180007c6a
0x180007c6e
0x180007c89
0x180007c91
0x180007c95
0x180007cb0
0x180007cb8
0x180007cc0
0x180007cc6
0x180007cce
0x180007cd0
0x180007cd4
0x180007cdb
0x180007d00

APIs

EncodePointer.KERNEL32 ref: 0000000180007A88
_CallSETranslator.LIBVCRUNTIME ref: 0000000180007AD3

Strings

RCC, xrefs: 0000000180007AA4
MOC, xrefs: 0000000180007A9C

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: f5e69f4409de1f240392534ae42f5bc32fd1365f2d4a34e683f4804fe5c17507
Instruction ID: 674321b14da8d532895eb0fed368b4243e4400c8c6365f1814a78af2ec584da8
Opcode Fuzzy Hash: f5e69f4409de1f240392534ae42f5bc32fd1365f2d4a34e683f4804fe5c17507
Instruction Fuzzy Hash: FD917E73A04B888AE792CB65E8807DD7BA0F759788F14811AFE8957755DF38C299C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001CA64 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E0000000118001CA64(signed int __edi, void* __esi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, long long _a16, long long _a24, long long _a32) {
				intOrPtr _t67;
				char _t68;
				intOrPtr _t72;
				signed int _t84;
				intOrPtr _t87;
				void* _t94;
				char _t102;
				signed int _t105;
				intOrPtr _t118;
				intOrPtr* _t139;
				intOrPtr _t140;
				intOrPtr* _t141;
				void* _t143;
				signed int* _t157;
				void* _t164;
				void* _t165;
				signed int* _t166;

				_t159 = __rbp;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t105 = __edi | 0xffffffff;
				_t143 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == __rbp) goto 0x8001ccc9;
				if ( *((intOrPtr*)(__rcx + 0x18)) != __rbp) goto 0x8001caae;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				goto 0x8001cce0;
				 *((intOrPtr*)(__rcx + 0x478)) =  *((intOrPtr*)(__rcx + 0x478)) + 1;
				_t67 =  *((intOrPtr*)(__rcx + 0x478));
				if (_t67 == 3) goto 0x8001ccdd;
				if (_t67 != 2) goto 0x8001cadc;
				if ( *((intOrPtr*)(__rcx + 0x47c)) == 1) goto 0x8001ccdd;
				_t139 =  *((intOrPtr*)(__rcx + 0x480));
				_t166 = __rcx + 0x34;
				_t157 = __rcx + 0x38;
				 *((intOrPtr*)(__rcx + 0x47c)) = 0;
				 *(__rcx + 0xde8) = _t105;
				 *(__rcx + 0xdec) = _t105;
				 *_t166 = 0;
				 *_t157 = 0;
				 *((long long*)(__rcx + 0x18)) = _t139;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *(__rcx + 0x2c) = 0;
				_t68 =  *_t139;
				 *((char*)(__rcx + 0x41)) = _t68;
				if (_t68 == 0) goto 0x8001ccb4;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x8001ccb8;
				if (__rcx - 0x20 - 0x5a > 0) goto 0x8001cb45;
				asm("lfence");
				_t140 =  *((intOrPtr*)(__rcx + 0x41));
				goto 0x8001cb47;
				 *(__rcx + 0x2c) = ( *(__rcx + 0x8004e740) & 0x000000ff) >> 4;
				if (E00000001180022E08(__rcx, __rdx) == 0) goto 0x8001ccd9;
				_t72 =  *((intOrPtr*)(_t143 + 0x2c));
				if (_t72 == 8) goto 0x8001ccc9;
				_t118 = _t72;
				if (_t118 == 0) goto 0x8001cc97;
				if (_t118 == 0) goto 0x8001cc82;
				if (_t118 == 0) goto 0x8001cc4d;
				if (_t118 == 0) goto 0x8001cc0c;
				if (_t118 == 0) goto 0x8001cc05;
				if (_t118 == 0) goto 0x8001cbc4;
				if (_t118 == 0) goto 0x8001cbb7;
				if (_t72 - 0xfffffffffffffffc != 1) goto 0x8001ccd9;
				E0000000118001F9B4(_t143, _t143, _t157, __rbp);
				goto 0x8001cc9f;
				E0000000118001EA58(_t140, _t143);
				goto 0x8001cc9f;
				if ( *((char*)(_t143 + 0x41)) == 0x2a) goto 0x8001cbda;
				E0000000118001C01C(_t140, _t143, _t143, _t157, _t159);
				goto 0x8001cc9f;
				if (E00000001180022B18(_t94, _t140, _t143, _t143, _t164, _t165) == 0) goto 0x8001ccd9;
				if ( *((intOrPtr*)(_t143 + 0x478)) != 1) goto 0x8001cbfd;
				if ( *((intOrPtr*)(_t143 + 0x47c)) != 1) goto 0x8001cca3;
				if ( *_t157 >= 0) goto 0x8001cc49;
				 *_t157 = _t105;
				goto 0x8001cc49;
				 *_t157 = 0;
				goto 0x8001cca3;
				if ( *((char*)(_t143 + 0x41)) == 0x2a) goto 0x8001cc1a;
				goto 0x8001cbd0;
				if (E000000011800228D4(_t94, _t140, _t143, _t143, _t164, _t165) == 0) goto 0x8001ccd9;
				if ( *((intOrPtr*)(_t143 + 0x478)) != 1) goto 0x8001cc39;
				if ( *((intOrPtr*)(_t143 + 0x47c)) != 1) goto 0x8001cca3;
				_t84 =  *_t166;
				if (_t84 >= 0) goto 0x8001cc49;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000004;
				 *_t166 =  ~_t84;
				goto 0x8001cc9f;
				_t87 =  *((intOrPtr*)(_t143 + 0x41));
				if (_t87 == 0x20) goto 0x8001cc7c;
				if (_t87 == 0x23) goto 0x8001cc76;
				if (_t87 == 0x2b) goto 0x8001cc70;
				if (_t87 == 0x2d) goto 0x8001cc6a;
				if (_t87 != 0x30) goto 0x8001cca3;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000008;
				goto 0x8001cca3;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000004;
				goto 0x8001cca3;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000001;
				goto 0x8001cca3;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000020;
				goto 0x8001cca3;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000002;
				goto 0x8001cca3;
				 *_t166 = 0;
				 *((intOrPtr*)(_t143 + 0x40)) = bpl;
				 *(_t143 + 0x30) = 0;
				 *_t157 = _t105;
				 *((intOrPtr*)(_t143 + 0x3c)) = 0;
				 *((intOrPtr*)(_t143 + 0x54)) = bpl;
				goto 0x8001cca3;
				if (E0000000118001E0B4(_t143) == 0) goto 0x8001ccd9;
				_t141 =  *((intOrPtr*)(_t143 + 0x18));
				_t102 =  *_t141;
				 *((char*)(_t143 + 0x41)) = _t102;
				if (_t102 != 0) goto 0x8001cb19;
				 *((long long*)(_t143 + 0x18)) =  *((long long*)(_t143 + 0x18)) + 1;
				if (E00000001180023054(_t141, _t143) == 0) goto 0x8001ccd9;
				goto 0x8001cab5;
				E00000001180025224(_t141);
				 *_t141 = 0x16;
				E00000001180015940();
				goto 0x8001cce0;
				return  *((intOrPtr*)(_t143 + 0x28));
			}

0x18001ca64
0x18001ca64
0x18001ca69
0x18001ca6e
0x18001ca7c
0x18001ca81
0x18001ca8b
0x18001ca95
0x18001ca97
0x18001ca9c
0x18001caa2
0x18001caa9
0x18001cab5
0x18001cabb
0x18001cac4
0x18001cacd
0x18001cad6
0x18001cadc
0x18001cae3
0x18001cae7
0x18001caeb
0x18001caf1
0x18001caf7
0x18001cafd
0x18001cb00
0x18001cb02
0x18001cb06
0x18001cb09
0x18001cb0c
0x18001cb0e
0x18001cb13
0x18001cb19
0x18001cb20
0x18001cb31
0x18001cb33
0x18001cb36
0x18001cb43
0x18001cb54
0x18001cb61
0x18001cb67
0x18001cb6d
0x18001cb73
0x18001cb75
0x18001cb7e
0x18001cb87
0x18001cb90
0x18001cb95
0x18001cb9a
0x18001cb9f
0x18001cba4
0x18001cbad
0x18001cbb2
0x18001cbba
0x18001cbbf
0x18001cbcb
0x18001cbd0
0x18001cbd5
0x18001cbe1
0x18001cbee
0x18001cbf7
0x18001cbff
0x18001cc01
0x18001cc03
0x18001cc05
0x18001cc07
0x18001cc13
0x18001cc18
0x18001cc21
0x18001cc2e
0x18001cc37
0x18001cc39
0x18001cc3e
0x18001cc40
0x18001cc46
0x18001cc4b
0x18001cc4d
0x18001cc52
0x18001cc56
0x18001cc5a
0x18001cc5e
0x18001cc62
0x18001cc64
0x18001cc68
0x18001cc6a
0x18001cc6e
0x18001cc70
0x18001cc74
0x18001cc76
0x18001cc7a
0x18001cc7c
0x18001cc80
0x18001cc82
0x18001cc85
0x18001cc89
0x18001cc8c
0x18001cc8e
0x18001cc91
0x18001cc95
0x18001cca1
0x18001cca3
0x18001cca7
0x18001cca9
0x18001ccae
0x18001ccb4
0x18001ccc2
0x18001ccc4
0x18001ccc9
0x18001ccce
0x18001ccd4
0x18001ccdb
0x18001ccf8

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001CAA2
_invalid_parameter_noinfo.LIBCMT ref: 000000018001CCD4

Strings

, xrefs: 000000018001CC76
*, xrefs: 000000018001CC0C

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 72573577dcf00a0fcd498ffe6b2f2ebb557e649d19302a2f36b26f5f691ce4c5
Instruction ID: 0c6c9cfb18bc24b365f486b8dfa79e106d18a616691e062ee5af295f2f7f0c0d
Opcode Fuzzy Hash: 72573577dcf00a0fcd498ffe6b2f2ebb557e649d19302a2f36b26f5f691ce4c5
Instruction Fuzzy Hash: 68819772004B8C86E7E78F2950557EC3BA1E30DBC8F58C125EA4A47285DF35CA49D79B

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180030A44 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 180
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00000001180030A44(void* __ebx, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t11;
				intOrPtr* _t20;
				intOrPtr* _t34;

				_t20 = _t34;
				 *((long long*)(_t20 + 8)) = __rbx;
				 *((long long*)(_t20 + 0x10)) = __rbp;
				 *((long long*)(_t20 + 0x18)) = __rsi;
				 *((long long*)(_t20 + 0x20)) = __rdi;
				r15b = r9b;
				_t10 =  >  ? __ebx : 0;
				_t11 = ( >  ? __ebx : 0) + 9;
				if (__rdx - _t20 > 0) goto 0x80030aa9;
				E00000001180025224(_t20);
				 *_t20 = 0x22;
				E00000001180015940();
				return 0x22;
			}

0x180030a44
0x180030a47
0x180030a4b
0x180030a4f
0x180030a53
0x180030a65
0x180030a6e
0x180030a71
0x180030a79
0x180030a7b
0x180030a85
0x180030a87
0x180030aa8

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180030A87

Strings

e+000, xrefs: 0000000180030B2C
-, xrefs: 0000000180030C62
gfff, xrefs: 0000000180030BA9

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$e+000$gfff
API String ID: 3215553584-2620144452
Opcode ID: c2041c8533ee66dabbdb73670bb6d8b1ddf3d10f08cd10229d4a004956128893
Instruction ID: ec26d3f9adbdca10af96c3708b915d21826f28f8b4f12c331158eb489f6a8320
Opcode Fuzzy Hash: c2041c8533ee66dabbdb73670bb6d8b1ddf3d10f08cd10229d4a004956128893
Instruction Fuzzy Hash: CE711872715BC886E7A28F65E95038EBB91E388BD4F59D221EB9847BD5CF38C548C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001C164 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 156
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E0000000118001C164(signed int __edi, void* __esi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				intOrPtr _t86;
				unsigned int _t98;
				signed int _t105;
				signed int _t107;
				char _t109;
				signed int _t112;
				unsigned int _t121;
				intOrPtr* _t137;
				intOrPtr _t138;
				intOrPtr* _t141;
				void* _t143;
				intOrPtr _t146;
				void* _t151;
				void* _t154;

				_t151 = __rdx;
				_t137 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				_t143 = __rcx;
				_t112 = __edi | 0xffffffff;
				_t146 =  *((intOrPtr*)(__rcx + 0x468));
				if (_t146 == 0) goto 0x8001c369;
				if (E0000000118002322C(_t146) == 0) goto 0x8001c379;
				if ( *((long long*)(__rcx + 0x18)) != 0) goto 0x8001c1b4;
				E00000001180025224(_t137);
				 *_t137 = 0x16;
				E00000001180015940();
				goto 0x8001c37b;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x8001c364;
				 *(__rcx + 0x50) =  *(__rcx + 0x50) & 0x00000000;
				 *(__rcx + 0x2c) =  *(__rcx + 0x2c) & 0x00000000;
				goto 0x8001c330;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x8001c345;
				if (_t146 - 0x20 - 0x5a > 0) goto 0x8001c207;
				asm("lfence");
				_t138 =  *((intOrPtr*)(__rcx + 0x41));
				goto 0x8001c209;
				_t98 = ( *(_t146 + 0x8004e740) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t98;
				if (_t98 == 8) goto 0x8001c369;
				_t121 = _t98;
				if (_t121 == 0) goto 0x8001c324;
				if (_t121 == 0) goto 0x8001c30b;
				if (_t121 == 0) goto 0x8001c2d6;
				if (_t121 == 0) goto 0x8001c2aa;
				if (_t121 == 0) goto 0x8001c2a1;
				if (_t121 == 0) goto 0x8001c274;
				if (_t121 == 0) goto 0x8001c267;
				if (_t98 - 0xfffffffffffffffc != 1) goto 0x8001c379;
				E0000000118001F22C(__rcx, __rcx, _t151, _t154, 0x8004e740);
				goto 0x8001c32c;
				E0000000118001E5FC(_t138, _t143);
				goto 0x8001c32c;
				if ( *((char*)(_t143 + 0x41)) == 0x2a) goto 0x8001c28b;
				E0000000118001C01C(_t138, _t143, _t143, _t143 + 0x38, 0x8004e740);
				goto 0x8001c32c;
				 *((long long*)(_t143 + 0x20)) =  *((long long*)(_t143 + 0x20)) + 8;
				_t105 =  *( *((intOrPtr*)(_t143 + 0x20)) - 8);
				_t106 =  <  ? _t112 : _t105;
				 *(_t143 + 0x38) =  <  ? _t112 : _t105;
				goto 0x8001c2d2;
				 *(_t143 + 0x38) =  *(_t143 + 0x38) & 0x00000000;
				goto 0x8001c330;
				if ( *((char*)(_t143 + 0x41)) == 0x2a) goto 0x8001c2b6;
				goto 0x8001c27e;
				 *((long long*)(_t143 + 0x20)) =  *((long long*)(_t143 + 0x20)) + 8;
				_t107 =  *( *((intOrPtr*)(_t143 + 0x20)) - 8);
				 *(_t143 + 0x34) = _t107;
				if (_t107 >= 0) goto 0x8001c2d2;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000004;
				 *(_t143 + 0x34) =  ~_t107;
				goto 0x8001c32c;
				_t86 =  *((intOrPtr*)(_t143 + 0x41));
				if (_t86 == 0x20) goto 0x8001c305;
				if (_t86 == 0x23) goto 0x8001c2ff;
				if (_t86 == 0x2b) goto 0x8001c2f9;
				if (_t86 == 0x2d) goto 0x8001c2f3;
				if (_t86 != 0x30) goto 0x8001c330;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000008;
				goto 0x8001c330;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000004;
				goto 0x8001c330;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000001;
				goto 0x8001c330;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000020;
				goto 0x8001c330;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000002;
				goto 0x8001c330;
				 *(_t143 + 0x34) =  *(_t143 + 0x34) & 0x00000000;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) & 0x00000000;
				 *(_t143 + 0x3c) =  *(_t143 + 0x3c) & 0x00000000;
				 *((char*)(_t143 + 0x40)) = 0;
				 *(_t143 + 0x38) = _t112;
				 *((char*)(_t143 + 0x54)) = 0;
				goto 0x8001c330;
				if (E0000000118001DF3C(_t143) == 0) goto 0x8001c379;
				_t141 =  *((intOrPtr*)(_t143 + 0x18));
				_t109 =  *_t141;
				 *((char*)(_t143 + 0x41)) = _t109;
				if (_t109 != 0) goto 0x8001c1db;
				 *((long long*)(_t143 + 0x18)) =  *((long long*)(_t143 + 0x18)) + 1;
				if ( *((intOrPtr*)(_t143 + 0x2c)) == 0) goto 0x8001c351;
				if ( *((intOrPtr*)(_t143 + 0x2c)) != 7) goto 0x8001c369;
				 *((intOrPtr*)(_t143 + 0x470)) =  *((intOrPtr*)(_t143 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t143 + 0x470)) != 2) goto 0x8001c1ce;
				goto 0x8001c37b;
				E00000001180025224(_t141);
				 *_t141 = 0x16;
				E00000001180015940();
				return _t112;
			}

0x18001c164
0x18001c164
0x18001c164
0x18001c169
0x18001c173
0x18001c176
0x18001c179
0x18001c183
0x18001c190
0x18001c19b
0x18001c19d
0x18001c1a2
0x18001c1a8
0x18001c1af
0x18001c1b4
0x18001c1c1
0x18001c1ce
0x18001c1d2
0x18001c1d6
0x18001c1db
0x18001c1e3
0x18001c1f4
0x18001c1f6
0x18001c1f9
0x18001c205
0x18001c214
0x18001c217
0x18001c21d
0x18001c223
0x18001c225
0x18001c22e
0x18001c237
0x18001c240
0x18001c245
0x18001c24a
0x18001c24f
0x18001c254
0x18001c25d
0x18001c262
0x18001c26a
0x18001c26f
0x18001c278
0x18001c281
0x18001c286
0x18001c28b
0x18001c294
0x18001c299
0x18001c29c
0x18001c29f
0x18001c2a1
0x18001c2a5
0x18001c2ae
0x18001c2b4
0x18001c2b6
0x18001c2bf
0x18001c2c2
0x18001c2c7
0x18001c2c9
0x18001c2cf
0x18001c2d4
0x18001c2d6
0x18001c2db
0x18001c2df
0x18001c2e3
0x18001c2e7
0x18001c2eb
0x18001c2ed
0x18001c2f1
0x18001c2f3
0x18001c2f7
0x18001c2f9
0x18001c2fd
0x18001c2ff
0x18001c303
0x18001c305
0x18001c309
0x18001c30b
0x18001c30f
0x18001c313
0x18001c317
0x18001c31b
0x18001c31e
0x18001c322
0x18001c32e
0x18001c330
0x18001c334
0x18001c336
0x18001c33b
0x18001c341
0x18001c349
0x18001c34f
0x18001c351
0x18001c35e
0x18001c367
0x18001c369
0x18001c36e
0x18001c374
0x18001c38a

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001C374

Part of subcall function 000000018002322C: _invalid_parameter_noinfo.LIBCMT ref: 00000001800232B6

_invalid_parameter_noinfo.LIBCMT ref: 000000018001C1A8

Strings

, xrefs: 000000018001C2FF
*, xrefs: 000000018001C2AA

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 51e7f65c81afb3c72294d6dd07d99ee6c8a86e7e1537681c976f74661a0c5ced
Instruction ID: c0977b44dec71d117978722777aa3157c58b7f69df218893c511d559a62e38e8
Opcode Fuzzy Hash: 51e7f65c81afb3c72294d6dd07d99ee6c8a86e7e1537681c976f74661a0c5ced
Instruction Fuzzy Hash: 1B617572104A48CAEBEA8F7490547EC37A0F31EB99F14D119EA5646299CF34C789C70A

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001C634 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0000000118001C634(signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rbp, long long _a16, long long _a24) {

				_a16 = __rbx;
				_a24 = __rbp;
				if ( *((intOrPtr*)(__rcx + 0x468)) != 0) goto 0x8001c677;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				return __edi | 0xffffffff;
			}

0x18001c634
0x18001c639
0x18001c653
0x18001c655
0x18001c65a
0x18001c660
0x18001c676

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001C660
_invalid_parameter_noinfo.LIBCMT ref: 000000018001C692

Strings

*, xrefs: 000000018001C790
, xrefs: 000000018001C7E5

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: a136709f8eb52bec09d127302ca9841ea0eacba074136017974b0600963444c9
Instruction ID: 97b39290a4388908f81348fae78caee03cf31a9676cf3e7b8fe9602918ec27eb
Opcode Fuzzy Hash: a136709f8eb52bec09d127302ca9841ea0eacba074136017974b0600963444c9
Instruction Fuzzy Hash: E0616572104A588AF7EA8F34D0957EC37E1E31DBD8F189115EA42462D9CF74C649DB0A

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001CCFC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E0000000118001CCFC(signed int __edi, void* __esi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				unsigned int _t79;
				intOrPtr _t90;
				signed int _t98;
				signed int _t100;
				char _t102;
				signed int _t105;
				unsigned int _t113;
				void* _t133;
				void* _t143;

				_a16 = __rbx;
				_a24 = __rbp;
				_t105 = __edi | 0xffffffff;
				_t133 = __rcx;
				if ( *((long long*)(__rcx + 0x468)) == 0) goto 0x8001cef2;
				if ( *((long long*)(__rcx + 0x18)) != 0) goto 0x8001cd3d;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				goto 0x8001cee2;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x8001cedf;
				 *(__rcx + 0x50) =  *(__rcx + 0x50) & 0x00000000;
				 *(__rcx + 0x2c) =  *(__rcx + 0x2c) & 0x00000000;
				goto 0x8001ceb7;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x8001cecc;
				if (__rcx - 0x20 - 0x5a > 0) goto 0x8001cd90;
				asm("lfence");
				_t128 =  *((intOrPtr*)(__rcx + 0x41));
				goto 0x8001cd92;
				_t79 = ( *( *((intOrPtr*)(__rcx + 0x41)) + 0x8004e6e0) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t79;
				if (_t79 == 8) goto 0x8001cef2;
				_t113 = _t79;
				if (_t113 == 0) goto 0x8001ceab;
				if (_t113 == 0) goto 0x8001ce92;
				if (_t113 == 0) goto 0x8001ce5d;
				if (_t113 == 0) goto 0x8001ce31;
				if (_t113 == 0) goto 0x8001ce28;
				if (_t113 == 0) goto 0x8001cdfb;
				if (_t113 == 0) goto 0x8001cdee;
				if (_t79 - 0xfffffffffffffffc != 1) goto 0x8001cf02;
				E0000000118001F74C(__rcx, __rcx, _t143, 0x8004e6e0);
				goto 0x8001ceb3;
				E0000000118001E8E4(_t128, _t133);
				goto 0x8001ceb3;
				if ( *((char*)(_t133 + 0x41)) == 0x2a) goto 0x8001ce12;
				E0000000118001C01C(_t128, _t133, _t133, _t133 + 0x38, 0x8004e6e0);
				goto 0x8001ceb3;
				 *((long long*)(_t133 + 0x20)) =  *((long long*)(_t133 + 0x20)) + 8;
				_t98 =  *( *((intOrPtr*)(_t133 + 0x20)) - 8);
				_t99 =  <  ? _t105 : _t98;
				 *(_t133 + 0x38) =  <  ? _t105 : _t98;
				goto 0x8001ce59;
				 *(_t133 + 0x38) =  *(_t133 + 0x38) & 0x00000000;
				goto 0x8001ceb7;
				if ( *((char*)(_t133 + 0x41)) == 0x2a) goto 0x8001ce3d;
				goto 0x8001ce05;
				 *((long long*)(_t133 + 0x20)) =  *((long long*)(_t133 + 0x20)) + 8;
				_t100 =  *( *((intOrPtr*)(_t133 + 0x20)) - 8);
				 *(_t133 + 0x34) = _t100;
				if (_t100 >= 0) goto 0x8001ce59;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000004;
				 *(_t133 + 0x34) =  ~_t100;
				goto 0x8001ceb3;
				_t90 =  *((intOrPtr*)(_t133 + 0x41));
				if (_t90 == 0x20) goto 0x8001ce8c;
				if (_t90 == 0x23) goto 0x8001ce86;
				if (_t90 == 0x2b) goto 0x8001ce80;
				if (_t90 == 0x2d) goto 0x8001ce7a;
				if (_t90 != 0x30) goto 0x8001ceb7;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000008;
				goto 0x8001ceb7;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000004;
				goto 0x8001ceb7;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000001;
				goto 0x8001ceb7;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000020;
				goto 0x8001ceb7;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000002;
				goto 0x8001ceb7;
				 *(_t133 + 0x34) =  *(_t133 + 0x34) & 0x00000000;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) & 0x00000000;
				 *(_t133 + 0x3c) =  *(_t133 + 0x3c) & 0x00000000;
				 *((char*)(_t133 + 0x40)) = 0;
				 *(_t133 + 0x38) = _t105;
				 *((char*)(_t133 + 0x54)) = 0;
				goto 0x8001ceb7;
				if (E0000000118001E040(_t133) == 0) goto 0x8001cf02;
				_t102 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18))));
				 *((char*)(_t133 + 0x41)) = _t102;
				if (_t102 != 0) goto 0x8001cd64;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 1;
				 *((intOrPtr*)(_t133 + 0x470)) =  *((intOrPtr*)(_t133 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t133 + 0x470)) != 2) goto 0x8001cd57;
				return  *((intOrPtr*)(_t133 + 0x28));
			}

0x18001ccfc
0x18001cd01
0x18001cd0b
0x18001cd0e
0x18001cd19
0x18001cd24
0x18001cd26
0x18001cd2b
0x18001cd31
0x18001cd38
0x18001cd3d
0x18001cd4a
0x18001cd57
0x18001cd5b
0x18001cd5f
0x18001cd64
0x18001cd6c
0x18001cd7d
0x18001cd7f
0x18001cd82
0x18001cd8e
0x18001cd9b
0x18001cd9e
0x18001cda4
0x18001cdaa
0x18001cdac
0x18001cdb5
0x18001cdbe
0x18001cdc7
0x18001cdcc
0x18001cdd1
0x18001cdd6
0x18001cddb
0x18001cde4
0x18001cde9
0x18001cdf1
0x18001cdf6
0x18001cdff
0x18001ce08
0x18001ce0d
0x18001ce12
0x18001ce1b
0x18001ce20
0x18001ce23
0x18001ce26
0x18001ce28
0x18001ce2c
0x18001ce35
0x18001ce3b
0x18001ce3d
0x18001ce46
0x18001ce49
0x18001ce4e
0x18001ce50
0x18001ce56
0x18001ce5b
0x18001ce5d
0x18001ce62
0x18001ce66
0x18001ce6a
0x18001ce6e
0x18001ce72
0x18001ce74
0x18001ce78
0x18001ce7a
0x18001ce7e
0x18001ce80
0x18001ce84
0x18001ce86
0x18001ce8a
0x18001ce8c
0x18001ce90
0x18001ce92
0x18001ce96
0x18001ce9a
0x18001ce9e
0x18001cea2
0x18001cea5
0x18001cea9
0x18001ceb5
0x18001cebb
0x18001cebd
0x18001cec2
0x18001cec8
0x18001cecc
0x18001ced9
0x18001cef1

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001CD31
_invalid_parameter_noinfo.LIBCMT ref: 000000018001CEFD

Strings

*, xrefs: 000000018001CE31
, xrefs: 000000018001CE86

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 1646cd5fd74719c631f3a16c18d5b62cf62e21b99afc6fc28a16abcdda7e40b0
Instruction ID: 3093aad3e84658dcb4144d1e0c0bc29ba82b523110a5622d08af59a3dc0e8b4f
Opcode Fuzzy Hash: 1646cd5fd74719c631f3a16c18d5b62cf62e21b99afc6fc28a16abcdda7e40b0
Instruction Fuzzy Hash: 94617472104A488AE7E78F3890457FC3BE1F31DB99F189116EA42462D9CF35CA89C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180007800 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00000001180007800(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t19;
				void* _t27;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;

				_t27 = _t45;
				 *((long long*)(_t27 + 0x20)) = __rbx;
				 *((long long*)(_t27 + 0x18)) = __r8;
				 *((long long*)(_t27 + 0x10)) = __rdx;
				_t43 = _t27 - 0x3f;
				_t46 = _t45 - 0xc0;
				if ( *__rcx == 0x80000003) goto 0x800078a4;
				E0000000118000635C(_t27);
				r12d =  *((intOrPtr*)(_t43 + 0x6f));
				if ( *((long long*)(_t27 + 0x10)) == 0) goto 0x800078bf;
				__imp__EncodePointer(_t59, _t56, _t54, _t52, _t36, _t39, _t42);
				E0000000118000635C(_t27);
				if ( *((intOrPtr*)(_t27 + 0x10)) == _t27) goto 0x800078bf;
				if ( *__rcx == 0xe0434f4d) goto 0x800078bf;
				r13d =  *((intOrPtr*)(_t43 + 0x77));
				if ( *__rcx == 0xe0434352) goto 0x800078c3;
				 *((intOrPtr*)(_t46 + 0x38)) = r12d;
				 *((long long*)(_t46 + 0x30)) =  *((intOrPtr*)(_t43 + 0x7f));
				 *((intOrPtr*)(_t46 + 0x28)) = r13d;
				 *((long long*)(_t46 + 0x20)) =  *((intOrPtr*)(_t43 + 0x67));
				_t19 = E00000001180004274(__rcx,  *((intOrPtr*)(_t43 + 0x4f)), __r8, __r9);
				if (_t19 == 0) goto 0x800078c3;
				return _t19;
			}

0x180007800
0x180007803
0x180007807
0x18000780b
0x18000781a
0x18000781e
0x180007834
0x180007836
0x18000783b
0x180007848
0x18000784c
0x180007855
0x18000785e
0x180007867
0x180007870
0x180007874
0x180007884
0x18000788c
0x180007891
0x180007896
0x18000789b
0x1800078a2
0x1800078be

APIs

EncodePointer.KERNEL32 ref: 000000018000784C
_CallSETranslator.LIBVCRUNTIME ref: 000000018000789B

Strings

MOC, xrefs: 0000000180007860
RCC, xrefs: 0000000180007869

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 0a7d40613eec5a0ae0b036e886fad0baded823dcbebc9e8d3c73c3d4739afb33
Instruction ID: 466da5988d2739b236694d41aea771019c0105f2ccd66c040afd8ba58fb5fc97
Opcode Fuzzy Hash: 0a7d40613eec5a0ae0b036e886fad0baded823dcbebc9e8d3c73c3d4739afb33
Instruction Fuzzy Hash: 3F515733A04A888AEB62CF65D0803DD77A0F359BC8F148215EF4917B5ACF38D299C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180007F8C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00000001180007F8C(long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				signed int _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				void* _t55;
				intOrPtr _t60;
				signed int _t100;
				void* _t108;
				intOrPtr _t110;
				signed int* _t115;
				intOrPtr* _t135;
				void* _t138;
				void* _t141;
				void* _t143;
				void* _t157;
				void* _t158;

				_t108 = _t143;
				 *((long long*)(_t108 + 8)) = __rbx;
				 *((long long*)(_t108 + 0x10)) = __rbp;
				 *((long long*)(_t108 + 0x18)) = __rsi;
				 *((long long*)(_t108 + 0x20)) = __rdi;
				_t135 = __rcx;
				_t138 = __r9;
				_t158 = __r8;
				_t141 = __rdx;
				E00000001180009AFC(_t55, __r8);
				E0000000118000635C(_t108);
				_t115 = _a40;
				if ( *((intOrPtr*)(_t108 + 0x40)) != 0) goto 0x8000800e;
				if ( *__rcx == 0xe06d7363) goto 0x8000800e;
				if ( *__rcx != 0x80000029) goto 0x80007ff2;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0x80007ff6;
				goto 0x80007ff4;
				if ( *__rcx == 0x80000026) goto 0x8000800e;
				if (( *_t115 & 0x1fffffff) - 0x19930522 < 0) goto 0x8000800e;
				if ((_t115[9] & 0x00000001) != 0) goto 0x8000819d;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0x800080a6;
				if (_t115[1] == 0) goto 0x8000819d;
				if (_a48 != 0) goto 0x8000819d;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0x80008093;
				if ( *__rcx != 0x80000026) goto 0x80008071;
				_t60 = E000000011800065A0(_t115, __r9,  *((intOrPtr*)(__r9 + 0x20)), __r9);
				if (_t60 - 0xffffffff < 0) goto 0x800081bd;
				if (_t60 - _t115[1] >= 0) goto 0x800081bd;
				r9d = _t60;
				E00000001180008EA8(_t108, _t141, __r9, _t115);
				goto 0x8000819d;
				if ( *_t135 != 0x80000029) goto 0x80008093;
				r9d =  *((intOrPtr*)(_t135 + 0x38));
				if (r9d - 0xffffffff < 0) goto 0x800081bd;
				if (r9d - _t115[1] >= 0) goto 0x800081bd;
				goto 0x80008061;
				E00000001180004660(r9d - _t115[1], _t108, _t115, __r9, __r9, _t115);
				goto 0x8000819d;
				if (_t115[3] != 0) goto 0x800080ee;
				if (( *_t115 & 0x1fffffff) - 0x19930521 < 0) goto 0x800080ce;
				_t100 = _t115[8];
				if (_t100 == 0) goto 0x800080ce;
				E00000001180004F68(_t108);
				if (_t100 != 0) goto 0x800080ee;
				if (( *_t115 & 0x1fffffff) - 0x19930522 < 0) goto 0x8000819d;
				if ((_t115[9] >> 0x00000002 & 0x00000001) == 0) goto 0x8000819d;
				if ( *_t135 != 0xe06d7363) goto 0x80008164;
				if ( *((intOrPtr*)(_t135 + 0x18)) - 3 < 0) goto 0x80008164;
				if ( *((intOrPtr*)(_t135 + 0x20)) - 0x19930522 <= 0) goto 0x80008164;
				_t110 =  *((intOrPtr*)(_t135 + 0x30));
				if ( *((intOrPtr*)(_t110 + 8)) == 0) goto 0x80008164;
				E00000001180004F7C(_t110);
				if (_t110 +  *((intOrPtr*)( *((intOrPtr*)(_t135 + 0x30)) + 8)) == 0) goto 0x80008164;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t115;
				 *0x8004c3c0(_t157);
				goto 0x800081a2;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t115;
				E00000001180006E3C(_a48, 0x80000026, _t135, _t141, _t158, _t138, _t110 +  *((intOrPtr*)( *((intOrPtr*)(_t135 + 0x30)) + 8)));
				return 1;
			}

0x180007f8c
0x180007f8f
0x180007f93
0x180007f97
0x180007f9b
0x180007fa5
0x180007fa8
0x180007fae
0x180007fb1
0x180007fb4
0x180007fb9
0x180007fbe
0x180007fd4
0x180007fdc
0x180007fe0
0x180007fe6
0x180007ff0
0x180007ff4
0x180008002
0x180008008
0x180008012
0x18000801c
0x18000802a
0x180008034
0x180008038
0x180008044
0x18000804c
0x180008055
0x18000805b
0x180008067
0x18000806c
0x180008073
0x180008075
0x18000807d
0x180008087
0x180008091
0x18000809c
0x1800080a1
0x1800080aa
0x1800080b8
0x1800080ba
0x1800080be
0x1800080c0
0x1800080cc
0x1800080da
0x1800080e8
0x1800080f4
0x1800080fa
0x180008103
0x180008105
0x18000810d
0x18000810f
0x180008122
0x18000812f
0x180008141
0x180008150
0x180008157
0x18000815c
0x180008162
0x18000816f
0x180008181
0x18000818f
0x180008193
0x180008198
0x1800081bc

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 0000000180007FB4
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 000000018000809C

Strings

csm, xrefs: 0000000180007FD6
csm, xrefs: 00000001800080EE

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: f55e56815e57b972053d46aa37b2289014dba0cb3d7bc8ca92b9649a6927ca6e
Instruction ID: 6f33fb6362db551dfafd20b84a2e58a9201495c5bfce55b7d3b02a997612685e
Opcode Fuzzy Hash: f55e56815e57b972053d46aa37b2289014dba0cb3d7bc8ca92b9649a6927ca6e
Instruction Fuzzy Hash: 07517A321007888AEBE6CF21E4443E976E4FB58BC4F148125EAD947B96CF38D669DB01

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000DDE8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E0000000118000DDE8(void* __edx, long long __rbx, signed int* __rcx, long long __rsi, void* __r10, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				char _v104;
				intOrPtr _v112;
				char _v120;
				void* _t28;
				void* _t31;
				signed long long _t40;
				signed int* _t45;
				intOrPtr* _t48;
				long long _t53;
				signed int* _t56;
				void* _t65;
				void* _t69;

				_a16 = __rbx;
				_a24 = __rsi;
				_t40 =  *0x80098010; // 0x6aeceb4fd839
				_v24 = _t40 ^ _t65 - 0x00000090;
				_t45 = __rcx;
				_t48 =  *0x80099490; // 0x0
				_t31 = __edx;
				if ( *_t48 != sil) goto 0x8000de2e;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				goto 0x8000dee3;
				if ( *0x8004e150 - 0x30 - 9 > 0) goto 0x8000de56;
				 *0x80099490 = 0x18004e151;
				E0000000118000A130( *0x8004e150 - 0x2f, __rcx,  *0x8004e150 - 0x2f, __rsi, __r10);
				goto 0x8000dee6;
				E00000001180011730(_t28,  &_v120,  *0x8004e150 - 0x2f);
				_t53 =  *0x80099490; // 0x0
				if (_v112 == sil) goto 0x8000deca;
				 *0x80099490 = _t53 + 1;
				if (_t31 != 0x42) goto 0x8000deba;
				asm("movsd xmm3, [esp+0x20]");
				asm("dec cx");
				E00000001180012358(_t28, _v120,  &_v104,  *0x8004e150 - 0x2f, "%lf", _t69);
				r8b = sil;
				_t56 = _t45;
				E00000001180009C28(_t56,  &_v104);
				goto 0x8000dee6;
				if (_t31 != 0x41) goto 0x8000deca;
				asm("movss xmm3, [esp+0x20]");
				asm("cvtps2pd xmm3, xmm3");
				goto 0x8000de8d;
				_t58 =  !=  ? __rsi : 0x8004e150;
				asm("sbb eax, eax");
				_t45[2] =  ~( *_t56) & 0x00000002;
				 *_t45 =  !=  ? __rsi : 0x8004e150;
				return E00000001180002630( ~( *_t56) & 0x00000002, _t28, _v24 ^ _t65 - 0x00000090);
			}

0x18000dde8
0x18000dded
0x18000ddfa
0x18000de04
0x18000de0c
0x18000de11
0x18000de18
0x18000de1d
0x18000de1f
0x18000de29
0x18000de34
0x18000de3f
0x18000de4c
0x18000de51
0x18000de5b
0x18000de60
0x18000de6c
0x18000de76
0x18000de85
0x18000de87
0x18000de8d
0x18000dea3
0x18000dea8
0x18000deb0
0x18000deb3
0x18000deb8
0x18000debd
0x18000debf
0x18000dec5
0x18000dec8
0x18000ded5
0x18000dedb
0x18000dee0
0x18000dee3
0x18000df0d

APIs

DName::DName.LIBVCRUNTIME ref: 000000018000DE4C

Strings

%lf, xrefs: 000000018000DE92

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: NameName::
String ID: %lf
API String ID: 1333004437-2891890143
Opcode ID: 0e005e5782be8c9f88d5980ea75e888043a02d4896cfbdc3e262c7ce7a3a8429
Instruction ID: 2f7c35b65bc8e61a3ccfa3373e7949a501aa4c3491312024b62a44ea460bf03f
Opcode Fuzzy Hash: 0e005e5782be8c9f88d5980ea75e888043a02d4896cfbdc3e262c7ce7a3a8429
Instruction Fuzzy Hash: 73317032218A8C85EAA2DB24E8503EA77A0F39DBC4F44C512F99D4B745CF3CC64AC740

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002DD7C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E0000000118002DD7C(void* __ebx, void* __eflags, long long __rbx, signed long long __rcx, void* __rsi, void* __rbp, long long _a8) {
				signed int _v24;
				signed char _v32;
				signed long long _v40;
				signed int _v56;
				signed long long _t34;
				signed long long _t35;
				signed long long _t39;
				signed long long _t41;
				void* _t50;

				_t48 = __rsi;
				_t41 = __rcx;
				_a8 = __rbx;
				_t51 = _t50 - 0x50;
				_t34 =  *0x80098010; // 0x6aeceb4fd839
				_t35 = _t34 ^ _t50 - 0x00000050;
				_v24 = _t35;
				E0000000118002CA30(0xc, __rbx, "GetProcessWindowStation", __rsi, 0x80050408, "GetProcessWindowStation");
				_t39 = _t35;
				if (_t35 == 0) goto 0x8002de28;
				E0000000118002CA30(0x10, _t39, "GetUserObjectInformationW", _t48, 0x80050490, "GetUserObjectInformationW");
				if (_t35 == 0) goto 0x8002de28;
				 *0x8004c3c0();
				if (_t39 == 0) goto 0x8002de24;
				_v56 = _v56 & _t41;
				_v40 = _t41;
				_v32 = 0;
				_t8 = _t41 + 0xc; // 0xc
				r9d = _t8;
				if ( *0x8004c3c0() == 0) goto 0x8002de24;
				if ((_v32 & 0x00000001) != 0) goto 0x8002de28;
				goto 0x8002de2a;
				return E00000001180002630(1, 0, _v24 ^ _t51);
			}

0x18002dd7c
0x18002dd7c
0x18002dd7c
0x18002dd82
0x18002dd86
0x18002dd8d
0x18002dd90
0x18002ddaf
0x18002ddb4
0x18002ddba
0x18002ddd6
0x18002dde1
0x18002dde6
0x18002ddef
0x18002ddf8
0x18002ddfd
0x18002de02
0x18002de06
0x18002de06
0x18002de1b
0x18002de22
0x18002de26
0x18002de41

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002DDAF
try_get_function.LIBVCRUNTIME ref: 000000018002DDD6

Part of subcall function 000000018002CA30: GetProcAddress.KERNEL32(?,?,FFFFFFFF,000000018002D2B2,?,?,00006AECEB4FD839,0000000180025D2E,?,?,00006AECEB4FD839,000000018002522D), ref: 000000018002CB88

Strings

GetUserObjectInformationW, xrefs: 000000018002DDBC, 000000018002DDCF
GetProcessWindowStation, xrefs: 000000018002DD95, 000000018002DDA8

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: try_get_function$AddressProc
String ID: GetProcessWindowStation$GetUserObjectInformationW
API String ID: 1640347226-2732317663
Opcode ID: 7e946b48421f58d96e4b4212208b752b618521f5e63e58538cc091bec1b6efb8
Instruction ID: 6cee8e335d60c5688038676f84690567d0e5a61781febf229d07200bce2a1f8b
Opcode Fuzzy Hash: 7e946b48421f58d96e4b4212208b752b618521f5e63e58538cc091bec1b6efb8
Instruction Fuzzy Hash: 71116D7221478C81EEC39B10A4547EA23A4AB4C7C8F54D42ABA4D1B794DF79CA4ECB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002DA10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0000000118002DA10(long long _a8) {
				void* _t9;
				long long _t10;
				void* _t17;

				_a8 = _t10;
				E0000000118002CA30(0x21, _t10, "SystemFunction036", _t17, 0x800506a0, "SystemFunction036");
				if (_t9 == 0) goto 0x8002da59;
				goto ( *0x8004c3c0);
			}

0x18002da10
0x18002da39
0x18002da41
0x18002da52

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002DA39
try_get_function.LIBVCRUNTIME ref: 000000018002DA83

Strings

SystemFunction036, xrefs: 000000018002DA1C, 000000018002DA26
SetThreadStackGuarantee, xrefs: 000000018002DA69, 000000018002DA7C

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: try_get_function
String ID: SetThreadStackGuarantee$SystemFunction036
API String ID: 2742660187-2910880125
Opcode ID: 8d99121bb8734fa120d76fc5bd896e9d570e4050c9d85109e5c16a676e1f76cd
Instruction ID: 9bac60c3d744267aae801e29585266bb1c5ae6a7a1b39fa46b7eb40e124b61c7
Opcode Fuzzy Hash: 8d99121bb8734fa120d76fc5bd896e9d570e4050c9d85109e5c16a676e1f76cd
Instruction Fuzzy Hash: B6016271711A4CD5FACB9B91E8517D82361EB8C3C4F58D022BA1916691DE388BADC301

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002DCD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E0000000118002DCD0() {
				void* _t9;
				void* _t11;
				void* _t17;

				E0000000118002CA30(7, _t11, "GetActiveWindow", _t17, 0x80050378, "GetActiveWindow");
				if (_t9 == 0) goto 0x8002dd40;
				 *0x8004c3c0();
				if (_t9 == 0) goto 0x8002dd40;
				E0000000118002CA30(0xa, _t9, "GetLastActivePopup", _t17, "\r", "GetLastActivePopup");
				if (_t9 != 0) goto 0x8002dd31;
				goto 0x8002dd42;
				goto ( *0x8004c3c0);
			}

0x18002dcf0
0x18002dcf8
0x18002dcfa
0x18002dd06
0x18002dd22
0x18002dd2a
0x18002dd2f
0x18002dd39

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002DCF0
try_get_function.LIBVCRUNTIME ref: 000000018002DD22

Part of subcall function 000000018002CA30: GetProcAddress.KERNEL32(?,?,FFFFFFFF,000000018002D2B2,?,?,00006AECEB4FD839,0000000180025D2E,?,?,00006AECEB4FD839,000000018002522D), ref: 000000018002CB88

Strings

GetLastActivePopup, xrefs: 000000018002DD08, 000000018002DD1B
GetActiveWindow, xrefs: 000000018002DCD6, 000000018002DCE9

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: try_get_function$AddressProc
String ID: GetActiveWindow$GetLastActivePopup
API String ID: 1640347226-3742175580
Opcode ID: 2be03b43da60920c150577c420a04077fe1fe5a711a625523f2710880bf34297
Instruction ID: 2424664d192af153cbf0412bfe1d59fa056f47691667bdb899f4c44e5df24b7c
Opcode Fuzzy Hash: 2be03b43da60920c150577c420a04077fe1fe5a711a625523f2710880bf34297
Instruction Fuzzy Hash: 15F09031612B4CD2FFC78B5098117E81394AB0C7C4F94C066BD082A390EE7C9B8DC311

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002DAA4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E0000000118002DAA4(void* __ecx, void* __rax, long long __rbx, void* __rsi, void* __rbp, long long _a8) {
				void* _t6;
				void* _t16;
				void* _t20;
				long long _t21;

				_t25 = __rsi;
				_t21 = __rbx;
				_t20 = __rax;
				_a8 = __rbx;
				_t6 = E0000000118002842C();
				_t2 = _t21 + 1; // 0x1
				_t16 = _t2;
				if (_t6 != _t16) goto 0x8002db04;
				_t3 = _t21 + 0x18; // 0x18
				E0000000118002CA30(_t3, __rbx, "MessageBoxA", __rsi, "\r", "MessageBoxA");
				if (_t20 == 0) goto 0x8002db04;
				_t4 = _t21 + 0x19; // 0x19
				E0000000118002CA30(_t4, _t21, "MessageBoxW", _t25, "\r", "MessageBoxW");
				_t12 =  !=  ? _t16 : 0;
				_t9 =  !=  ? _t16 : 0;
				return  !=  ? _t16 : 0;
			}

0x18002daa4
0x18002daa4
0x18002daa4
0x18002daa4
0x18002dab0
0x18002dab5
0x18002dab5
0x18002daba
0x18002dad1
0x18002dad4
0x18002dadc
0x18002daf3
0x18002daf6
0x18002db01
0x18002db04
0x18002db10

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002DAD4
try_get_function.LIBVCRUNTIME ref: 000000018002DAF6

Part of subcall function 000000018002CA30: GetProcAddress.KERNEL32(?,?,FFFFFFFF,000000018002D2B2,?,?,00006AECEB4FD839,0000000180025D2E,?,?,00006AECEB4FD839,000000018002522D), ref: 000000018002CB88

Strings

MessageBoxA, xrefs: 000000018002DABC, 000000018002DACA
MessageBoxW, xrefs: 000000018002DADE, 000000018002DAEC

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: try_get_function$AddressProc
String ID: MessageBoxA$MessageBoxW
API String ID: 1640347226-1053882329
Opcode ID: ff75717a4e3ce66e6cbdded3c05b7fe81b944270df7c8964d1926708a12fa759
Instruction ID: 57767b74a7c69eca1bfee5d22ae1c723207e43eef162ca1d820dafde1b85b184
Opcode Fuzzy Hash: ff75717a4e3ce66e6cbdded3c05b7fe81b944270df7c8964d1926708a12fa759
Instruction Fuzzy Hash: DDF04F31200A4ED5EAC7DF60E8917D92360EB0C3C8FA4D416B50852165EF78CB4DCB80

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D360 Relevance: 6.2, APIs: 4, Instructions: 193
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E0000000118000D360(void* __edi, void* __eflags, void* __rax, long long __rbx, signed long long* __rcx, void* __rdx, void* __rdi, long long __rsi, void* __r8, long long __r12, long long _a8, long long _a16, long long _a24) {
				void* _v24;
				char _v56;
				char _v72;
				signed int _v80;
				signed long long _v88;
				signed long long _v96;
				char _v104;
				signed int _v112;
				char _v120;
				signed int _t70;
				void* _t85;
				void* _t86;
				signed int _t96;
				signed int _t98;
				signed int _t99;
				signed long long _t106;
				intOrPtr* _t126;
				intOrPtr* _t127;
				long long _t129;
				long long _t130;
				signed char* _t131;
				intOrPtr* _t132;
				intOrPtr* _t134;
				char* _t135;
				signed long long* _t139;
				void* _t175;
				void* _t176;
				signed long long _t180;
				long long _t182;

				_t178 = __r12;
				_t170 = __r8;
				_t164 = __rsi;
				_t163 = __rdi;
				_t155 = __rdx;
				_t95 = __edi;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __r12;
				_t139 = __rcx;
				 *0x800994b4 =  *0x800994b4 + 1;
				_t70 =  *0x800994a0; // 0x0
				asm("bt eax, 0xd");
				if (__eflags >= 0) goto 0x8000d3c2;
				asm("btr eax, 0xd");
				 *0x800994a0 = _t70;
				E0000000118000D24C(0, __edi, __eflags, __rax, __rcx,  &_v104, __rdx, __rdi, __rsi, __r8);
				asm("bts dword [0x8c0f0], 0xd");
				 *_t139 = _v104;
				_t139[1] = _v96;
				goto 0x8000d61e;
				_t126 =  *0x80099490; // 0x0
				_t87 =  *_t126;
				if ( *_t126 != 0x3f) goto 0x8000d602;
				_t127 = _t126 + 1;
				 *0x80099490 = _t127;
				if ( *_t127 != 0x3f) goto 0x8000d432;
				if ( *((intOrPtr*)(_t127 + 1)) != 0x3f) goto 0x8000d40d;
				E0000000118000D360(__edi,  *((intOrPtr*)(_t127 + 1)) - 0x3f, _t127 + 1, _t139,  &_v104, _t155, __rdi, __rsi, _t170, __r12);
				_t129 =  *0x80099490; // 0x0
				goto 0x8000d406;
				_t130 = _t129 + 1;
				 *0x80099490 = _t130;
				if ( *_t130 != 0) goto 0x8000d3fc;
				goto 0x8000d3b0;
				if ( *_t130 != 0x24) goto 0x8000d41f;
				E00000001180010768(_t86,  *_t126, 1, __edi, _t139,  &_v120, _t155, __rdi, _t164);
				goto 0x8000d440;
				 *0x80099490 = _t130;
				r8d = 0;
				E0000000118000E75C( *_t126, 0, _t95, _t139,  &_v120, _t163, _t164, _t170, _t178);
				goto 0x8000d440;
				r8d = 0;
				E00000001180011B98(_t86, _t87, 1, _t95, _t139,  &_v120, _t163, _t164, _t170, _t175, _t176);
				_t96 = _v112;
				_t180 = _v120;
				_t106 = _t180;
				if (_t106 == 0) goto 0x8000d45a;
				asm("bt esi, 0x9");
				if (_t106 >= 0) goto 0x8000d45a;
				r12d = 1;
				goto 0x8000d45d;
				r12d = 0;
				r15d = _t96;
				r15d = r15d >> 0xf;
				r15d = r15d & 0x00000001;
				if (_v112 - 1 <= 0) goto 0x8000d479;
				 *_t139 = _t180;
				_t139[1] = _t96;
				goto 0x8000d61e;
				_t131 =  *0x80099490; // 0x0
				if (( *_t131 & 0x000000bf) == 0) goto 0x8000d56c;
				E0000000118000FAF4(_t95, _t139,  &_v104, _t163, _t164, _t175, _t176, _t178);
				if (_v104 == 0) goto 0x8000d56c;
				if ( *0x800994a4 == 0) goto 0x8000d523;
				 *0x800994a4 = 0;
				E0000000118000A4B0( &_v120,  &_v88,  &_v104);
				_v120 =  *_t131;
				_v112 = _t131[8];
				_t132 =  *0x80099490; // 0x0
				if ( *_t132 == 0x40) goto 0x8000d56c;
				E0000000118000FAF4(_t95, _t139,  &_v88, _t163, _t164, _t175, _t176, _t178);
				_v104 =  *_t132;
				_v96 =  *(_t132 + 8);
				_v88 = "::";
				_v80 = 2;
				asm("movaps xmm0, [ebp-0x40]");
				asm("movdqa [ebp-0x40], xmm0");
				E0000000118000A484( &_v104,  &_v72,  &_v88);
				goto 0x8000d553;
				_t134 = "::";
				_v88 = _t134;
				_v80 = 2;
				asm("movaps xmm0, [ebp-0x40]");
				asm("movdqa [ebp-0x40], xmm0");
				E0000000118000A484( &_v104,  &_v56,  &_v88);
				E0000000118000A4B0(_t134,  &_v72,  &_v120);
				_t98 =  *(_t134 + 8);
				_t182 =  *_t134;
				_v112 = _t98;
				_v120 = _t182;
				if (r12d == 0) goto 0x8000d57d;
				if (_t182 == 0) goto 0x8000d57d;
				asm("bts esi, 0x9");
				_v112 = _t98;
				if (r15d == 0) goto 0x8000d58c;
				_t99 = _t98 | 0x00008000;
				_v112 = _t99;
				if (_t182 == 0) goto 0x8000d46e;
				if ((0x00001000 & _t99) != 0) goto 0x8000d46e;
				_t135 =  *0x80099490; // 0x0
				if ( *_t135 == 0) goto 0x8000d5c8;
				if ( *_t135 == 0x40) goto 0x8000d5c1;
				_t139[1] = _t139[1] & 0x00000000;
				_t139[1] = 2;
				 *_t139 =  *_t139 & 0x00000000;
				goto 0x8000d61e;
				 *0x80099490 =  *0x80099490 + 1;
				if (( *0x800994a0 & 0x00001000) == 0) goto 0x8000d5f4;
				if (r12d != 0) goto 0x8000d5f4;
				if ((0x00008000 & _t99) != 0) goto 0x8000d5f4;
				_v88 = _v88 & 0x00000000;
				_v80 = _v80 & r12d;
				E0000000118000A93C(_t139,  &_v56,  &_v88);
				goto 0x8000d46e;
				_t85 = E0000000118000A93C(_t139, _t139,  &_v120);
				goto 0x8000d61e;
				 *_t139 =  *_t139 & 0x00000000;
				_t139[1] = _t139[1] & 0x00000000;
				if (0x8000 == 0) goto 0x8000d614;
				_t139[1] = 2;
				goto 0x8000d61e;
				 *_t139 = 0x8004e150;
				 *0x800994b4 =  *0x800994b4 - 1;
				return _t85;
			}

0x18000d360
0x18000d360
0x18000d360
0x18000d360
0x18000d360
0x18000d360
0x18000d360
0x18000d365
0x18000d36a
0x18000d37e
0x18000d381
0x18000d387
0x18000d38d
0x18000d391
0x18000d393
0x18000d397
0x18000d3a3
0x18000d3a8
0x18000d3b4
0x18000d3ba
0x18000d3bd
0x18000d3c2
0x18000d3c9
0x18000d3cf
0x18000d3d5
0x18000d3d8
0x18000d3e1
0x18000d3e8
0x18000d3ee
0x18000d3f3
0x18000d3fa
0x18000d3fc
0x18000d3ff
0x18000d409
0x18000d40b
0x18000d414
0x18000d418
0x18000d41d
0x18000d41f
0x18000d426
0x18000d42b
0x18000d430
0x18000d432
0x18000d43b
0x18000d440
0x18000d443
0x18000d447
0x18000d44a
0x18000d44c
0x18000d450
0x18000d452
0x18000d458
0x18000d45a
0x18000d45d
0x18000d460
0x18000d464
0x18000d46c
0x18000d46e
0x18000d471
0x18000d474
0x18000d479
0x18000d483
0x18000d48d
0x18000d497
0x18000d4a4
0x18000d4a6
0x18000d4b9
0x18000d4c1
0x18000d4c8
0x18000d4cb
0x18000d4d5
0x18000d4df
0x18000d4e7
0x18000d4ee
0x18000d4f8
0x18000d4fc
0x18000d503
0x18000d507
0x18000d518
0x18000d521
0x18000d523
0x18000d52a
0x18000d52e
0x18000d535
0x18000d539
0x18000d54a
0x18000d55a
0x18000d55f
0x18000d562
0x18000d565
0x18000d568
0x18000d56f
0x18000d574
0x18000d576
0x18000d57a
0x18000d585
0x18000d587
0x18000d589
0x18000d58f
0x18000d59c
0x18000d5a2
0x18000d5ac
0x18000d5b1
0x18000d5b3
0x18000d5b7
0x18000d5bb
0x18000d5bf
0x18000d5c1
0x18000d5ce
0x18000d5d3
0x18000d5d7
0x18000d5d9
0x18000d5de
0x18000d5ea
0x18000d5ef
0x18000d5fb
0x18000d600
0x18000d602
0x18000d606
0x18000d60c
0x18000d60e
0x18000d612
0x18000d61b
0x18000d61e
0x18000d643

APIs

Part of subcall function 000000018000FAF4: DName::operator+.LIBVCRUNTIME ref: 000000018000FB85
Part of subcall function 000000018000FAF4: DName::operator+.LIBVCRUNTIME ref: 000000018000FBBE
Part of subcall function 000000018000FAF4: DName::operator+.LIBVCRUNTIME ref: 000000018000FEE7

DName::operator+.LIBVCRUNTIME ref: 000000018000D4B9
DName::operator+.LIBVCRUNTIME ref: 000000018000D518
DName::operator+.LIBVCRUNTIME ref: 000000018000D54A
DName::operator+.LIBVCRUNTIME ref: 000000018000D55A

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 38f1bf533089608aef003895abffb49863fec01f03d4e037286226b5ccaa5b94
Instruction ID: a38ad798fea54db416edc4c97e935920d81911d5c5dce3549ae3d533ee8a0e9e
Opcode Fuzzy Hash: 38f1bf533089608aef003895abffb49863fec01f03d4e037286226b5ccaa5b94
Instruction Fuzzy Hash: 9F915A72A04B5C89FB93CBA4D8403ED37B1B349798F54C016EE492B699DF788A49C350

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000DB20 Relevance: 6.1, APIs: 4, Instructions: 134
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 84%

			E0000000118000DB20(void* __eflags, long long __rbx, signed long long* __rcx, void* __rdx, long long __rdi, void* __rsi, char* __r8, void* __r10, long long _a8, long long _a16) {
				char _v24;
				char _v40;
				signed int _v48;
				signed int _v56;
				char _t41;
				void* _t50;
				intOrPtr* _t76;
				char* _t77;
				intOrPtr* _t78;
				char* _t79;
				signed long long* _t86;
				long long _t89;
				char* _t90;
				signed long long _t98;
				long long _t104;
				signed long long _t119;
				char* _t121;

				_a8 = __rbx;
				_a16 = __rdi;
				_v56 = _v56 & 0x00000000;
				_t86 = __rcx;
				_t89 =  *0x80099490; // 0x0
				_t121 = __r8;
				_v48 = _v48 & 0x00000000;
				_t90 = _t89 + 1;
				 *0x80099490 = _t90;
				r10d =  *_t90;
				r8d = r10d;
				r8d = r8d - 0x41;
				if (__eflags == 0) goto 0x8000dcd5;
				r8d = r8d - 1;
				if (__eflags == 0) goto 0x8000dca7;
				if (r8d == 1) goto 0x8000dc9f;
				if ( *_t90 == 0) goto 0x8000dc93;
				_t41 =  *((char*)(_t90 + 1));
				if (_t41 == 0) goto 0x8000dc93;
				if (r9d != 0) goto 0x8000dcac;
				r10d = r10d << 4;
				_t8 = _t90 + 2; // 0x3
				_t76 = _t8;
				 *0x80099490 = _t76;
				if (_t41 + 0xfffffcd0 + r10d - 1 <= 0) goto 0x8000dbe7;
				E0000000118000A130(E0000000118000B87C(0x2c, _t76, __rcx,  &_v56),  &_v40, __rdx, __rsi, __r10);
				E0000000118000A4B0( &_v56,  &_v24, _t76);
				_v56 =  *_t76;
				_v48 =  *((intOrPtr*)(_t76 + 8));
				r8b = 0x3e;
				E0000000118000A4DC( &_v56,  &_v24);
				_t77 =  *0x80099490; // 0x0
				_v56 =  *_t76;
				_v48 =  *((intOrPtr*)(_t76 + 8));
				if ( *_t77 != 0x24) goto 0x8000dc1c;
				_t78 = _t77 + 1;
				 *0x80099490 = _t78;
				goto 0x8000dc40;
				r8b = 0x5e;
				E0000000118000A4DC( &_v56,  &_v24);
				_t98 =  *_t78;
				_t79 =  *0x80099490; // 0x0
				_v56 = _t98;
				_v48 =  *((intOrPtr*)(_t78 + 8));
				_t119 = _t98;
				if ( *_t79 == 0) goto 0x8000dc54;
				 *0x80099490 = _t79 + 1;
				goto 0x8000dc84;
				if (_v48 - 1 > 0) goto 0x8000dc84;
				if (_t119 == 0) goto 0x8000dc78;
				E00000001180009CFC(_t79 + 1, _t86,  &_v56, 0x8004e150);
				goto 0x8000dc84;
				asm("bts edx, 0xe");
				 *_t86 = 0x8004e150;
				_t86[1] = 1;
				goto 0x8000dd14;
				 *_t86 = 0x8004e150;
				goto 0x8000dd10;
				 *0x8004e150 = 5;
				goto 0x8000dcc9;
				if (r9d == 0) goto 0x8000dcba;
				_t86[1] = _t86[1] & 0x00000000;
				 *_t86 =  *_t86 & 0x00000000;
				_t86[1] = 2;
				goto 0x8000dd14;
				 *_t121 = 1;
				E0000000118000B87C(0x3e, _t79 + 1, _t86,  &_v56);
				goto 0x8000dd05;
				if (r9d != 0) goto 0x8000dd01;
				r8d =  *0x8004e150;
				_t35 = _t119 - 2; // -67
				_t50 = _t35;
				if (_t50 - 1 <= 0) goto 0x8000dcf4;
				if (r8d != 1) goto 0x8000dd01;
				 *0x8004e150 = 4;
				goto 0x8000dcfa;
				 *0x8004e150 = 5;
				_t104 =  *0x80099490; // 0x0
				_t36 = _t104 + 1; // 0x1
				 *_t86 =  *_t86 & 0x00000000;
				 *0x80099490 = _t36;
				_t86[1] = _t86[1] & 0x00000000;
				return _t50;
			}

0x18000db20
0x18000db25
0x18000db32
0x18000db37
0x18000db3a
0x18000db41
0x18000db44
0x18000db48
0x18000db4b
0x18000db52
0x18000db56
0x18000db59
0x18000db5d
0x18000db63
0x18000db67
0x18000db71
0x18000db7a
0x18000db80
0x18000db86
0x18000db8f
0x18000db97
0x18000dba1
0x18000dba1
0x18000dba8
0x18000dbb2
0x18000dbc5
0x18000dbd5
0x18000dbe0
0x18000dbe4
0x18000dbe7
0x18000dbf2
0x18000dbfd
0x18000dc04
0x18000dc08
0x18000dc0e
0x18000dc10
0x18000dc13
0x18000dc1a
0x18000dc1c
0x18000dc27
0x18000dc2c
0x18000dc32
0x18000dc39
0x18000dc3d
0x18000dc43
0x18000dc46
0x18000dc4b
0x18000dc52
0x18000dc58
0x18000dc5d
0x18000dc6a
0x18000dc76
0x18000dc84
0x18000dc88
0x18000dc8b
0x18000dc8e
0x18000dc9a
0x18000dc9d
0x18000dc9f
0x18000dca5
0x18000dcaa
0x18000dcac
0x18000dcb0
0x18000dcb4
0x18000dcb8
0x18000dcbc
0x18000dcc4
0x18000dcd3
0x18000dcd8
0x18000dcda
0x18000dcdd
0x18000dcdd
0x18000dce4
0x18000dcea
0x18000dcec
0x18000dcf2
0x18000dcf4
0x18000dcfa
0x18000dd01
0x18000dd05
0x18000dd09
0x18000dd10
0x18000dd26

APIs

DName::DName.LIBVCRUNTIME ref: 000000018000DBC5
DName::operator+.LIBVCRUNTIME ref: 000000018000DBD5
DName::operator+.LIBVCRUNTIME ref: 000000018000DBF2
DName::operator+.LIBVCRUNTIME ref: 000000018000DC27

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID:
API String ID: 168861036-0
Opcode ID: 3f0cade61651f5b9d110a6bcb856c4e43f5aa532ad8bee4f249e634218d1d67f
Instruction ID: adbe7d2e93381e82c9629cc3db08de1e554731afcf8cb40822115e13941c492d
Opcode Fuzzy Hash: 3f0cade61651f5b9d110a6bcb856c4e43f5aa532ad8bee4f249e634218d1d67f
Instruction Fuzzy Hash: F6516C72614A5D89F792CF64E880BED37A1F388B88F54C012EA0947795CF75C649C750

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000FFA8 Relevance: 6.1, APIs: 4, Instructions: 85
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 91%

			E0000000118000FFA8(signed int __ecx, void* __edi, intOrPtr* __rax, long long __rbx, signed long long* __rcx, void* __rdx, void* __rdi, void* __rsi, void* __r8, void* __r10, void* __r11, void* __r12, long long __r14, long long _a8, long long _a16) {
				char _v24;
				char _v40;
				char _v56;
				signed int _v64;
				char _v72;
				signed int _t36;
				signed int _t43;
				void* _t44;
				signed int _t45;
				intOrPtr* _t55;
				intOrPtr* _t56;
				char* _t57;
				char* _t58;
				signed long long* _t62;
				signed long long _t70;
				long long _t94;

				_t80 = __rsi;
				_t79 = __rdi;
				_t55 = __rax;
				_t45 = __ecx;
				_a8 = __rbx;
				_a16 = __r14;
				 *__rcx =  *__rcx & 0x00000000;
				_t62 = __rcx;
				__rcx[1] = __rcx[1] & 0x00000000;
				r8d = 0;
				E00000001180011B98(_t44, __ecx, 1, __edi, __rcx,  &_v56, __rdi, __rsi, __r8, __r10, __r11);
				_t94 = "::";
				 *__rcx =  *_t55;
				_t36 =  *(_t55 + 8);
				__rcx[1] = _t36;
				_t56 =  *0x80099490; // 0x0
				if (_t36 != 0) goto 0x8001004a;
				if ( *_t56 == 0) goto 0x8001004a;
				if ( *_t56 == 0x40) goto 0x8001004f;
				_v72 = _t94;
				_v64 = 2;
				asm("movaps xmm0, [ebp-0x40]");
				asm("movdqa [ebp-0x40], xmm0");
				E0000000118000FAF4(__edi, __rcx,  &_v56, _t79, _t80, __r10, __r11, __r12);
				E0000000118000A484(_t56,  &_v40,  &_v72);
				E0000000118000A4B0(_t56,  &_v24, _t62);
				_t70 =  *_t56;
				 *_t62 = _t70;
				_t62[1] =  *(_t56 + 8);
				_t57 =  *0x80099490; // 0x0
				if ( *_t57 != 0x40) goto 0x8001005b;
				_t58 = _t57 + 1;
				 *0x80099490 = _t58;
				goto 0x800100ce;
				if ( *_t58 == 0) goto 0x8001006e;
				_t62[1] = _t62[1] & 0x00000000;
				 *_t62 =  *_t62 & 0x00000000;
				_t62[1] = 2;
				goto 0x800100ce;
				if (_t70 != 0) goto 0x80010086;
				_t62[1] = _t62[1] & _t45;
				_t62[1] = 1;
				 *_t62 = 0x8004e150;
				goto 0x800100ce;
				_v72 = _t94;
				_v64 = 2;
				asm("movaps xmm0, [ebp-0x40]");
				_v64 = _v64 & 0x00000000;
				asm("movdqa [ebp-0x30], xmm0");
				_v72 = 0x8004e150;
				E0000000118000A484( &_v72,  &_v24,  &_v56);
				E0000000118000A4B0(0x8004e150,  &_v40, _t62);
				 *_t62 =  *0x8004e150;
				_t43 =  *0x18004E158;
				_t62[1] = _t43;
				return _t43;
			}

0x18000ffa8
0x18000ffa8
0x18000ffa8
0x18000ffa8
0x18000ffa8
0x18000ffad
0x18000ffba
0x18000ffbe
0x18000ffc1
0x18000ffc5
0x18000ffce
0x18000ffd3
0x18000ffdd
0x18000ffe0
0x18000ffe5
0x18000ffe8
0x18000ffef
0x18000fff4
0x18000fff9
0x18000fffb
0x180010003
0x18001000a
0x18001000e
0x180010013
0x180010023
0x180010032
0x180010037
0x18001003a
0x180010040
0x180010043
0x18001004d
0x18001004f
0x180010052
0x180010059
0x18001005e
0x180010060
0x180010064
0x180010068
0x18001006c
0x180010078
0x18001007a
0x18001007d
0x180010081
0x180010084
0x180010086
0x18001008e
0x180010099
0x1800100a1
0x1800100a5
0x1800100aa
0x1800100ae
0x1800100bd
0x1800100c5
0x1800100c8
0x1800100cb
0x1800100e0

APIs

Part of subcall function 0000000180011B98: Replicator::operator[].LIBVCRUNTIME ref: 0000000180011BF7

Part of subcall function 000000018000FAF4: DName::operator+.LIBVCRUNTIME ref: 000000018000FB85
Part of subcall function 000000018000FAF4: DName::operator+.LIBVCRUNTIME ref: 000000018000FBBE
Part of subcall function 000000018000FAF4: DName::operator+.LIBVCRUNTIME ref: 000000018000FEE7

DName::operator+.LIBVCRUNTIME ref: 0000000180010023
DName::operator+.LIBVCRUNTIME ref: 0000000180010032
DName::operator+.LIBVCRUNTIME ref: 00000001800100AE
DName::operator+.LIBVCRUNTIME ref: 00000001800100BD

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+$Replicator::operator[]
String ID:
API String ID: 3863519203-0
Opcode ID: e8afd13340cc20cf146ef9c2a218df16cbd6cf0f645cdd77706d38f92b9a6b0e
Instruction ID: ed3e81e1c571716757a5f68f73d79e243482d778efdc520b567d5e861c189978
Opcode Fuzzy Hash: e8afd13340cc20cf146ef9c2a218df16cbd6cf0f645cdd77706d38f92b9a6b0e
Instruction Fuzzy Hash: B4411972A04B9889F742CF64D8843EC37B0F34DB88F648115EA8957759DFB88A89C750

Uniqueness

Uniqueness Score: -1.00%

Function 000000018003E978 Relevance: 6.1, APIs: 4, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 18%

			E0000000118003E978(signed long long __ecx, void* __edx, void* __edi, void* __eflags, long long __rax, long long __rbx, void* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24, void* _a32) {
				void* _v24;
				void* _t32;
				intOrPtr* _t49;
				void* _t59;
				signed long long _t64;

				_t59 = __rdx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t64 = __ecx;
				E000000011800374A8(__edi, __rax);
				if (__rax != 0xffffffff) goto 0x8003e9b8;
				E00000001180025224(__rax);
				 *((intOrPtr*)(__rax)) = 9;
				goto 0x8003ea56;
				_t5 = _t59 + 1; // 0x1
				r9d = _t5;
				if (SetFilePointerEx(??, ??, ??, ??) != 0) goto 0x8003e9df;
				E000000011800251B4(GetLastError(), __rax, __rax);
				goto 0x8003e9b0;
				_a32 = __rax;
				r9d = r8d;
				if (SetFilePointerEx(??, ??, ??, ??) == 0) goto 0x8003e9d0;
				_t49 = _a32;
				if (_t49 - 0x7fffffff <= 0) goto 0x8003ea2c;
				r9d = 0;
				r8d = 0;
				SetFilePointerEx(??, ??, ??, ??);
				_t32 = E00000001180025224(_t49);
				 *_t49 = 0x16;
				goto 0x8003e9b0;
				if (_t32 == 0xffffffff) goto 0x8003e9b0;
				 *( *((intOrPtr*)(0x80099d40 + (_t64 >> 6) * 8)) + 0x38 + (_t64 + _t64 * 8) * 8) =  *( *((intOrPtr*)(0x80099d40 + (_t64 >> 6) * 8)) + 0x38 + (_t64 + _t64 * 8) * 8) & 0x000000fd;
				return _t32;
			}

0x18003e978
0x18003e978
0x18003e97d
0x18003e982
0x18003e98c
0x18003e997
0x18003e9a3
0x18003e9a5
0x18003e9aa
0x18003e9b3
0x18003e9c2
0x18003e9c2
0x18003e9ce
0x18003e9d8
0x18003e9dd
0x18003e9e9
0x18003e9ee
0x18003e9fc
0x18003e9fe
0x18003ea09
0x18003ea10
0x18003ea13
0x18003ea19
0x18003ea1f
0x18003ea24
0x18003ea2a
0x18003ea2f
0x18003ea51
0x18003ea6a

APIs

SetFilePointerEx.KERNEL32 ref: 000000018003E9C6
GetLastError.KERNEL32 ref: 000000018003E9D0
SetFilePointerEx.KERNEL32 ref: 000000018003E9F4
SetFilePointerEx.KERNEL32 ref: 000000018003EA19

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: 787051ec09ca58d0bbfe4ed98cdb37557da60c288e095b08e990069dcc13bb50
Instruction ID: c91b5f5b2b07180e02b12bf9508240a0e5fef0173367f455c03e3215c8b3b8f5
Opcode Fuzzy Hash: 787051ec09ca58d0bbfe4ed98cdb37557da60c288e095b08e990069dcc13bb50
Instruction Fuzzy Hash: 9921E271204AC481EBE38B65F8403DA7391A789BF4F558322BA6947BE4DE78C6088700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018003EB08 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32 ref: 000000018003EB2B
GetLastError.KERNEL32 ref: 000000018003EB35
SetFilePointerEx.KERNEL32 ref: 000000018003EB5C
SetFilePointerEx.KERNEL32 ref: 000000018003EB7F

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: 15e0cb27fa9b05fc72186206e7bbad7fd449f76e91fd292082353576bb8bae0c
Instruction ID: a80aced502f2a86b00e960103e1a0897a8e1c43f4a79eae3c27869afa7217bec
Opcode Fuzzy Hash: 15e0cb27fa9b05fc72186206e7bbad7fd449f76e91fd292082353576bb8bae0c
Instruction Fuzzy Hash: 3A11A531604AC481E7A38B61F84079BF7A0F789BD8F15C222BA9547AD5DF38C5088B01

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001D6A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E0000000118001D6A0(signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				signed int _t94;
				unsigned int _t103;
				signed int _t110;
				signed int _t112;
				signed int _t114;
				signed int _t118;
				unsigned int _t127;
				intOrPtr* _t145;
				intOrPtr _t160;
				void* _t165;
				signed int _t166;
				void* _t172;

				_t145 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				_t118 = __edi | 0xffffffff;
				if ( *((intOrPtr*)(__rcx + 0x468)) == _t166) goto 0x8001d914;
				if ( *(__rcx + 0x18) != _t166) goto 0x8001d6e4;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				goto 0x8001d901;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x8001d8fe;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *(__rcx + 0x2c) = 0;
				goto 0x8001d8c7;
				 *(__rcx + 0x18) =  &(( *(__rcx + 0x18))[1]);
				if ( *(__rcx + 0x28) < 0) goto 0x8001d8e0;
				if (( *(__rcx + 0x42) & 0xffff) - 0x20 - 0x5a > 0) goto 0x8001d740;
				asm("lfence");
				goto 0x8001d742;
				_t103 = ( *(__rcx + 0x8004e740) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t103;
				if (_t103 == 8) goto 0x8001d914;
				_t127 = _t103;
				if (_t127 == 0) goto 0x8001d872;
				if (_t127 == 0) goto 0x8001d85e;
				if (_t127 == 0) goto 0x8001d819;
				if (_t127 == 0) goto 0x8001d7e7;
				if (_t127 == 0) goto 0x8001d7df;
				if (_t127 == 0) goto 0x8001d7ae;
				if (_t127 == 0) goto 0x8001d7a1;
				if (_t103 - 0xfffffffffffffffc != 1) goto 0x8001d924;
				E00000001180020204(__rcx, __rcx, _t166, __rbp, _t172);
				goto 0x8001d8c3;
				E0000000118001EEFC(_t145, __rcx);
				goto 0x8001d8c3;
				if ( *(__rcx + 0x42) == 0x2a) goto 0x8001d7c6;
				E0000000118001C0C0(_t145, __rcx, __rcx, __rcx + 0x38, _t165, _t166);
				goto 0x8001d8c3;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t110 =  *( *((intOrPtr*)(__rcx + 0x20)) - 8);
				_t111 =  <  ? _t118 : _t110;
				 *(__rcx + 0x38) =  <  ? _t118 : _t110;
				goto 0x8001d8c1;
				 *(__rcx + 0x38) = 0;
				goto 0x8001d8c7;
				if ( *(__rcx + 0x42) == 0x2a) goto 0x8001d7f4;
				goto 0x8001d7b9;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t112 =  *( *((intOrPtr*)(__rcx + 0x20)) - 8);
				 *(__rcx + 0x34) = _t112;
				if (_t112 >= 0) goto 0x8001d8c1;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000004;
				 *(__rcx + 0x34) =  ~_t112;
				goto 0x8001d8c1;
				_t94 =  *(__rcx + 0x42) & 0x0000ffff;
				if (_t94 == 0x20) goto 0x8001d858;
				if (_t94 == 0x23) goto 0x8001d853;
				if (_t94 == 0x2b) goto 0x8001d84d;
				if (_t94 == 0x2d) goto 0x8001d847;
				if (_t94 != 0x30) goto 0x8001d8c7;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000008;
				goto 0x8001d8c7;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000004;
				goto 0x8001d8c7;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000001;
				goto 0x8001d8c7;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000020;
				goto 0x8001d8c7;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000002;
				goto 0x8001d8c7;
				 *(__rcx + 0x30) = _t166;
				 *((intOrPtr*)(__rcx + 0x40)) = sil;
				 *(__rcx + 0x38) = _t118;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0;
				 *((intOrPtr*)(__rcx + 0x54)) = sil;
				goto 0x8001d8c7;
				 *((char*)(__rcx + 0x54)) = 1;
				_t160 =  *((intOrPtr*)(__rcx + 0x468));
				if ( *((intOrPtr*)(_t160 + 0x10)) !=  *((intOrPtr*)(_t160 + 8))) goto 0x8001d89b;
				if ( *((intOrPtr*)(_t160 + 0x18)) == sil) goto 0x8001d896;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) + 1;
				goto 0x8001d8c1;
				 *(__rcx + 0x28) = _t118;
				goto 0x8001d8c1;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) + 1;
				 *((long long*)( *((intOrPtr*)(__rcx + 0x468)) + 0x10)) =  *((long long*)( *((intOrPtr*)(__rcx + 0x468)) + 0x10)) + 1;
				 *((short*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x468)))))) =  *(__rcx + 0x42) & 0x0000ffff;
				 *((long long*)( *((intOrPtr*)(__rcx + 0x468)))) =  *((long long*)( *((intOrPtr*)(__rcx + 0x468)))) + 2;
				if (1 == 0) goto 0x8001d924;
				_t114 =  *( *(__rcx + 0x18)) & 0x0000ffff;
				 *(__rcx + 0x42) = _t114;
				if (_t114 != 0) goto 0x8001d70e;
				 *(__rcx + 0x18) =  &(( *(__rcx + 0x18))[1]);
				if ( *(__rcx + 0x2c) == 0) goto 0x8001d8eb;
				if ( *(__rcx + 0x2c) != 7) goto 0x8001d914;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) != 2) goto 0x8001d703;
				return  *(__rcx + 0x28);
			}

0x18001d6a0
0x18001d6a0
0x18001d6a5
0x18001d6b2
0x18001d6c1
0x18001d6cb
0x18001d6cd
0x18001d6d2
0x18001d6d8
0x18001d6df
0x18001d6e4
0x18001d6f1
0x18001d703
0x18001d706
0x18001d709
0x18001d70e
0x18001d716
0x18001d72d
0x18001d72f
0x18001d73e
0x18001d74e
0x18001d751
0x18001d757
0x18001d75d
0x18001d75f
0x18001d768
0x18001d771
0x18001d77a
0x18001d77f
0x18001d784
0x18001d789
0x18001d78e
0x18001d797
0x18001d79c
0x18001d7a4
0x18001d7a9
0x18001d7b3
0x18001d7bc
0x18001d7c1
0x18001d7c6
0x18001d7cf
0x18001d7d4
0x18001d7d7
0x18001d7da
0x18001d7df
0x18001d7e2
0x18001d7ec
0x18001d7f2
0x18001d7f4
0x18001d7fd
0x18001d800
0x18001d805
0x18001d80b
0x18001d811
0x18001d814
0x18001d819
0x18001d820
0x18001d826
0x18001d82c
0x18001d832
0x18001d838
0x18001d83e
0x18001d842
0x18001d847
0x18001d84b
0x18001d84d
0x18001d851
0x18001d853
0x18001d856
0x18001d858
0x18001d85c
0x18001d85e
0x18001d862
0x18001d866
0x18001d869
0x18001d86c
0x18001d870
0x18001d876
0x18001d87a
0x18001d889
0x18001d88f
0x18001d891
0x18001d894
0x18001d896
0x18001d899
0x18001d89b
0x18001d8a5
0x18001d8b3
0x18001d8bd
0x18001d8c5
0x18001d8cb
0x18001d8ce
0x18001d8d5
0x18001d8db
0x18001d8e3
0x18001d8e9
0x18001d8eb
0x18001d8f8
0x18001d913

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001D6D8
_invalid_parameter_noinfo.LIBCMT ref: 000000018001D91F

Strings

*, xrefs: 000000018001D7E7

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: *
API String ID: 3215553584-163128923
Opcode ID: 9074e9fa7bf35d9c88f64dd80ce73edb1d44303f596d88e106e11a5eb02c68dc
Instruction ID: 2a6b06df32c50b4fa58a1f891d4259274d27cbd74216e45a0b7c4265ebabc270
Opcode Fuzzy Hash: 9074e9fa7bf35d9c88f64dd80ce73edb1d44303f596d88e106e11a5eb02c68dc
Instruction Fuzzy Hash: 64718172514A1CC6EBEA9F2880543EC3BB0F34DF98F24912BEA4646294DF31CA89D754

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001CF08 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 174
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E0000000118001CF08(signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				signed int _t90;
				unsigned int _t100;
				signed int _t107;
				signed int _t109;
				signed int _t113;
				signed int _t118;
				unsigned int _t127;
				intOrPtr* _t146;
				void* _t153;
				void* _t163;
				signed int _t164;

				_t146 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				_t118 = __edi | 0xffffffff;
				_t153 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == _t164) goto 0x8001d16b;
				if ( *((intOrPtr*)(__rcx + 0x18)) != _t164) goto 0x8001cf4c;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				goto 0x8001d158;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x8001d155;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *(__rcx + 0x2c) = 0;
				goto 0x8001d11e;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 2;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x8001d137;
				if (( *(__rcx + 0x42) & 0xffff) - 0x20 - 0x5a > 0) goto 0x8001cfa8;
				asm("lfence");
				goto 0x8001cfaa;
				_t100 = ( *(__rcx + 0x8004e740) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t100;
				if (_t100 == 8) goto 0x8001d16b;
				_t127 = _t100;
				if (_t127 == 0) goto 0x8001d0d3;
				if (_t127 == 0) goto 0x8001d0bf;
				if (_t127 == 0) goto 0x8001d081;
				if (_t127 == 0) goto 0x8001d04f;
				if (_t127 == 0) goto 0x8001d047;
				if (_t127 == 0) goto 0x8001d016;
				if (_t127 == 0) goto 0x8001d009;
				if (_t100 - 0xfffffffffffffffc != 1) goto 0x8001d17b;
				E0000000118001FC30(__rcx, __rcx, __rdx, __rbp);
				goto 0x8001d11a;
				E0000000118001EBCC(_t146, __rcx);
				goto 0x8001d11a;
				if ( *(__rcx + 0x42) == 0x2a) goto 0x8001d02e;
				E0000000118001C0C0(_t146, __rcx, __rcx, __rcx + 0x38, _t163, _t164);
				goto 0x8001d11a;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t107 =  *( *((intOrPtr*)(__rcx + 0x20)) - 8);
				_t108 =  <  ? _t118 : _t107;
				 *(__rcx + 0x38) =  <  ? _t118 : _t107;
				goto 0x8001d118;
				 *(__rcx + 0x38) = 0;
				goto 0x8001d11e;
				if ( *(__rcx + 0x42) == 0x2a) goto 0x8001d05c;
				goto 0x8001d021;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t109 =  *( *((intOrPtr*)(__rcx + 0x20)) - 8);
				 *(__rcx + 0x34) = _t109;
				if (_t109 >= 0) goto 0x8001d118;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000004;
				 *(__rcx + 0x34) =  ~_t109;
				goto 0x8001d118;
				_t90 =  *(__rcx + 0x42) & 0x0000ffff;
				if (_t90 == 0x20) goto 0x8001d0b9;
				if (_t90 == 0x23) goto 0x8001d0b4;
				if (_t90 == 0x2b) goto 0x8001d0ae;
				if (_t90 == 0x2d) goto 0x8001d0a8;
				if (_t90 != 0x30) goto 0x8001d11e;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000008;
				goto 0x8001d11e;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000004;
				goto 0x8001d11e;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000001;
				goto 0x8001d11e;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000020;
				goto 0x8001d11e;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000002;
				goto 0x8001d11e;
				 *(__rcx + 0x30) = _t164;
				 *((intOrPtr*)(__rcx + 0x40)) = sil;
				 *(__rcx + 0x38) = _t118;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0;
				 *((intOrPtr*)(__rcx + 0x54)) = sil;
				goto 0x8001d11e;
				 *((char*)(__rcx + 0x54)) = 1;
				if (( *( *((intOrPtr*)(__rcx + 0x468)) + 0x14) >> 0x0000000c & 0x00000001) == 0) goto 0x8001d0fa;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x468)) + 8)) == _t164) goto 0x8001d110;
				if (E00000001180031338( *(__rcx + 0x42) & 0x0000ffff, __rcx,  *((intOrPtr*)(__rcx + 0x468))) == 0xffff) goto 0x8001d115;
				 *(_t153 + 0x28) =  *(_t153 + 0x28) + 1;
				goto 0x8001d118;
				 *(_t153 + 0x28) = _t118;
				if (1 == 0) goto 0x8001d17b;
				_t113 =  *( *(_t153 + 0x18)) & 0x0000ffff;
				 *(_t153 + 0x42) = _t113;
				if (_t113 != 0) goto 0x8001cf76;
				 *(_t153 + 0x18) =  &(( *(_t153 + 0x18))[1]);
				if ( *((intOrPtr*)(_t153 + 0x2c)) == 0) goto 0x8001d142;
				if ( *((intOrPtr*)(_t153 + 0x2c)) != 7) goto 0x8001d16b;
				 *((intOrPtr*)(_t153 + 0x470)) =  *((intOrPtr*)(_t153 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t153 + 0x470)) != 2) goto 0x8001cf6b;
				return  *(_t153 + 0x28);
			}

0x18001cf08
0x18001cf08
0x18001cf0d
0x18001cf1a
0x18001cf1f
0x18001cf29
0x18001cf33
0x18001cf35
0x18001cf3a
0x18001cf40
0x18001cf47
0x18001cf4c
0x18001cf59
0x18001cf6b
0x18001cf6e
0x18001cf71
0x18001cf76
0x18001cf7e
0x18001cf95
0x18001cf97
0x18001cfa6
0x18001cfb6
0x18001cfb9
0x18001cfbf
0x18001cfc5
0x18001cfc7
0x18001cfd0
0x18001cfd9
0x18001cfe2
0x18001cfe7
0x18001cfec
0x18001cff1
0x18001cff6
0x18001cfff
0x18001d004
0x18001d00c
0x18001d011
0x18001d01b
0x18001d024
0x18001d029
0x18001d02e
0x18001d037
0x18001d03c
0x18001d03f
0x18001d042
0x18001d047
0x18001d04a
0x18001d054
0x18001d05a
0x18001d05c
0x18001d065
0x18001d068
0x18001d06d
0x18001d073
0x18001d079
0x18001d07c
0x18001d081
0x18001d088
0x18001d08e
0x18001d094
0x18001d09a
0x18001d0a0
0x18001d0a2
0x18001d0a6
0x18001d0a8
0x18001d0ac
0x18001d0ae
0x18001d0b2
0x18001d0b4
0x18001d0b7
0x18001d0b9
0x18001d0bd
0x18001d0bf
0x18001d0c3
0x18001d0c7
0x18001d0ca
0x18001d0cd
0x18001d0d1
0x18001d0d7
0x18001d0eb
0x18001d0f8
0x18001d10e
0x18001d110
0x18001d113
0x18001d115
0x18001d11c
0x18001d122
0x18001d125
0x18001d12c
0x18001d132
0x18001d13a
0x18001d140
0x18001d142
0x18001d14f
0x18001d16a

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001CF40
_invalid_parameter_noinfo.LIBCMT ref: 000000018001D176

Strings

*, xrefs: 000000018001D04F

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: *
API String ID: 3215553584-163128923
Opcode ID: 51bdcf0e7530bfe95055dbd0021085de3387977190e8505d7844b01d8dec783c
Instruction ID: 0ded6de4e991552bb21b55feb8690c7b7bf1c5bdc20d10ac44ccdd10b57f32d2
Opcode Fuzzy Hash: 51bdcf0e7530bfe95055dbd0021085de3387977190e8505d7844b01d8dec783c
Instruction Fuzzy Hash: 5671B676104A1CA6E7EB9F3880553ED3BA0F30DB98F14911BFB4606299DF34CA8AC755

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001DBDC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 171
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E0000000118001DBDC(signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				unsigned int _t89;
				signed int _t99;
				signed int _t107;
				signed int _t109;
				signed int _t111;
				signed int _t115;
				unsigned int _t124;
				intOrPtr* _t140;
				intOrPtr _t155;
				void* _t160;
				signed int _t161;
				void* _t167;

				_t140 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				_t115 = __edi | 0xffffffff;
				if ( *((intOrPtr*)(__rcx + 0x468)) == _t161) goto 0x8001de43;
				if ( *(__rcx + 0x18) != _t161) goto 0x8001dc20;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				goto 0x8001de30;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x8001de2d;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *(__rcx + 0x2c) = 0;
				goto 0x8001de01;
				 *(__rcx + 0x18) =  &(( *(__rcx + 0x18))[1]);
				if ( *(__rcx + 0x28) < 0) goto 0x8001de1a;
				if (( *(__rcx + 0x42) & 0xffff) - 0x20 - 0x5a > 0) goto 0x8001dc7c;
				asm("lfence");
				goto 0x8001dc7e;
				_t89 = ( *(__rax + 0x8004e6e0) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t89;
				if (_t89 == 8) goto 0x8001de43;
				_t124 = _t89;
				if (_t124 == 0) goto 0x8001ddac;
				if (_t124 == 0) goto 0x8001dd98;
				if (_t124 == 0) goto 0x8001dd53;
				if (_t124 == 0) goto 0x8001dd21;
				if (_t124 == 0) goto 0x8001dd19;
				if (_t124 == 0) goto 0x8001dce8;
				if (_t124 == 0) goto 0x8001dcdb;
				if (_t89 - 0xfffffffffffffffc != 1) goto 0x8001de53;
				E00000001180020204(__rcx, __rcx, _t161, __rbp, _t167);
				goto 0x8001ddfd;
				E0000000118001EEFC(_t140, __rcx);
				goto 0x8001ddfd;
				if ( *(__rcx + 0x42) == 0x2a) goto 0x8001dd00;
				E0000000118001C0C0(_t140, __rcx, __rcx, __rcx + 0x38, _t160, _t161);
				goto 0x8001ddfd;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t107 =  *( *((intOrPtr*)(__rcx + 0x20)) - 8);
				_t108 =  <  ? _t115 : _t107;
				 *(__rcx + 0x38) =  <  ? _t115 : _t107;
				goto 0x8001ddfb;
				 *(__rcx + 0x38) = 0;
				goto 0x8001de01;
				if ( *(__rcx + 0x42) == 0x2a) goto 0x8001dd2e;
				goto 0x8001dcf3;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t109 =  *( *((intOrPtr*)(__rcx + 0x20)) - 8);
				 *(__rcx + 0x34) = _t109;
				if (_t109 >= 0) goto 0x8001ddfb;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000004;
				 *(__rcx + 0x34) =  ~_t109;
				goto 0x8001ddfb;
				_t99 =  *(__rcx + 0x42) & 0x0000ffff;
				if (_t99 == 0x20) goto 0x8001dd92;
				if (_t99 == 0x23) goto 0x8001dd8d;
				if (_t99 == 0x2b) goto 0x8001dd87;
				if (_t99 == 0x2d) goto 0x8001dd81;
				if (_t99 != 0x30) goto 0x8001de01;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000008;
				goto 0x8001de01;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000004;
				goto 0x8001de01;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000001;
				goto 0x8001de01;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000020;
				goto 0x8001de01;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000002;
				goto 0x8001de01;
				 *(__rcx + 0x30) = _t161;
				 *((intOrPtr*)(__rcx + 0x40)) = sil;
				 *(__rcx + 0x38) = _t115;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0;
				 *((intOrPtr*)(__rcx + 0x54)) = sil;
				goto 0x8001de01;
				 *((char*)(__rcx + 0x54)) = 1;
				_t155 =  *((intOrPtr*)(__rcx + 0x468));
				if ( *((intOrPtr*)(_t155 + 0x10)) !=  *((intOrPtr*)(_t155 + 8))) goto 0x8001ddd5;
				if ( *((intOrPtr*)(_t155 + 0x18)) == sil) goto 0x8001ddd0;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) + 1;
				goto 0x8001ddfb;
				 *(__rcx + 0x28) = _t115;
				goto 0x8001ddfb;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) + 1;
				 *((long long*)( *((intOrPtr*)(__rcx + 0x468)) + 0x10)) =  *((long long*)( *((intOrPtr*)(__rcx + 0x468)) + 0x10)) + 1;
				 *((short*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x468)))))) =  *(__rcx + 0x42) & 0x0000ffff;
				 *((long long*)( *((intOrPtr*)(__rcx + 0x468)))) =  *((long long*)( *((intOrPtr*)(__rcx + 0x468)))) + 2;
				if (1 == 0) goto 0x8001de53;
				_t111 =  *( *(__rcx + 0x18)) & 0x0000ffff;
				 *(__rcx + 0x42) = _t111;
				if (_t111 != 0) goto 0x8001dc4a;
				 *(__rcx + 0x18) =  &(( *(__rcx + 0x18))[1]);
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) != 2) goto 0x8001dc3f;
				return  *(__rcx + 0x28);
			}

0x18001dbdc
0x18001dbdc
0x18001dbe1
0x18001dbee
0x18001dbfd
0x18001dc07
0x18001dc09
0x18001dc0e
0x18001dc14
0x18001dc1b
0x18001dc20
0x18001dc2d
0x18001dc3f
0x18001dc42
0x18001dc45
0x18001dc4a
0x18001dc52
0x18001dc69
0x18001dc6b
0x18001dc7a
0x18001dc88
0x18001dc8b
0x18001dc91
0x18001dc97
0x18001dc99
0x18001dca2
0x18001dcab
0x18001dcb4
0x18001dcb9
0x18001dcbe
0x18001dcc3
0x18001dcc8
0x18001dcd1
0x18001dcd6
0x18001dcde
0x18001dce3
0x18001dced
0x18001dcf6
0x18001dcfb
0x18001dd00
0x18001dd09
0x18001dd0e
0x18001dd11
0x18001dd14
0x18001dd19
0x18001dd1c
0x18001dd26
0x18001dd2c
0x18001dd2e
0x18001dd37
0x18001dd3a
0x18001dd3f
0x18001dd45
0x18001dd4b
0x18001dd4e
0x18001dd53
0x18001dd5a
0x18001dd60
0x18001dd66
0x18001dd6c
0x18001dd72
0x18001dd78
0x18001dd7c
0x18001dd81
0x18001dd85
0x18001dd87
0x18001dd8b
0x18001dd8d
0x18001dd90
0x18001dd92
0x18001dd96
0x18001dd98
0x18001dd9c
0x18001dda0
0x18001dda3
0x18001dda6
0x18001ddaa
0x18001ddb0
0x18001ddb4
0x18001ddc3
0x18001ddc9
0x18001ddcb
0x18001ddce
0x18001ddd0
0x18001ddd3
0x18001ddd5
0x18001dddf
0x18001dded
0x18001ddf7
0x18001ddff
0x18001de05
0x18001de08
0x18001de0f
0x18001de15
0x18001de1a
0x18001de27
0x18001de42

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001DC14
_invalid_parameter_noinfo.LIBCMT ref: 000000018001DE4E

Strings

*, xrefs: 000000018001DD21

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: *
API String ID: 3215553584-163128923
Opcode ID: 92ae6dcf7dad71e0f2e8b1ef82c3a4864973dfd7d8f5273500d5a0bcf321d65c
Instruction ID: f48e328ec5dfff0d1f2e79a1a0fd78331b6df622d013dab4ad9ba9b9ee10ea5f
Opcode Fuzzy Hash: 92ae6dcf7dad71e0f2e8b1ef82c3a4864973dfd7d8f5273500d5a0bcf321d65c
Instruction Fuzzy Hash: 5871B476100A1CC6E7EA9F2890443AC3BE0F35DF99F249117FA464A298DF71CA8AD754

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001D434 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 169
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E0000000118001D434(signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				unsigned int _t85;
				signed int _t95;
				signed int _t104;
				signed int _t106;
				signed int _t110;
				signed int _t115;
				unsigned int _t124;
				intOrPtr* _t141;
				void* _t148;
				void* _t158;
				signed int _t159;

				_t141 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				_t115 = __edi | 0xffffffff;
				_t148 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == _t159) goto 0x8001d68a;
				if ( *((intOrPtr*)(__rcx + 0x18)) != _t159) goto 0x8001d478;
				E00000001180025224(__rax);
				 *__rax = 0x16;
				E00000001180015940();
				goto 0x8001d677;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x8001d674;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *(__rcx + 0x2c) = 0;
				goto 0x8001d648;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 2;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x8001d661;
				if (( *(__rcx + 0x42) & 0xffff) - 0x20 - 0x5a > 0) goto 0x8001d4d4;
				asm("lfence");
				goto 0x8001d4d6;
				_t85 = ( *(__rax + 0x8004e6e0) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t85;
				if (_t85 == 8) goto 0x8001d68a;
				_t124 = _t85;
				if (_t124 == 0) goto 0x8001d5fd;
				if (_t124 == 0) goto 0x8001d5e9;
				if (_t124 == 0) goto 0x8001d5ab;
				if (_t124 == 0) goto 0x8001d579;
				if (_t124 == 0) goto 0x8001d571;
				if (_t124 == 0) goto 0x8001d540;
				if (_t124 == 0) goto 0x8001d533;
				if (_t85 - 0xfffffffffffffffc != 1) goto 0x8001d69a;
				E0000000118001FC30(__rcx, __rcx, __rdx, __rbp);
				goto 0x8001d644;
				E0000000118001EBCC(_t141, __rcx);
				goto 0x8001d644;
				if ( *(__rcx + 0x42) == 0x2a) goto 0x8001d558;
				E0000000118001C0C0(_t141, __rcx, __rcx, __rcx + 0x38, _t158, _t159);
				goto 0x8001d644;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t104 =  *( *((intOrPtr*)(__rcx + 0x20)) - 8);
				_t105 =  <  ? _t115 : _t104;
				 *(__rcx + 0x38) =  <  ? _t115 : _t104;
				goto 0x8001d642;
				 *(__rcx + 0x38) = 0;
				goto 0x8001d648;
				if ( *(__rcx + 0x42) == 0x2a) goto 0x8001d586;
				goto 0x8001d54b;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t106 =  *( *((intOrPtr*)(__rcx + 0x20)) - 8);
				 *(__rcx + 0x34) = _t106;
				if (_t106 >= 0) goto 0x8001d642;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000004;
				 *(__rcx + 0x34) =  ~_t106;
				goto 0x8001d642;
				_t95 =  *(__rcx + 0x42) & 0x0000ffff;
				if (_t95 == 0x20) goto 0x8001d5e3;
				if (_t95 == 0x23) goto 0x8001d5de;
				if (_t95 == 0x2b) goto 0x8001d5d8;
				if (_t95 == 0x2d) goto 0x8001d5d2;
				if (_t95 != 0x30) goto 0x8001d648;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000008;
				goto 0x8001d648;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000004;
				goto 0x8001d648;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000001;
				goto 0x8001d648;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000020;
				goto 0x8001d648;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000002;
				goto 0x8001d648;
				 *(__rcx + 0x30) = _t159;
				 *((intOrPtr*)(__rcx + 0x40)) = sil;
				 *(__rcx + 0x38) = _t115;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0;
				 *((intOrPtr*)(__rcx + 0x54)) = sil;
				goto 0x8001d648;
				 *((char*)(__rcx + 0x54)) = 1;
				if (( *( *((intOrPtr*)(__rcx + 0x468)) + 0x14) >> 0x0000000c & 0x00000001) == 0) goto 0x8001d624;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x468)) + 8)) == _t159) goto 0x8001d63a;
				if (E00000001180031338( *(__rcx + 0x42) & 0x0000ffff, __rcx,  *((intOrPtr*)(__rcx + 0x468))) == 0xffff) goto 0x8001d63f;
				 *(_t148 + 0x28) =  *(_t148 + 0x28) + 1;
				goto 0x8001d642;
				 *(_t148 + 0x28) = _t115;
				if (1 == 0) goto 0x8001d69a;
				_t110 =  *( *(_t148 + 0x18)) & 0x0000ffff;
				 *(_t148 + 0x42) = _t110;
				if (_t110 != 0) goto 0x8001d4a2;
				 *(_t148 + 0x18) =  &(( *(_t148 + 0x18))[1]);
				 *((intOrPtr*)(_t148 + 0x470)) =  *((intOrPtr*)(_t148 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t148 + 0x470)) != 2) goto 0x8001d497;
				return  *(_t148 + 0x28);
			}

0x18001d434
0x18001d434
0x18001d439
0x18001d446
0x18001d44b
0x18001d455
0x18001d45f
0x18001d461
0x18001d466
0x18001d46c
0x18001d473
0x18001d478
0x18001d485
0x18001d497
0x18001d49a
0x18001d49d
0x18001d4a2
0x18001d4aa
0x18001d4c1
0x18001d4c3
0x18001d4d2
0x18001d4e0
0x18001d4e3
0x18001d4e9
0x18001d4ef
0x18001d4f1
0x18001d4fa
0x18001d503
0x18001d50c
0x18001d511
0x18001d516
0x18001d51b
0x18001d520
0x18001d529
0x18001d52e
0x18001d536
0x18001d53b
0x18001d545
0x18001d54e
0x18001d553
0x18001d558
0x18001d561
0x18001d566
0x18001d569
0x18001d56c
0x18001d571
0x18001d574
0x18001d57e
0x18001d584
0x18001d586
0x18001d58f
0x18001d592
0x18001d597
0x18001d59d
0x18001d5a3
0x18001d5a6
0x18001d5ab
0x18001d5b2
0x18001d5b8
0x18001d5be
0x18001d5c4
0x18001d5ca
0x18001d5cc
0x18001d5d0
0x18001d5d2
0x18001d5d6
0x18001d5d8
0x18001d5dc
0x18001d5de
0x18001d5e1
0x18001d5e3
0x18001d5e7
0x18001d5e9
0x18001d5ed
0x18001d5f1
0x18001d5f4
0x18001d5f7
0x18001d5fb
0x18001d601
0x18001d615
0x18001d622
0x18001d638
0x18001d63a
0x18001d63d
0x18001d63f
0x18001d646
0x18001d64c
0x18001d64f
0x18001d656
0x18001d65c
0x18001d661
0x18001d66e
0x18001d689

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001D46C
_invalid_parameter_noinfo.LIBCMT ref: 000000018001D695

Strings

*, xrefs: 000000018001D579

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: *
API String ID: 3215553584-163128923
Opcode ID: 32031a24f214ecd66b4de4d1b5569e5377d69fa7b6c38e2bab9bbf854ccf877b
Instruction ID: 45b0898457fb541f62a96fd6a566b92d2c7c594fbe53659de436c792a67d6c03
Opcode Fuzzy Hash: 32031a24f214ecd66b4de4d1b5569e5377d69fa7b6c38e2bab9bbf854ccf877b
Instruction Fuzzy Hash: 9371C372101E1C86E7EA9F2880543ED3BA1F34DB9CF649117FA4A46298DF34CA89D754

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800081C4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 74%

			E000000011800081C4(void* __edx, void* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rsi, void* __r8, void* __r9) {
				void* __rdi;
				void* __r14;
				void* _t73;
				intOrPtr _t78;
				unsigned int _t104;
				void* _t131;
				intOrPtr _t135;
				intOrPtr* _t140;
				signed char* _t144;
				void* _t145;
				void* _t169;
				signed char* _t170;
				long long _t174;
				void* _t175;
				void* _t177;
				void* _t178;
				void* _t193;
				void* _t194;
				void* _t196;

				_t187 = __r9;
				_t131 = __rax;
				 *((long long*)(_t177 + 8)) = __rbx;
				 *((long long*)(_t177 + 0x10)) = _t174;
				 *((long long*)(_t177 + 0x18)) = __rsi;
				_t178 = _t177 - 0x80;
				_t140 = __rcx;
				_t175 = __r9;
				_t194 = __rdx;
				E00000001180009AFC(_t73, __r8);
				E0000000118000635C(_t131);
				_t170 =  *((intOrPtr*)(_t178 + 0xc0));
				r8d = 0x80000029;
				r9d = 0x80000026;
				if ( *((intOrPtr*)(_t131 + 0x40)) != 0) goto 0x8000823e;
				if ( *__rcx == 0xe06d7363) goto 0x8000823e;
				if ( *__rcx != r8d) goto 0x80008230;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0x80008235;
				if ( *((long long*)(__rcx + 0x60)) == 0x19930520) goto 0x8000823e;
				if ( *__rcx == r9d) goto 0x8000823e;
				if (( *_t170 & 0x00000020) != 0) goto 0x80008430;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0x80008362;
				if (_t170[8] == 0) goto 0x80008430;
				if ( *(_t170[8] +  *((intOrPtr*)(__r9 + 8)) -  *((char*)(__r8 + 0x18004cb48)) - 4) >>  *(__r8 + 0x18004cb58) == 0) goto 0x80008430;
				if ( *((intOrPtr*)(_t178 + 0xc8)) != 0) goto 0x80008430;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0x8000834f;
				if ( *__rcx != r9d) goto 0x80008306;
				_t144 = _t170;
				_t78 = E00000001180006608(__edx, __rcx, _t144, __r9, _t170, __rsi,  *((intOrPtr*)(__r9 + 0x20)), _t194, _t196, _t193);
				r9d = _t78;
				if (_t78 - 0xffffffff < 0) goto 0x80008452;
				if (_t170[8] == 0) goto 0x800082ea;
				_t104 =  *(_t170[8] +  *((intOrPtr*)(_t175 + 8)) - _t144[0x18004cb48] - 4) >> _t144[0x18004cb58];
				if (r9d - _t104 >= 0) goto 0x80008452;
				_t145 = _t194;
				E00000001180009034(_t144[0x18004cb58], _t145, _t175, _t170, _t187);
				goto 0x80008430;
				if ( *__rcx != r8d) goto 0x8000834f;
				r9d =  *((intOrPtr*)(__rcx + 0x38));
				if (r9d - 0xffffffff < 0) goto 0x80008452;
				if (r9d -  *(_t170[8] +  *((intOrPtr*)(_t175 + 8)) -  *((char*)(_t145 + 0x18004cb48)) - 4) >>  *(_t145 + 0x18004cb58) >= 0) goto 0x80008452;
				goto 0x800082f6;
				E000000011800046C4( *((char*)(_t145 + 0x18004cb48)), _t194, _t170);
				goto 0x80008430;
				E00000001180008500(_t178 + 0x50, _t170,  *((intOrPtr*)(_t175 + 8)));
				if ( *((intOrPtr*)(_t178 + 0x50)) != _t104) goto 0x80008382;
				if (( *_t170 & 0x00000040) == 0) goto 0x80008430;
				if ( *_t140 != 0xe06d7363) goto 0x800083f7;
				if ( *((intOrPtr*)(_t140 + 0x18)) - 3 < 0) goto 0x800083f7;
				if ( *((intOrPtr*)(_t140 + 0x20)) - 0x19930522 <= 0) goto 0x800083f7;
				_t135 =  *((intOrPtr*)(_t140 + 0x30));
				if ( *((intOrPtr*)(_t135 + 8)) == _t104) goto 0x800083f7;
				E00000001180004F7C(_t135);
				if (_t135 +  *((intOrPtr*)( *((intOrPtr*)(_t140 + 0x30)) + 8)) == 0) goto 0x800083f7;
				 *(_t178 + 0x38) =  *(_t178 + 0xd8) & 0x000000ff;
				 *((long long*)(_t178 + 0x30)) =  *((intOrPtr*)(_t178 + 0xd0));
				 *((intOrPtr*)(_t178 + 0x28)) =  *((intOrPtr*)(_t178 + 0xc8));
				 *(_t178 + 0x20) = _t170;
				 *0x8004c3c0(_t169);
				goto 0x80008435;
				 *(_t178 + 0x38) =  *((intOrPtr*)(_t178 + 0xd0));
				 *((intOrPtr*)(_t178 + 0x30)) =  *((intOrPtr*)(_t178 + 0xc8));
				 *((char*)(_t178 + 0x28)) =  *(_t178 + 0xd8);
				 *(_t178 + 0x20) = _t170;
				E00000001180007304( *((intOrPtr*)(_t178 + 0xc8)), _t140, _t194, 0x180000000, _t175);
				return 1;
			}

0x1800081c4
0x1800081c4
0x1800081c4
0x1800081c9
0x1800081ce
0x1800081d8
0x1800081df
0x1800081e2
0x1800081eb
0x1800081ee
0x1800081f3
0x1800081f8
0x180008202
0x180008208
0x180008211
0x180008219
0x18000821e
0x180008224
0x18000822e
0x180008233
0x180008238
0x180008242
0x18000824b
0x180008281
0x18000828e
0x180008298
0x1800082a1
0x1800082aa
0x1800082ad
0x1800082b2
0x1800082b8
0x1800082c1
0x1800082e8
0x1800082ed
0x1800082f3
0x1800082fc
0x180008301
0x180008309
0x18000830b
0x180008313
0x180008343
0x18000834d
0x180008358
0x18000835d
0x18000836e
0x180008377
0x18000837c
0x180008388
0x18000838e
0x180008397
0x180008399
0x1800083a0
0x1800083a2
0x1800083b5
0x1800083c2
0x1800083d4
0x1800083e3
0x1800083ea
0x1800083ef
0x1800083f5
0x180008402
0x180008414
0x180008422
0x180008426
0x18000842b
0x180008451

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00000001800081EE

Strings

csm, xrefs: 0000000180008213
csm, xrefs: 0000000180008382

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 070891e2cf453b4b997a96d36d2b84fe8533097a5e12f0b95432315788be5315
Instruction ID: 210103583cdfc9f0517095bbcfd2ae1fcc4b5b7a1a0b3cded24c995b276979c6
Opcode Fuzzy Hash: 070891e2cf453b4b997a96d36d2b84fe8533097a5e12f0b95432315788be5315
Instruction Fuzzy Hash: 6B717D72205AD486DBA2CF2594907AD7BE0FB49FC8F14C115EEC847A86CF38C699D744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180026700 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E00000001180026700(signed long long __rax, long long __rbx, void* __rcx, short* __rdx, long long __rsi, void* __r8) {
				void* _t18;
				signed int _t24;
				void* _t32;
				signed int _t34;
				signed long long _t55;
				long long _t72;
				void* _t75;
				void* _t82;
				signed short* _t86;

				_t66 = __rdx;
				_t55 = __rax;
				 *((long long*)(_t75 + 8)) = __rbx;
				 *((long long*)(_t75 + 0x10)) = _t72;
				 *((long long*)(_t75 + 0x18)) = __rsi;
				_t57 = __rdx;
				r8d = 0x1ca;
				E00000001180005C10(_t18, 0, __rcx, __rdx, __r8);
				r15d = 0;
				if ( *((intOrPtr*)(__rdx)) != r15w) goto 0x8002673b;
				goto 0x80026838;
				if ( *__rdx != 0x2e) goto 0x80026772;
				_t4 = _t57 + 2; // 0x2
				if ( *_t4 == r15w) goto 0x80026772;
				_t6 = _t66 - 1; // 0xf
				r9d = _t6;
				if (E00000001180034204(_t55, __rdx, __rcx + 0x100, __rdx, _t4, _t82) != 0) goto 0x80026851;
				 *((intOrPtr*)(__rcx + 0x11e)) = r15w;
				goto 0x80026734;
				goto 0x8002681d;
				_t86 = __rdx + _t55 * 2;
				_t34 =  *_t86 & 0x0000ffff;
				if (r15d != 0) goto 0x800267b6;
				if (_t55 - 0x40 >= 0) goto 0x80026835;
				if (E00000001180034204(_t55, __rdx, __rcx, __rdx, __rdx, _t55) != 0) goto 0x80026851;
				_t32 = r15d;
				dil = _t34 == 0x2e;
				goto 0x80026804;
				if (_t32 != 1) goto 0x800267d3;
				if (_t55 - 0x40 >= 0) goto 0x80026835;
				if (_t34 == 0x5f) goto 0x80026835;
				goto 0x800267f5;
				if (_t32 != 2) goto 0x80026835;
				if (_t55 - 0x10 >= 0) goto 0x80026835;
				if (_t34 == 0) goto 0x800267e9;
				if (_t34 != 0x2c) goto 0x80026835;
				if (E00000001180034204(_t55, __rdx, __rcx + 0x100, __rdx, __rdx, _t55) != 0) goto 0x80026851;
				if (_t34 == 0x2c) goto 0x80026734;
				if (_t34 == 0) goto 0x80026734;
				_t14 =  &(_t86[1]); // 0x2
				_t24 = E000000011800342E8(_t23, _t14, 0x8004f708);
				if (_t55 != 0) goto 0x8002677a;
				return _t24 | 0xffffffff;
			}

0x180026700
0x180026700
0x180026700
0x180026705
0x18002670a
0x180026718
0x18002671b
0x180026726
0x18002672b
0x180026732
0x180026736
0x18002673f
0x180026741
0x180026749
0x180026757
0x180026757
0x180026762
0x180026768
0x180026770
0x180026775
0x18002677a
0x18002677e
0x180026784
0x18002678a
0x1800267a3
0x1800267ad
0x1800267b0
0x1800267b4
0x1800267b9
0x1800267bf
0x1800267c5
0x1800267d1
0x1800267d6
0x1800267dc
0x1800267e1
0x1800267e7
0x180026802
0x180026808
0x180026811
0x180026817
0x180026827
0x18002682f
0x180026850

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001800268A4

Strings

_.,, xrefs: 000000018002681D
., xrefs: 000000018002673B

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: .$_.,
API String ID: 3215553584-3384562259
Opcode ID: a7c1153501ca1dab7f8120f3223b0d79a96718bf805c009684b333c2e0ea8d60
Instruction ID: 905fcd1a0ddba6f31db595901a8f42782f550c90d2185a212e6a43c17c109db7
Opcode Fuzzy Hash: a7c1153501ca1dab7f8120f3223b0d79a96718bf805c009684b333c2e0ea8d60
Instruction Fuzzy Hash: BA413432A0024885FBF78B2594407EA2390E74DBE9F94C625FA950B6E5DF30CB9D8301

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180008A18 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00000001180008A18(void* __eflags, void* __rcx, intOrPtr _a8, intOrPtr _a16, signed int _a24, void* _a32) {
				char _v80;
				signed long long _v96;
				long long _v104;
				long long _v136;
				signed long long _v144;
				signed int _v152;
				long long _v160;
				long long _v168;
				signed long long _v176;
				signed int _v184;
				void* __rbx;
				void* _t105;
				void* _t124;
				long long _t125;
				signed long long _t129;
				signed int _t130;
				long long _t132;
				signed long long _t134;
				long long _t153;
				intOrPtr* _t154;
				void* _t155;
				void* _t158;
				signed long long _t161;

				_t124 = _t155;
				r12d = 0;
				_v184 = r12d;
				_a24 = _a24 & r12d;
				_v176 = _v176 & _t161;
				_v152 = _v152 & _t161;
				 *((intOrPtr*)(_t124 - 0x80)) = r12b;
				 *(_t124 - 0x7c) =  *(_t124 - 0x7c) & r12d;
				 *(_t124 - 0x78) =  *(_t124 - 0x78) & r12d;
				 *(_t124 - 0x74) =  *(_t124 - 0x74) & r12d;
				 *(_t124 - 0x70) =  *(_t124 - 0x70) & r12d;
				 *(_t124 - 0x6c) =  *(_t124 - 0x6c) & r12d;
				E0000000118000635C(_t124);
				_t125 =  *((intOrPtr*)(_t124 + 0x28));
				_v160 = _t125;
				E0000000118000635C(_t125);
				_v168 =  *((intOrPtr*)(_t125 + 0x20));
				_t153 =  *((intOrPtr*)(__rcx + 0x50));
				_a32 = _t153;
				_t132 =  *((intOrPtr*)(__rcx + 0x40));
				_v136 =  *((intOrPtr*)(__rcx + 0x30));
				_v104 =  *((intOrPtr*)(__rcx + 0x48));
				_t129 =  *((intOrPtr*)(__rcx + 0x68));
				_v96 = _t129;
				_a16 =  *((intOrPtr*)(__rcx + 0x78));
				_a8 =  *((intOrPtr*)(__rcx + 0x38));
				E00000001180009AFC( *((intOrPtr*)(__rcx + 0x38)), _t132);
				E0000000118000635C(_t129);
				 *((long long*)(_t129 + 0x20)) = _t153;
				E0000000118000635C(_t129);
				 *((long long*)(_t129 + 0x28)) = _t132;
				E0000000118000635C(_t129);
				E00000001180004ED8(_t129,  &_v80,  *((intOrPtr*)( *((intOrPtr*)(_t129 + 0x20)) + 0x28)));
				_v144 = _t129;
				if ( *((intOrPtr*)(__rcx + 0x58)) == _t161) goto 0x80008b1a;
				_a24 = 1;
				E0000000118000635C(_t129);
				_v152 =  *((intOrPtr*)(_t129 + 0x70));
				r8d = 0x100;
				E00000001180012BE0(_v136,  *((intOrPtr*)(__rcx + 0x28)), _t158);
				_v176 = _t129;
				if (_t129 - 2 >= 0) goto 0x80008b4e;
				_t134 =  *((intOrPtr*)(_t155 - 0xa8 + 0x70 + _t129 * 8));
				if (_t134 == 0) goto 0x80008c61;
				_v176 = _t134;
				E00000001180012C10(_t134,  *((intOrPtr*)(__rcx + 0x28)));
				_v184 = 1;
				E0000000118000635C(_t129);
				 *(_t129 + 0x40) =  *(_t129 + 0x40) & 0x00000000;
				E0000000118000635C(_t129);
				 *((intOrPtr*)(_t129 + 0x78)) = _a16;
				_t154 = _a32;
				if (_a24 == 0) goto 0x80008bb5;
				E00000001180005110(1, _t154);
				_t130 = _v152;
				r8d =  *((intOrPtr*)(_t130 + 0x18));
				goto 0x80008bc2;
				r8d =  *((intOrPtr*)(_t154 + 0x18));
				RaiseException(??, ??, ??, ??);
				r12d = _v184;
				E00000001180004F14(_t130, _v176, _v144);
				if (r12d != 0) goto 0x80008c20;
				if ( *_t154 != 0xe06d7363) goto 0x80008c20;
				if ( *((intOrPtr*)(_t154 + 0x18)) != 4) goto 0x80008c20;
				if ( *((intOrPtr*)(_t154 + 0x20)) - 0x19930520 - 2 > 0) goto 0x80008c20;
				if (E000000011800051E4(_t130,  *((intOrPtr*)(_t154 + 0x28))) == 0) goto 0x80008c20;
				E00000001180005110(1, _t154);
				E0000000118000635C(_t130);
				 *((long long*)(_t130 + 0x20)) = _v168;
				E0000000118000635C(_t130);
				 *((long long*)(_t130 + 0x28)) = _v160;
				E0000000118000635C(_t130);
				 *((intOrPtr*)(_t130 + 0x78)) = _a8;
				_t105 = E0000000118000635C(_t130);
				 *((intOrPtr*)(_t130 + 0x78)) = 0xfffffffe;
				return _t105;
			}

0x180008a18
0x180008a2e
0x180008a31
0x180008a36
0x180008a3e
0x180008a43
0x180008a48
0x180008a4c
0x180008a50
0x180008a54
0x180008a58
0x180008a5c
0x180008a60
0x180008a65
0x180008a69
0x180008a6e
0x180008a77
0x180008a7c
0x180008a80
0x180008a88
0x180008a90
0x180008a9d
0x180008aa2
0x180008aa6
0x180008aae
0x180008ab8
0x180008ac2
0x180008ac7
0x180008acc
0x180008ad0
0x180008ad5
0x180008ad9
0x180008aee
0x180008af6
0x180008aff
0x180008b01
0x180008b0c
0x180008b15
0x180008b1a
0x180008b28
0x180008b30
0x180008b39
0x180008b3b
0x180008b43
0x180008b49
0x180008b54
0x180008b65
0x180008b6d
0x180008b72
0x180008b76
0x180008b82
0x180008b85
0x180008b95
0x180008b9c
0x180008ba1
0x180008baa
0x180008bb3
0x180008bb9
0x180008bc2
0x180008bc8
0x180008be4
0x180008bec
0x180008bf4
0x180008bfa
0x180008c07
0x180008c14
0x180008c1b
0x180008c20
0x180008c25
0x180008c29
0x180008c2e
0x180008c32
0x180008c3e
0x180008c41
0x180008c46
0x180008c60

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 0000000180008AC2
_CreateFrameInfo.LIBVCRUNTIME ref: 0000000180008AEE

Strings

csm, xrefs: 0000000180008BEE

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: dc94f97a0e88d0ad9e471f6fb85878e73fe184b2ef90e8ef7ac08a69f3a5ae08
Instruction ID: a89e4bbf9c0fb8b6fe6b10f8850b3d9b57bc321527b4cd857e84f651f378215a
Opcode Fuzzy Hash: dc94f97a0e88d0ad9e471f6fb85878e73fe184b2ef90e8ef7ac08a69f3a5ae08
Instruction Fuzzy Hash: 96514A72215B4886E6A1EB26E44139E77B4F78CBD4F149129EB8D07B56CF38C664CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000018003806C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 33%

			E0000000118003806C(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				void* _t91;
				void* _t97;
				void* _t99;
				void* _t102;
				void* _t103;

				_a8 = __rbx;
				_a24 = __rbp;
				E00000001180042740(0x1470, __rax, _t97, _t99);
				_t62 =  *0x80098010; // 0x6aeceb4fd839
				_a5176 = _t62 ^ _t91 - __rax;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t103 = _t102 + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0x80099d40 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t103 >= 0) goto 0x800381ad;
				_t67 =  &_a40;
				if (__r8 - _t103 >= 0) goto 0x80038116;
				_t41 =  *__r8 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x80038102;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x800380e4;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E0000000118002B5F8();
				if (0 == 0) goto 0x800381a5;
				if (0 == 0) goto 0x80038195;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x800381a5;
				if (0 + _a24 < 0) goto 0x80038162;
				 *((intOrPtr*)(__rcx + 4)) = __edi - r15d;
				goto 0x800380d9;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E00000001180002630(_t39, 0, _a5176 ^ _t91 - __rax);
			}

0x18003806c
0x180038071
0x180038083
0x18003808b
0x180038095
0x1800380a6
0x1800380b4
0x1800380b8
0x1800380d0
0x1800380d6
0x1800380d9
0x1800380df
0x1800380e7
0x1800380e9
0x1800380f4
0x1800380fb
0x1800380fe
0x180038102
0x180038114
0x180038116
0x180038121
0x18003812f
0x180038142
0x180038147
0x180038151
0x18003815a
0x180038160
0x180038162
0x180038177
0x180038180
0x18003818b
0x180038193
0x18003819a
0x1800381a0
0x1800381ab
0x1800381db

APIs

WriteFile.KERNEL32 ref: 0000000180038183
GetLastError.KERNEL32 ref: 00000001800381A5

Strings

U, xrefs: 000000018003812F

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: da8bfa6e9793a4b5a543e0b12e5a4980c8c6c78c8a32081eb0e052bc5e694d0e
Instruction ID: d04588a0332059e91810f4e6ad9a33a1f3cab730918e0698f5ab5461ba451aa3
Opcode Fuzzy Hash: da8bfa6e9793a4b5a543e0b12e5a4980c8c6c78c8a32081eb0e052bc5e694d0e
Instruction Fuzzy Hash: BB41B232315B8482EBA2CF65E8443EA67A4F7887C4F418021EE4D87798DF3CC649C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800209E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E000000011800209E0(void* __ebx, long long __rbx, void* __rcx, void* __r9, void* __r10, long long _a8) {
				intOrPtr _v24;
				void* __rdi;
				intOrPtr _t58;
				intOrPtr _t66;
				signed long long _t77;
				signed long long _t78;
				void* _t82;
				long long _t88;
				intOrPtr _t89;

				_a8 = __rbx;
				_t82 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x47c)) != 1) goto 0x80020a68;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t89 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x20)) - 8));
				if ( *((intOrPtr*)(__rcx + 0x478)) != 1) goto 0x80020a1b;
				if ( *((intOrPtr*)(__rcx + 0x47c)) != 1) goto 0x80020b2b;
				if (_t89 == 0) goto 0x80020b14;
				_t66 =  *((intOrPtr*)(_t89 + 8));
				if (_t66 == 0) goto 0x80020b14;
				if (_t66 == 0) goto 0x80020aff;
				if (_t66 == 0) goto 0x80020afb;
				if (_t66 == 0) goto 0x80020afb;
				if ( *((intOrPtr*)(__rcx + 0x3c)) == 0xd) goto 0x80020aff;
				goto 0x80020b01;
				_t77 =  *((intOrPtr*)(__rcx + 0xdec));
				if ( *((intOrPtr*)(__rcx + 0x41)) - 0x63 - 0x63 <= 0) goto 0x80020a86;
				E00000001180025224(_t77);
				 *_t77 = 0x16;
				E00000001180015940();
				goto 0x80020af7;
				_t78 = _t77 + _t77 * 2;
				if ( *((intOrPtr*)(__rcx + 0x478)) != 1) goto 0x80020ae2;
				_t58 =  *((intOrPtr*)(__rcx + 0x3c));
				_t22 = _t82 + 0x488; // 0x4e0
				r9b =  *((intOrPtr*)(__rcx + 0x41));
				_t88 = _t22 + _t78 * 8;
				if ( *_t88 != 0) goto 0x80020ab8;
				 *_t88 = 3;
				 *((intOrPtr*)(_t88 + 4)) = r9b;
				 *((intOrPtr*)(_t88 + 0x10)) = _t58;
				goto 0x80020aed;
				_v24 = _t58;
				r8d = 3;
				if (E0000000118001BBD8(__ebx, __rcx, __rcx, _t88, _t89, __r9, __r10) != 0) goto 0x80020aed;
				E00000001180025224(_t78);
				 *_t78 = 0x16;
				E00000001180015940();
				goto 0x80020aef;
				if (1 != 0) goto 0x80020a05;
				goto 0x80020b2d;
				goto 0x80020b01;
				 *((long long*)(__rcx + 0x48)) = _t88;
				if (0 == 0) goto 0x80020b24;
				 *((char*)(__rcx + 0x54)) = 1;
				goto 0x80020b28;
				 *((long long*)(__rcx + 0x48)) = "(null)";
				 *((char*)(__rcx + 0x54)) = 0;
				 *((intOrPtr*)(__rcx + 0x50)) = 6;
				return 1;
			}

0x1800209e0
0x1800209ec
0x1800209f6
0x1800209f8
0x180020a01
0x180020a0c
0x180020a15
0x180020a1e
0x180020a28
0x180020a2b
0x180020a37
0x180020a40
0x180020a49
0x180020a53
0x180020a63
0x180020a68
0x180020a72
0x180020a74
0x180020a79
0x180020a7f
0x180020a84
0x180020a8d
0x180020a91
0x180020a93
0x180020a96
0x180020a9d
0x180020aa1
0x180020aa7
0x180020aa9
0x180020aaf
0x180020ab3
0x180020ab6
0x180020ab8
0x180020abc
0x180020acc
0x180020ace
0x180020ad3
0x180020ad9
0x180020ae0
0x180020af1
0x180020af9
0x180020afd
0x180020b01
0x180020b0a
0x180020b0c
0x180020b12
0x180020b1b
0x180020b24
0x180020b28
0x180020b37

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180020A7F
_invalid_parameter_noinfo.LIBCMT ref: 0000000180020AD9

Strings

(null), xrefs: 0000000180020B14

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: (null)
API String ID: 3215553584-3941151225
Opcode ID: 46c341ba677f65cf3998f03ab099ebbbe8be71e495594e1fc3115e86eed46bae
Instruction ID: 7da802c7be0cb3dc88c5ce28e3e66eae410117e33e3d7c69c17896645612c8e9
Opcode Fuzzy Hash: 46c341ba677f65cf3998f03ab099ebbbe8be71e495594e1fc3115e86eed46bae
Instruction Fuzzy Hash: 06417C721047888AEBE78F28D1443ED37A1E719BC8F74C025EA480B796DF76CA49D711

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020BB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00000001180020BB4(void* __ecx, long long __rbx, intOrPtr* __rcx, long long __rsi, void* __r10, long long _a8, long long _a16) {
				intOrPtr _v24;
				void* _t35;
				void* _t36;
				intOrPtr _t49;
				signed long long _t66;
				signed long long _t67;
				intOrPtr* _t71;
				intOrPtr _t74;
				intOrPtr* _t77;
				intOrPtr _t78;
				long long _t81;

				_a8 = __rbx;
				_a16 = __rsi;
				_t71 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x47c)) != 1) goto 0x80020c34;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t78 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x20)) - 8));
				if ( *((intOrPtr*)(__rcx + 0x478)) != 1) goto 0x80020bf4;
				if ( *((intOrPtr*)(__rcx + 0x47c)) != 1) goto 0x80020ce0;
				if (_t78 == 0) goto 0x80020cc9;
				_t81 =  *((intOrPtr*)(_t78 + 8));
				if (_t81 == 0) goto 0x80020cc9;
				r8d =  *((intOrPtr*)(__rcx + 0x3c));
				_t74 =  *__rcx;
				_t36 = E0000000118001A898(_t35, __ecx,  *(__rcx + 0x42) & 0x0000ffff, _t81, _t74);
				 *((long long*)(__rcx + 0x48)) = _t81;
				if (_t36 == 0) goto 0x80020cd9;
				 *((char*)(__rcx + 0x54)) = 1;
				goto 0x80020cdd;
				_t66 =  *((intOrPtr*)(_t74 + 0xdec));
				if (_t36 - 0x63 <= 0) goto 0x80020c52;
				E00000001180025224(_t66);
				 *_t66 = 0x16;
				E00000001180015940();
				goto 0x80020cc5;
				_t67 = _t66 + _t66 * 2;
				if ( *((intOrPtr*)(_t74 + 0x478)) != 1) goto 0x80020cb0;
				_t49 =  *((intOrPtr*)(_t74 + 0x3c));
				r9d =  *(__rcx + 0x42) & 0x0000ffff;
				_t77 = __rcx + 0x488 + _t67 * 8;
				if ( *_t77 != 0) goto 0x80020c86;
				 *_t77 = 3;
				 *((intOrPtr*)(_t77 + 4)) = r9w;
				 *((intOrPtr*)(_t77 + 0x10)) = _t49;
				goto 0x80020cbb;
				_v24 = _t49;
				r8d = 3;
				if (E0000000118001BE08(_t49, __rcx, __rcx, _t77, _t81, __r10) != 0) goto 0x80020cbb;
				E00000001180025224(_t67);
				 *_t67 = 0x16;
				E00000001180015940();
				goto 0x80020cbd;
				if (1 != 0) goto 0x80020bde;
				goto 0x80020ce2;
				 *((long long*)(_t71 + 0x48)) = "(null)";
				 *((char*)(_t71 + 0x54)) = 0;
				 *((intOrPtr*)(_t71 + 0x50)) = 6;
				return 1;
			}

0x180020bb4
0x180020bb9
0x180020bc5
0x180020bcf
0x180020bd1
0x180020bda
0x180020be5
0x180020bee
0x180020bf7
0x180020bfd
0x180020c04
0x180020c0a
0x180020c12
0x180020c15
0x180020c1a
0x180020c23
0x180020c29
0x180020c2f
0x180020c34
0x180020c3e
0x180020c40
0x180020c45
0x180020c4b
0x180020c50
0x180020c59
0x180020c5d
0x180020c5f
0x180020c69
0x180020c6e
0x180020c74
0x180020c76
0x180020c7c
0x180020c81
0x180020c84
0x180020c86
0x180020c8a
0x180020c9a
0x180020c9c
0x180020ca1
0x180020ca7
0x180020cae
0x180020cbf
0x180020cc7
0x180020cd5
0x180020cd9
0x180020cdd
0x180020cf1

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180020C4B
_invalid_parameter_noinfo.LIBCMT ref: 0000000180020CA7

Strings

(null), xrefs: 0000000180020CC9

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: (null)
API String ID: 3215553584-3941151225
Opcode ID: cb0a80c85523b989f25033b2b1a03bdc5c4e96e00fb7877daf72a1c3e8b74548
Instruction ID: 91ebb57bda573900d4872c42385099f317c34402fea6411f06937f4eca737fb0
Opcode Fuzzy Hash: cb0a80c85523b989f25033b2b1a03bdc5c4e96e00fb7877daf72a1c3e8b74548
Instruction Fuzzy Hash: 4D316CB2604B48C6EBA79F15D1403EC77A0F349B88F74812AEB490B396DF36C65AD714

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D24C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 74%

			E0000000118000D24C(void* __edx, void* __edi, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rdi, void* __rsi, void* __r8, long long _a8) {
				char _v24;
				intOrPtr _v32;
				char _v40;
				intOrPtr _v48;
				char _v56;
				intOrPtr _v72;
				void* _t33;
				char* _t42;
				long long _t45;
				intOrPtr* _t46;
				void* _t50;
				void* _t54;
				void* _t72;
				void* _t75;
				void* _t76;

				_t72 = __r8;
				_t67 = __rsi;
				_t66 = __rdi;
				_t33 = __edx;
				_a8 = __rbx;
				_t50 = __rcx;
				E00000001180009FC8(__rax, __rcx,  &_v56, __rdx, __rsi);
				_t42 =  *0x80099490; // 0x0
				if ( *_t42 == 0) goto 0x8000d331;
				if ( *_t42 == 0x3f) goto 0x8000d2f6;
				if ( *_t42 == 0x58) goto 0x8000d291;
				_t54 = _t50;
				E0000000118000F284(_t33, __edi, _t42, _t50, _t54,  &_v56, __rdi, _t67, _t72, _t75, _t76);
				goto 0x8000d34f;
				 *0x80099490 = _t42 + 1;
				if (_v56 != _t54) goto 0x8000d2cd;
				_v32 = 4;
				_v40 = "void";
				asm("movaps xmm0, [ebp-0x20]");
				asm("movdqa [ebp-0x20], xmm0");
				E00000001180009F6C("void", _t50,  &_v40);
				goto 0x8000d34f;
				_v32 = 5;
				_t45 = "void ";
				_v40 = _t45;
				asm("movaps xmm0, [ebp-0x20]");
				asm("movdqa [ebp-0x20], xmm0");
				E00000001180009F6C(_t45,  &_v24,  &_v40);
				goto 0x8000d343;
				_t46 = _t45 + 1;
				_v40 = _t45;
				_v32 = 0;
				_v72 = 0;
				 *0x80099490 = _t46;
				r8d = 0;
				E0000000118000C978(__edi, _t50,  &_v24,  &_v56, _t66, _t67,  &_v40);
				_v56 =  *_t46;
				_v48 =  *((intOrPtr*)(_t46 + 8));
				goto 0x8000d280;
				_v32 = 0;
				_v40 = 0x8004e150;
				return E0000000118000A4B0( &_v40, _t50,  &_v56);
			}

0x18000d24c
0x18000d24c
0x18000d24c
0x18000d24c
0x18000d24c
0x18000d259
0x18000d260
0x18000d265
0x18000d270
0x18000d279
0x18000d27e
0x18000d284
0x18000d287
0x18000d28c
0x18000d298
0x18000d2a3
0x18000d2a5
0x18000d2b3
0x18000d2ba
0x18000d2be
0x18000d2c3
0x18000d2c8
0x18000d2cd
0x18000d2d4
0x18000d2db
0x18000d2e3
0x18000d2e7
0x18000d2ec
0x18000d2f4
0x18000d2f6
0x18000d2f9
0x18000d2fd
0x18000d304
0x18000d310
0x18000d317
0x18000d31a
0x18000d322
0x18000d329
0x18000d32c
0x18000d338
0x18000d33b
0x18000d35c

APIs

DName::operator+.LIBVCRUNTIME ref: 000000018000D34A

Strings

void , xrefs: 000000018000D2D4
void, xrefs: 000000018000D2AC

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Name::operator+
String ID: void$void
API String ID: 2943138195-3746155364
Opcode ID: a11d32bb56fdc3eeb29a536db682c6a17dbf9116fc3914f9bf21ef22c7514154
Instruction ID: b1fb31fa75e4c87a977f21bbd8212079e35532af0910d4e76d63328d16aad95e
Opcode Fuzzy Hash: a11d32bb56fdc3eeb29a536db682c6a17dbf9116fc3914f9bf21ef22c7514154
Instruction Fuzzy Hash: AB315A72A11B5C98FB42CFA4E8413EC37B0B74C788F448526EE8A63B59DF388248C754

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180031FA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E00000001180031FA8(char __ecx, void* __edx, void* __r8, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				long long _v48;
				char _v56;
				void* __rbx;
				void* _t31;
				char _t32;
				void* _t38;
				long long _t47;
				void* _t48;
				void* _t53;
				void* _t54;

				asm("movsd [esp+0x20], xmm3");
				asm("movsd [esp+0x18], xmm2");
				_push(_t48);
				_t32 = __ecx;
				r8d = 0;
				if ( *0x80050840 == __edx) goto 0x80031fe3;
				r8d = r8d + 1;
				if (0x180050850 - 0x80050a10 < 0) goto 0x80031fc8;
				goto 0x80031fee;
				_t47 =  *((intOrPtr*)(0x80050840 + 8 + (r8d + r8d) * 8));
				_v48 = _t47;
				if (_t47 == 0) goto 0x80032061;
				_v40 = _a24;
				_v36 = _a28;
				_v32 = _a32;
				_v28 = _a36;
				_v24 = _a40;
				_v20 = _a44;
				_v56 = __ecx;
				E0000000118003209C(__ecx, _t38, _t48, _a48, _t53, _t54);
				_t52 =  &_v56;
				if (E0000000118002E8B4(0xffc0,  &_v56) != 0) goto 0x80032059;
				E00000001180031F78(_t32, _t47,  &_v56);
				asm("movsd xmm0, [esp+0x40]");
				goto 0x80032076;
				E0000000118003209C(_t32, _t38, _t48,  &_v56, _t53, _t54);
				_t31 = E00000001180031F78(_t32, _t47, _t52);
				asm("movsd xmm0, [esp+0x80]");
				return _t31;
			}

0x180031fa8
0x180031fae
0x180031fb4
0x180031fc0
0x180031fc5
0x180031fca
0x180031fcc
0x180031fdd
0x180031fe1
0x180031fe9
0x180031ffb
0x180032003
0x180032009
0x180032011
0x180032019
0x180032021
0x18003202c
0x180032037
0x18003203b
0x18003203f
0x180032044
0x180032050
0x180032054
0x180032059
0x18003205f
0x180032061
0x180032068
0x18003206d
0x18003207b

APIs

_set_errno_from_matherr.LIBCMT ref: 0000000180032054
_set_errno_from_matherr.LIBCMT ref: 0000000180032068

Strings

exp, xrefs: 0000000180031FCF

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _set_errno_from_matherr
String ID: exp
API String ID: 1187470696-113136155
Opcode ID: 1ff5debf1c0fbf27ef42b922982695923c57db91fd9b6c35bdd4a65ee039f616
Instruction ID: e3bb4837e2705db287d6adc3c245e26317c0707e2f300a7866c73e566126df63
Opcode Fuzzy Hash: 1ff5debf1c0fbf27ef42b922982695923c57db91fd9b6c35bdd4a65ee039f616
Instruction Fuzzy Hash: BF21ED36618648CBE7A2DF28E44079BB3A0F79D780F509525F68E92B96DF38C548CF00

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002D038 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 20%

			E0000000118002D038(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48, long long _a56, long long _a64, long long _a72) {
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v48;
				long long _v56;
				void* _t26;
				void* _t38;
				void* _t53;

				_t40 = __rbx;
				_t38 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t26 = r9d;
				_t53 = __rcx;
				E0000000118002CA30(1, __rbx, "CompareStringEx", __rsi, 0x80050320, "CompareStringEx");
				if (_t38 == 0) goto 0x8002d0cd;
				r9d = _t26;
				_v24 = _a72;
				_v32 = _a64;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _a40;
				 *0x8004c3c0();
				goto 0x8002d0ff;
				E0000000118002D804(0, 0, _t38, _t40, _t53);
				r9d = _t26;
				_v48 = _a48;
				_v56 = _a40;
				return CompareStringW(??, ??, ??, ??, ??, ??);
			}

0x18002d038
0x18002d038
0x18002d038
0x18002d03d
0x18002d042
0x18002d04c
0x18002d05b
0x18002d071
0x18002d079
0x18002d083
0x18002d090
0x18002d098
0x18002d0a5
0x18002d0b1
0x18002d0bd
0x18002d0c5
0x18002d0cb
0x18002d0d2
0x18002d0d9
0x18002d0e6
0x18002d0f4
0x18002d113

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002D071
CompareStringW.KERNEL32 ref: 000000018002D0F9

Strings

CompareStringEx, xrefs: 000000018002D054, 000000018002D065

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: CompareStringtry_get_function
String ID: CompareStringEx
API String ID: 3328479835-2590796910
Opcode ID: 043d0d2dfc6eee706fb4c50b33835f96ea3d0fc14ae3742d629335fa0ce175e2
Instruction ID: 52e7a1e47c465e5e4e3fa449d2eccfc40a26378b76fddafedbda20b20e6d5281
Opcode Fuzzy Hash: 043d0d2dfc6eee706fb4c50b33835f96ea3d0fc14ae3742d629335fa0ce175e2
Instruction Fuzzy Hash: 15110836608BC486D7A1CB56B48079AB7A4F78DBD4F548126FE8D93B59CF38C6488B40

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002D728 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 20%

			E0000000118002D728(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48, long long _a56, long long _a64, long long _a72) {
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v48;
				long long _v56;
				void* _t26;
				void* _t38;
				void* _t53;

				_t40 = __rbx;
				_t38 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t26 = r9d;
				_t53 = __rcx;
				E0000000118002CA30(0x14, __rbx, "LCMapStringEx", __rsi, 0x80050500, "LCMapStringEx");
				if (_t38 == 0) goto 0x8002d7bd;
				r9d = _t26;
				_v24 = _a72;
				_v32 = _a64;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _a40;
				 *0x8004c3c0();
				goto 0x8002d7ef;
				E0000000118002D804(0, 0, _t38, _t40, _t53);
				r9d = _t26;
				_v48 = _a48;
				_v56 = _a40;
				return LCMapStringW(??, ??, ??, ??, ??, ??);
			}

0x18002d728
0x18002d728
0x18002d728
0x18002d72d
0x18002d732
0x18002d73c
0x18002d74b
0x18002d761
0x18002d769
0x18002d773
0x18002d780
0x18002d788
0x18002d795
0x18002d7a1
0x18002d7ad
0x18002d7b5
0x18002d7bb
0x18002d7c2
0x18002d7c9
0x18002d7d6
0x18002d7e4
0x18002d803

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002D761
LCMapStringW.KERNEL32 ref: 000000018002D7E9

Strings

LCMapStringEx, xrefs: 000000018002D744, 000000018002D755

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Stringtry_get_function
String ID: LCMapStringEx
API String ID: 2588686239-3893581201
Opcode ID: 2d12f3b1e568f8427f8265c607cf82a05123733ebd9cbf2cc4306bd500f8806f
Instruction ID: 2ecae692bfda9901f53962c43c4d262dc4885a639a6487881b42a421bd3287c5
Opcode Fuzzy Hash: 2d12f3b1e568f8427f8265c607cf82a05123733ebd9cbf2cc4306bd500f8806f
Instruction Fuzzy Hash: 3D112736608B8486D7A1CB46B48079AB7A0F78CBD4F148126FACD93B59DF38C6448B40

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002D2D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 20%

			E0000000118002D2D8(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48, long long _a56) {
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				void* _t33;
				void* _t47;

				_t33 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t47 = __rcx;
				E0000000118002CA30(8, __r9, "GetDateFormatEx", __rsi, 0x80050390, "GetDateFormatEx");
				if (_t33 == 0) goto 0x8002d34d;
				_v24 = _a56;
				_v32 = _a48;
				_v40 = _a40;
				 *0x8004c3c0();
				goto 0x8002d379;
				E0000000118002D804(0, 0, _t33, __r9, _t47);
				_v32 = _a48;
				_v40 = _a40;
				return GetDateFormatW(??, ??, ??, ??, ??, ??);
			}

0x18002d2d8
0x18002d2d8
0x18002d2dd
0x18002d2e2
0x18002d2fb
0x18002d311
0x18002d319
0x18002d32c
0x18002d334
0x18002d33d
0x18002d345
0x18002d34b
0x18002d352
0x18002d363
0x18002d36e
0x18002d38d

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002D311
GetDateFormatW.KERNEL32 ref: 000000018002D373

Strings

GetDateFormatEx, xrefs: 000000018002D2F4, 000000018002D305

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: DateFormattry_get_function
String ID: GetDateFormatEx
API String ID: 595753042-159735388
Opcode ID: 1c4c74f288efde64b4eeadbc07e408a49a17c673470446c4f2263ea109fe12e5
Instruction ID: bafac5d513183c9b0836aaeeb81704af0e9b0f4624d8cfe9f1347418a8ce5eb6
Opcode Fuzzy Hash: 1c4c74f288efde64b4eeadbc07e408a49a17c673470446c4f2263ea109fe12e5
Instruction Fuzzy Hash: E4112E72604B84C6E791CF55F44038AB7A4F7CCBD4F148116BE8D53B69CE78C6588B40

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002D498 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
timeCOMMON

Download Yara Rule

C-Code - Quality: 20%

			E0000000118002D498(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48) {
				intOrPtr _v32;
				long long _v40;
				void* _t30;
				void* _t44;

				_t30 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t44 = __rcx;
				E0000000118002CA30(0xe, __r9, "GetTimeFormatEx", __rsi, 0x80050450, "GetTimeFormatEx");
				if (_t30 == 0) goto 0x8002d502;
				r8d = _a48;
				_v32 = r8d;
				_v40 = _a40;
				 *0x8004c3c0();
				goto 0x8002d52e;
				E0000000118002D804(0, 0, _t30, __r9, _t44);
				_v32 = _a48;
				_v40 = _a40;
				return GetTimeFormatW(??, ??, ??, ??, ??, ??);
			}

0x18002d498
0x18002d498
0x18002d49d
0x18002d4a2
0x18002d4bb
0x18002d4d1
0x18002d4d9
0x18002d4db
0x18002d4ea
0x18002d4f2
0x18002d4fa
0x18002d500
0x18002d507
0x18002d518
0x18002d523
0x18002d542

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002D4D1
GetTimeFormatW.KERNEL32 ref: 000000018002D528

Strings

GetTimeFormatEx, xrefs: 000000018002D4B4, 000000018002D4C5

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: FormatTimetry_get_function
String ID: GetTimeFormatEx
API String ID: 3261793192-1692793031
Opcode ID: c6cbb038febeddc30d843483a1c9815b595b96e77fb19d575ff4a766fc455942
Instruction ID: 07125a42c12945716661c9fbbf4b51e1156bb919ccfe9ac75295b8a56378d028
Opcode Fuzzy Hash: c6cbb038febeddc30d843483a1c9815b595b96e77fb19d575ff4a766fc455942
Instruction Fuzzy Hash: 13112E76604B88C7E791CF56B44039AB7A4F78CBD4F188126FF8953B69CE78C6588B40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180006028 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,000000018000136F), ref: 000000018000606C
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,000000018000136F), ref: 00000001800060B2

Strings

csm, xrefs: 000000018000609F

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 401b54d997d8232e1dca34e354a7963410749bd7d884933052c10f865bf1a923
Instruction ID: 0039db0edde445eeaf31aa7df0613ae97c7f9d7664d7e3880f17a9132f45a897
Opcode Fuzzy Hash: 401b54d997d8232e1dca34e354a7963410749bd7d884933052c10f865bf1a923
Instruction Fuzzy Hash: FF110A32614B8482EBA2CF15E54039A77E5F788BD8F198221EF8D07769DF39C655CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024A0B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00000001180024A0B(void* __eax, void* __ecx, void* __rax) {

				asm("rcr dword [ebp+0x2a16e0d], 1");
				 *((intOrPtr*)(__rax - 0x7d)) =  *((intOrPtr*)(__rax - 0x7d)) + __ecx;
				asm("loopne 0x5");
				return __eax;
			}

0x180024a0b
0x180024a11
0x180024a14
0x180024a16

APIs

_handle_error.LIBCMT ref: 0000000180024AD2

Strings

cos, xrefs: 0000000180024A1E
!, xrefs: 0000000180024ABA

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _handle_error
String ID: !$cos
API String ID: 1757819995-1949035351
Opcode ID: 56090aa622a552be7fea53aa1d141725505b463714fbf27a3da2feb38c774659
Instruction ID: 797ec296580d54ec4dec847c2483b72e4455237f8b2e707a7a89573b451c9943
Opcode Fuzzy Hash: 56090aa622a552be7fea53aa1d141725505b463714fbf27a3da2feb38c774659
Instruction Fuzzy Hash: 0901D637A15BC882DA56CF2294403AA6261FB9E7D4F50C315F65A1BBC8EF7CC2459704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E00000001180024A40(long long _a8) {
				intOrPtr _v24;
				intOrPtr _v48;
				intOrPtr _v56;
				void* _t9;
				signed long long _t14;

				r8d = 0x1e;
				goto 0x80024a54;
				asm("int3");
				asm("int3");
				asm("movsd [esp+0x60], xmm0");
				_t14 = _a8;
				r10d = r8d;
				asm("movaps xmm1, xmm0");
				if ((_t14 & 0x00000000) != 0) goto 0x80024aeb;
				if ((0xffffffff & _t14) != 0) goto 0x80024ad9;
				r9d = 1;
				_v24 = r9d;
				asm("xorps xmm0, xmm0");
				asm("movsd [esp+0x38], xmm0");
				asm("movsd [esp+0x30], xmm1");
				_v48 = 0x21;
				_v56 = 8;
				_a8 = 0;
				_t9 = E00000001180024CE4(r10d, 0xffffffff & _t14, 0x8004eba8, 0);
				goto 0x80024aeb;
				_a8 = 0xfff8000000000000;
				asm("movsd xmm0, [esp+0x60]");
				return _t9;
			}

0x180024a40
0x180024a4d
0x180024a52
0x180024a53
0x180024a58
0x180024a61
0x180024a73
0x180024a79
0x180024a7f
0x180024a8e
0x180024a9a
0x180024aa0
0x180024aa5
0x180024aa8
0x180024ab1
0x180024aba
0x180024ac5
0x180024acd
0x180024ad2
0x180024ad7
0x180024ae6
0x180024aeb
0x180024af5

APIs

_handle_error.LIBCMT ref: 0000000180024AD2

Strings

!, xrefs: 0000000180024ABA
sin, xrefs: 0000000180024A46

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _handle_error
String ID: !$sin
API String ID: 1757819995-1565623160
Opcode ID: dfc87a009c3f87ae0935f05f3e982ab0cf24612e1e39f396317d5734ab2c1489
Instruction ID: daa19a7cc5e8ae408990f212184efdc8e27a0ded0d0882f1a2c10ef52bf52563
Opcode Fuzzy Hash: dfc87a009c3f87ae0935f05f3e982ab0cf24612e1e39f396317d5734ab2c1489
Instruction Fuzzy Hash: 7B01B932A15F8881DA56CF12E4403666251FB9E7D4F508315FA5A1BB88EF7CC1558B04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024A2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00000001180024A2C(long long _a8) {
				intOrPtr _v24;
				intOrPtr _v48;
				intOrPtr _v56;
				void* _t9;
				signed long long _t14;

				r8d = 0x12;
				goto 0x80024af8;
				asm("int3");
				asm("int3");
				r8d = 0x1e;
				goto 0x80024a54;
				asm("int3");
				asm("int3");
				asm("movsd [esp+0x60], xmm0");
				_t14 = _a8;
				r10d = r8d;
				asm("movaps xmm1, xmm0");
				if ((_t14 & 0x00000000) != 0) goto 0x80024aeb;
				if ((0xffffffff & _t14) != 0) goto 0x80024ad9;
				r9d = 1;
				_v24 = r9d;
				asm("xorps xmm0, xmm0");
				asm("movsd [esp+0x38], xmm0");
				asm("movsd [esp+0x30], xmm1");
				_v48 = 0x21;
				_v56 = 8;
				_a8 = 0;
				_t9 = E00000001180024CE4(r10d, 0xffffffff & _t14, 0x8004eba8, 0);
				goto 0x80024aeb;
				_a8 = 0xfff8000000000000;
				asm("movsd xmm0, [esp+0x60]");
				return _t9;
			}

0x180024a2c
0x180024a39
0x180024a3e
0x180024a3f
0x180024a40
0x180024a4d
0x180024a52
0x180024a53
0x180024a58
0x180024a61
0x180024a73
0x180024a79
0x180024a7f
0x180024a8e
0x180024a9a
0x180024aa0
0x180024aa5
0x180024aa8
0x180024ab1
0x180024aba
0x180024ac5
0x180024acd
0x180024ad2
0x180024ad7
0x180024ae6
0x180024aeb
0x180024af5

APIs

_handle_errorf.LIBCMT ref: 0000000180024B67

Part of subcall function 0000000180024E0C: _raise_excf.LIBCMT ref: 0000000180024EB2

Strings

cosf, xrefs: 0000000180024A32
!, xrefs: 0000000180024B57

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _handle_errorf_raise_excf
String ID: !$cosf
API String ID: 3848079588-2208875612
Opcode ID: a348cef717e2c05117a2ed9dfb164f79919b493c4233f368d9886bf87babb292
Instruction ID: 8a1d03cd5170083156cc107809fcf96fcf5fab9e81177db6192a3f44e73bd75f
Opcode Fuzzy Hash: a348cef717e2c05117a2ed9dfb164f79919b493c4233f368d9886bf87babb292
Instruction Fuzzy Hash: 1901757351868487F356CB36A48039ABAA1F7D97C8F308209F7411AAB9DB7DC5895F04

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800249E9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

_handle_error.LIBCMT ref: 0000000180024AD2

Strings

!, xrefs: 0000000180024ABA
sin, xrefs: 0000000180024A47

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _handle_error
String ID: !$sin
API String ID: 1757819995-1565623160
Opcode ID: 780a83bc4a75a2d626bed8e6daeb201b40bf78fcb709d6a14c2a4d853db83b22
Instruction ID: 49c69a2770dea91f1fc13406a4e5b91cfa24acfeceb72b74d24cf060d5f2884b
Opcode Fuzzy Hash: 780a83bc4a75a2d626bed8e6daeb201b40bf78fcb709d6a14c2a4d853db83b22
Instruction Fuzzy Hash: CE018836A15BC882D656CF12944036A6261FB9E7D4F508315FA561AB88EF78C1455704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024A18 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E00000001180024A18(long long _a8) {
				intOrPtr _v24;
				intOrPtr _v48;
				intOrPtr _v56;
				void* _t9;
				signed long long _t14;

				r8d = 0x12;
				goto 0x80024a54;
				asm("int3");
				asm("int3");
				r8d = 0x12;
				goto 0x80024af8;
				asm("int3");
				asm("int3");
				r8d = 0x1e;
				goto 0x80024a54;
				asm("int3");
				asm("int3");
				asm("movsd [esp+0x60], xmm0");
				_t14 = _a8;
				r10d = r8d;
				asm("movaps xmm1, xmm0");
				if ((_t14 & 0x00000000) != 0) goto 0x80024aeb;
				if ((0xffffffff & _t14) != 0) goto 0x80024ad9;
				r9d = 1;
				_v24 = r9d;
				asm("xorps xmm0, xmm0");
				asm("movsd [esp+0x38], xmm0");
				asm("movsd [esp+0x30], xmm1");
				_v48 = 0x21;
				_v56 = 8;
				_a8 = 0;
				_t9 = E00000001180024CE4(r10d, 0xffffffff & _t14, 0x8004eba8, 0);
				goto 0x80024aeb;
				_a8 = 0xfff8000000000000;
				asm("movsd xmm0, [esp+0x60]");
				return _t9;
			}

0x180024a18
0x180024a25
0x180024a2a
0x180024a2b
0x180024a2c
0x180024a39
0x180024a3e
0x180024a3f
0x180024a40
0x180024a4d
0x180024a52
0x180024a53
0x180024a58
0x180024a61
0x180024a73
0x180024a79
0x180024a7f
0x180024a8e
0x180024a9a
0x180024aa0
0x180024aa5
0x180024aa8
0x180024ab1
0x180024aba
0x180024ac5
0x180024acd
0x180024ad2
0x180024ad7
0x180024ae6
0x180024aeb
0x180024af5

APIs

_handle_error.LIBCMT ref: 0000000180024AD2

Strings

cos, xrefs: 0000000180024A1E
!, xrefs: 0000000180024ABA

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _handle_error
String ID: !$cos
API String ID: 1757819995-1949035351
Opcode ID: 62a5e39bfaaa4803d5df17dc6170663869525c098e298f229e5540bbdf73ebe0
Instruction ID: d677422d503ce2f185a08346ed2863a3f4eeec8a8bcf8b9e18489094ae984947
Opcode Fuzzy Hash: 62a5e39bfaaa4803d5df17dc6170663869525c098e298f229e5540bbdf73ebe0
Instruction Fuzzy Hash: 9601F732A15F8C82DA56CF22A4403A66261FB9E7D4F508315FA5A1ABC8EF7CC2459B04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024B84 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

_handle_errorf.LIBCMT ref: 0000000180024B67

Part of subcall function 0000000180024E0C: _raise_excf.LIBCMT ref: 0000000180024EB2

Strings

sinf, xrefs: 0000000180024B8A
!, xrefs: 0000000180024B57

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _handle_errorf_raise_excf
String ID: !$sinf
API String ID: 3848079588-676365165
Opcode ID: 49ab03acee7f57435087519cbdcde877dbf50498e75866363b822aa6d22db6a2
Instruction ID: 6a0cd4b0c40d4db1507ecebc498ebc974703929d2197e33242fbb8eef7753fd8
Opcode Fuzzy Hash: 49ab03acee7f57435087519cbdcde877dbf50498e75866363b822aa6d22db6a2
Instruction Fuzzy Hash: E6018473618A8487F356CB26A48039AB7A1F7D97C8F308305F7450AAB8DB7CC5885F04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024BAC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

_handle_errorf.LIBCMT ref: 0000000180024B67

Part of subcall function 0000000180024E0C: _raise_excf.LIBCMT ref: 0000000180024EB2

Strings

tanf, xrefs: 0000000180024BB2
!, xrefs: 0000000180024B57

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: _handle_errorf_raise_excf
String ID: !$tanf
API String ID: 3848079588-3147098732
Opcode ID: e1070d6469421e2201d5a71bf8286f3b31480c364f57cbc62675e5a92bd585ad
Instruction ID: 9500d1f0c714bb3ffc13917597742cbfd42fd906b372ec0f43ab0108cb8403d3
Opcode Fuzzy Hash: e1070d6469421e2201d5a71bf8286f3b31480c364f57cbc62675e5a92bd585ad
Instruction Fuzzy Hash: 4301847361868487F356CB26A48039AB6A1F7D97C8F308305F7450AAB8DB7CC5885F04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 00000001800129A1
GetLastError.KERNEL32 ref: 00000001800129AC

Strings

api-ms-, xrefs: 00000001800129BE

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ErrorLastLibraryLoad
String ID: api-ms-
API String ID: 3568775529-2084034818
Opcode ID: 45e37f836083b2472fa9da49a3b1d42928403d4754f6ce919dd42cfd91d64344
Instruction ID: 75dd9fd881376ad97489a775e34d550234b6a39f8e6742f7244a6501f69c90fd
Opcode Fuzzy Hash: 45e37f836083b2472fa9da49a3b1d42928403d4754f6ce919dd42cfd91d64344
Instruction Fuzzy Hash: 1CF0E531B20D0882FBE6D7AB5882BE412919B4DBC0F4AC420ED0445260FE6C87DD8B04

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002D544 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E0000000118002D544(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long _a8) {
				int _t5;
				void* _t7;
				void* _t15;
				void* _t22;
				void* _t23;
				void* _t24;

				_t16 = __rbx;
				_t15 = __rax;
				_a8 = __rbx;
				_t7 = __edx;
				_t22 = __rcx;
				E0000000118002CA30(0xf, __rbx, "GetUserDefaultLocaleName", _t23, 0x80050468, "GetUserDefaultLocaleName");
				if (_t15 == 0) goto 0x8002d584;
				 *0x8004c3c0();
				goto 0x8002d59a;
				_t5 = GetUserDefaultLCID();
				r9d = 0;
				r8d = _t7;
				return E0000000118002D6B8(_t5, r9d, _t15, _t16, _t22, _t23, _t24);
			}

0x18002d544
0x18002d544
0x18002d544
0x18002d54e
0x18002d557
0x18002d56d
0x18002d575
0x18002d57c
0x18002d582
0x18002d584
0x18002d58a
0x18002d58d
0x18002d5a4

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002D56D
GetUserDefaultLCID.KERNEL32(?,?,000000A0,0000000180034394), ref: 000000018002D584

Strings

GetUserDefaultLocaleName, xrefs: 000000018002D550, 000000018002D55A

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: DefaultUsertry_get_function
String ID: GetUserDefaultLocaleName
API String ID: 3217810228-151340334
Opcode ID: 23096df862011ff30bdbb358cd8aef4df53156a661fcc8dfb6a8c2869d99799a
Instruction ID: 43076704b1a3c25db417a57d61b0c939351878da2f3f815bd624afcd412541c6
Opcode Fuzzy Hash: 23096df862011ff30bdbb358cd8aef4df53156a661fcc8dfb6a8c2869d99799a
Instruction Fuzzy Hash: A2F0E27030098CC1EBD79B65A5807EC1351A74C7C8F94D026BA0943745CE78CA4DC741

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002D5FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 27%

			E0000000118002D5FC(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long _a8, long long _a16) {
				void* _t15;

				_t15 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				E0000000118002CA30(0x12, __rbx, "InitializeCriticalSectionEx", __rsi, 0x800504d8, 0x800504e0);
				if (_t15 == 0) goto 0x8002d647;
				 *0x8004c3c0();
				goto 0x8002d64d;
				return InitializeCriticalSectionAndSpinCount(??, ??);
			}

0x18002d5fc
0x18002d5fc
0x18002d601
0x18002d62d
0x18002d63a
0x18002d63f
0x18002d645
0x18002d65c

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002D62D
InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00000001800280EC), ref: 000000018002D647

Strings

InitializeCriticalSectionEx, xrefs: 000000018002D621

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpintry_get_function
String ID: InitializeCriticalSectionEx
API String ID: 539475747-3084827643
Opcode ID: 3e1b6c4f35e0b1dda9caae1690a0760f00ecaf8f2da4dfaf4076b336b15c85c1
Instruction ID: 20c55351a8fa3e1549beb536036c7c1aa9bf10118cf5032506adaa0aa7ce7757
Opcode Fuzzy Hash: 3e1b6c4f35e0b1dda9caae1690a0760f00ecaf8f2da4dfaf4076b336b15c85c1
Instruction Fuzzy Hash: C5F05E32610A88C2E6969B41E440BD92321BB8CBC4F94D026FA1913B55CE78CA49CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800449C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32 ref: 0000000180044A12
RegisterClassExW.USER32 ref: 0000000180044A49

Strings

P, xrefs: 00000001800449C9

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: ClassCursorLoadRegister
String ID: P
API String ID: 1693014935-3110715001
Opcode ID: 10b633a7ce2ad18c5a3dcf168b3dbd61e1db06a49b6e2a40e725fd80f95601f9
Instruction ID: abe8cc9c1fcd4d93be8d44a7559f44201f358148d54545cd12838b9e53a2bac7
Opcode Fuzzy Hash: 10b633a7ce2ad18c5a3dcf168b3dbd61e1db06a49b6e2a40e725fd80f95601f9
Instruction Fuzzy Hash: D301AF72519B8486E7A08F00F89834BB7B4F389789F604118F6C946B68DF7DC218CB45

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002D284 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 27%

			E0000000118002D284(void* __ecx, void* __eflags, void* __rax, long long __rbx, void* __rdx, long long _a8) {
				void* _t12;
				void* _t19;

				_t12 = __rax;
				_a8 = __rbx;
				E0000000118002CA30(6, __rdx, "FlsSetValue", _t19, 0x80050370, 0x80050378);
				if (_t12 == 0) goto 0x8002d2c4;
				 *0x8004c3c0();
				goto 0x8002d2ca;
				return TlsSetValue(??, ??);
			}

0x18002d284
0x18002d284
0x18002d2ad
0x18002d2ba
0x18002d2bc
0x18002d2c2
0x18002d2d4

APIs

try_get_function.LIBVCRUNTIME ref: 000000018002D2AD
TlsSetValue.KERNEL32(?,?,00006AECEB4FD839,0000000180025D2E,?,?,00006AECEB4FD839,000000018002522D,?,?,?,?,0000000180036D3E,?,?,00000000), ref: 000000018002D2C4

Strings

FlsSetValue, xrefs: 000000018002D29A

Memory Dump Source

Source File: 00000003.00000002.258215911.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000003.00000002.258177194.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258488695.000000018004C000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.258997279.0000000180098000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.259018969.000000018009B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd

Similarity

API ID: Valuetry_get_function
String ID: FlsSetValue
API String ID: 738293619-3750699315
Opcode ID: f3347ab2399312fb128a1e0e156cb8d2aa44c08ff9cd4753bab245167dc71102
Instruction ID: 82f734a2fe3026a07f2655fe10a1f93b421d38dee61fe6e9ea93fb134c613cff
Opcode Fuzzy Hash: f3347ab2399312fb128a1e0e156cb8d2aa44c08ff9cd4753bab245167dc71102
Instruction Fuzzy Hash: 28E06D72210A4CC2FBCB5B50E8407DD2322A74C7C4F99D127B915062A5CE38CB8D8301

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exePID: 4688, Parent PID: 4804COMMON

Execution Graph

Execution Coverage:	49.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	10
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 000001D676B60000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 000001D676B60344
VirtualAlloc.KERNELBASE ref: 000001D676B6038A
VirtualAlloc.KERNELBASE ref: 000001D676B603A4
VirtualProtect.KERNELBASE ref: 000001D676B6085C
RtlAddFunctionTable.KERNEL32 ref: 000001D676B608E9

Strings

ddFu, xrefs: 000001D676B6013A
ualA, xrefs: 000001D676B600B5
truc, xrefs: 000001D676B600F2
ativ, xrefs: 000001D676B6010F
eSys, xrefs: 000001D676B60117
rote, xrefs: 000001D676B600D5
Virt, xrefs: 000001D676B600AD
RtlA, xrefs: 000001D676B60133
ct, xrefs: 000001D676B600DD
ualP, xrefs: 000001D676B600CD
Virt, xrefs: 000001D676B600C5
hIns, xrefs: 000001D676B600EB
Load, xrefs: 000001D676B60095
temI, xrefs: 000001D676B6011F
GetN, xrefs: 000001D676B60107
Slee, xrefs: 000001D676B60084
Cach, xrefs: 000001D676B60100
onTa, xrefs: 000001D676B60148
Libr, xrefs: 000001D676B6009D
aryA, xrefs: 000001D676B600A5
o, xrefs: 000001D676B6012E
ncti, xrefs: 000001D676B60141
lloc, xrefs: 000001D676B600BD
nf, xrefs: 000001D676B60127
tion, xrefs: 000001D676B600F9
Flus, xrefs: 000001D676B600E4

Memory Dump Source

Source File: 00000004.00000002.250762430.000001D676B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001D676B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d676b60000_rundll32.jbxd

Similarity

API ID: Virtual$Alloc$FunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 394283112-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: 25742934148b865aeaabd33a729d4f23475f2e26b67132fdbf187075c23aff9f
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 8D621730618B0C8BD769DF59C9857B9B3E1FB55708F10462ED88BC7291EB34E852CB86

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exePID: 4720, Parent PID: 6100COMMON

Execution Graph

Execution Coverage:	49.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	10
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 000001FB00130000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 000001FB00130344
VirtualAlloc.KERNELBASE ref: 000001FB0013038A
VirtualAlloc.KERNELBASE ref: 000001FB001303A4
VirtualProtect.KERNELBASE ref: 000001FB0013085C
RtlAddFunctionTable.KERNEL32 ref: 000001FB001308E9

Strings

Cach, xrefs: 000001FB00130100
Slee, xrefs: 000001FB00130084
Virt, xrefs: 000001FB001300C5
rote, xrefs: 000001FB001300D5
eSys, xrefs: 000001FB00130117
ualP, xrefs: 000001FB001300CD
Libr, xrefs: 000001FB0013009D
ativ, xrefs: 000001FB0013010F
Virt, xrefs: 000001FB001300AD
ualA, xrefs: 000001FB001300B5
ddFu, xrefs: 000001FB0013013A
Load, xrefs: 000001FB00130095
tion, xrefs: 000001FB001300F9
ct, xrefs: 000001FB001300DD
onTa, xrefs: 000001FB00130148
RtlA, xrefs: 000001FB00130133
GetN, xrefs: 000001FB00130107
truc, xrefs: 000001FB001300F2
nf, xrefs: 000001FB00130127
aryA, xrefs: 000001FB001300A5
ncti, xrefs: 000001FB00130141
lloc, xrefs: 000001FB001300BD
o, xrefs: 000001FB0013012E
Flus, xrefs: 000001FB001300E4
temI, xrefs: 000001FB0013011F
hIns, xrefs: 000001FB001300EB

Memory Dump Source

Source File: 00000005.00000002.251074869.000001FB00130000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FB00130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1fb00130000_rundll32.jbxd

Similarity

API ID: Virtual$Alloc$FunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 394283112-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: dc1e3e4687fc23bbba4558b35ba3e8c5781b07822ffce352a3a55a7afbb9c8e5
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 1962D030618A4A8BD71ADF18D8957BAB7F0FB58304F14462DF88AC7251DF34E942CB86

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exePID: 2608, Parent PID: 6100COMMON

Execution Graph

Execution Coverage:	49.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	10
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 000001CC28C10000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 000001CC28C10344
VirtualAlloc.KERNELBASE ref: 000001CC28C1038A
VirtualAlloc.KERNELBASE ref: 000001CC28C103A4
VirtualProtect.KERNELBASE ref: 000001CC28C1085C
RtlAddFunctionTable.KERNEL32 ref: 000001CC28C108E9

Strings

Flus, xrefs: 000001CC28C100E4
Cach, xrefs: 000001CC28C10100
hIns, xrefs: 000001CC28C100EB
o, xrefs: 000001CC28C1012E
ualA, xrefs: 000001CC28C100B5
Virt, xrefs: 000001CC28C100C5
Libr, xrefs: 000001CC28C1009D
Slee, xrefs: 000001CC28C10084
temI, xrefs: 000001CC28C1011F
lloc, xrefs: 000001CC28C100BD
aryA, xrefs: 000001CC28C100A5
eSys, xrefs: 000001CC28C10117
truc, xrefs: 000001CC28C100F2
ualP, xrefs: 000001CC28C100CD
rote, xrefs: 000001CC28C100D5
Virt, xrefs: 000001CC28C100AD
RtlA, xrefs: 000001CC28C10133
ativ, xrefs: 000001CC28C1010F
onTa, xrefs: 000001CC28C10148
tion, xrefs: 000001CC28C100F9
Load, xrefs: 000001CC28C10095
ncti, xrefs: 000001CC28C10141
nf, xrefs: 000001CC28C10127
ct, xrefs: 000001CC28C100DD
GetN, xrefs: 000001CC28C10107
ddFu, xrefs: 000001CC28C1013A

Memory Dump Source

Source File: 00000006.00000002.254876237.000001CC28C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001CC28C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1cc28c10000_rundll32.jbxd

Similarity

API ID: Virtual$Alloc$FunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 394283112-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: 789edf4cb432e18882f4c8de1e32a5cadb0335ee574e59b0e8a81154e5fa03c7
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: C662E331A58B088BE719DF18D8C5BBAB7E0FB54314F14462DE88AD7251DB34E842CBC6

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 1392, Parent PID: 5220COMMON

Execution Graph

Execution Coverage:	18%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	48
Total number of Limit Nodes:	5

Executed Functions

Function 01420000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 01420344
VirtualAlloc.KERNELBASE ref: 0142038A
VirtualAlloc.KERNELBASE ref: 014203A4
VirtualProtect.KERNELBASE ref: 0142085C
RtlAddFunctionTable.KERNEL32 ref: 014208E9

Strings

truc, xrefs: 014200F2
Virt, xrefs: 014200AD
ualP, xrefs: 014200CD
o, xrefs: 0142012E
Load, xrefs: 01420095
hIns, xrefs: 014200EB
GetN, xrefs: 01420107
ncti, xrefs: 01420141
temI, xrefs: 0142011F
Flus, xrefs: 014200E4
Virt, xrefs: 014200C5
lloc, xrefs: 014200BD
ativ, xrefs: 0142010F
ddFu, xrefs: 0142013A
rote, xrefs: 014200D5
RtlA, xrefs: 01420133
nf, xrefs: 01420127
onTa, xrefs: 01420148
eSys, xrefs: 01420117
ualA, xrefs: 014200B5
aryA, xrefs: 014200A5
Slee, xrefs: 01420084
Cach, xrefs: 01420100
ct, xrefs: 014200DD
tion, xrefs: 014200F9
Libr, xrefs: 0142009D

Memory Dump Source

Source File: 00000007.00000002.769366520.0000000001420000.00000040.00001000.00020000.00000000.sdmp, Offset: 01420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1420000_regsvr32.jbxd

Similarity

API ID: Virtual$Alloc$FunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 394283112-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: f01ad7ff2659d46b3d1139379214ffae74a76d9c57eab201d16d6428f553d522
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 3E52F830618B588BD719DF18D8857BAB7F1FB84304F54462EE88BC7261DB34E586CB86

Uniqueness

Uniqueness Score: -1.00%

Function 02E53CEC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE ref: 02E53EB4

Strings

n, xrefs: 02E53DC8
,, xrefs: 02E53DE9

Memory Dump Source

Source File: 00000007.00000002.769739205.0000000002E41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2e41000_regsvr32.jbxd

Yara matches

Similarity

API ID: Create
String ID: n$,
API String ID: 2289755597-3401186129
Opcode ID: 387e2cbc3b8f1e88da992bb010cb1f5f0f0347c8b7639cfc6325d4f78df53c71
Instruction ID: 18f5d6c42a3bb35a690f06ceb630549e3346fb5d0256c6694cf53ce54199d00f
Opcode Fuzzy Hash: 387e2cbc3b8f1e88da992bb010cb1f5f0f0347c8b7639cfc6325d4f78df53c71
Instruction Fuzzy Hash: A741037051C7848FD7B8CF68D08579AFBE1FB88314F108A1EE88DD7250DB7498858B92

Uniqueness

Uniqueness Score: -1.00%

Function 02E41874 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNELBASE ref: 02E419FF

Memory Dump Source

Source File: 00000007.00000002.769739205.0000000002E41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2e41000_regsvr32.jbxd

Yara matches

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: c26c48defa982342e2f20ae4a22bab2a9dda78d1f7e6cee8cfcae6a4f9b5f28e
Instruction ID: 622c5a1f285ab38dbc2cebf07f24e8120aa63bf8b60af31ed6078ed1a50d5136
Opcode Fuzzy Hash: c26c48defa982342e2f20ae4a22bab2a9dda78d1f7e6cee8cfcae6a4f9b5f28e
Instruction Fuzzy Hash: 28411A7051C7858FE7B4DF28D485B9AB7E0FB88315F10896DE88CC7296DB749888CB46

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 3952, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	11.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	42
Total number of Limit Nodes:	3

Executed Functions

Function 009A0000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 009A0344
VirtualAlloc.KERNELBASE ref: 009A038A
VirtualAlloc.KERNELBASE ref: 009A03A4
VirtualProtect.KERNELBASE ref: 009A085C
RtlAddFunctionTable.KERNEL32 ref: 009A08E9

Strings

Cach, xrefs: 009A0100
Flus, xrefs: 009A00E4
nf, xrefs: 009A0127
Virt, xrefs: 009A00AD
tion, xrefs: 009A00F9
GetN, xrefs: 009A0107
truc, xrefs: 009A00F2
temI, xrefs: 009A011F
ualP, xrefs: 009A00CD
eSys, xrefs: 009A0117
ualA, xrefs: 009A00B5
Virt, xrefs: 009A00C5
Load, xrefs: 009A0095
ncti, xrefs: 009A0141
hIns, xrefs: 009A00EB
ct, xrefs: 009A00DD
Slee, xrefs: 009A0084
rote, xrefs: 009A00D5
o, xrefs: 009A012E
ativ, xrefs: 009A010F
ddFu, xrefs: 009A013A
aryA, xrefs: 009A00A5
lloc, xrefs: 009A00BD
RtlA, xrefs: 009A0133
onTa, xrefs: 009A0148
Libr, xrefs: 009A009D

Memory Dump Source

Source File: 00000010.00000002.407771447.00000000009A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_9a0000_regsvr32.jbxd

Similarity

API ID: Virtual$Alloc$FunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 394283112-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: 653aed0d6de58415c0b262fe7adc220077fe9ef461305a0d22300e9d2d94f996
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: C0520430A18B488BDB19DF18D8856BAB7F1FB95304F14462DE88BC7251DB34E946CBC6

Uniqueness

Uniqueness Score: -1.00%

Function 00B684B0 Relevance: 1.6, APIs: 1, Instructions: 121
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE ref: 00B6867E

Memory Dump Source

Source File: 00000010.00000002.408383126.0000000000B41000.00000020.00001000.00020000.00000000.sdmp, Offset: 00B41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_b41000_regsvr32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: 7f8dc12b404077566006c8563bd8d5e6f13d917e1a38e94f0abbe1ff7a4a0c03
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 30413D7091C7848FE7B8DF18D48979ABBE0FB98315F104A1EE48DC7254DB749445CB46

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report UC2DFXQIBiE2kQ.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Emotet

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Spreading

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

Windows Analysis Report
UC2DFXQIBiE2kQ.dll

Function 0000000180044C30 Relevance: 2216.5, APIs: 8, Strings: 1257, Instructions: 2730
COMMONCrypto

Function 00990000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953
memoryCOMMON

Function 00C44DDC Relevance: 7.8, Strings: 6, Instructions: 338
COMMON

Function 00C68C94 Relevance: 6.5, Strings: 5, Instructions: 249
COMMON

Function 00C45DB4 Relevance: 6.4, Strings: 5, Instructions: 189
COMMON

Function 00C648E0 Relevance: 5.9, Strings: 4, Instructions: 869
COMMON

Function 00C438A5 Relevance: 5.2, Strings: 4, Instructions: 197
COMMON

Function 000000018004A120 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 74
memoryCOMMON

Function 0000000180002B10 Relevance: 12.2, APIs: 8, Instructions: 230
COMMON

Function 00000001800020B0 Relevance: 7.6, APIs: 5, Instructions: 103
COMMON